Malware


iPhone, Android, Others Get Man in the Middle Treatment

Security researchers have released a paper detailing successful man-in-the-middle attacks against several smartphones. The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere. Read the full article. [ZDNet]

Verizon Wireless Customers Beware of Trojan Horse

Cyber-criminals have started preying on Verizon
Wireless customers, sending out spam e-mail messages that say their
accounts are over the limit and offering them a “balance checker”
program to review their payments. The e-mail messages, which
look like they come from Verizon Wireless, are fakes; the balance
checker is actually a malicious Trojan horse program. Read the full article. [Computerworld]

New WordPress Update Thwarts Malware

The WordPress developers have released security update 2.8.6 to fix two vulnerabilities. WordPress users are advised to install the update as soon as possible if untrusted authors can add content and upload images. At least one of the bugs allows attackers to inject and execute arbitrary PHP code on the server. There appears to be issues, however, with Apache web servers in the new update. Read the full article [The H Security]


Scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user’s browser and running it remotely. Many of the latest Web applications split their executable code between the server and the client. The problem is detecting whether the code running on the user’s home PC has been compromised in some way. The new Microsoft solution, known as Ripley, was announced on Tuesday at the Association for Computing Machinery’s Computer and Communications Security Conference in Chicago. Read the full article. [MIT Technology Review]

Hackers can exploit
a flaw in Adobe’s Flash to compromise nearly every Web site that allows
users to upload content, including Google’s Gmail, then launch silent
attacks on visitors to those sites, security researchers said today. Adobe
did not dispute the researchers’ claims, but said that Web designers
and administrators have a responsibility to craft their applications
and sites to prevent such attacks. Read the full article. [Computerworld] Read the research. [Foreground Security]

A new spam campaign is targeting a financial transfer system that
handles trillions of dollars in transactions annually and has proved to
be a fertile target of late for online fraudsters. The spam
messages pretend to come from the National Automated Clearing House
Association (NACHA), a U.S. nonprofit association that oversees the
Automated Clearing House system (ACH). Read the full article. [Computerworld]

Let’s try to separate the wheat from the chaff. Let’s start by looking at the vulnerability itself. It is a “man-in-the-middle” (MitM) attack in which an attacker can use an SSL feature called “negotiation” to inject bad stuff into an SSL session. Right, so that’s not good news. But the sky isn’t exactly falling yet, so we can all remain calm for now. Let’s put things into perspective here… In order to use an MitM attack to actually effect damage isn’t entirely
trivial. The attacker either needs to be on the same local network as
the client, or in the network path between the client and the server. By far, the most likely of these scenarios, at least in the near term,
is to attack systems on a local network. We have a little bit of
leverage there. Read the full article. [Computerworld]

Heads up to all Microsoft Windows users: If you’re running Windows
2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.

Security researchers say it’s only a matter of time — days not weeks
— before malicious hackers start exploiting one of the vulnerabilities
via booby-trapped Web pages or Office (Word or PowerPoint) documents.

A researcher is working on tools for
penetration testers that’s a first step toward ultimately integrating
and correlating data among different types of penetration-testing
products. Josh Abraham, a.k.a. “Jabra,” will release some proof-of-concept tools at the OWASP AppSec Conference in Washington, D.C., that let pen testers integrate data they gather in their white-hat hacking projects. Read the full article. [Dark Reading]

Drive-by exploit writers have been spotted using a popular Twitter
command to send web surfers to malicious sites, a technique that helps
conceal the devious deed.  According to researcher Denis Sinegubko, it’s
being added to heavily obfuscated redirection scripts injected into
compromised websites. The scripts, which redirect victims to drive-by
sites that attempt to exploit unpatched vulnerabilities in programs
such as Apple’s QuickTime. Read the full article. [The Register]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.