Vulnerabilities


Hackers Plan to Clobber The Cloud, Spy on BlackBerries

From the IDG News Service (Dan Nystedt)
A new era of computing is on the rise and viruses, spies and malware developers are tagging along for the ride.
The new playground for hackers is “the cloud,” the term for computer applications and services hosted on the Internet. Some of the devices making the cloud more popular these days are BlackBerries and other smartphones. Read the full story [computerworld.com]

The Security Nightmare of a Flash Monoculture

From ZDNet (Larry Dignan)
Adobe’s announcements that a full version of Flash is coming to every smartphone not named Apple iPhone leave me conflicted. Full-blown Flash can be a boon to the mobile Web, but has the potential to become one huge security headache. Read the full story [zdnet.com]

Skype ‘Online Notification’ Alert Leads to Fake AV

Trend Micro researcher Rik Ferguson has discovered a new twist on the old social engineering attacks on Skype — the use of usernames and monikers that appear very, very convincing.
In the latest attacks, which lure computer users to fake anti-virus sites (rogueware), the attackers are using the username “Online Notification” in the Skype chat window.


Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.
The exploit, created and released by Harmony Security’s Stephen Fewer, provides a clear roadmap for hackers to plant malware or open backdoors on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server.

In the wake of Moxie Marlinspike’s SSL talk at Black Hat this summer, another security researcher has used the technique described in the talk to create and publish a valid wildcard certificate and private key that could be used to fool browsers into believing a site is legitimate when it is in fact a fake.

Security researchers have stumbled on a new botnet that uses an interesting technique to mask its nefarious intentions.
The Monkif/DIKhora botnet, which is pushing out Trojan downloaders to infected machines, is encoding the instructions to appear as if the command-and-control server is returning a JPEG image file, according to SecureWorks researcher Jason Milletary.  Read the full story [secureworks.com]

Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.
The certificate handling vulnerability, which carries a CVSS severity score of 6.8, affects all versions of the BlackBerry device software. 

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.
The Google Chrome Frame, which is presented as a  seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today.

Cisco has released a peck of patches to cover multiple security flaws in its flagship Cisco IOS (originally Internetwork Operating System), warning that the bugs exposes businesses to denial-of-service or policy bypass attacks.
In all, the networking vendor released 10 advisories covering Cisco IOS flaws and a separate alert for a vulnerability in the Cisco Unified Communications Manager. Read the Cisco advisory bundle [cisco.com].

DarkReading’s Kelly Jackson Higgins is reporting on a new study that shows bot infections in the rise in the enterprise, most coming from  tiny, unknown botnets built for targeting victim organizations.

The three-month study of more than 600 different botnets found having infiltrated enterprise networks, researchers from Damballa discovered nearly 60 percent are botnets with only a handful to a few hundred bots built to target a particular organization. Only 5 percent of the bot infections were from big-name botnets, such as Zeus/ZDbot and Koobface. Read the full story [darkreading.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.