Yahoo logins hacked and leaked

July 12, 2012 – 6:09 AM

A hacker group called D33D is claiming to have accessed more than 453,000 logins from Yahoo. The group says it used a union-based SQL injection to access an unidientified Yahoo service to retrieve the data, which it says was unencrypted, and has posted it online. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” says D33D in a statement. “There have been many security holes exploited in Web servers belonging to Yahoo that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Source:
http://www.tgdaily.com/security-features/64627-yahoo-logins-hacked-and-leaked

Malware-as-a-service allows victim management

June 22, 2012 – 5:34 AM

A big amount of the malware out there are RAT (Remote administration tool) samples. This is software created by people specialized on it, people that develop, improve and sell their tools. It has capabilities that let the attacker spy on the victims with actions like screen capturing, keylogging, password stealing, command execution and remote access and controlling. Clients of these services usually pay to gain access to the tools and additional services like support, zero or low antivirus detection. Below is a description of such a service that AlienVault have been observing: Clients pay for the service and then they gain access to a web portal where they can generate personalized Trojans, manage the infected victims via the web browser and host the malware on their “cloud”. Creators promote itself as a service to remote control computers and “recover passwords”. This means that clients don’t have to mess with almost any technical issues, and they don’t need special skills or knowledge. The providers supply the tools, the hosting, and the Command and Control server. When the client logins to their personal account they can see the main menu, tutorials and shortcuts.

Source:
http://www.net-security.org/malware_news.php?id=2155

Unpatched Microsoft security vulnerability being actively exploited

June 19, 2012 – 10:29 AM

An unpatched critical security vulnerability in Microsoft’s software, which means that users’ computers can become infected simply by visiting a website with Internet Explorer, is being actively exploited by cybercriminals. Alongside last week’s regular Patch Tuesday announcement (including a remote code execution vulnerability that is being exploited by attackers in the wild), Microsoft also issued an out-of-bounds security advisory about an as-yet unpatched security hole (known as CVE-2012-1889).

Source:
http://nakedsecurity.sophos.com/2012/06/19/unpatched-microsoft-security-vulnerability-exploited/

Flame code linked to Stuxnet virus, experts say

June 14, 2012 – 5:27 PM

The Flame cyber-attack that targeted computers across the Middle East has been linked to the Stuxnet worm, which is believed to have been orchestrated by the US and Israel to attack Iranian nuclear centres.

Speaking at the Reuters Global Media and Technology Summit on 11 June, Eugene Kaspersky, chief executive of the Russian security firm that bears his name and which discovered the Flame virus in May, said his team of researchers have found that Flame shares an almost identical piece of code with a 2009 version of Stuxnet.

Symantec has also been analysing Flame, seconded Kaspersky Lab’s assertion regarding the malware’s similarities to Stuxnet. A Symantec research manager confirmed that the two cyber weapons were built using shared source code.

“[T]here were two different teams working in collaboration,” Kaspersky said, suggesting that the engineers who developed both viruses had access to the same code.

Source:
http://www.itproportal.com/2012/06/13/flame-code-linked-stuxnet-virus-experts-say/

Simple authentication bypass for MySQL root revealed

June 13, 2012 – 6:02 AM

Exploits for a recently revealed MySQL authentication bypass flaw are now in the wild, partly because the flaw is remarkably simple to exploit in order to gain root access to the database. The only mitigating factor appears to be that it depends on the C library that the MySQL database was built with. The bypass, assigned the vulnerability ID CVE-2012-2122, allows an attacker to gain root access by repeatedly trying to log in with an incorrect password. Each attempt has a 1 in 256 chance of being given access. The exploits are mostly variations of looping through connecting to MySQL with a bad password around 300 to 512 times.

The vulnerability, which was detailed in a posting by MariaDB security coordinator Sergei Golubchik, is due to a casting error when checking the results of comparing (with the memcmp function) the password given and the expected password. “Basically account password protection is as good as nonexistent”, says Golubchik, adding “Any client will do, there’s no need for a special libmysqlclient library”. Vulnerable versions of MySQL and MariaDB are those compiled with libraries that return integers outside the -128 to 127 range for memcmp. According to Golubchik the gcc built in memcmp and BSD libc memcmp are safe, but the linux glibc sse-optimised memcmp is not safe.

Source:
http://www.h-online.com/open/news/item/Simple-authentication-bypass-for-MySQL-root-revealed-Update-1614990.html