system
2241
Security Researcher Finds Critical Flaws in Sophos Anti-Virus Engine
[b]Multiple vulnerabilities uncovered by security researcher Tavis Ormandy could have permitted attackers to remotely execute code or cause other problems for Sophos Anti-Virus.
[/b]
Security vendor Sophos has plugged a series of security holes in its antivirus product that were uncovered by a security researcher. In some cases, these security holes could have been exploited to cause crashes or to remotely execute code, according to the researcher.
Sophos says it has already patched most of flaws discovered by Ormandy and will release patches for additional issues Nov. 28.
âThe paper includes a working pre-authentication remote root exploit that requires zero-iteration, and could be wormed within the next few days,â he explained. âI would suggest administrators deploying Sophos products study my results urgently, and implement the recommendations.â
âA working exploit for Sophos 8.0.6 on Mac is available; however, the techniques used in the exploit easily transfer to Windows and Linux, due to multiple critical implementation flaws described in the paper,â he added.
Read more at :
http://www.eweek.com/security/security-researcher-finds-critical-flaws-in-sophos-anti-virus-engine/
system
2242
Anonymous Hackers Claim Protest Attacks Hit Zynga, Facebook, Others
Hackers with the group Anonymous have apparently chosen computer gaming vendor Zynga and social networking powerhouse Facebook as the latest targets of a campaign that aims to reel in the power and wealth of the companies.
In a Nov. 5 post on the AnonNews Website, the group says it is taking the actions because of recent developments at Zynga, including the reported layoffs of some workers.
Read more at :
http://www.eweek.com/security/anonymous-hackers-claim-protest-attacks-hit-zynga-facebook-others.html
system
2243
100K Google Android Apps Pose Potential Security Risk: Bit9 Report
A mobile security report from security vendor Bit9 said that 100,000 applications it examined on Google Play were questionable or suspicious due to the types of permissions they requested, the reputation of the applicationâs publisher and other factors.
Bit9's criteria for defining an application as "questionable" or "suspicious" included permissions requested by the application, categorization of the application, user rating, number of downloads and the reputation of the application's publisher.
In its examination of more than 400,000 Android apps, Bit9 found 72 percent use at least one high-risk permission. In addition, 42 percent of the apps access GPS location data, including wallpapers, games and utilities; 31 percent access phone calls or phone numbers; 26 percent access personal data, such as contacts and email; and 9 percent use permissions that can cost the user money.
âMost consumers are willing to click âallowâ for mobile apps in situations they probably would never have allowed on a Windows computer,â he said. âThis is because people do not yet consider their smartphones as vulnerable or as sensitive as they do their desktops and laptops; even those smartphones are essentially just smaller computers, and debatably store even more personal information than the average laptop.â
âAnother problem is that there are dozens of different permissions on an Android device,â he added. âThe disclosure dialog box cannot list or properly explain them all. Even if it could, some are simply too esoteric or technical for an ordinary consumer to understand. If the warning described the possibly risks, not just the permission requested, that might help, but then you would be talking about a dialog box as large as a license agreementâhow many people actually read license agreements in full?â
Read more at :
http://www.eweek.com/security/100k-google-android-apps-pose-potential-security-risk-bit9-report/
system
2244
Hackers claim attacks against ImageShack, Symantec, other websites
Different hacker groups claim to have breached servers belonging to ImageShack, Symantec, and other organizations.
Update, November 7: This story initially reported that HTP had targeted Paypal. Paypal has since issued a statement that it has not suffered a security breach and the Cyberwarnews.info story that reported the payment processing company had been the victim of an 0 day exploit has been updated to state that ZPanel had been targeted by hackers, not Paypal.
On Sunday, a hacker group called HTP claimed to have compromised Web servers, MySQL databases, routers and management servers used by the ImageShack and yfrog image hosting services.
ImageShack did not immediately return a request for comment.
In the same post, HTP claims to have hacked servers belonging to Symantec. The leaked data includes information the hackers claim to have copied from a Symantec database, including the names, email addresses and hashed passwords of hundreds of users. Many of the email addresses are on the @symantec.com domain.
Read more at :
http://www.computerworld.com.au/article/441022/hackers_claim_attacks_against_imageshack_symantec_other_websites/
system
2245
Hackers Love Android Gingerbread
Running outdated software on your smartphone can make you an easy target for malware and viruses. The latest report by Russian security firm Kaspersky Lab reveals that 28% af all Android phones infected by malware are running Gingerbread, the operating systemâs 2.3.6 version, released in September 2011.
That high number has something to do with the fact that more than half of Android devices in the market run that version of the software. Ice Cream Sandwich, ranked second, with 23% of the attacks, despite having a market considerably lower than Gingerbread â only one in four Android phones is running this version.
