Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims. The new toolkit, dubbed “Bouncer,” was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia, said Daniel Cohen, Head of Business Development for Online Threats Managed Services at RSA. The kit allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a “404 page not found” error message, Cohen said. In phishing attacks, attackers pose as a legitimate online entity in an attempt to obtain a user’s username, password or other sensitive information. Phishing attacks often rely on imposter web sites to trick users into giving up their secret information. The discovery of “Bouncer” underscores the […]
Tag: Web
Lights Out For Java: Experts Say Turn It Off – And Leave It Off
Security experts from around the globe are warning Internet users to disable Java while browsing the web, after attacks using a previously unknown (“zero day”) vulnerability in Java began to surface, as part of multi-purpose “exploit kits” that are used to launch attacks from hostile or compromised web sites. The exploit works on all versions of Java 7, including update 10 – the latest release from Oracle, which now manages the Java technology, after acquiring it with the assets of Sun Microsystems, according to an analysis by the firm Alienvault, which said that the exact nature of the vulnerability wasn’t known because the exploit was heavily obfuscated to slow down security researchers. According to this report from Krebsonsecurity, the first word of the new exploit came by way of underground forums, where the administrators of popular exploit kits like Blackhole and the Nuclear exploit kits added the Java exploit as […]
Update: Plumbing Facebook, Researcher Finds Hole In Secure File Transfer Platform
Updated to include response from Accellion. 1/9/2013 A security researcher who was looking for vulnerabilities in Facebook’s platform instead stumbled on a much larger hole that could affect scores of firms who rely on a secure file transfer platform from Accellion. Writing on his blog on Monday, Israeli researcher Nir Goldshlager said he uncovered a security hole affecting Accellion’s Secure File Transfer service that could allow an attacker to take control of a user’s Secure File Transfer account with little more than the e-mail address associated with the account. Accellion Secure File Transfer is a service that allows enterprises to offer secure transfer and storage of large files (up to 100GB). In contrast to consumer-focused services like DropBox, Accellion offers comprehensive file tracking and reporting as well as data security features necessary to satisfy government regulations like HIPAA, GLBA, and SOX. Secure File Transfer is offered to companies as a private cloud, public […]
Council of Foreign Relations Hackers Also Hit US-based Turbine Maker
The web site of the Council of Foreign Relations (CFR) may not have been the only target of sophisticated attackers who used a previously unknown (“zero day”) vulnerability in Microsoft’s Internet Explorer web browser to compromise the computers of those who visited the site, a new report claims. Eric Romang, a Luxembourg-based security expert at the firm Zataz.com said that he has discovered an almost identical compromise to the CFR hack on the web site of Capstone Turbine Corporation, a California-based manufacturer of small, energy-efficient power turbines. His investigation uncovered malicious files similar to those used on the CFR site that were used to launch a so-called “heap spray” attack against visitors using the Internet Explorer web browser, triggering the zero day vulnerability. Romang was among the first to isolate the script used to launch the drive by download attack used on the CFR web site. Writing on Wednesday, he said […]
Microsoft Rushes Fix for IE Hole Used in Attacks on DC’s Elite
Microsoft issued an emergency fix for its Internet Explorer web browser on Monday, just days after security researchers reported finding a previously unknown (zero day) vulnerability in IE that was being used in targeted attacks against members of Washington D.C.’s media, government and policy elite. Microsoft’s Security Response Center (MSRC) released the fix for IE versions 6, 7 and 8 on Monday following reports of sophisticated and targeted attacks using the vulnerability were detected on the web site of the Council of Foreign Relations, a leading think tank whose members include senior government officials. In a Security Advisory (#2794220), Microsoft described the flaw as a “remote code execution vulnerability” in code that governs the way that “Internet Explorer accesses an object in memory that has been deleted or (improperly) allocated.” The vulnerability could allow a malicious attacker to create a malicious web page that would exploit the vulnerability to corrupt memory in […]
