February 9th, 2010

Reports: SQL injection attacks and malware led to most data breaches

Posted by Dancho Danchev @ 5:27 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, PCI, Passwords, Pen testing

Tags: Malware, SQL Injection, Data Breach, Spyware, Adware & Malware, Security, Databases, Dancho Danchev

With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm some of the main sources of breaches. Not surprisingly, that’s not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections.

With companies investing more resources into ensuring their networks and employees are protected against the very latest threats, some are clearly overlooking the most basic threats, usually requiring simple or average attack sophistication on behalf of the cybercriminal.

Let’s review the reports detailing the true impact of SQL injections and malware in the context of data breaches.

Read the rest of this entry »

February 9th, 2010

Patch Tuesday: Microsoft plugs critical Windows worm holes

Posted by Ryan Naraine @ 11:29 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Microsoft, Passwords, Patch Watch, Viruses and Worms, Vulnerability research, Web 2.0

Tags: Denial Of Service, Attacker, Vulnerability, Victim, Exploit Code, Microsoft PowerPoint, Microsoft Corp., Small And Medium Business, Attack, CVE-2010-0242

Microsoft today released 13 security bulletins with fixes for 26 vulnerabilities affecting Windows and Office users and warned customers to pay special attention to a slew of flaws that can be trivially exploited by malware miscreants.

The company urged customers to prioritize and deploy four updates because of the “critical” severity rating and the fact that “consistent exploit code” is likely within the next 30 days.

Read the rest of this entry »

February 9th, 2010

Adobe screw-up leaves Flash flaw unpatched for 16 months

Posted by Ryan Naraine @ 8:49 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Exploit code, Firefox, Flash, Locally Running Web Servers, Malware, Mozilla, Patch Watch, Responsible disclosure, Viruses and Worms

Tags: Adobe Systems Inc., Flaw, Macromedia Flash Player, Web Browsers, Security, Internet, Ryan Naraine

Adobe has acknowledged that an internal screw-up caused potentially dangerous serious Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher.

“It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player.  Adobe’s mea-culpa follows the public release of proof-of-concept code demonstrating a Flash Player browser plug-in crash.

Read the rest of this entry »

February 5th, 2010

Mozilla Firefox hit by malware add-ons

Posted by Ryan Naraine @ 8:20 am

Categories: Anti Virus, Browsers, Data theft, Exploit code, Firefox, Malware, Microsoft, Mozilla, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Mozilla Firefox, Trojan Horse, Malware, Mozilla Corp., Add-on, Spyware, Adware & Malware, Cyberthreats, Spyware, Viruses And Worms, Security

Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.

The browser add-ons, described my Mozilla as “experimental,”  contained a Trojan horse that executed when Firefox started and infected the host computer.

Read the rest of this entry »

February 4th, 2010

Does Blippy really pose a security risk?

Posted by Dancho Danchev @ 4:11 pm

Categories: Browsers, Hackers, Malware, Passwords, Phishing, Privacy, Social Networking Applications, Spam and Phishing, Web 2.0

Tags: Fraudster, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Researchers from Cyveillance are calling the recently launched “Twitter of personal finance” service - Blippy, a “spear phisher’s dream” due to the massive amounts of real-time purchasing history shared by its users.

With fraudsters actively crawling Web 2.0 services (Spammers harvesting emails from Twitter - in real time) for data to be later on integrated in targeted attacks, the detailed and publicly obtainable financial data on Blippy can come handy if they manage to solve a simple problem - obtaining the emails of Blippy users.

Here’s are some sample scenarios that cybercriminals can easily take advantage of.

Read the rest of this entry »

February 4th, 2010

MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities

Posted by Ryan Naraine @ 10:48 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Microsoft, Patch Watch, Responsible disclosure, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Vulnerability, Microsoft Corp., Microsoft Windows, Security, Microsoft Windows 7, Operating Systems, Software, Ryan Naraine

Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.

According to an advance notice from the Redmond, Wash. software vendor, five of the 13 bulletins will be rated “critical” because of the risk of remote code execution attacks.

Read the rest of this entry »

February 3rd, 2010

Microsoft warns of new IE data-leakage vulnerability

Posted by Ryan Naraine @ 2:25 pm

Categories: Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Microsoft, Patch Watch, Responsible disclosure, Spam and Phishing, Vulnerability research

Tags: Vulnerability, Microsoft Windows, Microsoft Internet Explorer, Microsoft Corp., Attack, Web Browsers, Security, Internet, Ryan Naraine

Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.

The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies.   Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature. Read the rest of this entry »

February 2nd, 2010

Code execution holes in iPhone OS, iPod Touch

Posted by Ryan Naraine @ 11:09 am

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Mobile (In)Security, Passwords, Patch Watch, Responsible disclosure, iPhone

Tags: Apple iPhone, Apple iPod, Operating System, Apple iPod Touch, Smart Phones, Digital Music, Digital Media, Consumer Electronics, Personal Technology, Ryan Naraine

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks.

The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files. Read the rest of this entry »

January 27th, 2010

Report: 48% of 22 million scanned computers infected with malware

Posted by Dancho Danchev @ 2:42 pm

Categories: Anti Virus, Botnets, Browsers, Data theft, Hackers, Malware, Passwords, Rootkits, Spyware and Adware, Viruses and Worms

Tags: Bank, Fraudster, Malware, Authentication, Spyware, Adware & Malware, Cyberthreats, Security, Dancho Danchev

The recently released APWG Phishing Activity Trends Report for Q3 of 2009, details record highs in multiple phishing vectors, but also offers an interesting observation on desktop crimeware infections.

According to the report, the overall number of infected computers (page 10) used in the sample decreased compared to previous quarters, however, 48.35% of the 22,754,847 scanned computers remain infected with malware.

And despite that the crimeware/banking trojans infections slightly decreased from Q2, over a million and a half computers were infected.

More details:

Read the rest of this entry »

January 25th, 2010

Bogus IQ test with destructive payload in the wild

Posted by Dancho Danchev @ 1:53 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Microsoft, Windows Vista

Tags: Malware, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Dancho Danchev

Researchers from ESET and BitDefender have intercepted two destructive malware variants (Win32/Zimuse.A, Win32/Zimuse.B/zipsetup.exe), posing as an IQ test, and currently spreading in the wild.

Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible.

More info on the malware:

Read the rest of this entry »