Browsing Category: Web Security

From ZDNet (Dancho Danchev)
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object [paretologic.com] found at a bogus Macintosh PortTube site.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.  Read the full story [zdnet.com]

Read more...

Categories: Web Security

From ZDNet (Dancho Danchev)
A currently ongoing malware attack across Twitter is abusing the momentum offered by Twitter’s trending topics in order to trick users into visiting bogus exclusive video sites and infect them with malware.
The campaign, spreading since last week, is relying on a growing number of automatically registered bogus Twitter accounts, which combine trending topics and hashtags with custom messages and pre-defined Tinyurl links, all leading to identical fake codec which is droping three different malware samples. Read the full story [zdnet.com]

Read more...

Categories: Cryptography, Web Security

One of the few things that most people in the security community seem to agree on is that there is a dire need for better security around Web applications. That need begins with the lack of security training for most Web developers and extends through the inconsistent use of Web-application testing, both pre-deployment and post-deployment. But one issue that has been overlooked for years probably belongs at the top of the list of Web application security woes: the haphazard use of cryptography.

Read more...

Categories: Web Security

Researchers at the University of California, Berkeley’s School of Information has released a report showing that the most popular Web sites in the United States all share data with their corporate affiliates and allow third parties to collect information directly by using tracking beacons known as “Web bugs” – despite the sites’ claims that they don’t share user data with third parties.  Read the announcement [berkeley.edu].  Download the full report [knowprivacy.org].

Read more...

Adobe’s first ever quarterly patch for the Reader and Acrobat product lines is set for June 9, the same day Microsoft is scheduled to deliver its batch of security updates.
As previously announced, Adobe plans to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June 9.

Read more...

Categories: Web Security

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser, according to a report [washingtonpost.com] by Brian Krebs
The Firefox add-on was silently added to Firefox when users downloaded a service pack for the Microsoft .NET Framework.  Annoyances.org explains why this is a security problem:

Read more...

Categories: Web Security

From The Last Watchdog (Byron Acohido)
There’s power in simplicity. That’s the upshot of the phishing attack now bombarding Facebook users.  Many FB’ers are receiving messages titled, simply, “Hello.” The body of the text contains a brief imperative sentence: “Check areps.at” or “Check bests.at” Several USA Today staffers have received these bogus messages.
Clicking on the “areps.at” or “bests.at” hyperlink takes you to a realistic-looking, but counterfeit, Facebook login page, where you will be prompted to type your userID and password. You don’t have to be particularly gullible to fall for this. You can be in a hurry;  multitasking on the ragged edge, networking multiple places, as part of  a job where you’re being asked to do more with less. Read the full story [lastwatchdog.com]

Read more...