Android Malware that can DDoS Attacks from your smartphone

By Wang Wei

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone. This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware. Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched.
Source: http://thehackernews.com/2012/12/android-malware-that-can-ddos-attacks.html

 

The threat landscape continues to expand rapidly

ThreatMetrix announced cybersecurity trends and risks businesses and consumers must keep top of mind in 2013. These include cyberwarfare, data breaches, migrating malware, BYOD, cloud computing, and mobile and social media fraud. In today’s threat environment, the reach of cybercriminals expands to more industries each year, with financial services, insurance, retailers, enterprises and government agencies especially vulnerable to new threats. “This year, cybercriminals have become so advanced that security professionals are struggling to detect many of their attacks in a timely manner,” said Andreas Baumhof, CTO, ThreatMetrix. “As nearly every industry is increasingly targeted, businesses and consumers must make cybersecurity a top priority in 2013 to prevent fraud and malware attacks.”
[Here are the] top cybersecurity trends and risks that will impact businesses and consumers across several industries in 2013:Government
Source: http://www.net-security.org/secworld.php?id=14166

Facebook Patches Webcam Snooping Vulnerability

By Brian Donohue

Late last week the social networking giant Facebook patched a particularly voyeuristic security vulnerability in the platform that could have given malefactors the ability to remotely turn on the webcams of other users and post videos to their profiles, according to a Bloomberg News report. The vulnerability was discovered in July by the Indian security firm XY Sec. The firm’s founders, Aditya Gupta and Subho Halder told Bloomberg that Facebook must have considered the bugs serious because they paid XY Sec five times the typical $500 bug bounty price. On his personal website, Gupta said the issue arose from a problem in Facebook’s video upload feature. Evidently Facebook did not have, in Gupta’s words, “proper security checks enforced.” If exploited, it would have given an attacker the ability to secretly record video using another user’s webcam and post that content to the victim’s wall without their knowledge. [HSEC-1.8; Date: 31 December 2012; Source: http://threatpost.com/en_us/blogs/facebook-patches-webcam-snooping-vulnerability-123112]

Senate Reauthorizes FISA, Rejects Proposed Privacy Amendments

By Brian Donohue

The Senate today rejected the inclusion of four privacy-friendly amendments before voting to reauthorize the controversial Foreign Intelligence Surveillance Act (FISA) that grants the federal government the authority to clandestinely monitor electronic communications involving foreign citizens coming into or out of the United States without the probable cause required for traditional warrants. In an article published on the Electronic Frontier Foundation’s DeepLinks Blog yesterday, EFF activist Trevor Timm celebrated the fact that the Senate was, in the end, forced to openly debate the FISA amendments, a debate that Timm claims, some in the senior legislative house tried to avoid having. Timm wrote that any Senator seeking to stay true to the constitution should vote no on the reauthorization, but in the end, the Senate not only reauthorized FISA but voted to reject the four, amendments endorsed by the American Civil Liberties Union and the EFF. FISA became law in 1978 and is intended to regulate how the government can collect “foreign intelligence information.” The bill was last authorized in 2008 and has since been at the center of a number of lawsuits. The bill’s proponents advocate it as an important tool in the U.S.’s ongoing war on terror.
Source: http://threatpost.com/en_us/blogs/senate-reauthorizes-fisa-rejects-proposed-privacy-amendments-122812

 

Microsoft confirms zero-day bug in IE6, IE7 and IE8

By Gregg Keizer

Microsoft on Saturday confirmed that Internet Explorer (IE) 6, 7 and 8 contain an unpatched bug — or “zero-day” vulnerability — that is being used by attackers to hijack victims’ Windows computers. The company is “working around the clock” on a patch, its engineers said. They have also released a preliminary workaround that will protect affected IE customers until the update is ready. In a security advisory issued Dec. 29, Microsoft acknowledged that attacks are taking place. “Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8,” the alert stated. Newer versions of IE, including 2011’s IE9 and this year’s IE10, are not affected, Microsoft said. It urged those able to upgrade to do so. According to multiple security firms, the vulnerability was used by hackers to exploit Windows PCs whose owners visited the website of the Council on Foreign Relations (CFR), a non-partisan foreign policy think tank with offices in New York and Washington, D.C.
Source: http://www.networkworld.com/news/2012/123012-microsoft-confirms-zero-day-bug-in-265412.html?source=nww_rss