November 19th, 2009

Microsoft finds security hole in Google Chrome Frame

Posted by Ryan Naraine @ 9:49 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Microsoft, Open source, Patch Watch

Tags: Google Inc., Microsoft Corp., Google Chrome, Web Browsers, Security, Viruses And Worms, Internet, Ryan Naraine

Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.

Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections. Read the rest of this entry »

November 18th, 2009

Mozilla locks out rogue Firefox add-ons

Posted by Ryan Naraine @ 10:33 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Denial of Service (DoS), Exploit code, Firefox, Malware, Microsoft, Mozilla, Open source, Patch Watch, Vulnerability research

Tags: Mozilla Firefox, Mozilla Corp., Migration Document, Web Browsers, Internet, Ryan Naraine

Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser’s application components directory.

This will most certainly block developers and software vendors from silently installing Firefox add-ons without explicit user permission.  It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said. Read the rest of this entry »

November 17th, 2009

Thousands of web sites compromised, redirect to scareware

Posted by Dancho Danchev @ 12:12 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Web 2.0

Tags: Search Engine Optimization, Web Application, Web Site, Attack Vector, Google Search, Search, Security, Dancho Danchev

Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve been monitoring the campaign since September, with another 720,000 affected sites back then.

There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.

More details on the campaign:

Read the rest of this entry »

November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

November 11th, 2009

Apple Safari exposes Windows to drive-by download attacks

Posted by Ryan Naraine @ 1:37 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spyware and Adware, Vulnerability research

Tags: Apple Macintosh, Apple Safari, Microsoft Windows XP, Microsoft Windows Vista, Apple Inc., Attack, WebKit, Microsoft Windows, Apple Mac OS X, Apple Mac OS

Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks.

The high-priority update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site.  Some of the issues affect Microsoft’s new Windows 7 operating system.
Read the rest of this entry »

November 10th, 2009

Commercial spying app for Android devices released

Posted by Dancho Danchev @ 2:07 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Spyware and Adware

Tags: Mobile, Malware, Mobile Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.

Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.

More details:

Read the rest of this entry »

November 10th, 2009

Microsoft patches Windows worm holes, drive-by download flaws

Posted by Ryan Naraine @ 11:22 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Patch Watch, Pen testing, Responsible disclosure

Tags: Attacker, Flaw, Window, Vulnerability, Severity, Microsoft Corp., Microsoft Windows, Security, Operating Systems, Software

As part of its scheduled batch of patches for November, Microsoft today issued six security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines.

Three of the six bulletins are rated “critical,” meaning they can be used to launch remote code execution or worm attacks without any user action.  One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser, Microsoft warned.

Read the rest of this entry »

November 10th, 2009

Source code for ikee iPhone worm in the wild

Posted by Dancho Danchev @ 7:31 am

Categories: Apple, Botnets, Hackers, Malware, Viruses and Worms, iPhone

Tags: Apple iPhone, Worm, Cyberthreats, Smart Phones, Viruses And Worms, Security, Consumer Electronics, Personal Technology, Dancho Danchev

Following last week’s systematic exploitation of jailbroken iPhones in the Netherlands through a technique originally discussed in 2008, a 21 years old opportunist has recently launched the first iPhone worm, this time targeting customers of Australian mobile carriers.

Upon successful exploitation of devices running SSH with default passwords, the worm would announce its presence by changing the wallpaper to a new one featuring pop-star Rick Astley.

Despite the author’s intention to raise awareness on the issue, the originally released as “closed source” code for the “awareness-building worm” has now leaked in the wild, with several modifications already capable of stealing a compromised iPhone’s contacts and SMS messages.

Read the rest of this entry »

November 10th, 2009

Why is Apple meddling with my Windows AutoRun?

Posted by Ryan Naraine @ 6:46 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Digital rights management, Exploit code, Malware, Microsoft, Pen testing, Punditocracy, iPhone

Tags: Operating System, Apple Inc., Microsoft Windows, Apple iTunes, Digital Music, Digital Media, Operating Systems, Personal Technology, Consumer Electronics, Software

Guest editorial by Costin Raiu

In every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or worse, this is not what the users want.

The most popular example of this applies to Apple. Focusing on eye-catching designs and easy to use products, Apple is listed in almost every marketing book as a success story.

Interestingly, maybe their second most popular software product, Mac OS X (after iTunes) represents a curious blend between eye-catching, easy to use, flexible, usable and decently secure, modern operating system. Please notice how I avoided saying “secure” and instead, wrote “decently secure”. Read the rest of this entry »

November 9th, 2009

Mac OS X mega patch covers 58 security vulnerabilities

Posted by Ryan Naraine @ 2:17 pm

Categories: Adobe, Apple, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Malware, Open source, Passwords, Patch Watch

Tags: Security, Apple Macintosh, Apple Mac OS X V10.6 Snow Leopard, Update, Mac OS X Server, Server, Issue, Arbitrary Code Execution, Impact, Adaptive Firewall Description

Apple has dropped another mega-patch to cover a total of 58 documented vulnerabilities affecting the Mac OS X ecosystem.

The majority of the flaws could allow a remote attacker to gain complete control of an unpatched system, meaning that this update carries an “extremely critical rating.” Read the rest of this entry »