Number: IRCNE2015092631
Date: 2015/09/21

According to “computerworlduk”, Apple has brought down a large number of apps from its store after it was found that around 40 iOS apps had been infected by a modified version of the company's software for developers.
Christine Monaghan, an Apple spokeswoman, told news outlets that the company removed apps from the App Store that it knows have been created with the counterfeit software, to protect its customers.
Palo Alto Networks reported last week that a new malware, called XcodeGhost, modified the Xcode integrated development environment for building apps for the Mac, iPhone and iPad.
The security firm said Friday that it had found that over 39 apps, including many popular Chinese apps, had been infected by the malware. These included WeChat, a popular chat app from Tencent, Didi Chuxing, developed by Uber's China rival, and business card scanner CamCard. Some of these apps are used outside China.
Tencent said in a blog post that the flaw only affects version 6.2.5 for iOS and not newer versions of WeChat.
XcodeGhost, which targets compilers, collects information on devices and uploads the data to command and control servers.

Number: IRCNE2014072261
Date: 2014-07-22

According to “cnet”, the first half of 2014 has seen the highest number and most intense DDoS attacks on record.
According to a new report from security provider Arbor Networks, the number of distributed denial-of-service events topping 20Gbps in the first half of the year doubled in comparison to all of 2013. More than 100 events at 100Gbps or higher were recorded in the first half of 2014.
The largest reported attack in the second quarter was an NTP reflection attack at 154.69Gbps, launched against a Spanish target. NTP reflection attacks use address spoofing to overwhelm a target with requests. Such attacks -- while still significant -- were more prevalent in the first quarter than the second, according to Arbor.
"Following on from the storm of NTP reflection attacks in Q1, volumetric DDoS attacks continued to be a problem well into the second quarter, with an unprecedented 100 attacks over 100GB/sec reported so far this year," said Arbor director of solutions architects Darren Anstee.
"The frequency of very large attacks continues to be an issue, and organizations should take an integrated, multi-layered approach to protection."

Number:IRCNE2014052196
Date: 2014-05-19

According to “zdnet”, as is usually the case, Microsoft released a large number of non-security updates today along with the Patch Tuesday security updates. Most of the 24 updates are for Windows 8 and other recent versions.
First, the monthly update to the Windows Malicious Software Removal Tool is out. This tool is designed only for highly-prevalent attacks. This month two new families of malware were added to the tool's detections: Win32/Filcout and Win32/Miuref.
Note: We tested Windows Update on Windows XP and it downloaded and ran the new version of the Malicious Software Removal Tool, so Microsoft has not abandoned Windows XP users there.

Number:IRCNE2014042142
Date: 2014-04-01

According to “computerworld”, Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.
Tesla Model S owners need to create an account on teslamotors.com when they order their cars and the same account allows them to use an iOS app to remotely unlock the car's doors, locate it, close and open its roof, flash its lights or honk its horn.
Despite providing access to important car features, these accounts are only protected by a password with low-complexity requirements -- six characters long and at least one number and one letter -- a security researcher named Nitesh Dhanjani said Friday in a blog post.
The Tesla Motors site also doesn't seem to have an account lockout policy based on incorrect log-in attempts, which makes accounts registered on the site susceptible to brute-force password guessing attempts, Dhanjani said.
However, the brute-force attacks are just one potential threat. Tesla accounts could also be targeted through phishing and malware or could be compromised as a result of third-party password leaks if car owners reuse their passwords on multiple sites, the researcher said. In addition, if the email associated with a Tesla account is compromised, an attacker could simply reset the account's password because there are no other checks involved, like answering secret questions, he said.
Dhanjani believes Tesla Motors should do more to protect accounts beyond using a static password and advises Tesla car owners to take precautions against potential security risks until that happens.

