Information Security Alerts
Information Systems · Security

Information Security Alerts
Check this page frequently for the latest Information Security and Virus News


Important News

PHISHING EMAILS

a phishing emails asking you to fill in personal information has be sent to many USF Health email addresses. These email does not come from USF Health IS as evidenced by the return address. Please do not reply with the requested information. 

 

Phony Flash Update Serves Spam Ads

(August 16, 2013)

A phony update for Adobe's Flash Player serves spam advertisements to users who fall prey to its lure. Users are told that must install the update to view certain videos. Some of the advertisements are pornographic, and others are capable of replacing legitimate advertisements. The phony update has been spotted on websites aimed at children. It injects ads into every page visited. Users are advised to check their browser extensions.

http://www.scmagazine.com/fake-adobe-flash-player-update-extension-serves-salacious-spam-ads/article/307765/

http://www.theregister.co.uk/2013/08/16/fake_flash_browser_plugin_feeds_smut_ads/

 

Researchers Document Method of Sneaking Malicious Apps into Apple Store

(August 17 & 19, 2013)

Researchers have demonstrated a method of creating malicious apps that evade detection by Apple's app review. The apps, dubbed Jekyll malware, use program paths that do not exist during the app review process.

http://www.nbcnews.com/technology/apple-app-store-infiltrated-researchers-jekyll-malware-6C10945771

http://www.informationweek.com/mobility/smart-phones/apple-ios-security-defeated-by-sneaky-ap/240160105

 

Microsoft Reissues Problematic ADFS Patch

(August 19, 2013)

Microsoft has reissued a patch it pulled last week when users reported problems after installing. The patch addresses a vulnerability in Active Directory Federation Services (ADFS) 2.0. The initial version of the patch, MS13-066, caused ADFS to stop working if a previous RU rollup had not been installed. Microsoft also pulled a patch for Exchange Server due to problems after installation; an updated version of that patch is not yet available.

http://www.zdnet.com/microsoft-re-releases-botched-ad-fs-patch-7000019594/

https://technet.microsoft.com/en-us/security/bulletin/ms13-066

 

Sophisticated Skimmers Used in Attacks on Sydney ATMs

(August 16, 2013)

ATMs at two major banks in Sydney, Australia, were found to have been outfitted with "virtually undetectable" skimming technology that has been used by a group of Romanian hackers to steal AUD $100,000 (US $91,260). The thieves appear to be using sophisticated skimming devices that are made using 3D printers. At least one person has been arrested and charged in connection with ATM skimming attacks in New South Wales.

http://au.ibtimes.com/articles/499369/20130816/sydney-atms-hacked-scammed-romanian-thieves-atm.htm#.UhKUi0KinjC

http://www.theregister.co.uk/2013/08/16/3d_printed_atm_skimmers/

 

Ransomware Targets Computers Running OS X

(July 16 & 18, 2013)

A new ransomware scheme targets computers running Mas OS X. The attack displays a message that purports to be from the FBI, telling users that they must pay US $300 to unlock their computers which were frozen because the users had been "viewing or distributing prohibited pornographic content." Users will need to reset Safari to get rid of the message.

http://www.theregister.co.uk/2013/07/18/javascript_ransomware/

http://www.scmagazine.com/fbi-ransomware-scam-finds-new-home-on-the-mac/article/303320/

[Editor's Note (Honan): Underlines that today's malware is no longer designed to compromise operating systems but rather targets the humanCritical

 

Microsoft Asserts its Right to Disclose National Security Requests

    and Denies Giving NSA Unfettered Access to eMail

(July 16 & 17, 2013)

Microsoft says it is within its First Amendment rights to disclose national security requests for user data. Microsoft also says that it does not provide the NSA with encryption keys to access email, despite reports that they were helping the intelligence agency bypass security measures to access web chats through Outlook and putting backdoor access in its products to aid federal investigations.

http://www.eweek.com/security/microsoft-declares-right-to-disclose-government-requests/

http://www.theregister.co.uk/2013/07/16/microsoft_denies_it_gives_backdoor_access_to_outlook_encryption/

http://www.computerworld.com/s/article/9240835/Microsoft_denies_giving_NSA_direct_access_to_email?taxonomyId=17

http://www.zdnet.com/microsoft-we-do-not-give-the-nsa-keys-to-bypass-email-encryption-7000018146/

 

Apps in Google Play Store Contain Code That Exploits Master Key

    Vulnerability

(July 17, 2013)

At lease two apps available in the Google Play app store have been found to take advantage of the master key vulnerability present in nearly all Android devices. The two detected apps do not appear to have malicious intent, but their presence raises questions about Google's scanning of apps offered for sale in the store. Researchers say that the apps "do not pose a threat for users." The researchers who found the problem apps have notified Google and the apps' developers. The exploit's presence could be either a coding error or the result of using a certain development toolkit. Android users who have updated their devices to run the most recent version of the operating system or who have installed security software that blocks the exploit will find that the apps do not run on their devices.

http://www.informationweek.com/security/client/google-play-has-apps-abusing-master-key/240158446

 

Mac Malware Uses Encoding Trick to Hide File Extensions

(July 15, 2013)

Malware that targets Mac OS X uses a right-to-left override ploy to avoid detection. The trick is used to hide the actual extension of executable files. The malware, known as Janicab, is signed with what appears to be a valid Apple Developer ID. It takes screen shots and records audio through infected machines, and sends the data to a command-and-control server. It also maintains contact with the command-and-control server for instructions. Janicab spreads through spearphishing and spam.

http://news.cnet.com/8301-1009_3-57593753-83/new-mac-malware-disguised-with-right-to-left-encoding-trick/

http://www.infosecurity-magazine.com/view/33452/mac-spyware-hides-file-extensions-to-evade-detection/

 

Android Flaw Lets Attackers Insert Code Into Signed Apps

(July 2, 3 & 4, 2013)

A critical vulnerability that affects every version of the Android operating system since 2009 can be exploited to allow attackers complete access to Android devices. Hackers could steal data from the phones, use them to send spam, or eavesdrop on communications. The flaw allows attackers to alter the code of an app without invalidating the apps original cryptographic signature, which allows malicious code to evade the operating system's mechanism that checks cryptographic signatures to make sure they are trusted.

http://www.h-online.com/security/news/item/Android-s-code-signing-can-be-bypassed-1911409.html

http://www.bbc.co.uk/news/technology-23179522

http://arstechnica.com/security/2013/07/android-flaw-allows-hackers-to-surreptitiously-modify-apps/

http://www.v3.co.uk/v3-uk/news/2279495/android-master-key-leaves-99-percent-of-google-smartphone-and-tablet-users-open-to-attack

 

Sophisticated Trojan Targets Android Devices

(June 7 & 10, 2013)

Researchers have discovered a sophisticated Trojan horse program that targets Android devices. The Trojan, known as Obad, exploits two unknown flaws in the Android mobile platform and a third vulnerability in other software. Obad sends text-messages to premium rate numbers, racking up charges on phone owners' bills, and it downloads additional malware onto infected phones. The two Android vulnerabilities help prevent Obad from being detected and from being removed from infected phones. Obad uses Bluetooth and Wi-Fi to infect other devices.

http://www.scmagazine.com/researchers-claim-theyve-discovered-the-most-advanced-android-trojan-yet/article/296703/

http://www.h-online.com/security/news/item/Sophisticated-Android-Trojan-identified-1885824.html

http://arstechnica.com/security/2013/06/behold-the-worlds-most-sophisticated-android-trojan/

http://www.theregister.co.uk/2013/06/07/android_obad_trojan

 

Information Security Links