Intel CPU Vulnerability

A flaw has been found on Intel chips and hackers can exploit that vulnerability to gain access to your computer using the operating system. So far hackers exploited the vulnerability on Windows 7 64bit, Free BSD, NetBSD and there is a big chance to be exploited also in OS X. Attackers can use the flaw to execute code on your system with kernel privileges. AMD processors do not have that flaw as they don’t use the buggy SYSRET instruction. Affected operating systems are aware of that and they are preparing a fix, some of them were even pushed an update so there is a big chance that your system is safe (if your OS is up to date).

Change your LinkedIn password

Part of LinkedIn database was leaked and millions of (encrypted) passwords are now in the hands of hackers with potential malicious use. Even though encryption is strong this doesn’t mean your password is safe. They can find your password with a brute force attack and they will do it because they are not cracking one password which might not be worth the time but they can crack millions of passwords simultaneously. It is a matter of time until they crack the passwords and the best protection now is to change your password so even if they find which was the password it will now be different and don’t be able to access your account. If you don’t change the password and your account is hijacked then don’t complain about it because is your fault.

Iran to become a cyber super power

Iran has invested a lot in cyber capabilities, both offensive and defencive. They moved all government websites to local servers to protect them from attacks few months ago. Now they are hiring an army of hackers in order to become a cyber super power. According to rumors, they are building their arsenal and they will target US facilities like power grid and water systems. They will not attack just yet but they are being prepared for a future confrontation with the United States. One of the main reasons of Iran cyber decisions is the Stuxnet trojan and I can’t blame them. The soldiers of the future are hackers and the next war will most probably be electronic targeting valuable facilities.

Anonymous create PasteBin alternative

Anonymous were using PasteBin as a tool to post and share information they acquired or exploits they found. PasteBin was their first choice until it decided to censor its content and comply with law enforcement requests. Anonymous decided to create their own, uncensored alternative called AnonPaste. The site is based on the open source project ZeroBin. AnonPaste server has no knowledge of the pasted data. Stored data is encrypted and decrypted by the browser with 256 bits AES encryption algorithm. Anyone can paste anything anonymously just by opening the site and paste your content. The only thing you set is the expiration limit with minimum 10 minutes and no maximum. The maximum is when the website is closed or decide otherwise but until then your pasted data will be there. If you want to share your information, now there is a secure way to do this.

Nikjju – A new mass SQL injection campaign

After Lilupophilupop, which infected one million web pages, a new mass SQL injection campaign appears. The name of this new mass SQL injection campaign is Nikjju and has infected about 200000 URLs. It has targeted ASP and ASP.NET websites. Nikjju.com, the domain in the script of the injected code, was registered few days ago on April fool’s day. It appears that website owners and administrators still don’t care about security. SQL injections is one of the most popular security hole and it can be easily avoided with few steps.

Flashback Removal Tool

As me mentioned in a previous post Flashback infected more than 600000 Macs. F-Secure released manual steps on how to remove the trojan from your computer. Now they have turned those steps into a tool that can check and remove the trojan for you automatically. On the other hand, Apple announced that they are working on a fix but until now there is no response. Maybe they are still working on it. Maybe they are still working on a Java vulnerability patch too. It seems that trojans and viruses are not Apple’s strong points. Visit the source link and download the Flashback removal tool, you can get rid of the trojan in 4 simple steps.

Flashback infected about 600000 Macs

Several months ago I have written a post, with some history in it, about Mac and Trojan Horses. That post was about Flashback too (Flashback.C), a modification of the original Flashback. I bet that some Mac users didn’t get the memo or they still think that viruses and trojans are only for PC users. Today more than 600.000 Macs are infected with Flashback (original and variations), that’s a 6 followed by many zeros. Flashback.I spreads through infected sites exploiting Java vulnerabilities. When a user visits one of the infected sites a JavaScript loads a Java applet which infects user’s system. After Flashback is installed to a system, it injects malicious code into web browsers and other applications in order to gather user information and passwords.

Malware in your RAM

Anti-virus companies are doing a (very) good job at detecting malware in our computers but hackers are always one step ahead. Some users think that having an anti-malware software on their computers are safe and some others think that they don’t even need them because they are very carefull on what they download. For both categories, the reason they believe that is ignorance which is sometimes a bless but not in this case. Many malwares are injected to your system by a method called drive-by download or drive-by-installation. Malwares can be installed to your computer by just opening a malicious email or visiting a website. Recently security researches at Kaspersky lab discovered a malware that it does not even create any files on your hard drive and thus can not be found by (most of) anti-malware programs. It is injected in your RAM with the drive-by download method by exploiting a Java vulnerability and you are infected while your computer is not shutting down.

Google Earth Vulnerability

Another vulnerability found in one of Google products, this time in Google Earth. The vulnerability was found by Ucha Gobejishvili, also known as Longrifle0x. The vulnerability allows code execution and it applies on all Google Earth versions. You can try it yourself, download Google Earth, install it on your computer and open it. Click on Placemark, put there your code and execute it. You thought that it was going to be harder and need more low-level knowledge but that’s it. Lately security researchers have found several vulnerabilities on Google products and some of them were critical and this proves that Google products are not as safe as they made us believe, including its web browser Chrome.

Duqu’s secret programming language

Kaspersky experts were called to investigate Duqu and they discovered that its framework was written in a programming language they didn’t recognize. The mystery of the unknown programming language is solved. Duqu framework is (most likely) written in an custom object-oriented extension of the programming language C called “OO C”. That code it is compiled with Microsoft Visual Studio Compiler 2008 with some special options (“/O1″ and “/Ob1″) that optimizes the code size and the inline expansion. Despite the fact that it is a malicious software, the developers have done an excellent job and they make the life of security expert difficult.