Read more at :
http://mashable.com/2012/11/08/hackers-love-android-gingerbread/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+(Mashable)
system
2246
Zero-day PDF exploit reportedly defeats Adobe Reader sandbox protection
Cyber criminals are using a new PDF exploit that bypasses the sandbox security features in Adobe Reader X and XI, in order to install banking malware on computers, according to researchers from Russian security firm Group-IB.
The zero-day exploit â an exploit for a previously unknown and unpatched vulnerability â has been integrated into a privately modified version of Blackhole, a commercial Web-based attack toolkit, the Group-IB researchers announced Wednesday.
Read more at :
http://www.infoworld.com/d/security/zero-day-pdf-exploit-reportedly-defeats-adobe-reader-sandbox-protection-206657?source=rss_
polonus
2247
Hi CharleyO,
Did you see this? Re: http://forum.avast.com/index.php?topic=52252.msg860586#msg860586
Well one should always be warned twice in the case of a zero day, I think, ;D
polonus
system
2248
Sorry about that, Polonus, as I should have read farther back. But, as you said, being warned twice is not too many times in this case. 
Future Flash security updates will be synchronized with Microsoftâs monthly patch schedule
Adobe on Tuesday announced it will pair future security updates for its popular Flash Player with Microsoft's Patch Tuesday schedule.
At the same time, Adobe issued an update that patched seven critical Flash vulnerabilities, and Microsoft shipped fixes for Internet Explorer 10 (IE10), which includes an embedded copy of Flash.
Even though the Flash updates will add more Patch Tuesday work for users, security professionals praised Adobeâs change. âConcentrating updates on a single day is a benefit for any organization that manages patch roll-outs,â said Wolfgang Kandek, CTO of Qualys, in an email. âThat way the update can be handled by the same decision process, which should streamline roll-outs and get Flash updates [installed] more widely.â
Read more at :
https://www.infoworld.com/d/security/adobe-now-married-microsoft-moves-flash-updates-patch-tuesday-206571?source=rss_
system
2249
In this thread, what is usually posted is closer to âdoom & gloomâ than anything else. But, below is a little ray of sunshine.
New online game trains kids against cyber attacks
The National Science Center, or NSC, is now training kids to stay safe from cyber attack malware when theyâre surfing the web or using email and cell phones. A new online game called Cyber Swarm Defenders is targeted to 6th-8th grade students and is also appropriate for younger students.
The game is part of the NSCâs newest Cyber Ops education outreach program. The NSC is a public-private partnership between the U.S. Army and NSC, Inc., that uses its resources to stimulate and increase science, technology, engineering, and mathematics, known as STEM, proficiency in U.S. students, especially those in grades 4-9.
âAnything we can do to make the young students of our country understand the cyber threat and get them excited about STEM technologies has a big payoff,â said Ron Ross, chairman of the NSC.
Read more at :
http://www.defencetalk.com/new-online-game-trains-kids-against-cyber-attacks-45388/
Asyn
2250
Asyn
2251
Microsoft Security Bulletin Advance Notification for November 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
Pondus
2252
Pondus
2253
Asyn
2254
polonus
2255
Asyn
2256
system
2257
Judge approves FTCâs $22.5M fine of Google
A federal judge has approved a $22.5 million fine to penalize Google for an alleged privacy breach, rejecting a consumer-rights group's plea for tougher punishment.
The blessing from U.S. District Judge Susan Illston came late Friday. She made her ruling a few hours after a hearing in San Francisco for final arguments about a fine thatâs the cornerstone a settlement reached three months ago between the Federal Trade Commission and Google Inc.
The rebuke resolves around allegations that Google duped millions of Web surfers using the Safari browser into believing their online activities couldnât be tracked by the company as long as they didnât change the browserâs privacy settings. That assurance was posted on Googleâs website earlier this year, even as the Internet search leader was inserting computer coding that bypassed Safariâs automatic settings and enabled the company to peer into the online lives of the browserâs users.
The FTC concluded that the contradiction between Googleâs stealth tracking and its privacy assurances to Safari users violated a vow the company made in another settlement with the agency last year. Google had promised not to mislead people about its privacy practices.
Read more at :
http://my.earthlink.net/article/tec?guid=20121116/490a38cf-45a5-426e-ab6f-62aca8797276
system
2258
Anonymous hack hundreds of Israeli websites, delete Foreign Ministry database in support of Gaza
Hacker group Anonymous has launched a massive attack named #OpIsrael on almost 700 Israeli websites, protesting against Operation Pillar of Defense in Gaza. Israeli media confirmed the groupâs move.
The hackers reportedly took down websites ranging from high-profile governmental structures such as the Foreign Ministry to local tourism companiesâ pages.
The biggest attack as of now has been the Israeli Foreign Ministryâs international development program, titled Mashav. Anonymous announced on Twitter theyâve hacked into the programâs database, with the website remaining inaccessible at the moment.
Read more at :
http://rt.com/news/anonymous-gaza-israel-website-938/
Asyn
2259
polonus
2260
