Cisco Connected World Technology Report

Major study findings

Malware for Android

In 2012, the number of malware infections for the Android operating system has increased by 2577 percent (ASR).

The share of mobile malware is only 0.5 percent of the total amount of malware on the Internet (ASR).
These trends are particularly important in view of the fact that for a Generation "Y" smart phones have become the most popular device, is used more often than laptops, and tablet PCs (CCWTR).

The spread of malicious Internet codes in different countries

In 2012, the geographical landscape of online threats has changed considerably. In 2011, China ranked second in the list of countries most affected by malware. In 2012, China dropped to sixth place. Scandinavian countries (Denmark and Sweden), by contrast, have risen in the list for the third and fourth position respectively. The first line in the list continue to hold the United States, where there is a 33 percent infected with a malicious web codes (ASR).

PayPal eliminates dangerous vulnerability in its Software

Blind SQL Injection Vulnerability

The payment system PayPal paid $ 3,000 for information that will eliminate the vulnerability of database PayPal. The eliminated vulnerability allowed to carry an attack against PayPal like SQL-injection.

Award recipients was the company Vulnerability Laboratory, which first reported the critically dangerous bug in PayPal in August last year, is now in the company said that the full problem with the database has been eliminated at the end of December, in turn, PayPal said the company paid for the first time reward for help in finding vulnerabilities directly associated with the site, and not to the payment platform.

Number of XSS-attacks growing at an alarming rate

According to the hosting company Firehost, for the last three months, the number of such attacks has increased by 160%.

According to analysts hosting company Firehost, publishes a quarterly report on the number of different hacker attacks on the service organization resources, during the fourth quarter of 2012 the volume of XSS-attacks suddenly increased by about 160%.

"Throughout 2012 we were able to block more than 64 million of various types of attacks, including XSS-attacks were the most effective and widespread," - emphasizes the company's experts.

Analysts also noted that significant growth was recorded in respect of ongoing SQL-injection, XSS on a par with that belong to the group of cyber attacks «Superfecta», which are the most dangerous to the confidential information stored in databases. Total «Superfecta» includes four varieties of hacking - Cross-site Request Forgery (CSRF attack), directory traversal (Directory Traversal), Cross-site Scripting (XSS-attack) and SQL-injection.

Discovered fake Android-store applications

Symantec Corporation announces a new threat called Android.Exprespam.

Scammers create fake application store for the Android platform in order to obtain personal data.

Experts believe that with this scheme, criminals have managed to steal from 75 thousand to 450 thousand records of personal data, and it is far from the final data.

Corporation reported that malware Android.Exprespam was discovered at the beginning of January, but only a few weeks of activation, it has already caused damage to many users. According to the experts, which are only partly reflect the overall picture, the malicious Android Express's Play week was attended by over three thousand times.

New vulnerability in Java

New vulnerability in Java calls into question the effectiveness of protection against exploits.

Researchers discovered vulnerabilities to bypass security settings Java, designed to protect against hidden exploits.

Researchers from security company Security Explorations managed to find vulnerabilities in the security Java, which are designed to provide protection against hidden exploits. The flaw allows potential attackers to bypass security restrictions and perform 'drive-by' attack in the victim's browser.

Note that the user needs the ability to specify the security settings introduced by developers in December last year in Java 7 Update 10. They allow you to set limits on the run Java applications in web-browser. In this case the most "robust" safety of the four possible to block all applications that do not have a legitimate signature.

At the same time, the head of Security Explorations Adam Gowdiak, none of the proposed restrictions can resist intruders.

Hackers placed SSH backdoor on hacked servers

Group of hackers infect web servers fake module for the server Apache, beginning distribute SSH service with built backdoor to steal passwords and administrator on the server.

In the latter case, a group of hackers replace all the binary files associated with the SSH backdoor on the compromised server-version, designed specifically to capture all input via SSH-session data and transfer them to the controlled server side. This was told at Sucuri, dedicated to the protection against web-based attacks.

"I have seen SSHD-backdoors in the past, though in a small scale and not on public servers. However, the new attack is different from anything he had seen before," - says Daniel Cid, CTO Sucuri. Hackers modify not only SSH-demon, but all the SSH-binaries (SSH, SSH-agent and SSHD) with the main goal - to steal credentials from the server.

The largest botnet in China's history

Malicious program Android.Troj.mdk, which infected more than 1000000 Mobile devices (based on operating system Android) in China, was an updated version of the malware Android.Backscript.

