Backoff PoS Malware Boomed In Q3

The security firm Damballa detected a 57% increase in infections of the notorious Backoff malware from August to September.

Try as they might, retailers don’t seem to be able to get the Backoff malware to actually back off.

According to a new report from the security firm Damballa, detections of the notorious point-of-sale (PoS) malware jumped 57% from August to September.… Read the rest


Poll: Patching Is Primary Response to Shellshock

Poll: Patching Is Primary Response to Shellshock

As potential threats mount, Dark Reading community members hone in on patching infrastructure but not devices, according to our latest poll.

In the month since the disclosure of “Shellshock,” the critical remote command execution Bash bug affecting practically everything from servers to sensors to storage, members of the Dark Reading are putting their principal efforts into patching, according to our latest online poll.… Read the rest

Bugtraq: [ MDVSA-2014:206 ] ctags

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:206
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ctags
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated ctags package fixes security vulnerability:

A denial of service issue was discovered in ctags 5.8.… Read the rest

Bugtraq: [ MDVSA-2014:207 ] ejabberd

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:207
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ejabberd
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated ejabberd packages fix security vulnerability:

A flaw was discovered in ejabberd that allows clients to connect
with an unencrypted connection even if starttls_required is set
(CVE-2014-8760).… Read the rest

Bugtraq: [ MDVSA-2014:208 ] phpmyadmin

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:208
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated phpmyadmin package fixes security vulnerability:

In phpMyAdmin before 4.2.10.1, with a crafted database or table name
it is possible to trigger an XSS in SQL debug output when enabled and
in server monitor page when viewing and analysing executed queries
(CVE-2014-8326).… Read the rest

Bugtraq: [ MDVSA-2014:209 ] java-1.7.0-openjdk

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:209
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : java-1.7.0-openjdk
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in
java-1.7.0-openjdk:

Multiple flaws were discovered in the Libraries, 2D, and Hotspot
components in OpenJDK.… Read the rest

Shellshock via SMTP, (Fri, Oct 24th)

Ive received several reports of what appears to be shellshock exploit attempts via SMTP. The sources so far have all be webhosting providers, so Im assuming these are compromised systems.” /

The payload is an IRC perl bot with simple DDoS commands and the ability to fetch and execute further code.… Read the rest

NSA-Approved Samsung Knox Stores PIN in Cleartext

A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency.

The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy Note 3 and note 10.1 2014 Edition cleared a number of security stipulations and could be used to protect classified data.… Read the rest

Researcher Finds Tor Exit Node Adding Malware to Binaries

A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services.… Read the rest

Symantec pcAnywhere end-of-life highlights Big Yellow’s many stumbles

Symantec pcAnywhere end-of-life highlights Big Yellow’s many stumbles

RomanenkoAlexey – Fotolia

The curtain will close for good on Symantec Corp.’s pcAnywhere remote access product in just a few days, bringing an end to the long and trouble-ridden road of what was once the industry’s best-selling remote control product.

As of Nov.

Read the rest