CSU Virtual Information Security Center Security News

Pretty much everyone knows that the information on Wikipedia cannot be entirely trusted but a lot of folks still seem to use it. This warning from Wikipedia itself warns users that if they are seeing advertisements on the site, their system is likely infected. From the post:

We never run ads on Wikipedia. Wikipedia is funded by more than a million donors, who give an average donation of less than 30 dollars. We run fundraising appeals, usually at the end of the year. If you’re seeing advertisements for a for-profit industry (see screenshot below for an example) or anything but our fundraiser, then your web browser has likely been infected with malware.

This article is reporting that three of the most popular brands of closed-circuit surveillance cameras are sold with remote Internet access enabled by default and also have weak password security. From the article:

The cameras, used by banks, retailers, hotels, hospitals and corporations, are often configured insecurely — thanks to these manufacturer default settings, according to researcher Justin Cacak, senior security engineer at Gotham Digital Science. As a result, he says, attackers can seize control of the systems to view live footage, archived footage or control the direction and zoom of cameras that are adjustable.

According to this post, Apple has released version 5.1.1 of iOS for the iPad and iPhone. This update addresses several security issues and should be installed immediately. The update can be installed by going to Settings -> Software Update on your particular device.

This post discusses a new feature that will be available in Firefox 14 called “click-to-play”. The feature will block the automatic loading of plugins like Java and Flash and will require the user to allow these features to be loaded on a case by case basis. From the post:

If you have ever used NoScript, ScriptNo or Flashblock you will be familiar with this idea. When you load a page like YouTube that has an embedded Flash/PDF/Java object, instead of it instantly loading the video you will see a black box with a logo representing the plugin. When you click on the box it will launch the plugin and the video or other content will be rendered.

According to this post, and based on research from Consumer Reports, an estimated 13 million US Facebook users do not use, or not aware of, the social networking giants privacy controls. From the Consumer Reports press release:

While some privacy or security issues arise from poor choices Facebook users themselves make, other problems can stem from the ways the company collects data, how it manages and packages its privacy controls, and the fact that users’ data can wind up with people or companies with whom they did not intend to share. Some users might be surprised to know that Facebook gets a report every time they visit a site with a ‘Like’ button, regardless of whether or not they click on that button, have a Facebook account, or are even logged in.

This post is reporting on newly discovered Mac malware in the wild. The malware, discovered by Microsoft exploits a 3 year old flaw in old versions of Office for Mac. From a statement regarding the issue by Microsoft:

In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.

This post is warning of emails spotted in the wild that appear to come from the Better Business Bureau (BBB) but actually contain malware. From the post:

The emails vary in their wording, but all claim that a consumer has complained about the company receiving the email. The details of the complaint, naturally, are contained inside the attached “BBB Report.zip” file (which, of course, contains malware).

It should go without saying that the emails do not really come from the Better Business Bureau. The criminals behind the campaign are simply adopting the disguise of the BBB in the hope that you will take the message seriously and open the attached file.

This post is reporting on hacked websites seen in the wild that are hosting Android drive-by download malware. From the post:

A new Trojan, called NotCompatible, appears to serve as a simple TCP relay while posing as a system update called named “Update.apk.” It does not currently seem to cause any direct harm to a target Android device, but could potentially be used to gain access to private networks by turning an infected smartphone into a proxy.

IT administrators should note that a device infected with NotCompatible could potentially be used to infiltrate normally protected information or systems, such as those maintained by enterprises or governments. Security firm Lookout (via Reddit) describes how when a user visits a compromised website from an Android device, the malicious app is automatically downloaded.

This post is reporting on new malware seen in the wild that is using the same infection vector as Mac Flashback, a flaw in Java security. From the post:

Internet users who visit compromised webpages may find themselves at risk of infection via a Java exploit that downloads malicious software onto their computer.

The latest malware attack exploits the Java vulnerability to download further malicious code onto the computer…

Security vendor Symantec has released an Internet Security Threat Report that covers 2011 trends here. From the executive summary of the report:

Symantec blocked more than 5.5 billion malicious attacks in 20111; an increase of more than 81% from the previous year. This increase was in large part a result of a surge in polymorphic malware attacks, particularly from those found in Web attack kits and socially engineered attacks using email-borne malware. Targeted attacks exploiting zero-day vulnerabilities were potentially the most insidious of these attacks. With a targeted attack, it is almost impossible to know when you are being targeted, as by their very nature they are designed to slip under the radar and evade detection. Unlike these chronic problems, targeted attacks, politically-motivated hacktivist attacks, data breaches and attacks on Certificate Authorities made the headlines in 2011.

Instagram, a popular photo application for smartphones, has been making the news with recently being acquired for Facebook for 1 billion dollars. This post is reporting that malware authors are now posting malicious version of the app to the Internet. From the post:

Naturally, the Facebook acquisition news raised Instagram to even higher levels of public awareness and that’s where the bad guys stepped in.

Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users.

If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone.

This article provides pointers on what to do if your Facebook account gets hacked. The article also provides pointers on how to prevent your account from getting hacked in the future.With the prevalence of malicious folks who would like nothing better than to compromise your Facebook account, this article is worth taking a look at and sharing with friends, colleagues, and family.

This post is reporting on new malware seen in the wild that is targeting Mac OS X. Like the Flashback Trojan that was reported on earlier this month, the new Trojan, dubbed Sabpab, requires no user intervention to install itself. From the post:

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

An update has been posted regarding the Sabpab malware:

A new version of the Mac OS X Sabpab Trojan horse has come to light, and rather than relying upon a Java vulnerability – it appears to be exploiting malformed Word documents instead.

If you open the boobytrapped Word document on a vulnerable Mac, a version of the OSX/Sabpab Trojan horse gets installed on your computer opening a backdoor for remote hackers to steal information or install further code

In reaction to the new Mac OS X malware that as discovered in the wild last week, OS X Daily has put together a list of “8 Simple Tips to Secure a Mac from Malware, Viruses, & Trojans” here. One of the main points of the article is to disable Java which was the infection vector for the latest malware.

This article is reporting on new Android malware that can install silently on Android-based devices without any user intervention. From the article:

An updated variant of the Legacy Native (LeNa) malware utilizes the GingerBreak exploit to gain root permission on Android phones. LeNa, according to Lookout principal engineer Tim Wyatt, hides its exploit in a functional JPEG file. The exploit communicates with a command and control server to install and launch packages unbeknownst to the phone’s user.

Today Microsoft will release 6 bulletins to correct a total of 11 vulnerabilities in several software products. The most serious flaws corrected with this release include security holes in Internet Explorer that can be used to launch remote code execution attacks. 4 of the 6 bulletins are rated ‘critical’ by Microsoft.

According to this article, a new piece of malware has been spotted in the wild that is targeting Mac OS X systems running Java. Flashback is a sophisticated piece of malware and once installed will scan a system and network traffic for usernames and passwords which are recorded and sent off-site. This Trojan can silently install on an unpatched system without any user intervention. The Trojan is currently spreading via infected Web pages. Apple is recommending that users install the patch to correct this vulnerability by running the Software Update application.

This post is reporting on scam emails seen in the wild purporting to be an AT&T bill that include links to compromised sites that serve up malware. These emails look extremely convincing but if you hover over the links in the email with your mouse pointer, it can be seen that the links do not go to an AT&T site.

This post is warning of a malicious application seen in the wild that claims to show you who has visited your Facebook profile. The app doesn’t actually do what it claims and only posts a link to your wall in an attempt to further spread the application. This is not the first time this type of application has been seen int he wild and no doubt will it be the last time. It is highly doubtful that Facebook will ever allow for this functionality.