Experts of the company Symantec claim that both malicious codes are similar. In addition, both use the same certificate to sign files APK.

The main difference Android.Troj.mdk from its progenitor (Android.Backscript) is that data encryption it uses encryption standard AES.

As previously reported, getting on the mobile device, the Trojan allows attackers to fully control it. This malware is generally used by cybercriminals to gather information: sms-messages, contact information and details about the location and movements of the device, and to steal files stored on the device.

Backdoors Found in Barracuda Networks Products

An extensive list of firewalls, spam filtering equipment and the creation of virtual private networks, manufactured by Barracuda Networks, contains undocumented backdoor by which a remote user can log in to the management system and gain access to restricted data. With such a warning came on the eve of the Austrian IT company SEC Consult Vulnerability Lab.

According to representatives of the company, is a backdoor in the system firmware of multiple Barracuda Networks product and using it to gain unauthorized access to sensitive devices. "This functionality is not documented anywhere, and can only be disabled through the hidden dialog expert settings" - Austrian experts warn.

Barracuda Devices, customizable to wiretap SSH-connections using backdoor take as a login to enter the word product, but as a password - empty string. After entering this data, the potential intruder appears access to the internal database MySQL. It also reported that the device can run the backdoor only with a narrow range of IP-addresses, and does not belong to the range of the manufacturer.

VIPRE Mobile Security - Monitoring online activity

VIPRE Mobile Security Monitoring online activity

VIPRE Mobile Security protects your smartphone from over 10,000 known Android viruses. Learn more about one of the leading mobile security applications today. It's the mobile security app protects your smartphone or tablet, backs up your contacts and photos, monitors your device history and helps you find and secure your lost device for complete peace of mind.

Location tracking device

Function VIPRE Mobile Security Android-positioning device allows you to view a map showing the location of your smartphone or tablet. With its easy-to-use web portal, you can track the location of the device for a specified period of time.

Instead of updating to Java - malware

Hackers using a sensation round of vulnerabilities in Java, created sites from which users allegedly can load the last updates.

The situation with vulnerabilities in Java received a wide resonance in print and electronic media therefore users with impatience expect updating for a popular computer platform. Producers of harmful programs at once used it, having created sites which allegedly offer the last updates for Java.

Researchers at Trend Micro reported that attackers use fake update javaupdate11.jar, which contains javaupdate11.class, load and execute malicious files and up1.exe up2.exe.

VIPRE Mobile Security Discount Coupon Code

VIPRE Mobile Security Premium at low price

VIPRE Mobile is antivirus for Android phones and tablets. Mobile Antivirus protects Android-devices from malicious applications, theft or loss. Includes antivirus, remote Anti-Theft function, backup to the 'cloud', the monitoring activity.

Use your smartphone or tablet without thinking about security - VIPRE Mobile protect them from most threats.

VIPRE Mobile Retail Pricing

US/Canadian Dollar:

1 Device for 1 Year - $19.99
3 Devices for 1 Year - $39.99

Time limited deals - Discount Coupon Code: "mobile-save10" ($10 OFF)

The new trojan replaces of search inquiries

The company Dr. Web informs users of distributing malware BackDoor.Finder, able to substitute demands in different search engines, as well as redirect the browser to malicious websites.

Run in the infected system, the Trojan drops a copy BackDoor.Finder in% APPDATA% folder of the current user, and makes the appropriate changes to the branch of the registry Windows, responsible for the startup applications. Then this malware is embedded into all running processes. If the Trojan to penetrate a browser process to Microsoft Internet Explorer, Mozilla Firefox, Maxtron, Chrome, Safari, Mozilla, Opera, Netscape and Avant, it intercepts function WSPSend, WSPRecv and WSPCloseSocket, reports news.drweb.com.

Antivirus programs retreating in the fight against malicious attacks

According to the results of the study, only 3 of the 25 products tested antivirus received safety certificates.

The German independent institute of information security of AV-Test conducted research within which during the period for November-December of last year of 25 anti-virus programs of house use and 8 corporate systems of data security underwent harmful attacks.

According to the results, AV-Test representatives stated that the effectiveness of anti-virus programs have decreased in comparison with the previous study.

As the researchers noted in the test 92% of zero-day attacks were blocked, respectively, only one of the 10 malicious attack is successful. Antivirus programs were able to clear only 91% of infected systems, however, work only 60% of them had been restored to the same level as before the infection.

