Threatpost for B2B

The Chinese group behind the targeted attack on the New York Times was laser focused on accessing the email of a reporter and the newspaper’s former Beijing bureau chief to the point that it used an inordinate number of custom malware samples to get the job done.

“In terms of statistics, 45 [custom malware samples] as a ratio to the number of computers involved, 53, is a high ratio,” said Richard Bejtlich, chief security officer of Mandiant, the forensics firm hired by the Times to investigate the targeted attack. “Usually, you’ll see one or two for the relatively small number of systems involved.”

read more

There aren't many things that count as surprises anymore in the security industry. And the news today that The New York Times was penetrated by a team of Chinese attackers who apparently had access to large amounts of employee emails for several months certainly doesn't fall into that category. It would be news if these attackers weren't targeting The Times and other large media companies. What's interesting and novel is that the company decided to out itself as a victim, signing up for what may be a large dose of public scorn and derisive laughter.

read more

While Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco’s annual security report released this week.

Compromised websites hosting malicious Java and iFrame attacks and other malware far and away outpaces all other delivery vectors for malware, Cisco’s report said.

read more

A buffer overflow could occur in VideoLAN's VLC cross-platform multimedia player when attempting to parse a specially crafted advanced systems format (ASF) movie, a researcher reported.

read more

NEW YORK--The long list of high-profile cyberespionage and cybercrime attacks that have surfaced in the last couple of years has led to broad discussions in the security community, government circles and elsewhere about the scope of the problem. Those discussions now are just starting to reach into the boardroom, and security experts say that any CEO who isn't concerned about this problem is living in the past.

read more

A new bit of malware is targeting popular apps on Android mobile devices to spew costly spam.

Beijing- and Dallas-based NQ Mobile said at least 600,000 Chinese users have been hit with the malicious code named "Bill Shocker" (a.expense.Extension.a) because it runs up the bills of infected users while sending spam messages using their devices. So far, the infection seems contained to China, but its success may pose an international danger based on current traction.

read more

A number of security vulnerabilities were repaired in the latest version of the Opera browser, which was released today. However, a security researcher says that users who downloaded the browser from Apple’s Mac App Store won’t have access to version 12.13; in fact you’ll be two revs behind as of today.

Graham Cluley of Sophos reported today that Opera 12.11 is the latest version available at the Mac App Store. Version 12.12 was released Dec. 18.

read more

After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser.

read more

Outcomes in security tend to be about data loss; stolen pharmaceutical formulas, jet fighter blueprints, patient records, credit card numbers etc. All of these come with a great cost to the victim and make for sexy headlines. But far too little is dissected and analyzed about service disruptions.

read more

An unusual new strain of ransomware makes good on its threat, doing what the majority of other varieties only claim to do. The Trojan actually encrypts data on infected machines, effectively rendering certain files inaccessible to users on compromised computers in order to block removal.

read more

By Dong Yan

In China these days, e-commerce has become an important part of daily life, especially among young people. According to a report from CNNIC (China Internet Network Information Center), the number of Chinese e-commerce users reached 242 million at the end of the December 2012. This is nearly half of all Chinese internet users.

read more

In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks.

read more

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL code, inject and execute arbitrary code and perform a denial of service attack on a Ruby on Rails app.

read more

Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year.

read more

Back in the dark days of dial-up connectivity, attackers wouldn’t bother compromising home computers as bots to be used in distributed denial-of-service. The lack of bandwidth made PCs persona non grata in the DDoS world. Instead, attackers targeted Web servers, the only machines with the high-speed broadband connections to make DDoS viable.

In the years since, broadband has literally come home and personal machines have been compromised by the millions for everything from spam to flood attacks against websites and online services.

read more