Weekly Top 10 security news (11th-mar-17th-mar)

Is Skype a Telephone Operator? France Will Investigate

French regulators said Tuesday that they had asked prosecutors to investigate Microsoft’s Skype unit over its failure to register as a telecommunications operator in accordance with local law, raising the question of what constitutes a telephone company in the age of Internet-based communications.

The regulator, known by its French acronym Arcep, said that it had, “on several occasions," asked Skype Communications, which is based in Luxembourg, “to declare itself an electronic communications operator,” and that the company had not acted.A company acting as a telecommunications operator incurs certain obligations, the French agency said, notably that “of routing emergency calls and putting in place a means for allowing legal wiretapping.”

Read More

Google Pulls Ad-Blocking Apps From Play Store For Violating Developer Distribution Agreement

More than a few developers have worked to make web browsing and app use in Android as clean and ad-free as possible, but it seems their efforts haven’t made them any fans at Google. That displeasure was made clear today when a number of developers who have created and maintain ad-blocker apps found their waresunexpectedly (and unceremoniously) removed from the Google Play Store.

It’s hard to say exactly how many apps have seen the business end of the banhammer so far, but at least four prominent programs — AdBlock Plus, AdBlocker, AdAway and AdFree — can no longer be downloaded from the search giant’s content market.Google began sending out removal notifications a few hours ago, and developer Jared Rummler was among the first to share his letter publicly. So far, they all seem to invoke the same argument — these developers are violating part of the company’s

Read More

National Vulnerability Database taken down by vulnerability-exploiting hack

The federal government's official catalog of software vulnerabilities was taken offline after administrators discovered two of its servers had been compromised. By malware. That exploited a software vulnerability.

The National Vulnerability Database is maintained by the National Institute of Standards and Technology and has been unavailable since late last week, according to an e-mail sent by NIST official Gail Porter published on Google+. At the time of this article on Thursday afternoon, the database remained down and there was no indication when service would be restored."On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet," Porter wrote in the March 14 message. "NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability."

Read more

Apple fixes OS X Flaw That Allowed Java Apps to Run With Plugin Disabled

Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. OS X 10.8.3 fixes 21 total vulnerabilities, and also includes a new version of the malware removal tool for Apple machines.

The latest set of patches for Apple OS X comprises a lot of important security patches, but the most interesting one is the fix for the Java issue. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X.

Read More

​Ramnit - The renewed bot in town

Ramnit is one of the most prevalent threat families still active in the wild today. We are still keeping an eye on this threat and we have found a major change in Ramnit in the latter half of 2012. What we have found is that the newer version of Ramnit has stripped off all of its infection function routine but has enhanced its botnet function heavily. The infection function, it turns out, has not come back in the newer version. We have also updated our encyclopedia with details of the recent change, which you can read at the family description of Win32/Ramnit and at the description for the rootkit component,Trojan:WinNT/Ramnit.gen!A.

Read More

Bill Gates addresses cybersecurity threats, then gets hacked

Microsoft co-founder Bill Gates stopped by the Washington Post today and spoke about his support for addressing the threats of cybersecurity.Coincidentally, Gates today became the latest celebrity to have his credit card, social security and other information posted online as part of an ongoing celebrity doxxing fiasco.

Gates’ SSN, date of birth, address and credit card info were posted to a mysterious website that has been publishing the personal data of various celebrities from Michelle Obama to Tiger Woods.The hackers seem to be pulling data from one of three big credit reporting companies: Experian, Equifax or TransUnion.

Read More

Street View Scandal: Google to Pay 38 States $7 Million

The Google Street View lawsuit came to a close Tuesday by settling to pay a divided $7 million dollars to 38 states that sued over the practice of Google’s team, whose Street View vehicles secretly collected personal information up on Wi-Fi networks.

There were no explicit results from the FCC pointing that Google violated the Federal Wiretap Statute. And really, $7 million is nothing to a powerhouse like Google Inc., whose net worth comes out to $200 billion dollars. Essentially, Google got off easy with a situation we don’t know what could have escalated to (using said data for advertising purposes, most likely) if it weren't for the fact that they got caught.

Read More

Critical Updates for Windows, Adobe Flash, Air

Microsoft and Adobe each released patches today to plug critical security holes in their products. Microsoft issued seven update bundles to address at least 20 vulnerabilities inWindows and related software. Adobe released the fourth security update in nearly as many weeks for its Flash Player software, as well as a fix for Adobe AIR.

Microsoft today began pushing out seven security patches, four of them rated “critical,” meaning the flaws they fix could be used by malware or bad guys to break into unpatched systems with little or no help from users. The critical patches address bugs in Windows,Internet ExplorerMicrosoft SilverlightMicrosoft Office andMicrosoft SharePoint. Updates are available for Windows XP,Vista, Windows 7, Windows 8, Windows Server 2003,2008 and 2012.

Read More

Microsoft to patch security vulnerabilities on Tuesday - including some rated as "critical"

Patch Tuesday is bringing seven security fixes, with Microsoft deeming four of them "drop-everything-and-fix-this-now" critical.The patches are for Windows, Internet Explorer and Office, as well as a sprinkling for Windows Server and Silverlight.Microsoft says that four of the patches will address "critical" vulnerabilities."Critical" is, of course, Microsoft's highest severity rating.

It covers self-propagating malware such as network worms or common-use scenarios in which code is executed without warning or prompt, such as when users open booby-trapped email or suffer drive-by attacks from maliciously rigged webpages.In this patch go-round, Microsoft warns that critical flaws might allow for remote code execution on Windows, Internet Explorer, Silverlight and Office.Another critical vulnerability would allow for elevation of privilege on Office and Server Software.

Read More

CCTV hack takes casino for $33 MILLION in poker losses

A sophisticated scheme to use a casino's own security systems against it has netted scammers $33m in a high-stakes poker game after they were able to gain a crucial advantage by seeing the opposition's cards.The team used a high-rolling accomplice from overseas who was known to spend large amounts while gambling at Australia's biggest casino, the Crown in Melbourne, according to the Herald Sun. He and his family checked into the Crown and were accommodated in one of its $30,000-a-night villas.

The player then joined a private high-stakes poker game in a private suite. At the same time, an unnamed person got access to the casino's CCTV systems in the poker room and fed the information he gleaned back to the player via a wireless link. Over the course of eight hands the team fleeced the opposition to the tune of $33m.

Read More

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service