Hackers Are Using Reddit to Connect 17,000 Macs to a Botnet

Bad news for Mac users: You’re at risk for an insidious malware that will connect your computer to a botnet.

Hackers have developed a backdoor entry called “Mac.BackDoor.iWorm” that gains access to Macs and uses Reddit to connect the hacked computer with a command server. Once the computer is infected, the iWorm uses Reddit’s search function to hunt down posts made by the hackers. These posts (on a Minecraft subreddit) provide server addresses, and the software uses the Reddit posts as a guide to connect to the botnet.

This gives them the option of using the infected computers for a variety of bad deeds, like attacking a website via DDOS attack or spamming the shit out of people.

It’s not clear yet how they infect the Mac in the first place, but researchers for Doctor Web estimate that most of the infected Macs are in the United States.

There’s no evidence that any of the estimated 17,658 Macs infected are actively getting used by the hackers, so that’s good. But the attackers still managed to gain access to a large number of computers, and they may simply be quietly growing the network until it’s large enough to execute something big.

Source:
http://gizmodo.com/hackers-are-using-reddit-to-connect-17-000-macs-to-a-bo-1642062140/+whitsongordon

Posted in Internet, Privacy, Security | No Comments

JPMorgan hack exposed data of 83 million, among biggest breaches in history

Names, addresses, phone numbers and email addresses of the holders of some 83 million households and small business accounts were exposed when computer systems at JPMorgan Chase & Co (JPM.N) were recently compromised by hackers, making it one of the biggest data breaches in history.

The bank revealed the scope of the previously disclosed breach on Thursday, saying that there was no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen.

It added that it has not seen “unusual customer fraud” related to the attack which exposed contact information for 76 million households and 7 million small businesses.

The people affected are mostly account holders, but may also include former account holders and others who entered their contact information at the bank’s online and mobile sites, according to a bank spokeswoman.

Security experts outside of the bank warned that the breach could result in an increase in crime as scammers will likely attempt to use the stolen information to engage in various types of fraud.

The bank’s customers should be on heightened alert for fraud, said Mark Rasch, a former federal cyber crimes prosecutor.

“All of this data is useful to hackers and identity thieves,” he said. “The kind of information that was stolen is not sensitive itself, but is frequently used to validate people’s identities.”

Source:
http://www.reuters.com/article/2014/10/03/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003

Posted in Internet, Privacy, Security | No Comments

Bug in Bash shell creates big security hole on anything with *nix in it

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Because of its wide distribution, the vulnerability could be as wide-ranging as the Heartbleed bug, though it may not be nearly as dangerous. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Patches have been issued by many of the major Linux distribution vendors for affected versions, including:

• Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
• CentOS (versions 5 through 7)
• Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
• Debian

A test on Mac OS X 10.9.4 (“Mavericks”) by Ars showed that it also has a vulnerable version of Bash. Apple has not yet patched Bash, though it just issued an update to “command line tools.”

Source:
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

Posted in Internet, Linux, Security | No Comments

Android bug allowing SOP bypass a ‘privacy disaster,’ researcher warns

Researchers are warning Android users of a major vulnerability that impacts a vital browser security mechanism called Same-Origin Policy (SOP).

The bug – called a “privacy disaster” by Tod Beardsley, an engineering manager at Rapid7 who blogged about the issue Monday – is serious because SOP, “the cornerstone of web privacy,” can be bypassed via exploitation, he explained.

While Google has patched the issue, Beardsley told SCMagazine.com in a Tuesday interview, it could still take months for many users to get the update through their device manufacturers or service providers. The bug, CVE-2014-6041, could allow a saboteur to circumvent the Android Open Source Platform (AOSP) browser’s Same-Origin Policy (SOP), a concern that impacts approximately 75 percent of Android users who run platforms older than version 4.4.

In addition to Android users with lower-end prepaid phones being vulnerable (where AOSP may be shipped as the default browser as opposed to Chrome, for instance), tech savvy users, who simply prefer the AOSP browser, could be targets for attackers, Beardsley said.

Source:
http://www.scmagazine.com/android-bug-allowing-sop-bypass-a-privacy-disaster-researcher-warns/article/371917/

Posted in Mobile, Privacy, Security | No Comments

Cleaning up after password dumps

One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and passwords on the web. We’re always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists claiming to contain Google and other Internet providers’ credentials.

We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.
It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems. Often, these credentials are obtained through a combination of other sources.

For instance, if you reuse the same username and password across websites, and one of those websites gets hacked, your credentials could be used to log into the others. Or attackers can use malware or phishing schemes to capture login credentials.

We’re constantly working to keep your accounts secure from phishing, malware and spam. For instance, if we see unusual account activity, we’ll stop sign-in attempts from unfamiliar locations and devices. You can review this activity and confirm whether or not you actually took the action.

Source:
http://googleonlinesecurity.blogspot.ie/2014/09/cleaning-up-after-password-dumps.html

Posted in Internet, Privacy, Security | No Comments