1f4c3 Zero Day | ZDNet.com
On The Insider: Palin on SNL?
BNET Business Network:
BNET
TechRepublic
ZDNet

ZDNet Must Read:

ATM skimmers with built-in SMS notification

How much does the device cost, how does it work, what ATM skimming tips is the manufacturer offering, and also, how can you protect yourself against ATM skimming? Let's find... Continued »

October 9th, 2008

Nobel Laureate is the father of Kevin Mitnick investigator

Posted by Adam O'Donnell @ 8:50 pm

Categories: Hackers

Tags: Information Security, Kevin Mitnick, Nobel Laureate, Osamu Shimomura, Productivity, Security, Adam O'Donnell

We tend to say that information security is a small world. Conferences quickly become real-life demonstrations of the principle of six-degrees-of-separation. After a few years working in this industry, you either meet all or are within one hop of all the major players in the space; there just aren’t enough practitioners otherwise. Every so often, however, a connection between a real-world event and someone from the information security community comes to light, as we saw in the 2008 Nobel Prize awards.
Read the rest of this entry »

October 9th, 2008

MS Patch Tuesday heads-up: 11 bulletins, 4 critical

Posted by Ryan Naraine @ 4:12 pm

Categories: Patch Watch, Zero-day attacks, Windows Vista, Browsers, Responsible disclosure, Botnets, Exploit code, Pen testing, Metasploit, Passwords, Arbitrary Code Execution, Complex Attacks

Tags: Vulnerability, Exploit Code, Microsoft Corp., Bulletin, Security, Ryan Naraine

11 bulletins, 4 criticalIt will be a very busy Patch Tuesday for administrators managing Microsoft Windows computer systems.

According to Microsoft’s advance notice mechanism, 11 security bulletins will drop next Tuesday (October 14, 2008), covering a wide range of serious vulnerabilities.

Four of the 11 bulletins are rated “critical,” meaning that those vulnerabilities can be exploited to launch remote, code execution attacks.

Read the rest of this entry »

October 9th, 2008

Mac OS X Patch Day: 40 security flaws fixed

Posted by Ryan Naraine @ 3:18 pm

Categories: Patch Watch, Hackers, Apple, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Viruses and Worms, Data theft, Pen testing, Passwords, Denial of Service (DoS), Arbitrary Code Execution, Complex Attacks, Malware

Tags: Apple Macintosh, Vulnerability, Arbitrary Code Execution, Application Termination, Apple Mac OS X, Security, Operating Systems, Software, Apple Mac OS, Ryan Naraine

40 security flaws fixedApple has shipped another whopper of a patch to cover a total of 40 documented vulnerabilities affecting the Mac OS X ecosystem.

The Security Update 2008-007, available for Tiger and Leopard, covers a range of third-party components and Mac OS X flaws that could users at risk of remote code executions attacks.

The more serious vulnerabilities include:

October 9th, 2008

Opera bitten by ‘extremely severe’ browser bug

Posted by Ryan Naraine @ 8:03 am

Categories: Patch Watch, Hackers, Browsers, Vulnerability research, Responsible disclosure, Exploit code, Data theft, Pen testing, Privacy, Arbitrary Code Execution, Complex Attacks, Mobile (In)Security, Anti Virus, Malware

Tags: Opera Software, Web Browser, Applet, Rohlf, Security, Ryan Naraine

Extremely severe bug bites Opera browserBuried in the flurry of feature-related news surrounding the release of Opera 9.6 is the fact that the update fixes an “extremely severe” vulnerability that could expose Opera users to code execution attacks.

According to an Opera advisory, which is not mentioned anywhere in Opera’s giddy press release, there’s a patch out for an issue where specially crafted addresses could execute arbitrary code.

Read the rest of this entry »

October 9th, 2008

Asus ships Eee Box PCs with malware

Posted by Dancho Danchev @ 7:01 am

Categories: Botnets, Passwords, Anti Virus, Malware

Tags: Asus, Eee Box, Japan, Dancho Danchev

Asus Eee BoxAsus has confirmed and apologized to customers (press release in Japanese; translated version) for shipping malware on the recently introduced Eee Box desktop computer :

“According to an email sent out by Asus, PC Advisor reports, the Eee Box’s 80GB hard drive has the recycled.exe virus files hidden in the drive’s D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and an removable drives connected to the system. According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:. Separately, we’ve been testing the Eee Box this week, and discovered our review unit came loaded with the W32/Taterf worm - aka W32.Gammima.AG, aka kavo.exe malware that sniffs out online gaming usernames and passwords.

Which models are known to carry the malware according to Asus?

Read the rest of this entry »

October 8th, 2008

Student indicted for Palin e-mail hack

Posted by Ryan Naraine @ 8:20 am

Categories: Patch Watch, Hackers, Browsers, Vulnerability research, Spam and Phishing, Exploit code, Piracy, Data theft, Pen testing, Privacy, Passwords, Mobile (In)Security, Malware

Tags: E-mail, Online Communications, Ryan Naraine

Student indicted for Palin e-mail hackThe U.S. Justice Department today announced that a federal grand jury in Knoxville, Tennessee has indicted the 20-year-old son of a state lawmaker in connection with the compromise of Sarah Palin’s Yahoo e-mail account.

David Kernell (left), who was identified for a while as the alleged hacker, is expected to be arraigned today before U.S. Magistrate Judge C. Clifford Shirley.

