The new Trojan hunts on users of Facebook, Twitter and Google+

Posted: May 16, 2013 in IT Security News
Tags: , , , , , ,
0

Doctor WebThe company “Dr Web” found a previously unknown functionality in the new malicious program for Facebook.

Trojan.Facebook.311 can not only publish the name of the new user’s status, join groups, post comments, but spamming social networks Twitter and Google Plus.

Trojan Trojan.Facebook.311 is written in JavaScript language for popular web browsers Google Chrome and Mozilla Firefox. Attackers are spreading Trojan using social engineering techniques – unwanted programs to access the system using a special application installer that masquerades as a “security update for watching videos.” It is noteworthy that the installer is digitally signed by the company Updates LTD, owned by Comodo. Add-ins are called Chrome Service Pack and Mozilla Service Pack respectively. In order to spread malicious Trojan created a special page on the Portuguese language, focused, most likely, on the Brazilian users of Facebook. Read the rest of this entry »

Security Bypass in the Apache mod_rewrite

Posted: May 16, 2013 in Vulnerability News
Tags: , ,
0

Apache VulnerabilitySecurity Bypass vulnerability has been found in the Apache mod_rewrite.

The vulnerability allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

In the module mod_rewrite of the HTTP-server Apache 2.2.x series vulnerability has been discovered (CVE-2013-1862), which allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

Through specially crafted requests to the web-server, an attacker can write to a log file, for example, system commands, as mod_rewrite when writing to the log file does not escape special characters. Proper manipulation of sequences allows you to run arbitrary commands as the user performing the scan log (usually these log files are readable only by the user root). Read the rest of this entry »

In Mozilla Firefox removed three critical vulnerabilities

Posted: May 16, 2013 in IT Security News, Security Notices
Tags: , , ,
0
Firefox logo

Multiple vulnerabilities

The new version was implemented regime Firefox Health Report, which allows to monitor the performance of the browser.

According to the developers of the browser from the Mozilla, users have available the new version, Firefox 21, which was removed a number of vulnerabilities, including three critical.

Experts was eliminated a total  of eight gaps. It should be noted that two of the critical vulnerabilities affect only Firefox, Thunderbird, and since the other company’s products are no vulnerable components.

Among the updates that are not related to security, it is worth noting the expansion of the user interface to configure the Do Not Track, an increase in graphics performance and support for the implementation of the default technology WebRTC, designed to work with multi-user web-applications. Read the rest of this entry »

Cybercriminals Steal $45 million From ATMs in 27 Countries

Posted: May 10, 2013 in IT Security News
Tags: , ,
0

HackersInternational criminal group in just a few hours stole $ 45 million: having got access to a database on debit cards, they to remove cash in ATMs worldwide. According to prosecutor’s office of the USA, some thousand thefts from ATMs with use of duplicates of cards with a magnetic tape on which the data of clients of Middle Eastern banks obtained by hackers were put were made.

As prosecutor Lauretta Lynch notes, swindlers acted with a tremendous speed, working with small gangs worldwide, including in New York. On suspicion in theft seven citizens of the USA which have arrived to the country from Dominican Republic are already arrested. Read the rest of this entry »

Fixed a critical vulnerability in nginx

Posted: May 8, 2013 in Vulnerabilities, Vulnerability News
Tags: ,
0
Critical vulnerabilities in routers

Vulnerability in nginx

Vulnerability allows execution of arbitrary code on the target system.

It turned out unscheduled update server nginx to version 1.4.1, which eliminated the vulnerability CVE-2013-2028, which allows the execution of arbitrary code on the target redundant system.

The vulnerability can lead to overwriting the stack areas of the workflow when processing specially designed chunked-queries. Gaps are subject to the implementation of nginx versions 1.3.9 and 1.4.0. Read the rest of this entry »

D-Link fixes router vulnerabilities very quietly

Posted: May 7, 2013 in Security Notices
Tags: , , ,
0

D-LinkThe flaw allows unauthorized users to gain access to the video stream.

