Islamic Hacktivists’ Bank Attack Claims Gain Credibility: (CSOonline) “The rejection of use conflict that disrupted a Wells Fargo Co. electronic banking operations Tuesday was a fourth given final week. And it appears to lend some faith to threats and claims that a Izz al-Din al-Qassam Cyber Fighters, a troops wing of Hamas, a Islamic celebration that governs a Gaza Strip, are behind them.”
New Zero-Day Vulnerability Found in Java 5, 6 and 7; 1.1 Billion Desktops Affected: (ThreatPost) “A critical disadvantage in all of a latest versions of Java SE software was detected that would concede an assailant full remote control of a mechanism alighting on a antagonistic site. The feat grown by Adam Gowdiak and his organisation during Polish confidence consultancy Security Explorations enabled them to shun a Java confidence sandbox in Java SE 7. Java 5 and 6 also enclose a same vulnerability. Oracle says 1.1 billion desktops now run Java, that is also a plug-in for all vital browsers.”
Compromised SourceForge Mirror Distributes Backdoored phpMyAdmin Package: (CSOonline) “Unknown enemy compromised a download counterpart server for a SourceForge program repository, paraphernalia a installer package for phpMyAdmin, a renouned Web-based MySQL database administration tool, with a backdoor.”
FTC: Rental Computers Spied On, Photographed Users: (NetSecurity) “Seven rent-to-own companies and a program pattern organisation have concluded to settle Federal Trade Commission charges that they spied on consumers regulating computers that consumers rented from them, capturing screenshots of devoted and personal information, logging their mechanism keystrokes, and in some cases holding webcam cinema of people in their homes, all but notice to, or agree from, a consumers.”
Google Releases Chrome 22, Pays Out Nearly $30K to Researchers: (ThreatPost) “Google has expelled Chrome 22, a vital new chronicle of a browser that includes a outrageous series of confidence fixes, many of them high-priority vulnerabilities. The association also handed out scarcely $30,000 in rewards to confidence researchers, some-more than half of it to Sergey Glazunov, who detected dual generally serious bugs that a Chrome confidence organisation deemed estimable of special rewards.”
Chinese Hackers Blamed for Intrusion during Energy Industry Giant Telvent: (KrebsOnSecurity) “A association whose program and services are used to remotely discharge and guard vast sections of a appetite attention began warning business final week that it is doubt a worldly hacker conflict travelling a operations in a United States, Canada and Spain. Experts contend digital fingerprints left behind by enemy indicate to a Chinese hacking organisation tied to steady cyber-espionage campaigns opposite pivotal Western interests.”
New Twitter-Based Malware Uses Direct Messaging to Spread: (ThreatPost) “Sophos is warning of a new pretence to get Twitter users to open approach messages from devoted users that eventually taint their machines with malware. In a blog post, comparison record consultant Graham Clulely pronounced a initial summary is a twitter claiming a recipient’s been prisoner on a Facebook video. One chronicle creates it sound like something shameful was taped but a person’s knowledge.”
Another IE Exploit Targeting Defense Industry Discovered: (ThreatPost) “Another antagonistic website has been detected hosting an feat for the zero-day disadvantage Internet Explorer patched by Microsoft last week. This site, like a other exploits discovered, targets a invulnerability and space industries, and is dropping an different payload, according to Barracuda Labs.”
Tiny Evil Maid CHKDSK Utility Can Steal Passwords: (ThreatPost) “Stealthy malware that can hide onto machines during a foot routine and sojourn undetected indefinitely is one of a coronet rings of confidence research. There have been a series of collection grown over a years that directed to accomplish this goal, with Joanna Rutkowska’s Evil Maid attack being maybe a many famous. Now a developer in Canada has constructed a identical apparatus that impersonates a CHKDSK application and can squeeze a user’s cue and afterwards exit but a user’s knowledge.”
Forrester: Most Data Breaches Caused by Employees: (NetworkWorld) “Most information breaches are caused by paltry events such as employees losing, carrying stolen or simply unwittingly misusing corporate assets, a Forrester news has found. After doubt over 7,000 IT executives and typical employees opposite North America and Europe, 31 percent cited elementary detriment or burglary as a reason for information breaches they had experienced, forward of unconsidered injustice by an worker on 27 percent. External conflict was mentioned in 25 percent of cases with abuse by antagonistic insiders on 12 percent. The same preference of causes was cited during most reduce levels for business partners.”
Article source: http://blogs.cio.com/security/17439/weekly-security-news-roundup-rented-pcs-spy-photograph-users
