A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]
Tag: social networking
That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why.
Did you hear about that really dangerous security hole that allows attackers to manipulate third party Facebook applications to hack into your Facebook account? Skype and Dropbox both said they fixed a web site redirection vulnerability that both companies fixed before the vulnerability was disclosed? Great news, right? Right. Except for the fact that the same vulnerability may exist in hundreds, or even thousands of other Facebook applications and still provides a ready pathway into Facebook accounts, according to Nir Goldshlager, the Israeli security researcher who discovered the vulnerability. Goldshlager described the vulnerability, which he named the “UnFix Bug” on his web site in a post on Wednesday, after discussing details of the hole with the online publication TechCrunch. It is just the latest in a string of security holes he has discovered in OAuth, an open authentication standard used by social networking sites like Facebook and Twitter. The vulnerability allows a […]
The End Of Privacy: Facebook ‘Likes’ Reveal Sensitive Personal Data
We all know that, to online marketers, we’re just the sum of our Facebook Wall posts and “Likes” – the ubiquitous, virtual “thumbs up” that we attach to all manner of online ephemera. But all those ironic comments and votes of approval may be revealing a lot more about us than we’re willing to share, according to a new report from researchers at the University of Cambridge and Microsoft Research in the UK. In a paper published in the Proceedings of the National Academy of Science (PNAS), the researchers demonstrated that it is possible to use knowledge of an individual user’s “Likes” on Facebook to “automatically and accurately predict a range of highly sensitive personal attributes including: your age, and gender, you sexual orientation, ethnicity, religious and political views. The list of guessabl`e information goes on to include other less quantifiable characteristics like your personality traits, intelligence, happiness, your preference (or not) […]
Bit9: 32 Pieces of Malware Whitelisted In Targeted Hack
The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was aimed a firms in a “very narrow market space” and intended to gather information from the firms. The analysis, posted on Monday on Bit9’s blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012. In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said 32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The broad outlines of the story about the hack of Bit9, which sells […]
You’ve Been Hacked By APT! (The Video)
The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor? The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work. This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month. My only criticism here is that, after they do a solid job describing […]
