This text is replaced by the Flash movie.

Cyber Security News

ISC

February 03, 2012
NIST ponies up $10 million for trusted online credential projects The National Institute of Standards and Technology (NIST) is awarding $10 million in funding for trusted online credential pilot projects. The project funding is part of the White Houseâ€™s National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative, which is designed to protect consumers from online fraud and identity theft and beef up privacy protections. read more..

February 03, 2012
Google finally scans malware-ridden Android Market In an effort to improve security in its Android Market, Google has been using a service providing automated scanning of applications submitted to the mobile application store, Google revealed on Thursday afternoon. Code-named Bouncer, the service scans the market for potentially malicious software without disrupting the user experience or requiring developers to submit to an application approval process, said Hiroshi Lockheimer, vice of engineering for Android, in a blog post: The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here's how it works: Once an application is uploaded, the service immediately starts analyzing it for known malware, spyware, and trojans. It also looks for behaviors that indicate an application might be misbehaving and compares it against previously analyzed apps to detect possible red flags. read more..

February 03, 2012
Symantec warns of Android Trojans that mutate with every download A new Android Trojan employs server-side polymorphism to generate unique variants Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it. A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed. Symantec has identified multiple variants of this Trojan horse, which it detects as Android.Opfake, and all of them are distributed from Russian websites. However, the malware contains instructions to automatically send SMS messages to premium-rate numbers from a large number of European and former Soviet Union countries. read more..

February 03, 2012
PHP 5.3.10 fixes critical remote code execution vulnerability The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development platform. The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP. SecurityFocus classifies the issue as a design error because it was accidentally introduced while fixing a separate denial-of-service (DoS) vulnerability in early January. That vulnerability is known as CVE-2011-4885 and was disclosed in December 2011 at the Chaos Communication Congress by security researchers Alexander Klink and Julian WÃ¤lde. read more..

February 02, 2012
Hackers outwit online banking identity security systems After logging in to the bank's real site, account holders are being tricked by the offer of training in a new "upgraded security system". Money is then moved out of the account but this is hidden from the user. Experts say customers should follow banks' official advice, use up-to-date anti-virus software and be vigilant. Devices like PINSentry from Barclays and SecureKey from HSBC - which look a lot like calculators - ask users to insert a card or a code to create a unique key at each login, valid for around 30 seconds, that cannot be used again. This brought a new level of online banking security against password theft. The additional line of defence provided security even if a user's computer along with any password information was hacked. While these chip and pin devices make the hackers' job more difficult, the hackers themselves have raised their game. 'Man in the Browser' attack A test witnessed as part of a BBC Click investigation suggests even those with up-to-date anti-virus software could be at risk. Continue reading the main story Find out more There is no specific risk to any one individual bank. In the test the majority of web security software on standard settings did not spot that a previously unseen piece of malware created in the software testing lab was behaving suspiciously. read more..

February 02, 2012
Microsoft researchers say anonymized data isn't so anonymous Data routinely gathered in Web logs - IP address, cookie ID, operating system, browser type, user-agent strings - can threaten online privacy because they can be used to identify the activity of individual machines, Microsoft researchers say. At the same time, analysis of such data when anonymized can help detect malicious activity and so improve overall Internet security, they add. The researchers found that 62% of the time, HTTP user-agent information alone can accurately tag a host. Combine that same information with the IP address, and the accuracy jumps to 80.6%. If the user-agent information is combined with just the IP prefix the accuracy is still 79.3%, they say. read more..

February 02, 2012
Microsoft team discovers malicious cookie-forwarding scheme Microsoft researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking. If put into play, the scheme could clandestinely forward stolen session cookies to individual zombie machines in botnets that could use them to gain unauthorized access to websites, according to their research paper "Host Fingerprinting and Tracking on the Web: Privacy and Security Implications" (PDF). Using data about hundreds of millions of devices that connected to Hotmail during August 2010, the researchers found a certain percentage that connected from more than one Internet AS (Autonomous System) -- a large collection of related IP addresses, usually under the control of a large organization like a service provider, corporation or university. read more..

February 02, 2012
Researchers develop altered fingerprint detector Researchers at Michigan State University have developed a technique to help detect when an individual has deliberately altered their fingerprints in an effort to fool biometric scanners. With biometric passports and fingerprint scanners on the rise around the world, more and more individuals have turned to extreme measures to avoid detection like removing the pads of their fingertips or surgically replacing fingerprints with toe prints. For instance, in 2009, a Chinese woman illegally entered Japan by altering her fingerprints to fool immigration officials. To help law enforcement and immigration officials combat this growing trend, researchers have developed an algorithm to help identify altered prints. read more..

February 02, 2012
HTC patching Wi-Fi password leak on several smartphones Some HTC smartphone users may find their Wi-Fi passwords and other information exposed due to a new bug, but the company is rolling out a fix. The vulnerability leaks Wi-Fi credentials and SSID (network name) details to any application with basic Wi-Fi permissions on several HTC handsets, according to an alert issued yesterday by the U.S. Computer Emergency Readiness Team (US-CERT). As a result, an attacker using the right application can potentially capture and harness the information to hack into the user's network. The affected phones include: read more..

