Posted by & filed under Security News.

Twitter is investigating after 55,000 account details — including username and password combinations — were published online.

Account details seemingly belonging to spammers were uploaded to Pastebin, a code-sharing site often used by hackers to post the results of their hacking escapades.

The accounts were published over five Pastebin pages — one, two, three, four, five. Legitimate users who are on the list are advised to change their passwords immediately.

A Twitter spokesperson said the company was looking into the situation. ”We have pushed out password resets to accounts that may have been affected,” they added.

“We’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked — that is, the password and username are not actually associated with each other.”

Many of the accounts however appear to be associated with ‘bot’ users, such as those representing machines which tweet based on keyword recognition or otherwise.

Read the rest of the story at ZDnet.com

Posted by & filed under Spyware News, Sypware / Malware Removal Tools.

An estimated 600,000 Mac users have been infected by the Flashback Malware. Although the number of infected computers is declining, Mac users are encourage to update their system to further protect their computer from the malware. Flashback exploits a security flaw in Java in order to install itself on Macs.

By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can run Software Update at any time to manually check for the latest updates.

In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

Symantec also released a trojan removal software for Mac computers that are still infected. The trojan remover can be found here while Mac updates is available here.

Posted by & filed under Security News.

Hackers In an interview The Wall Street Journal Shawn Henry, FBI executive assistant director and top man, said that the United States is not winning in battling hackers eventhough they have arrested several popularly known hackers such as “Sabu”.

Despite several worldwide arrest made to hackers, attacks are continually bombarding the US government he further added. Just last week, hackers attacked a military dating website and posted the information on nearly 171,000 accounts on Pastebin.

“I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model,” Henry told the Journal. “Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.”

In a related statement made yesterday by National Security Agency Chief Gen. Keith Alexander. Speaking before the Senate Armed Services Committee, Alexander said that China is stealing a “great deal” of the U.S. military’s intellectual property and so far, the U.S. has done little to stop it.

The main issue to resolve for the government and privately owned companies is that there is a large number of hackers and they are coming from different points of entry to steal information. Henry further stated that if a hacker is arrested there is already another hacker who is willing to take the position.

Henry Shawn is leaving FBI and joining the private sector in battling cyber threats.

Posted by & filed under Security News.

The number of computers in China which were infected and controlled by overseas IP addresses is on the rise with Japan and the U.S. ranked as top source of attacks, says the national Chinese computer defense team.

In a report Monday, China’s National Computer Network Emergency Response Technical Team (CNCERT/CC) said it has found 47,000 foreign IP address involved in remotely accessing and controlling computers in China during a random sample investigation in 2011.

While this was a drop from the 22,100 overseas IP address found in 2010, the number of infected computers has increased, it noted. In 2010, the number of infected computers in China were at 5 million and this increased to 8.9 million last year, said the report.

Japan was ranked as the top source of cyberattack as 22.8 percent of intrusions originated from the country. This is followed by the U.S. at 20.4 percent and Korea at 7.1 percent, said the report.

In 2009 and 2010, the U.S. was the top source of cyberattacks but the country dropped to second place last year. However, with 9,528 U.S.-based IP addresses controlling 8.85 million computers in China, the U.S. still the controls the most number of computers, said the report.

Overseas hackers were also responsible for vandalizing 1,116 Web sites in mainland China, said CNCERT/CC. A total of 11,851 foreign IP addresses were involved in remotely controlling 10,593 domestic Web sites, it added.

At 95.8 percent, a large majority of the fake Web sites posing as official ones for Chinese banks had foreign IP addresses. U.S.-based IP addresses comprised of 72.1 percent of the fake Web sites, making the country the main perpetrator again, said the report. CNCERT found that 481 U.S.-based IP addresses posed as 2,943 domestic bank Web sites, it noted.

source: ZDNETAsia.com

Posted by & filed under Security News.

A Russian university student hacked into a fully patched Windows 7 machine (64-bit) using a remote code execution vulnerability/exploit in Google’s Chrome web browser.

The attack, which included a Chrome sandbox bypass, was the handiwork of Sergey Glazunov, a security researcher who regularly finds and reports Chrome security holes.

Glazunov scored a $60,000 payday for the exploit, which targeted two distinct zero-day vulnerabilities in the Chrome extension sub-system. The cash prize was part of Google’s new Pwnium hacker contest which is being run this year as an alternative to the more well-known Pwn2Own challenge.

According to Justin Schuh, a member of the Chrome security team, Glazunov’s exploit was specific to Chrome and bypassed the browser sandbox entirely. ”It didn’t break out of the sandbox [but] it avoided the sandbox,” Schuh said in an interview.

Schuh described the attack as “very impressive” and made it clear that the exploit “could have done anything” on the infected machine. ”He (Glazunov) executed code with full permission of the logged on user.”

“It was an impressive exploit. It required a deep understanding of how Chrome works,” Schuh added. ”This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.

Glazunov is a regular contributor to Google’s bug bounty program and Schuh raved about the quality of his research work.

Schuh said Glazunov once submitted a similar sandbox bypass bug but stressed that these kinds of full code execution that executes code outside the browser sandbox form a very small percentage of bug submissions.

Google’s Sundar Pichai says the company is “working fast on a fix” that will be pushed out via the browser’s automatic update utility.

source: ZDNET