eBay Users Should Change Password due to Breach

All eBay users should change their passwords immediately.  Due to a security breach, customer account information for eBay’s millions of users has been compromised.  To reset your password, here is the eBay password-reset page link .

In a post yesterday on the company’s official blog, eBay said the “database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. ”  You can read the rest of the blog here.

According to reports and the company, the breach did not affect PayPal systems.  However, eBay and PayPal are affiliated entities and you might also consider changing your PayPal password.  It is always best to use a unique password for every online account.

Users should be especially wary of “phishing” attacks.  Just like during other major events, criminals will use keywords such as “eBay” and “password change” to lure victims into clicking malicious links in emails.  Don’t get tricked – never click links in emails.  Instead, type the website name into your browser for safety.

Twitter suffers malware spam outbreak

A widespread spam attack linking to malware has broken out on Twitter, according to the security firm Sophos.

The malicious tweets often read “It’s you on photo?” or “It’s about you?” The tweets and URLs often include a user’s Twitter handle.

Many of the links Sophos discovered have a .RU domain name.

“The attack itself is very simple, relying on people’s natural curiosity about anything they think mentions them. Including the target’s Twitter username in the link is an added hook to reel people in,” the head of Sophos’ U.S. labs, said in a statement.

The links in the spammed tweets lead to a Trojan that ultimately redirects users to Russian Web sites containing the Blackhole exploit kit, Sophos said. The Blackhole exploit kit first emerged in 2010, and its use is widespread.

The version of the kit being promoted on Twitter targets vulnerabilities in Adobe Reader and Shockwave Flash, according to Sophos.

From ComputerWorld By Cameron Scott

Source: http://www.computerworld.com/s/article/9229733/Twitter_suffers_malware_spam_outbreak

Warning: Battery-saver app on Android is malware

By Emil Protalinski for Zero Day

A new piece of malware is trying to take advantage of poor battery life on Android smartphones. Cybercriminals have created an app that is supposed to reduce battery use, but in reality steals the user’s contacts data stored on the device. Symantec, which first discovered the malware, is calling this particular threat Android.Ackposts.

As opposed to using third-party app stores or even the official Google Play store, this app is pushed via Japanese spam e-mail that includes a link to download and install it. Although the messages claim the app reduces battery use by half, the app does nothing to save battery power. It does, however, send the user’s contacts data (name, phone number, e-mail address, and more) to an external website for safe keeping.

For the full article please see: http://www.zdnet.com/warning-battery-saver-app-on-android-is-malware-7000001483/

Justin Bieber’s Twitter account hacked

Canadian pop/R&B singer, songwriter, and actor Justin Bieber had his Twitter account allegedly hacked today. Whoever did it decided to question his follower count and insult him with a popularly-used phrase amongst those who dislike him.

It was potentially seen by Bieber’s 19 million followers, or even more, given that Twitter is a mainly public social network. The remark was aimed at the fact that Bieber today crossed the 19 million follower milestone. The tweet was subsequently deleted. Either the hacker in question deleted it right after posting it, or (more likely) someone else was active on the account at the time, saw it, and deleted it.

From ZD Net ZeroDay by Emil Protalinski

Source: http://www.zdnet.com/blog/security/justin-biebers-twitter-account-hacked/11135

iPhone passcode cracking is easier than you think

A report came out last fall suggesting that repeating one number in the iPhone’s four-digit security PIN made for better protection than using all unique numbers. However, that little trick doesn’t seem to go very far with Micro Systemation, a Swedish security firm that helps police and military around the world crack digital security systems.

The company released a video last week that shows just how easy it is to break into a passcode-protected iPhone or Android device.  The video, “Recovering the Passcode from an iPhone,” tapes a demonstration where a company spokesman uses an application called XRY and accesses the contents of the mobile phone in less than two minutes.

User information, such as GPS location, call history, contacts, and messages, can all be read.

From CNET by Data Kerr

Source: http://news.cnet.com/8301-1009_3-57405580-83/iphone-passcode-cracking-is-easier-than-you-think/

MS Office exploit that targets MacOS X seen in the wild – delivers “Mac Control” RAT

Continuing our research on Tibet attacks, we have found more Mac trojans and some interesting MS Office files that  deliver them. The group behind these attacks is the same we have been tracking for a while (See full story for link to other articles).

The doc files seem to exploit MS09-027 and target Microsoft Office for Mac. This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X (full story includes a link to the MS security bulletin).

