Category: Warnings

The Python-based tool, dubbed TSURT (trust in reverse) uses the open source web scrapy framework Scrapy to pull user information like logos or avatars from a target site which are then embedded in the phishing page.

In a video demonstration, the tool pulls down a Facebook account profile picture which is then placed inside a fake Facebook dashboard screen featuring a fake private message.

If an attacker wants to do a targeted attack its not the hardest thing in the world to have access to basic creds like account number or BSB.” “If a victim saw this in a banking dashboard it would definitely raise less alarms alarms as opposed to usual phishing techniques which just rudely slap the user with a login page.”

Link: http://www.scmagazine.com.au/News/331434,new-phishing-tool-mimics-logged-in-dashboards.aspx?utm_source=feed&utm_medium=rss&utm_campaign=SC+Magazine+All+Articles+feed

Appthority runs each app with both static analysis and dynamic analysis to determine what the app can do beyond its advertised main function (e.g., gaming, news services, productivity, etc.). Appthority analyzes an app to uncover, for example, what other apps it can communicate with; what backend systems, URLs or websites the app accesses; what permissions the app requests versus what permissions the app actually uses (because there’s often a mismatch there); what behaviors the app exhibits; and how the app is managing sensitive data, including whether or not it is using encryption.

This information is essential to enterprises that are trying to develop policy and manage mobile security, says Domingo Guerra, president and co-founder of Appthority. … “There are lots of technologies on the market that are policy enforcers, but they only enforce what you tell them to do.”

In the app reputation report released in July 2012, Appthority reported that 96% of iOS and 84% of Android apps can access at least one of these data risk categories.

Organizations that already use a mobile device management (MDM) or mobile app management (MAM) solution can incorporate Appthority’s app reputation information to help formulate policy of who can access what apps, and when.

To secure corporate content, networks and data, an enterprise really has to focus on risk management over that data, and what can access that data.

Link: http://www.networkworld.com/newsletters/techexec/2013/020113bestpractices.html

The campaign, part of a distributed denial-of-service (DDoS) operation that began last fall, is being led by the Martyr Izz ad-Din al-Qassam Cyber Fighters, which said it staged the attacks in protest of anti-Muslim film, Innocence of Muslims. … On Dec. 21, the Office of the Comptroller of the Currency (OCC), a regulating body for national banks, issued an alert about the apparent uptick in DDoS attacks being waged in the industry.

Link: http://www.scmagazine.com/news-briefs-the-latest-breaches-malware-and-hacktivist-activities/article/276469/

Just as Muddy Waters confirmed it did not send such a tweet about Audience, so too did Andrew Left, the California-based investor who runs Citron, said his company did not send a message about Sarepta.

The twin incidents targeted a pair of Nasdaq stocks that are not among the most actively traded on a daily basis, showing how certain company shares are vulnerable to information posted on social media networks, even if the information is misleading.

“You need a more volatile stock for this kind of manipulation – obviously if you were to try it on IBM it wouldn’t work,” said Joe Saluzzi, co-manager of trading at Themis Trading in Chatham, New Jersey.

The tweet, with the user name “@citreonresearc,” alleged that drug trial results from the biopharmaceutical company had been tainted and doctored, according to screen shots of the posting captured by Twitter users.

Matt, a trader in San Diego who did not want to give his last name, but who goes by the handle @given2tweet on Twitter, said, “There’s a real severity to that tweet.

The company, which has a market cap of about $692 million, is volatile, moving more than 1 percent in six of the past seven sessions.

Audience went public in May 2012 and has a market cap of $254 million as of Tuesday’s closing price, rising about 15 percent so far this year.

Link: http://au.news.yahoo.com/thewest/business/a/-/tech/16031129/second-twitter-hoax-in-two-days-smacks-another-stock/

The role of the JavaScript code is to display rogue advertisements inside pop-up windows and trick users to click on them, which generates income for the attackers, Katsuki said. Knowing in advance which domain will be generated, the attackers register it and configure its SPF record to contain IP (Internet Protocol) addresses or host names that will be used by the malware to construct new malicious URLs. A domain name owner can specify an SPF policy — a number of IP addresses or host names that are allowed to send emails from that particular domain — inside a DNS TXT or SPF record. Email servers can then perform SPF lookups via DNS in order to check that email messages appearing to have been sent from that domain actually came from an IP address authorized by the domain administrator. If the sender IP address or host specified in an email’s header is not listed in the SPF policy for the corresponding domain name then the email sender’s address was probably spoofed.

Spachanel, the SPF policy for the domain name is not used to validate emails, but to provide a new list of malicious host names to be used by the malware.

That’s because in order to perform SPF lookups, the malware queries a trusted DNS server located on the local network or the Internet service provider’s network. This server then queries other DNS servers up the chain until the request reaches the authoritative DNS server for the domain name, which responds with a TXT or SPF record containing the SPF policy.

Link: http://www.infoworld.com/d/security/browser-hijacking-malware-talks-attackers-using-spf-email-validation-protocol-211660

Second on the list is, surprisingly, the British Virgin Islands in the Caribbean. Third on the list is The Netherlands with 154, which contributes to a hotspot of botnet command servers in that region of Europe amounting to 270 servers; the most dense of any region in the world.

http://www.neowin.net/news/the-united-states-is-a-hive-for-botnets?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+neowin-main+%28Neowin+News%29