ID: IRCNE2013051852
Date: 2013-05-21

According to “Yahoo”, a Microsoft security expert said that computer viruses are on a rise worldwide once again after years of being less popular amongst computer attackers.
The security expert Tim Rains said that although viruses were less chosen to attack systems by hackers nowadays as they used other forms of threats, but recently Microsoft security has observed that viruses are on a rise for the first time after years of being not in action.
According to Rains, the reasons of high infection rate are co-related to the low broadband penetration rate, adding that the lower the rate of broadbrand the less the chances of network-enabled malware like worms and Trojans to spread.
According to the report, viruses that made for 5 percent of the total global malware reached to 7.8 percent by the end of 2012, adding that most of the virus infections have been traced to countries like Indonesia, Pakistan, Ethiopia, Bangladesh, Afghanistan and Egypt.
The most popular computer virus is Win32/Sality, a software that disguises its malicious properties from the anti virus programmes and infects the system.
It is frequently seen attacking systems running on Windows XP and as it is polymorphic it is less active and detectable on Windows Vista and other latest operating systems.
According to the report, though viruses are still easy to detect and remove, users are still advised to keep their anti-virus software updated and avoid downloading data from unknown websites or transfer data with USB or external drives.

ID: IRCNE2013051851
Date: 2013-05-21

According to “TechWorld”, Yahoo Japan, the country's largest Web portal, said up to 22 million user IDs may have been leaked during a hack that was discovered last week.
The company emphasized that the IDs are already public information, and no passwords or other private data were affected. Yahoo Japan IDs are used along with password to log in to the site, and are often displayed when users leave comments or use its shopping or auction services.
Yahoo Japan said it discovered illicit access to its ID servers on Thursday evening, and upon further investigation found a file with 22 million user IDs on it. The company said it wasn't sure if the file had been transferred outside of the company, but couldn't deny the possibility.
The website posted warnings of the possible breach on its login pages, and offered a service for users to check if their IDs were among those that were possibly leaked. Yahoo Japan said last year it had over 24 million active user IDs.
Yahoo Japan does not allow users to change their IDs without creating an entirely new account, which means losing access to existing mail and other data. The company does allow creation of a secondary user ID it calls a "Secret ID," which is used solely for logging in and not meant to be shared publicly.
The company introduced the Secret ID feature as part of a security upgrade after a security breach last month. Yahoo Japan said it had discovered a malicious program on company servers that had extracted user data for 1.27 million users, but the program was stopped before it leaked any of the data outside of the company.
Yahoo Japan is the country's most-visited Web property, according to Web data provider Alexa, and the 15th most visited site globally. It is majority owned by Softbank, which also runs one of the country's largest mobile phone operators and a large broadband service. Yahoo holds a 35 percent stake in the portal.

ID: IRCNE2013051850
Date: 2013-05-20

According to "techworld", Microsoft’s Internet Explorer 10 is better at blocking malware downloads than rivals Chrome, Firefox, Safari and Opera thanks to superior URL and application reputation technology, a new test by NSS Labs has found.
After testing the latest version of each of the five browsers against 754 malware-infected URLs over 28 days, IE10 (running on Windows 8) achieved a raw block rate of 99.9 percent, ahead of Chrome’s 83.1 percent, Firefox’s 10 percent, Safari’s 9.9 percent and Opera’s 1.8 percent.
According to NSS, the explanation is that Firefox and Safari both use Google’s older Safe Browsing API v1, a part-cloud URL reputation system, while Opera bought in a similar scheme from a third party. Neither of these options appears to work well any longer.
Interestingly, as of late last year Chrome itself uses the more advanced Safe Browsing API v2 that offers superior protection thanks to a second layer that expands the checks performed on both files as well as URLs.
IE, by contrast, offers the same mix of URL and file reputation filtering as Chrome using SmartScreen but puts itself at the top of the blocking heap by adding a further layer, Application Reputation (sometimes called SmartScreen Application Reputation), basically a cloud scoring system for assessing each application to see whether it or its publisher is known good, known bad, or unknown.
Microsoft and Google's technologies aren't that different to one another in principle but Microsoft's appears to have found more sophisticated file-oriented analytics for spotting realworld threats.
NSS Labs tested IE10's performance on Windows 8; the same App Rec system was also available to Windows 7 users running IE9 but it was unclear whether this would show the same protection, the firm warned.

