Newsbytes april2013


Published on

null Bangalore Chapter - April 2013 Meet

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Newsbytes april2013

  1. 1. Information security newsNews BytesApril 2013
  2. 2. Spamhaus DDoS attackSpamhaus supplies lists of IP addresses forservers and computers on the net linked to thedistribution of spam.Between March 19 and March 22 10Gbps –90GbpsMarch 26 – 300Gbps DNS reflection attack –congestion of Tier 1s, primarily in EuropeCyberbunker, a hosting company that operatesout of an abandoned NATO bunker in theNetherlands, is known for hosting almost anywebsite, except those involved with terrorismand child pornography
  3. 3. Chameleon Botnet takes $6-million-a-month in ad moneyResearchers at discovered a‘human-like’ botnet counting over 120,000infected systems, and costing advertisersmore than $6 million a monthAccording to Chameleon is thefirst botnet to directly impact displayadvertisers rather than text-link advertisers.Simulating human activity, the click-fraud botnet was used to steal money from unwaryadvertisers on over 200 websites, hijacking at least 65 percent of their traffic from ads
  4. 4. Samsung lock screen flaw found!!!Similar to one that was revealed by anotherresearcher earlier this year on iPhones. On aSamsung handset, users can, from the lockscreen, pretend to dial an emergency servicesnumber, quickly dismiss it, and with somesleight of hand, quickly gain access to any appor widget, or the settings menu in the device.The dialer can also be launched, allowing the"hacker" to place a call.
  5. 5. Google rolls out initiative to help hacked sitesGoogle has launched "Help for HackedSites" informational series, which has adozen articles and videos aimed to helppeople avoid having their sites hackedand also teach them how to gain backcontrol of compromised sites.
  6. 6. Researchers highlight potential security risk to iOS usersiOS profiles, aka mobileconfig files, are usedby mobile carriers to configure key settingsfor e-mail, Wi-Fi, and other features. Butthese files could be abused by attackers tosneak past Apples normally tight security1) You should only install profiles from trusted websites orapplications.2) Make sure you download profiles via a secure channel(e.g., use profile links that start with https and not http).3) Beware of non-verified mobileconfigs. While a verifiedprofile isnt necessarily a safe one, a non-verified shouldcertainly raise your suspicion.
  7. 7. Trojan.Yontoo.1 targets Mac OS X systemsTrojan.Yontoo.1 can also bedownloaded as a media player, avideo quality enhancementprogram, or a downloadaccelerator, Dr. Web said.Once launched, the Trojan generates a dialog box that offers to install Free Twit Tube. Afterusers presses "continue," the Trojan downloads the Yontoo adware plug-in for Safari, Chrome,and Firefox.The plug-in transmits information about the pages users visit and embeds third-party code intothose pages
  8. 8. Apple: Critical Update for Java for OS X Lion and Mac OS XApple has released a critical Java update tomitigate multiple vulnerabilities that "mayallow an attacker to execute arbitrary code,cause a denial-of-service condition, ordisclose sensitive information," according toUS-CERT.The following products are included in the updates:OS X v10.6.8OS X server v10.6.8OS X Lion v10.7.3Lion Server v10.7.3
  9. 9. Microsoft Updates April 2013 - 3 Critical Vulnerabilities
  10. 10. Kali Linux FeaturesComplete re-build of BackTrack Linux, adhering completely to Debian developmentstandardsMore than 300 penetration testing toolsOpen source Git treeFHS compliantVast wireless device supportCustom kernel patched for injectionSecure development environmentGPG signed packages and reposMulti-languageCompletely customizableARMEL and ARMHF support currently available for the following ARM devices:rk3306 mk/ss808Raspberry PiODROID U2/X2Samsung ChromebookKali is specifically tailored to penetration testing and therefore, all documentation on thissite assumes prior knowledge of the Linux operating system.
  11. 11. Thank