Hijacking Safari 4 Top Sites

This short video demonstration shows a new technique for exploiting a flaw in Apple Safari 4 that enables an attacker to hijack the Top Sites feature in Safari and replace the victim’s Top Sites with phishing sites. The vulnerability and attack were discovered by Inferno.

Buy an Infected PC for 5 Cents

From PC World (Erik Larkin)
It doesn’t take much to get started in Internet crime these days. Find the right site, hand over $50, and you can start wreaking havoc with 1,000 already-infected PCs.
Finjan, a San Jose, CA security company, looked into the “Golden Cash” site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn’t cost much.  Read the full story [pcworld.com]

Adobe bitten by XSS bug it invented

Hundreds of thousand websites host vulnerable Adobe Flash files which can be exploited by malicious people to conduct convincing phishing and XSS attacks. In most cases, cookie hijacking is possible.
Unsuspecting users can be redirected from trustworthy SSL and non-SSL sites to malware, adware and spyware sites.  Read the full story [xssed.com]

Identity thieves are currently launching a massive attack on Facebook [techcrunch.com], using fake log-in pages to hijack usernames and passwords.
The attackers are using Facebook’s mail system to send a one-line message luring users to “fbaction.net,” a site that clones the social networking site’s log-in screen. Read the full story [zdnet.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.