ID :IRCNE2012071563
Date: 2012-07-21

IDG News Service - The number of phishing websites detected reached an all-time high earlier this year, a sign that making fake websites spoofing real ones is still a lucrative trade for cybercriminals.
In its latest report, the Anti-Phishing Working Group (APWG) said 56,859 phishing sites were detected in February, beating the previous record high in August 2009 by nearly 1 percent. APWG is a nonprofit consortium composed of banks, security vendors and others with a stake in tracking cybercrime trends.
Phishing sites are websites that look nearly identical to the legitimate ones and often mimic known brands. Leveraging the trust users put in the legitimate companies, cybercriminals succeed in tricking victims into divulging logins, passwords and other sensitive information.
The APWG noted in its report that the increase in the number of phishing websites was in part due to new technology that it began using earlier this year to detect fraudulent sites.
More than 38 percent of the fake websites were related to financial services, according to the APWG's report. The second most spoofed market vertical was payment services, followed by retail and other service sites. The sites spoofed 392 brands, also a new record.
"All manner of commerce is transacted online today and in that are opportunities for new and provocative scams, leveraging some part of the customer-enterprise relationship that is unique to the domain," said Peter Cassidy, secretary general of the APWG. "People are tougher to fool with phishing, but they still can be in the hands of a creative scam artisan."
The U.S. hosted the most fake sites. About half of the phishing sites for the first quarter of 2012 used some form of a brand in their URL, which often tricks people.
On the bright side, though, phishing sites are being taken down faster than ever due to better security technologies. But "the problem is a lot of campaign schemes are built around deployment of lots of landing websites for a single campaign to complicate the work of putting down the attacks," Cassidy said.

ID: IRCNE2012071562
Date: 2012-07-21

According to “CNet”, computer security experts took down the world's third-largest botnet, which they say was responsible for 18 percent of the world's spam.
Command-and-control servers in Panama and the Netherlands pumping out up to 18 billion spam messages a day for the Grum botnet were taken down Tuesday, but the botnet's architects set up new servers in Russia later in the day. California-based security firm FireEye and U.K.-based spam-tracking service SpamHaus traced the spam back to servers in Russia and worked with local ISPs to shut down the servers, which ran networks of infected machines called botnets.
The tech community has stepped up its efforts of late to take these botnets offline. Microsoft in particular has been quite active, using court orders to seize command-and-control servers and cripple the operations of the Waledac, Rustock, and Kelihos botnets.
The takedown of the Rustock botnet cut the volume of spam across the world by one-third, Symantec reported in March 2011. At its peak, the notorious botnet was responsible for sending out 44 billion spam messages per day, or more than 47 percent of the world's total output, making it the leading purveyor of spam.
Security experts are confident they have stopped the Grum botnet in its tracks.
"It's not about creating a new server. They'd have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again," Atif Mushtaq, a computer security specialist at FireEye, told the Times. "They'd have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server."

ID: IRCNE2012071561
Date: 2012-07-21

According to "zdnet", earlier this month, Trend Micro discovered a new piece of malware trying to take advantage of Skype's increasing popularity and called the threat JAVA_SMSSEND.AB. Cybercriminals had created a fake version of the Skype for Android app, designed to earn money from unsuspecting users. Now, Microsoft has caught up with the times, saying it found the threat last week, and is warning its customers about what it refers to as Trojan:Java/SMSFakeSky.A.
The cybercriminals behind this scheme have set up fake websites advertising fake Skype apps. Most of the sites are hosted on Russian domains (.ru) but the fake apps themselves are hosted on Nigerien domains (.ne).
Since Microsoft owns Skype, the software giant is making a point to underline this threat. "Just as you would when taking care of any valuable property, mobile users need to take appropriate security measures and precautions," a Microsoft spokesperson said in a statement before advising users to consider the following measures:

• Download your apps from only legitimate and trusted sources.
• Install an antimalware solution for your device.
• Scan apps with your regular antimalware solution on your desktop before loading them directly onto your device. (You could even use Microsoft Security Essentials for this purpose.)

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Skype link: play.google.com/store/apps/details?id=com.skype.raider.
Related Link:
Warning: Fake Skype app on Android is malware