The company said that the results of the study, three of the 25 anti-virus programs are not able to score the necessary points for the security certificate, among which was Microsoft Security Essentials, as well as software from PC Tools and AhnLabs.

China's Android users warned of giant botnet

Initially, the botnet was discovered in 2011, and now it has been introduced in about seven thousand applications for Android.

Researchers in the field of information security in China warn users of devices based on the discovery of large-scale Android botnet aimed at the platform. Currently, under the botnet got more than a million gadgets.

Initially, the botnet was discovered in 2011, and now it has been introduced in about seven thousand applications for Android.

Once infected, a smartphone user can control an attacker victim, kidnapping with contacts and SMS-messages. In addition, the botnet spread adware and unwanted loads on a smartphone application.

Microsoft has released an emergency patch for Internet Explorer

After Oracle which has let out emergency updating for Java, the Microsoft corporation let out urgent updating for the Internet Explorer browser where vulnerability which was used actively by hackers at commission of a number of target attacks to computers in a public sector of the various countries was eliminated. Hotfix for Internet Explorer 6, 7 and 8, where it is already placed in the automatic system updates, which will allow most modern Windows users automatically get it.

Dustin Childs, manager of the Microsoft Trustworthy Computing, said that the fix is ​​a given priority because of the increased risk of a bug, and the fact that these attacks have been conducted on people and corporations are known cases of infection with malware number of government systems through a vulnerability in the Internet Explorer.

Microsoft says that the latest version of Internet Explorer 9, and 10 have higher security systems and this bug it basically is not terrible, but for these browsers will later fix is ​​to close the vector danger.

Oracle has eliminated a serious vulnerability in the Java Browser

Oracle has released an update that closes the dangerous vulnerability in the software platform, Java, said the online Oracle.

It came three days after the experts division of Homeland Security United States to counter cyber threats (US-CERT) urged users to disable the add-in Java for browsers because of the danger discovered vulnerabilities.

Vulnerability used real Trojan Mal / JavaJar-B, included with packages hacker Blackhol and NuclearPack. She attacked the system based on Windows and Linux.

In addition to the vulnerability, which experts warned US-CERT, update fixes another similar error in Java. Both vulnerabilities allow attackers to gain unauthorized access to your computer, run the arbitrary code. According to the company, the update changes the way people interact with applets, a default security level is increased to medium to high. This now means that every time you run an unsigned Java-based applications will be requested by the sanction.

Last vulnerability in Java has caused quite a stir in the IT community

Last critically dangerous vulnerability in the Java environment has become well-known less than a week ago, but it has already caused a lot of noise in the IT environment, as it is, first, allows the implementation of the browser on the victim any file and execute it, and secondly , the exploit for it is actively spreading in the network.

In most Oracle, responsible for the development of Java, recognize Vulnerability and say that they are working on a fix. In the coming Tuesday, the company plans to issue 86 patches for their products, but will any of them are a patch for Java - is not known.

Independent experts say that in contrast to many other Java-vulnerabilities vulnerability dangerous because Java has a huge user base - more than 1 billion devices, and in addition, Java runs on most modern mobile, desktop and server platforms, so under attack in most cases are members of multiple systems at once.

The Polish IT company Security Explorations on Friday said that in Europe and North America, the latest Java-vulnerability is already being used by hackers and the company recorded a few active intrusion. Adam Govdiak, IT Specialist Security Explorations, says that Java-vulnerability only applies to Java 7 and all updates, including the latest at the moment Update 10. Other versions of Java are not subject to the problem.

In Europe new department on counteraction to online fraud is created

Police Office of the European Union yesterday officially opened a new cyber-department, whose task will be to fight online crime in the broadest sense of the anti-fraud online banking to catch online pedophiles. EC3 division or European CyberCrime Centre officially opened today at headquarters quartile of Europol in The Hague.

Cecilia Malmström European Commissioner for Internal Security, said that in Europe and worldwide cybercrime is experiencing its golden age and the establishment of such national and international security agencies designed to somehow curb cybercrime. According to her, now, online criminals are almost always one step ahead of the police, especially when it comes to imagination and cooperation.

According to estimates of Europol, only in the past year as a result of actions of cybercriminals Europeans suffered direct loss of 1.5 billion euros. Some success has already been achieved by the cooperation of the national police agencies of different countries, but while law enforcement officers are still far from defeating online criminals.