From the announcement:

Read the rest of this entry »

October 7th, 2008

Adobe posts workaround for clickjacking flaw, NoScript releases ClearClick

Posted by Dancho Danchev @ 7:16 pm

Categories: Patch Watch, Zero-day attacks, Botnets, Exploit code, Mozilla, Firefox, Privacy, Passwords, Java, Adobe, Flash, Arbitrary Code Execution, Malware, Web 2.0

Tags: Security, Clickjacking, NoScript, ClearClick, Dancho Danchev

NoScript ClearClickFollowing the recent release of a PoC demonstrating clickjacking in action, Adobe has released a security advisory offering solutions for customers and IT administrators on dealing with the flaw until they releases a Flash player patch before the end of October.

“We have just posted a Security Advisory for Flash Player in response to recently published reports of a ‘Clickjacking’ issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. This potential ‘Clickjacking’ browser issue affects Adobe Flash Player’s microphone and camera access dialog. A Flash Player update to mitigate the issue will be available before the end of October. In the meantime, users can apply the workaround described in the Advisory.”

Read the rest of this entry »

October 7th, 2008

Atrivo/Intercage’s disconnection briefly disrupts spam levels

Posted by Dancho Danchev @ 4:30 pm

Categories: Hackers, Spam and Phishing, Spyware and Adware, Botnets, Passwords, Phishing, Malware

Tags: Security, Cybercrime, Intercage, Atrivo, RBN, Russian Business Network, MessageLabs, Dancho Danchev

Atrivo Intercage BotnetsAfter years of operation, California based ISP Atrivo/Intercage, a well known Russian Business Network darling, faced the music and was disconnected from the Internet by its upstream provider at the end of September. What happened according to MessageLabs’s latest intelligence report, was a brief decline of spam due to the fact that the malware infected hosts couldn’t reach the ISP’s netblock. Logically, within the next couple of days Intercage’s customers quickly switched hosting locations of their botnet’s command and control servers, and cybercrime activity quickly got back to normal :

“Charged with providing a safe-haven for online scammers, cyber crooks and malware distributors, California-based ISP Intercage (aka Atrivo) was disconnected from the internet on September 20. Pacific Internet Exchange, Intercage’s upstream provider, terminated the service and after a few days, UnitedLayer, another service provider, agreed to host Intercage. But on September 25, after deciding Intercage still had too many on-going problems, UnitedLayer also terminated service.

It can be seen from the chart above that the botnet controllers are quick to respond to any degradation of their service, and can re-point their bots at a new command and control channel in a matter of days. Therefore MessageLabs expects this decline in spam to be short-lived, especially in anticipation of Halloween in October and Thanksgiving in the US in November, both of which are traditionally seasonal favorites for spammers.”

Read the rest of this entry »

October 7th, 2008

Webcam hijack demo highlights clickjacking threat

Posted by Ryan Naraine @ 2:25 pm

Categories: Patch Watch, Zero-day attacks, Browsers, Vulnerability research, Responsible disclosure, Botnets, Exploit code, Data theft, Mozilla, Firefox, Java, Adobe, Flash, Arbitrary Code Execution, Complex Attacks, Malware, Web 2.0

Tags: Webcam, Click, Web Browser, Twitter, Raff, Games, Web Browsers, Security, Personal Technology, Internet

Clickjacking demos highlight severity of cross-browser threat[ UPDATE: The details are out. Lots of unresolved clickjacking issues]

A security researcher in Israel has released a demo of a “clickjacking” attack, using an JavaScript game to turn every browser into a surveillance zombie.

The release of the demo follows last month’s partial disclosure of the cross-platform attack/threat, which affects all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.

Read the rest of this entry »

October 7th, 2008

Scammers introduce ATM skimmers with built-in SMS notification

Posted by Dancho Danchev @ 10:37 am

Categories: Data theft, Privacy, Passwords, Complex Attacks, Research

Tags: Security, Cybercrime, Credit Card Fraud, ATM Skimming, ATM Fraud, Dancho Danchev

ATM Skimmer SMSThe bust of the notorious ATM scammer going under the handle of Cha0 in early September, once again puts ATM skimming in the spotlight. Among the main insecurities scammers face while embedding an ATM skimmer, is the retrieval process of the device that is now containing the credit card details of several hundred people depending on the volume of transactions that occurred while the device was in place. How are then scammers going to minimize the risk of getting caught without having to come back at the crime scene? A recently uncovered serial manufacturer of ATM skimmer devices, seems to have solved the secure retrieval of the device issue by innovating, and introducing ATM skimmers that would automatically SMS the complete credit card details to the scammer.

How much does the device cost,  how does it work, what ATM skimming tips is the manufacturer offering, and also, how can you protect yourself against ATM skimming? Let’s find out.

Read the rest of this entry »

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
advertisement

Recent Entries

Most Popular Posts

advertisement

Archives

ZDNet Blogs

  • Printers
  • 'Green' Font Cuts Costs and Saves Trees (BNET)
  • Three Ways to Save Paper (BNET)
  • CNET Reviews printer buying guide (CNET)
  • View all printers-tagged content on ZDNet
  • Plan B from Brother
  • It's the smarter way to work in color Our professional color ink-jet all-in-ones give you more choices, more features, and more value. Make the Smarter Choice. Learn More »
advertisement
Click Here