January 31, 2012
Many pcAnywhere systems still sitting ducks Many pcAnywhere systems still sitting ducks Symantec warns that its product should not be connected directly to the Internet, yet an estimated 140,000 computers are configured to allow direct external access By Robert Lemos | InfoWorldPrint | Add a comment Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk. Over the weekend, vulnerability management firm Rapid7 scanned for exposed systems running pcAnywhere and found that tens of thousands of installations could likely be attacked through unpatched vulnerabilities in the software because they directly communicate with the Internet. Perhaps of greatest worry is that a small but significant fraction of the systems appear to be dedicated, point-of-sale computers, where pcAnywhere is used for remote management of the device, says HD Moore, Rapid7's chief security officer. read more..

January 31, 2012
Google won't pull Android apps deemed malicious A security firm is trying to call attention to 13 applications that have showed up in the official Android Market over concerns that they contain software development tools that enable the theft of data. The baker's dozen of applications -- carrying names like Counter Elite Force and Balloon Game -- allows downloaders to play action, adventure and puzzle games, Kevin Haley, director of Symantec Security Response, told SCMagazine.com on Tuesday. But they also contain a software development kit (SDK), known as "Appherhand," that not only installs a search bar on the user's phone but also allows the distributors to change the user's home page and add and remove bookmarks and shortcuts, Haley said. "I'm not sure why you would need to pull someone's bookmarks," Haley said. "I'm not aware of the benefit." read more..

February 01, 2012
WordPress attacks try to infect users with dangerous rootkit The number of WordPress blogs that have been compromised to hurl malware onto the machines of unsuspecting users is gradually growing, security researchers said this week. The attacks are taking advantage of website owners who are hosting an older -- and vulnerable -- version of WordPress, 3.2.1, which was updated in December but is still widely in use. Attackers are using automated scanners to find vulnerable sites, then they are taking advantage of input validation errors to embed IFRAMEs, which redirect users to exploit sites, all behind-the-scenes without the victim even noticing. read more..

February 01, 2012
Apple and Apache security fixes and releases Apple updates released today: â€¢security update 2012-001 for Snow Leopard (Mac OS X 10.6) and Snow Leopard server â€¢update for Lion and Lion server (Mac OS X 10.7.2 -> 10.7.3) â€¢remote desktop 3.5.2 client â€¢server admin tools 10.7.3 http://support.apple.com/kb/HT1222 10.7.3: http://support.apple.com/kb/HT5048 server admin tools: http://support.apple.com/kb/HT5050 Apache HTTP Server 2.2.22 Released This version of Apache is principally a security and bug fix release, including significant security fixes: http://httpd.apache.org/security/vulnerabilities_22.html read more..

February 01, 2012
Kelihos botnet, once crippled, now regaining strength A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it. The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals, and stock scams. But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled. But the computers that comprised Kelihos were still infected with its code. Researchers knew that it would only be a matter of time before its controller used the botnet's complex infrastructure of proxy servers and communication nodes to regain control. In fact, it happened shortly after the researchers intervened. Sinkholing the botnet was only a temporary solution. read more..

January 31, 2012
More Than Half Of Cyberattacks Come From Asia Asia is a hot spot for distributed denial-of-service (DDoS) and other types of online attacks, and, not surprisingly, DDoS attacks have spiked during the past few months. It has been a busy year or so DDoS attacks: A new report from Akamai shows a 2,000 percent increase in the number of incidents during the past three years. The Anonymous hacktivist group contributed to that spike, as did politically motivated country versus country attacks, according to Akamai. "Hacktivist activity has really accounted for a significant part of that growth, [as well as] spats between individual countries attacking one another," says John Summers, vice president of dynamic site solutions at Akamai. And while website takedowns waged by HTTP-borne DDoS attacks have been all the rage lately, attacks targeting Port 80/HTTP declined in Q3 2011 by about a third of what they were in Q2 2011, and attacks on telnet/Port 23 grew that much. Akamai attributes the Telnet attacks to attacks from Egypt, where there were 18 times as many telnet attacks as other ports, and South Korea, where telnet attacks were four times the number of port attacks versus others. read more..

January 31, 2012
Romanian arrested on Pentagon, NASA hacking charges A 20-year-old Romanian has been arrested on charges of hacking into Pentagon and NASA servers, stealing confidential data, and posting it on his personal blog, according toa statement today from the Romanian prosecutors office. Razvan Manole Cernaianu, an information technology student who allegedly used the online alias "TinKode," offered a software program for sale on his blog and also showed a video that demonstrated how he compromised the servers, officials said. Romanian officials said they were working with the FBI and NASA representatives on the case. An FBI spokesman in Washington, D.C., did not immediately have comment this afternoon. The U.S. Embassy in Bucharest told the Associated Press that Cernaianu "used sophisticated hacking tools to gain unauthorized access to government and commercial systems." read more..

Contact Us

905 764 3246
info@ere-security.ca

Contact us right up front

Let us assist you to plan and budget for your next audit. ERE Security helps you find and eliminate your security risks. Contact us and we'll help you choose the right audit.