Found a serious vulnerability IP-phones from Cisco

Two researchers from Columbia University (USA), PhD Ang Cui and Professor of Applied Mathematics Salvatore Solfo, found a very serious vulnerability in the office IP-phones series CiscoUnified IP Phone 7900, which opens the possibility of attackers listening.

As it turned out, with physical access to the serial port of the device it is possible to reprogram the terminal so that it listens on all the sounds around you behind the scenes. It is noteworthy that so far not found a way to quickly deal with this problem (other than a complete change of firmware), and Cisco will release a new firmware for the devices in about six months. At the same time, the company has already released a hot fix for devices of this series, which solves the problem only partially, making it difficult to reprogram.

NVIDIA has removed security vulnerability by releasing driver update

Exploit for the vulnerability was published on Pastebin, although the company has not been notified about the discovery holes.

The U.S. company has released an update for NVIDIA driver (310.90 WHQL), which fixes a security vulnerability, discovered at the end of December. Pre-existing flaw could allow attackers to gain administrator privileges on the versions of Windows, which were released after Vista.

Vulnerability in the driver NVIDIA Display Service has been discovered by researchers in the field of information security, Peter Winter-Smith. He posted to exploit vulnerabilities on Pastebin.

The flaw could cause a buffer overflow and the introduction of a certain code afforded privileges. The exploit provides an attacker to bypass DEP-and ASLR-protection on the target system.

Later exploit the vulnerability has been removed from Pastebin, which is related to the fact that researchers have published it without notifying representatives of NVIDIA's newly discovered vulnerability.

In Adobe ColdFusion found three zero-day vulnerabilities

Manufacturer to produce official fixes January 15, 2013

Adobe has warned users that its ColdFusion server solution contains three vulnerabilities that are actively exploited by hackers. Vulnerable are the solutions ColdFusion versions 9.0, 9.0.1, 9.0.2, and 10 for all supported operating systems.

One of the vulnerabilities could allow an attacker to take complete control over the system, bypassing the remote authentication system. Two more can be exploited to gain access to certain items and reveal important information.

According to the manufacturer, the vulnerability can be proekspluatirovany only if the system is enabled password protection functionality, or if the password is set. Official release of the security update is scheduled for January 15, 2013.

Published information on breaking wiki.python.org

Following the hacking wiki.debian.org received information on intruders server hosting site wiki.python.org, using contain sensitive wiki-engine version of MoinMoin. Wiki.python.org site was compromised on December 28, the day before the release of MoinMoin 1.9.6 with security fixes.

After hacking of a site wiki.debian.org received information on penetration of malefactors on the server serving a site wiki.python.org, using containing vulnerability the wiki-cursor MoinMoin version..

As in the case of attack on the project wiki Debian, incident analysis showed that the attacker was able to access the system only under the user moin and could not elevate their privileges to the user root. After the penetration of the attacker tried to delete all the files belonging to the user moin, and this revealed his presence. Unfortunately, an attacker gained access to the database user wiki-project sites Python and Jython, containing, including password hashes. In this connection, initiated the process of changing passwords for users and wiki.python.org wiki.jython.org.

GMER 2.0 - a free utility to detect rootkits on Windows-based systems

The new version of the application GMER 2.0, a small but very useful tool to detect the hard disk of a computer for hidden  dangerous applications - rootkits.

As explained by the developers, their product will help professionals easily find traces of malicious activity, not seen by other means of protection. Including GMER can explore the hidden files, processes and system services. Users can also download timely detection of suspicious drivers and libraries, to track changes made to the registry, monitor active network connections and perform other routine tasks.

The key enhancements in the new version of GMER, is full support for 64-bit versions of Windows. Now the benefits of the product and the owners will appreciate the powerful modern computers. Supported platforms also includes newly made Windows 8.

Big Discounts: Bitdefender Security Software 50% OFF

Bitdefender Security Software 50% Discount

New year's promotions from IT Safaty News

Happy 2013! We are having 50% off from now till end of Jan 2013, while stocks last.

You can buy lowcost Antivirus & Security Software today! 50% off Promotion till end Jan 2013. We offer discount on best antiviruses and security software from Bitdefender & IObit. Products included: Antivirus Plus, Internet Security, Total Security and FREE IObit Advanced SystemCare PRO Version 6. Buy now and save money today with latest New Year's deals!