Apple Releases Patch for Multiple Java Vulnerabilities

Time to update your system, Mac users!

Apple has finally released an update for Java that plugs a number of security holes, including the CVE-2012-0507 flaw that is actively being exploited by the latest variant of the Flashback Trojan in order to infect Macs.

It is strongly recommended that users apply the update,  Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 as soon as possible.

Aside from installing the latest update, now may be a good time to consider whether or not you even need Java to be enabled on your machine. Cybercriminals often use known Java vulnerabilities in order to download and launch malware onto computers, so unless you absolutely need it, then it may be time to eliminate the risk.

You can disable Java by going to Applications → Utilities → Java Preferences and unchecking everything in the General tab.

Otherwise, you may just want to toggle the Java plug-in within your browser as necessary.

Photo Credit: Apple Support

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Try Not to Step into the Free TOMS Shoes Facebook Scam

Contrary to what spammers want you to believe, you cannot score a free pair of TOMS shoes on Facebook.

The scam starts off like any other one has – you’re minding your own business, catching up on the latest from your friends via Facebook’s News feed when suddenly you come across a post advertising the offer for a free pair of TOMS shoes.

Now, the actual message and URL may vary since cybercriminals want to minimize the chances of Facebook blocking their junk offers, but the overall idea remains the same:

Free Toms’, For LIMITED TIME!
grebfreetoms.info

For the next 24 hours ONLY! Grab your NOW!

Since you happen to be a fan of TOMS shoes, you click the link and you’re redirected to a page on grabfreepair.info, which asks you to share the offer and like it in order to attract new victims (by exposing YOUR Facebook friends to it like your friend had done to you) and help the scam spread. 

After sharing the scam with your friends, you will be redirected to another website, tomsshoes.oursuperoffersnow.com, which will ask you to select a color, size and enter your email address.

Now, this is where you should really pay attention. There is a huge block of text at the bottom of the page that lists the requirements you must fulfill in order to score this “free” pair of TOMS shoes:

Eligible members can receive the incentive gift package by completing two reward offers from each of the Silver and Gold reward offer page options and NINE reward offers from the Platinum reward offer page options and refer 3 friends to do the same. Various types of reward offers are available. Completion of reward offers most often requires a purchase or filling a credit application and being accepted for a financial product such as a credit card or consumer loan.

So much for being “FREE”, huh? At this rate, you’re better off just locating a store near you that sells TOMS shoes.

If you see a friend advertising this Facebook scam, feel free to mark the post as spam by clicking the ‘x’ at the top of the page. You may also want to let your friend know that it is a scam so they can pass the word on.

Did you fall for this scam? Take a moment to remove any posts advertising this scam from your profile. Oh and keep an eye out for other scams that are likely to hit an inbox near you.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

US Airways Spam Fueling ZeuS Trojan Infections

If you didn’t learn not to click on links embedded in Delta Air Lines spam, then perhaps the new US Airways spam campaign will teach you.

Kaspersky Lab Expert Dmitry Tarakanov warns that cybercrooks are spamming out bogus US Airways check-in emails in hopes of infecting the machines of gullible recipients with the popular ZeuS banking Trojan.

Here’s a sample email:

Image Credit: Kaspersky Lab

US Airways

You can check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying internationally). Then, all you need to do is print your boarding pass and head up to the gate.

Confirmation code: XXXXXX (random number)
Check-in online: Online reservation details

Flight:
2009

Departure city and time
Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012

We are committed to protecting your privacy. Your information is kept private and confidential. For more information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281, Copyright US Airways, All rights reserved

From what I can tell, the confirmation code in the email appears to be random; however, the departure city and time seems to be standard.

Clicking the ‘Online reservation details’ link will take you to a malicious third-party site housing the widely-used Blackhole exploit kit, which will attempt to exploit Java, Adobe Flash Player or Adobe Reader in order to deliver the ‘Gameover’ build of the ZeuS/Zbot Trojan.

All of this will happen quietly in the background as the user curiously stares at the lonely ‘Loading..’ text occupying the page.

Of course, once the malware makes its way onto your machine, it will begin stealing sensitive online banking information, which will then be uploaded to a remote server controlled by the attackers.

US Airways is aware of the bogus spam circulating and has posted a warning on their website and Facebook page. US Airways advises users to hover their mouse over the link to check the underlying URL, which will have ‘usairways.com’ as the domain name if it is legitimate.

If you receive the email and notice that the URL for the link doesn't match, feel free to delete it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Flashback Variant Using Unpatched Java Flaw to Infect Macs

Update: Apple Releases Patch for Multiple Java Vulnerabilities (including the one exploited by Flashback)

Alright, Mac users, you have a few options here: install antivirus software, disable Java and/or pray that you don’t come across a website pushing the latest variant of the Flashback Trojan.

Why?

The latest Flashback Trojan build, which security experts at F-Secure have named Flashback.K, is currently making rounds and exploiting a Java vulnerability (CVE-2012-0507) that has not yet been patched in OS X.

To make matters worse, Brian Krebs of KrebsonSecurity.com warned at the end of March that the exploit for CVE-2012-0507 was added to the Blackhole exploit kit, which is said to be by far the most widely used exploit pack to carry out drive-by-download attacks.

Ironically, Oracle released a patch back in February for Windows users; however, it is Apple’s responsibility to release an update to protect Mac users.

So far, there hasn’t been any word on when Apple plans on releasing an update. Therefore, it’s up to users to take the necessary measures to keep their Macs Flashback-free.

