Feed aggregator

Yahoo Patches Bugs in Mail, Messenger, Flickr

Threatpost for B2B - Tue, 07/08/2014 - 16:49
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.

Microsoft July Patch Tuesday Updates Patch 29 IE Vulnerabilities

Threatpost for B2B - Tue, 07/08/2014 - 15:23
Microsoft fixes 29 security vulnerabilities in Windows, Internet Explorer, and Server Software in its July 2014 Patch Tuesday release.

Google Finds, Blocks Unauthorized Certificates

Threatpost for B2B - Tue, 07/08/2014 - 14:43
Phony digital certificates for a number of Google domains were discovered and blocked. The certs were issued by the National Informatics Centre of India and were in the Microsoft Root Store.

New Verizon Transparency Report Shows Large Government Appetite for Location, Content Data

Threatpost for B2B - Tue, 07/08/2014 - 13:49
The second transparency report from Verizon claims the company received nearly 150,000 total orders in the first half of 2014.

Adobe Patches Flash Vulnerability Exploited by Rosetta Flash Tool

Threatpost for B2B - Tue, 07/08/2014 - 13:27
Adobe patched Flash Player today, adding validation checks to the software so that it rejects malicious content from vulnerable JSONP callback APIs.

China Hackers Compromise Iraq Experts at National Security Think Tanks

Threatpost for B2B - Tue, 07/08/2014 - 10:53
A China-linked hacker group known as Deep Panda has compromised a number of national security think tanks seeking information on U.S. policy in Iraq.

Phishers Use Luis Suarez Bite as Bait

Threatpost for B2B - Tue, 07/08/2014 - 10:23
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant […]

Suarez phishing 'petition' dupes users and their friends

Secure List feed for B2B - Tue, 07/08/2014 - 04:00

At the end of last week we came across a curious method of distributing links to a phishing page that collects users’ personal data.

The FIFA World Cup in Brazil is attracting not only football fans in all parts of the world, but cybercriminals too. The phishing page is designed to imitate the FIFA website. Visitors are asked to sign a petition in defense of Luis Alberto Suárez, a forward for the Uruguayan national team. (On June 24, in a last group stage match between Uruguay and Italy, Suarez bit Italy defender Giorgio Chiellini on the shoulder. As a result, Suarez was disqualified for nine official matches for the national team and banned from all football-related activity for four months. He was also slapped with a fine).

To sign the petition, the user needs to fill out a form, entering his or her name, country of residence, mobile phone number and email address:


Phishing page asking football fans to sign a petition

The phishing page matches the design of the official website and all links on it redirect users to FIFA’s official site, fifa.com. The phishing domain was created on June 27, 2014. According to the whois database, it was registered in the name of a person residing in London. The data collection form was developed by the phishers using Google.Docs. Personal data obtained from the form can be used to send spam, phishing and SMS messages, as well as malicious apps. In addition, armed with users’ email addresses and telephone numbers the cybercriminals can conduct targeted attacks involving banking Trojans for computers and mobile devices. This technique is used to get round two-factor authentication in online banking systems in cases when a one-time password is sent via SMS.

After filling out the ‘petition’ form, victims were encouraged to share a link to the page with their friends on Facebook:


Window prompting users to share the link to the ‘petition’ with friends


Pop-up Facebook window

Unsuspecting fans shared links to the fake petition on their Facebook pages. This enabled the phishing link to spread widely across Facebook in a matter of days.


Example of an unsuspecting user sharing a link to the phishing page on a social network

Messages with links to the phishing page were also seen on dedicated forums, from which users probably reached the phishing page originally.

Motives Behind Havex ICS Malware Campaign Remain a Mystery

Threatpost for B2B - Mon, 07/07/2014 - 15:36
Experts question whether the Havex malware campaign targeting three European industrial control system software vendors is merely a dry run for something bigger.

Hard-Coded Password Vulnerability Plagues Some Netgear Switches

Threatpost for B2B - Mon, 07/07/2014 - 14:01
A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware.

Expect IE Rollup, Azure Service Bus Update on Patch Tuesday

Threatpost for B2B - Mon, 07/07/2014 - 10:10
Microsoft will release two critical bulletins tomorrow as part of its July 2014 Patch Tuesday security updates.

All Seized Domains Returned to No-IP

Threatpost for B2B - Mon, 07/07/2014 - 10:04
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP.

Threatpost News Wrap, July 4, 2014

Threatpost for B2B - Fri, 07/04/2014 - 09:00
Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil.
Syndicate content