Archive for the ‘Security Notices’ Category

Google PlayWhen you buy any application from Google Play directory your name, location (zip code, city and country) and e-mail is sent to the software developer.

When downloading free software transfer of personal data occurs.

The problem with a privacy in Google Play was raised by the Australian developer Dan Nolan though the problem, probably, exists for a long time.

Nolan has recently released a program in Google Play, sold a few hundred copies – and began to receive information about the purchases of personal data customers. According to Nolan, this is not just a major problem with privacy, and “absolutely crazy things.” Each developer can see the personal data of its customers Merchant Account.

Dan Nolan said that the private information of users retained by the seller, even if the buyer canceled the order. Each transaction is the transfer of funds in the application directory is regarded as a physical banking transaction, and Google reveals all the details. Similarly, in the real world is usually impossible to make anonymous clearing, so is buying Google Play regarded as bank transfer. (more…)

Adobe Logo

Vulnerabilities in Adobe Reader

The flaw allows a potential attacker to remotely execute arbitrary code.

Zero day vulnerability was discovered in the popular software Adobe Reader, allows you to execute arbitrary code on the target system. This in his report the researchers reported FireEye, who happened to encounter with an infected PDF-document capable of compromising computers based on Windows.

When trying to open a malicious file, is running two dll-libraries, one of which is designed to conceal the fact of infection. It gives the user an error message while working on a document. Second library contains a component that provides for the connection to the remote server attacks.

According to FireEye, vulnerable to this attack were such versions of Adobe Reader, as 9.5.3, 10.1.5 and 11.0.1. Older versions may also be exposed to the threat. Currently, researchers have already submitted details of the detected flaws developers. (more…)

Fake email from FedEx

Fake email from FedEx

Symantec Corp. reported the appearance of fake emails from FedEx.

It is stated that the user can sent him a package, go to the nearest FedEx with a receipt that you can print it by clicking on the link provided in the letter. Of course, no parcel does not exist, and those who use the link, you are prompted to download archive, containing a malicious file PostalReceipt.exe. Instead of sending the owner, which he did not order, the user becomes the owner of the virus Trojan.Smoaler.

All these fake emails are almost identical, except for the order number and the site that hosts the zip-archive with malware. Laziness or negligence on criminals do not change the date of the false order. At the same site that hosts Trojan.Smoaler, changing daily. Letters, send out mass 21, 25 and January 26, 2013, had the following appearance: (more…)

Adobe FlashUsers are advised to install security updates as soon as possible.

Yesterday, Adobe released an emergency update Flash Player, which addresses two zero-day vulnerabilities.

The manufacturer has confirmed that the underlying vulnerability used in the implementation of targeted attacks using the documents in Microsoft Word. These documents are distributed by spam mailings, when opened on the victim’s system runs the malicious SWF-content. One of the vulnerabilities in the ActiveX-focused version of Flash Player for Windows.

Adobe thanked experts from Kaspersky Lab Sergey Golovanov and Alexander Polyakov for the detection of one of the vulnerabilities. (more…)

Banking Trojan

Banking Trojan

A malicious program disguised as a PDF-document that is sent to users via email.

The MalwareBytes company’s specialists have found banking Trojan that steals passwords, signed by a valid digital certificate issued by DigiCert.

DigiCert representatives confirm a certificate, but claim that it was issued to legally registered companies Buster Paper Comercial Ltda. Licenses are issued in accordance with the guidelines of the digital industry. With the use of certificates from DigiCert clear that they do not apply to malware. Once in DigiCert learned about the illegal activities associated with the certificate, it immediately recalled.

Detected by MalwareBytes malware disguised as a PDF-document, which is sent to the victims alleged in the letter mail and supposedly contains the invoice. As conceived by intruders, a file format will force users to open it, after which the program is installed on a PC keylogger, Steals banking credentials. (more…)

Twitter hackedUnidentified attackers carried out a number of successful attacks on Twitter.

February 1 resource administration Twitter issued a statement about finding security incident related to the attacks on the servers of popular platforms.

“This week, we found a number of unusual access attempts, which allowed us to identify attempts to gain unauthorized access to user data Twitter. We found one active attack and managed to stop it almost immediately. However, our investigation revealed that the attackers were able to gain access to restricted user data, 250,000 users: user names, email addresses, session tokens and encrypted passwords, “– said in a statement.

This is not the first hacker attack on the most popular networks and resources of the United States. Recall that this week it became known compromised computers publications New York Times and Wall Street Journal. These developments have not gone unnoticed U.S. authorities. According to the administration of U.S. President Barack Obama (Barack Obama), discussions between senior officials of the U.S. and China on the issue of the large number of hacker attacks on U.S. companies and government agencies have not yielded the expected results. In connection with this controller began to consider possible sanctions, which the Government will respond to such incidents of information security. (more…)

Barracuda networksThe SEC Consult company found undocumented accounts in solutions of Barracuda Networks.

According to SEC Consult, in different software company Barracuda Networks was discovered backdoor. The notice referred to the existence of undocumented accounts, remote which can be accessed remotely via SSH.

Undocumented accounts associated with the “backend support mechanisms.” Support page for the manufacturer stated that he is not aware of operating accounts described SEC Consult, for malicious purposes.

“Our study confirms that an attacker with specific knowledge about the internal structure of the solutions Barracuda, to connect to an account that does not have the privileges of a small area of ​​IP addresses”, – stated in the notification producer. (more…)


Trojan via Skype

The updated version of bank malicious software Shylock appeared in open access.

According to security experts from the Danish company CSIS Security Group, last week publicly available update has started to extend banking trojan Shylock. One of the new features is the ability of the virus spread through Skype.

This addition allows a trojan to dispatch messages and harmful files by means of the client of the popular VoIP-service established on infected system. At this Shylock it is capable to bypass precautionary messages of Skype, and also to erase traces of the activity from its history.

Earlier in the Trojans already been implemented functional spread itself through instant messaging services such as MSN Messenger and Yahoo Messenger. Virus sends malicious links casual contacts in these applications. (more…)

Symantec CorpSymantec yesterday warned of the discovery of a new malware that may already steal data from thousands of infected devices in less than two weeks.

New malware Android.Exprespam was first detected in mid-January, and according to virus analysts, it is active for at least two weeks.

Despite the brief period, the antivirus company points out that the code was able to make his victims many thousands of users. “Our data – this is only a small fraction of the total, indicating that from 13 to 20 January 3000 was no less affected” – said Yoji Hamada, Analyst Symantec. “Based on our analysis, we can say that the scammers have stolen from 75 000 to 450 000 users”. (more…)

Foxit ReaderInformation on the vulnerability has been publicly available for one week.

Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability. In the new version (5.4.5) developers eliminated the critical gap allowing the potential malefactor far off to execute any code on target system.

It should be noted that all ActiveX versions of a component of the program for Mozilla Firefox, Google Chrome, Opera and Safari browsers were vulnerable. In the notice also it is noted that the independent researcher of safety of Andrea Micalizzi was succeeded to find vulnerability.

Let’s remind that the expert publicly opened detailed information on the vulnerability and methods of its operation on the web site on January 7 the current year. (more…)