Feed aggregator

WebRTC Found Leaking Local IP Addresses

Threatpost for B2B - Tue, 02/03/2015 - 10:11
Using a new proof-of-concept, local and public IP addresses can be extracted from candidate messages sent by the API Directory's STUN protocol requests .

Google Adds Research Grants to Bug Bounty Program

Threatpost for B2B - Mon, 02/02/2015 - 15:44
Google announced that it will offer research grants to those taking part in its Vulnerability Rewards Program. The program paid out $1.5 million in 2014.

DNS Hijack in D-Link Routers, No Authentication Required

Threatpost for B2B - Mon, 02/02/2015 - 12:16
There is a remotely exploitable domain name system hijack vulnerability in D-Link's DSLR2740R router.

Female Skype Avatar Sinks Syria Opposition Fighters

Threatpost for B2B - Mon, 02/02/2015 - 11:40
A cyberespionage campaign pulled off by pro-Syrian hackers against Assad opposition fighters used social engineering to steal military planning documents.

Another Flash Zero Day Emerges

Threatpost for B2B - Mon, 02/02/2015 - 09:51
For the third time in the last couple of weeks, Adobe is dealing with a zero day vulnerability in Flash. The company is working on a patch for another Flash bug that is being exploited in drive-by download attacks. Adobe officials released an advisory Monday warning users that attackers are exploiting a new vulnerability in […]

WhatsApp for Web in the sight of cybercriminals

Secure List feed for B2B - Mon, 02/02/2015 - 08:40

There is no doubt WhatsApp is among the most popular mobile IMs nowadays – its 700 million users worldwide were eagerly awaiting this week's promised desktop version. However, it wasn't just users who were waiting – cybercriminals were quick to start using this new feature in their attacks, aiming to spread malware and infect users.

In fact we've been seeing malicious messages about a supposed desktop WhatsApp long before the app added that platform to its repertoire. Fake downloads appeared in several languages and countries, and now there is a real product out there the fraudsters have returned to their old attacks, dressed them up in new clothes and sent them on the prowl for new victims. In Brazil, for example, we soon saw messages like this:

"WhatsApp for your PC" is now real, but this link is malware

We found several malicious domains registered to be used in these attacks. Some were already in use and others were waiting their owners' command, such as whatsappcdesktop.com.br, spreading Brazilian Trojan bankers (b93417abdc82cf79d79b737b61744353 and 9f485efea5c20b821e9522e3b4aa0e11):

However, other bad guys decided to prepare a nice design and ask users to install a suspicious Chrome extension that had nothing to do with WhatsApp:

You do not need a Chrome extension to use WhatsApp Web…

There are also some unofficial desktop versions of WhatsApp circulating among speakers of Arabic and Spanish. Here a website offer a version of "WhatsApp Plus" for installation:

And here the "WhatsApp Spy" targeting Spanish-speaking countries:

To download the supposed desktop version you need to inform your mobile number:

Why they ask your number? To subscribe on premium services that will cost money and to send you spam. Yes, spam. One thing is certain: all these web services aim to easily collect your mobile number and feed the long-established spam industry that already uses WhatsApp. As pointed out by Adaptive Mobile, the number of these spam messages increases day by day. WhatsApp process around 30 billion messages per day – not surprisingly, many of them are spam:

Mobile Spam, now on your instant message

It´s not difficult find Brazilian spammers who are already doing this, masquerading as 'marketing companies' and selling packages to disperse spam. Their services don't just include text, there's also the opportunity of spreading pics, audio or even video for the low price of $0.03 cents per message, including an admin and API panel:

U$75 for 5k credits, which correspond to 5,000 spam messages

Unfortunately, it is not possible block messages from unknown contacts on WhatsApp; all you can do is block the sender after the message was arrived, which does not solve the problem at all. In all cases keep in mind the real web services of WhatsApp are located at https://web.whatsapp.com so please refuse imitations and suspicious apps.

Facebook Malware Poses as Flash Update, Infects 110K Users

Threatpost for B2B - Fri, 01/30/2015 - 13:34
UPDATE: A new piece of malware is making the rounds on Facebook, infecting users after luring them in with a link to a salacious video.

Threatpost News Wrap, January 30, 2015

Threatpost for B2B - Fri, 01/30/2015 - 12:55
Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions!

Army Research Lab Releases Dshell Forensics Framework

Threatpost for B2B - Fri, 01/30/2015 - 11:59
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The goal in open sourcing the framework […]

Reddit Publishes its First Transparency Report

Threatpost for B2B - Fri, 01/30/2015 - 11:28
Reddit published its first transparency report and said it received a relatively low number of government requests for user information and content takedowns.

PHP Applications, WordPress Subject to Ghost glibc Vulnerability

Threatpost for B2B - Thu, 01/29/2015 - 16:02
Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.

ZeroAccess Botnet Returns, Resumes Click-Fraud Activity

Threatpost for B2B - Thu, 01/29/2015 - 15:25
Long thought dead, the peer-to-peer (P2P) ZeroAccess botnet has resurfaced and as of just a few weeks ago, has returned to propagating click-fraud scams.

Microsoft Publishes Information Sharing Guidelines

Threatpost for B2B - Thu, 01/29/2015 - 14:58
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.

Schneider Electric Patches Buffer Overflow in ICS Products

Threatpost for B2B - Thu, 01/29/2015 - 13:09
There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines. The vulnerability lies in a DLL that’s installed with a Device Type Manager that is part of several Schneider products, including the Unity Pro development software, the […]
Syndicate content