Company D-Link has released updates that fixes vulnerabilities in routers 5 and 8 IP-cameras. Experts point out that gaps in the software routers resemble vulnerabilities that were previously eliminated in the other models, but the cameras found dangerous, previously unknown vulnerabilities, which proved to be quite an unpleasant surprise for developers – vulnerability allows unauthorized viewers to intercept the video stream from the camera or from ASCII-output. Read the rest of this entry »

Trend Micro Rootkit Buster Beta 5.0

Posted: May 7, 2013 in Antivirus and Security Software
Tags: , , ,
0

Trend MicroTrend Micro Rootkit Buster Beta 5.0 – a free tool to detect rootkits

Trend Micro has announced a new version of the free product Rootkit Buster (Rootkit). C this easy-to-use, reliable and high-performance tool, you can detect rootkits – malicious applications carefully hide their tracks in the system. The main innovation presented in a new version of Rootkit Buster Beta 5.0, is the ability to detect potentially dangerous changes in the MBR (Master Boot Record).

Most existing tools for the detection of rootkits are bulky and not too fast programs targeted at advanced users and professionals. Product Trend Micro Rootkit Buster, available for 32-bit and 64-bit versions of Windows, sets itself apart from many of his “brothers.” The application’s interface is extremely simple and straightforward. All available functions are grouped in a single window. Tab «Log», as you might guess, provides access to the journal in which you can find a detailed report on the results of the audit. A tab «Scan» will configure the scan settings and select one of the key areas of the system (Files or Master Boot Records, Services and Kernel Code Patches) for verification. Read the rest of this entry »

PhrozenSoft VirusTotal Uploader

Posted: May 7, 2013 in Antivirus and Security Software
Tags: , , ,
0

PhrozenSoftVirusTotal Uploader utility will simplify the work with the VirusTotal service.

PhrozenSoft company has released an updated version of the product VirusTotal Uploader, a free application that simplifies the work with the popular online virus scanner VirusTotal. The proposed tool will help you quickly and effortlessly download the desired file on a web-server, where it will be subjected to testing for the presence of malicious code using fifty anti-virus engines from leading manufacturers

Typically, computer owners use to upload files to the site VirusTotal.com standard web-based interface that is opened in a browser window. However, this interface is poorly adapted to test a large number of objects. VirusTotal Uploader greatly simplify this task. All you need to do is select all the suspicious files in the “Explorer” and drag and drop them into the program with the mouse cursor. You can watch the process of loading objects and examine the results of the scan in a separate window. Read the rest of this entry »

CSRF attack in WordPress May 4, 2013

Posted: May 4, 2013 in Vulnerabilities, Vulnerability News
Tags: , , , , ,
0
WordPress Plugins

CSRF attack in WordPress

Vulnerability: CSRF attack in WordPress (XSS)

1. CSRF attack in WordPress Facebook Members

Danger level: Low
The presence of fixes: Yes
The number of vulnerabilities: 1

CVE ID: CVE-2013-2703
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Facebook Members Plugin 5.x
Affected versions: WordPress Facebook Members 5.0.4, possibly earlier. Read the rest of this entry »

The volume of DDoS-attacks has increased eight-fold

Posted: May 3, 2013 in IT Security News
Tags: , ,
0

DDoS attack alertDDOS Attacks have Increased in Number and Size

According to statistics Prolexic Technologies, in January-March 2013 the average power of DDoS-attacks increased by 718% to 48.25 Gb / s. Moreover, the experts pointed upward trend to growth of pps-indicator: last quarter it reached 32.4 million packets per second. This indicator is usually not taken into account in statistical reports, but attacks with high pps aimed, primarily, on a conclusion out of operation such elements of infrastructure, as network interface cards and boundary routers. To cope with multi-million pps-flow can only the most expensive devices, the threshold is definitely lower than the other. Read the rest of this entry »

Older Entries