Information security news

News Bytes

April 2013

Spamhaus DDoS attack

Spamhaus supplies lists of IP addresses for servers and computers on the net linked to the distribution of spam. Between March 19 and March 22 10Gbps –

90Gbps March 26 – 300Gbps DNS reflection attack –

congestion of Tier 1s, primarily in Europe Cyberbunker, a hosting company that operates

out of an abandoned NATO bunker in the Netherlands, is known for hosting almost any website, except those involved with terrorism and child pornography

'Chameleon Botnet' takes $6-million-a-month in ad money

Researchers at Spider.io discovered a ‘human-like’ botnet counting over 120,000 infected systems, and costing advertisers more than $6 million a month According to Spider.io. Chameleon is the

first botnet to directly impact display advertisers rather than text-link advertisers.

Simulating human activity, the click-fraud botnet was used to steal money from unwary advertisers on over 200 websites, hijacking at least 65 percent of their traffic from ads

Samsung lock screen flaw found!!!

Similar to one that was revealed by another researcher earlier this year on iPhones. On a Samsung handset, users can, from the lock screen, pretend to dial an emergency services number, quickly dismiss it, and with some sleight of hand, quickly gain access to any app or widget, or the settings menu in the device. The dialer can also be launched, allowing the "hacker" to place a call.

Google rolls out initiative to help hacked sites

Google has launched "Help for Hacked Sites" informational series, which has a dozen articles and videos aimed to help people avoid having their sites hacked and also teach them how to gain back control of compromised sites.

Researchers highlight potential security risk to iOS users

iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security

1) You should only install profiles from trusted websites or applications. 2) Make sure you download profiles via a secure channel (e.g., use profile links that start with https and not http). 3) Beware of non-verified mobileconfigs. While a verified profile isn't necessarily a safe one, a non-verified should certainly raise your suspicion.

Trojan.Yontoo.1 targets Mac OS X systems

Trojan.Yontoo.1 can also be downloaded as a media player, a video quality enhancement program, or a download accelerator, Dr. Web said.

Once launched, the Trojan generates a dialog box that offers to install Free Twit Tube. After users presses "continue," the Trojan downloads the Yontoo adware plug-in for Safari, Chrome, and Firefox. The plug-in transmits information about the pages users visit and embeds third-party code into those pages

Apple: Critical Update for Java for OS X Lion and Mac OS X

Apple has released a critical Java update to mitigate multiple vulnerabilities that "may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive information," according to US-CERT.

The following products are included in the updates: OS X v10.6.8 OS X server v10.6.8 OS X Lion v10.7.3 Lion Server v10.7.3

Microsoft Updates April 2013 - 3 Critical Vulnerabilities

Kali Linux Features

Complete re-build of BackTrack Linux, adhering completely to Debian development standards More than 300 penetration testing tools Open source Git tree FHS compliant Vast wireless device support Custom kernel patched for injection Secure development environment GPG signed packages and repos Multi-language Completely customizable ARMEL and ARMHF support currently available for the following ARM devices: rk3306 mk/ss808 Raspberry Pi ODROID U2/X2 Samsung Chromebook

Kali is specifically tailored to penetration testing and therefore, all documentation on this site assumes prior knowledge of the Linux operating system.

Thank You aniket_nd@gmail.com