Microsoft is warning users of Google’s Chrome and The Mozilla Foundation’s Firefox web browsers that a malicious browser extension for those platforms attempts to steal Facebook account login information after it is installed. The attacks have mostly occurred in Brazil, Microsoft, and have been linked to spam campaigns promoting GM cars, like the Chevy Celta, an ultracompact car produced by General Motors do Brasil, according to a post on Microsoft’s Technet web site. Microsoft identified the malware bundled with the browser extensions as Febipos.A, a malicious Trojan. After being installed, the Trojan waits for the user to log in to Facebook before it springs to life. Febipos downloads commands from a remote website that instruct it to carry out a wide range of actions through the active Facebook account, including wall posts, sharing and “liking” pages, commenting on other users’ posts and inviting Facebook friends to a group chat. You […]
Business
Homeland Security Warns Of Expanding Medical Device Attacks
A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked. The bulletin, published May 4 by DHS’ National Cybersecurity and Communications Integration Center, warns that advances in medical devices, including Internet connectivity and the use of smartphones, tablets and other mobile devices in patient care “expands the attack surface” of medical devices. “Smartphones and tablets are mini computers with instant access to the internet or linked directly to a hospital’s network. The device or the network could be infected with malware designed to steal medical information if not upgraded with the latest anti-virus and spy-ware software,” DHS said. Advances in medical device technology have already greatly improved medical care, especially in areas like medical health records and remote monitoring of patients with implantable medical devices. However, too little […]
D.C. Media Sites Found Hacked, Serving Fake AV
Websites operated by media outlets in the Washington D.C. area were the targets of widespread hacks this week, with web sites for two major radio stations among those found serving up malicious links that installed fake antivirus software on victims’ machines. Researchers at two security firms, Invincea and zScaler, identified compromises on the web sites of the two stations – WTOP, the D.C. areas largest FM station, and a sister site, FedNewsRadio, 1500 AM, which caters to government employees. The compromises were part of a string of almost identical attacks that redirected visitors to the web sites that push malicious software to victims’ machines. Only visitors using versions of Microsoft’s Internet Explorer web browser were targeted with the attack, zScaler said. In a related post, researchers at Invincea said the attacks were similar to one they had investigated a breach at dvorak.org, a web site operated by technology blogger John […]
Update: Hack Investigation At Dept. of Labor Turns Up Internet Explorer 8 Zero Day Hole
A hack of the U.S. Department of Labor web site that was revealed late last week is being described as a “watering hole” style attack aimed at compromising the systems of other government workers, in part using an exploit for a previously unknown (or “zero day”) security vulnerability in some versions of Microsoft’s Internet Explorer web browser.(*) Multiple reports last week indicated that a security breach of the Department of Labor web site had occurred. Accounts indicated that visitors to the site using versions of Internet Explorer were being attacked using exploits for a known vulnerability. Over the weekend, however, researchers analyzing the attacks say that it used an exploit for a zero day hole in IE8, and that details of the attack tie it to a China-based hacking group known as “DeepPanda.” In a blog post on Friday, researchers at the security firm Invincea said that they believed that the […]
Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards
Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]