Protecting Your Mac Against Flashback Malware

For those of you who wish to keep Java installed & enabled on your Mac, it’s advised that you install antivirus software. I suggest checking out the Mac antivirus offerings of ESET, Sophos (free) & Intego.

Or you can toggle the Java Safari plug-in as needed by going to Safari Preferences -> Security tab and unchecking the ‘Enable Java’ box. Make sure you disable the plug-in in any other browsers you use as well.

If you don’t need Java, you can disable it by going to Applications -> Utilities -> Java Preferences and unchecking everything in the General tab. (Hint: OS X Lion users don’t have to do this unless they’ve manually (or inadvertently) installed Java as it doesn’t come pre-installed.)

Update: Apple Releases Patch for Multiple Java Vulnerabilities (including the one exploited by Flashback)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Researchers Warn Credit Card Info Can Be Pulled from Old Xbox 360 Hard Drives

Getting tired of your Xbox 360?

Don’t sell it just yet as Microsoft is currently investigating whether or not Xbox 360 hard drives retain the credit card information of past users – even if the console has been restored to factory settings.

The alleged security flaw was initially discovered by security researchers from two universities who purchased a refurbished Xbox 360 and used common modding software to drill into the file system, eventually mining their way straight to the previous owner’s financial information.

One of the researchers, Ashley Podhradsky shed a little light on the security of the console’s security structure, telling Kotaku, “Microsoft does a good job protecting its own proprietary information on the console, but doesn't take any steps to protect user data.”

Based on their findings, the researchers recommend that anyone interested in getting rid of their Xbox 360 console detach the hard-drive and hook it up to their regular PC to utilize the features of a program similar to Darik’s Boot & Nuke to remove all of the sensitive data.

Jim Alkove, Microsoft’s General Manager of Security of Interactive Entertainment Business reached out to Kotaku and gave the following statement:

We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims.

Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.

Stay tuned…

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Global Payments Reveals More Details About Security Breach, Loses Visa's Seal-of-Approval

Global Payments Inc. issued a press release over the weekend revealing more details about the massive security breach that they recently suffered.

According to Global Payments, in early March 2012, around 1.5 million credit card numbers were stolen from servers in their North American processing system.

Global Payments stated that only Track 2 card data was stolen and that cardholder names, addresses and social security numbers were not accessed during the breach. CEO Paul Garcia also shot down news report claims that fraudulent activity had been reported on the stolen card information in a conference call held with investors Monday morning.

What’s strange about this incident is the amount of conflicting details that have been featured in the news ever since KrebsonSecurity.com first broke the story on Friday.

In the alert notices issued by Visa and MasterCard, the amount of affected credit card numbers was around 50,000 and the breach window was from January 21st to February 25th, 2012. Furthermore, the alerts warned that the attackers could use the stolen information to create counterfeit cards since full Track 1 and Track 2 data had been taken.

It was also mentioned in the original KrebsonSecurity.com post that "unnamed sources" had stated over 10 million card details were lifted.

Obviously, none of those details match those of the Global Payments hack, which has opened up the discussion over whether or not the Global Payments breach was simply one of many.

Regardless of whether or not Global Payments was the only processor hit, Visa has removed Global Payments from their extensive list of compliant service providers [PDF] due to the “unauthorized access to a portion of its processing system.”

Still, this does not prevent Global Payments from processing payments – and they even claim they’re still signing up merchants!

For those who are curious enough to follow Global Payment's press releases on the whole ordeal, they've actually setup a website for you to do just that - 2012infosecurityupdate.com.

Feel free to leave your take on the breach in our comment section below.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This Bank of America Phishing Email Hopes to Steal Your BofA Login Information

Was a “slight error” detected in your Bank of America account information during routine account maintenance and verification process?

Of course not, but spammers are hoping you believe otherwise when their latest phishing email hits your inbox.

The email, titled “Online Banking Alert” looks like a legitimate email from BofA that’s been peppered with a few typos, misspellings and multiple links to a Russian domain (abc.kursksu.ru) with a spoofed Bank of America login page.

Here’s the (unedited) email:

From: Bank of America (update2[at]bredderbud.de)
Subject: Online Banking Alert!

Message from Customer Service

Dear Valued Customer

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your account information.

This might be due to either of the following reasons:

1. A recent change in your personal information ( i.e.change of address).

2. Submiting invalid information during the initial sign up process.

3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

As a result, we require you to click the link below and confirm your account information.

Click here to continue

However, If your account information is not confirmed and verified within a certain period of time then your ability to access your account would become restricted.

Thank you

Want to get more alerts? Sign in to your online banking account at Bank of America and within the Accounts Overview page select the "Alerts" tab.

Because email is not a secure form of communication, this email box is not equipped to handle replies.

If you have any questions about your account or need assistance, please call the phone number on your statement or go to Contact Us at www.bankofamerica.com.

Official Sponsor 2004-2008 U.S. Olympic Teams Bank of America, Member FDIC.

© 2012 Bank of America Corporation. All Rights Reserved.

How to Deal with Bank of America Phishing Emails

If you receive a copy of this email (or one similar to it), it is recommended that you:

• Do NOT click any of the embedded links or reply to it.


• Report the email to Bank of America by forwarding the email to abuse@bankofamerica.com.


• Delete the email immediately.

Protect Yourself from Phishing Email Schemes

To avoid falling for similar phishing emails that are bound to hit your inbox eventually, it’s always recommended that you:

• Type the address of the website you wish to visit directly into your browser’s address bar versus clicking on any email links.


• Always check the URL in the address bar BEFORE entering any sensitive information.


• Do not download any files attached to unsolicited emails.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.