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

From Alien Vault Labs, by Jaime Blasco

Source: http://labs.alienvault.com/labs/index.php/2012/ms-office-exploit-that-targets-macos-x-seen-in-the-wild-delivers-mac-control-rat/

Hackers turn credit report websites against consumers

The most important tool consumers have to fight against identity theft has been turned against them by hackers, MSNBC reported March 26.

Web sites that offer consumers a chance to see credit reports are being brazenly used by hackers to steal information.

The prices of the reports rise and fall depending on the credit score of the victim. For consumers with credit scores in the 750s, report data might fetch $80; reports from victims with scores in the low 600s sell for about half that, according to “for sale” pages viewed by MSNBC.

The most troubling part of these markets however –- many hosted in the .su domain, which stands for the now-defunct Soviet Union –- is the ready availability of credit reports and the hackers’ bragging about how easy it is to infiltrate Web sites such as AnnualCreditReport.com or CreditReport.com.

Criminals with stolen credit cards can obtain background reports, credit reports, and ultimately open new accounts using the data, a researcher with Internet security firm CloudEyez.com said.

In one how-to posted on a bulletin board, a hacker describes one brute-force attack used to gain access to credit report Web sites. Most sites are protected by “challenge” questions such as, “Which bank holds the mortgage on your home?” But there us a critical flaw, the hacker said: “Normally all … of them will ask you the same question,” the hacker wrote. Because the sites use the multiple choice format, it is easy to use the process of elimination and determine the correct answers, he claims.

From RedTape, MSNBC By Bob Sullivan

Source: http://redtape.msnbc.msn.com/_news/2012/03/26/10875023-exclusive-hackers-turn-credit-report-websites-against-consumers

A Look into the Most Notorious Mac Threats

The mass appeal of Apple products is undeniable. Every product or software release is often anticipated and greeted with much fanfare.

Its latest release, the OS X Mountain Lion, is no exception. Although the software has yet to be released, there have already been articles written about its features.

One of the more-touted features of Mountain Lion is Gatekeeper, a white-listing approach that helps users avoid downloading bad apps. This feature restricts whether applications can run based solely on where they were downloaded from.

Gatekeeper is planned to have 3 levels – only allows apps from the app store, only allow from apps store or signed by trusted developers, or no restrictions. While the feature is well-intentioned, it will only be a matter of time before cyber-criminals find ways to bypass or use this feature to their advantage.

This inclusion of such a security feature might come as a surprise to some users as they might still believe that Macs are not at risk when it comes to malware.

In fact, we recently detected new Mac malware that disguises itself as an image file. It drops another malicious file capable of executing commands that involve getting information from the infected system.

From TrendMicro’s Trendlab Malware Blog by Abigail Pichel

Source: http://blog.trendmicro.com/a-look-into-the-most-notorious-mac-threats/

Survey scammers fling spam at Pinterest punters

Cyber criminals have latched on the success of social networking site Pinterest by launching a variety of money-making scams.

Just like Facebook before it, Pinterest has become a haven for survey scams. Would-be targets are invited to complete surveys under the pretext that they might win an iPad or obtain a discount voucher.

In reality, they end up revealing personal information to unscrupulous marketing firms or signing up for mobile phone subscription services of dubious utility. In some cases, these scams are even used to distribute malware.

From The Register by John Leyden

Source: http://www.theregister.co.uk/2012/03/23/pinterest_attracts_scammers/

New TGLoader Android malware found in alternative markets

The TGLoader malware appeared in some alternative Android app markets recently, and researchers at North Carolina State University discovered and analyzed it, finding it has a wide range of capabilities.

The malware uses the “exploid” root exploit to get root privileges on compromised phones, and from there it starts installing a variety of apps and Android code that are designed to perform myriad malicious actions. “After that, it further installed several payloads (including both native binary programs and Android apps) unbeknownst to users.

The malware also listens to remote C&C servers for further instructions. Specifically, one particular “phone-home” function supported in TGLoader is to retrieve a destination number and related message body from the C&C servers. Once received, it composes the message and sends it out in the background.

This is a typical strategy that has been widely used in recent Android malware to send out SMS messages to premium-rate numbers,” an assistant professor at North Carolina State wrote in an analysis of the new malware.

From ThreatPost by Dennis Fisher

Source: http://threatpost.com/en_us/blogs/new-tgloader-android-malware-found-alternative-markets-032612