32. July 4, V3.co.uk – (International) Android malware pandemic set to intensify through 2012. The number of cyber attacks targeting Android mobile devices is far higher than initially predicted, according to security firm Trend Micro. The company reported detecting 25,000 Android malware samples in the second quarter of 2012, more than double the 11,000 it predicted for the period, and 4 times greater than the 6,000 found in the first quarter. Trend Micro predicted the boom seen so far will accelerate further as the year progresses. It estimates there will be around 38,000 malicious samples in the third quarter of 2012, and 129,000 in the fourth quarter. Trend also reported 17 malicious apps were downloaded more than 700,000 times from the Google Play store. Two of these included fake versions of popular sports game apps, suggesting the firm’s Bouncer tool is proving inadequate at detecting numerous rogue applications. Source: http://www.v3.co.uk/v3-uk/news/2189268/android-malware-pandemic-set-intensify-2012
30. July 5, IDG News Service – (International) Google says spam not coming from Android botnets. July 5, Google dismissed the possibility that a new wave of pharmacy, penny stock, and e-card spam e-mails were being sent by Android spam botnets. “Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using,” a Google spokesman said in response to security researchers from Microsoft and antivirus firm Sophos who first identified what they believed to be the work of an Android botnet. The researchers do not have a copy of the Android malware responsible for this spam campaign, but there is indirect evidence that suggests the e-mails are being sent from Android devices. Not all security researchers are convinced by the evidence found so far. Source: http://www.computerworld.com/s/article/9228826/Google_says_spam_not_coming_from_Android_botnets
July 4, H Security – (International) John the Ripper now able to crack office files and use GPUs. The recently released version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird, and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix “jumbo” appears to be intended literally — more than 40,000 lines of code were added in the 6 months since the previous release. Developer Solar Designer told The H’s associates at heise Security that, in developing GPU support, the focus was on modern functions that can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu’s standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, “because others were unhappy about releasing a tool with ‘non-impressive’ speed numbers, even if this is desirable in practice.” Source: http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.html
- 12 -
29. July 5, Krebs on Security – (International) New Java exploit to debut in BlackHole exploit kits. Malicious computer code that leverages a newly-patched security flaw in Oracle’s Java software was set to be deployed late the week of July 2 to cyber criminal operations powered by the BlackHole exploit pack. The attack may be related to an exploit published for CVE-2012-1723 in mid-June. However, according to the current vendor of the BlackHole exploit pack, the exact exploit for this vulnerability has only been shared and used privately to date. The BlackHole author said the new Java attack was to be included in a software update made available July 8 to all paying and licensed users of BlackHole. Source: http://krebsonsecurity.com/2012/07/new-java-exploit-to-debut-in-blackhole-exploit-kits/
27. July 6, H Security – (International) Microsoft’s July Patch Tuesday will close 16 holes. Microsoft announced that July 10, the July Patch day, it will issue 9 security updates closing 16 holes in Windows (XP SP3 and later), Office, Internet Explorer, Visual Basic for Applications, and SharePoint Server. Three updates address critical holes in Windows, one of which also affects Internet Explorer. Mac users should also be aware that one of the updates affects Office 2011 for Mac. Source: http://www.h-online.com/security/news/item/Microsoft-s-July-Patch-Tuesday-will-close-16-holes-1633952.html
28. July 5, H Security – (International) Double security for Flash under Linux. Chrome version 20 represents a major step forward for the security of the Google browser, especially for Linux users. It introduces a new sandbox concept that regulates and filters the system calls a process is able to make. In terms of security, the Linux version has, until now, been neglected by Chrome, having failed to benefit from many of the browser’s security features. Features such as restricting hazardous plugins like Flash to a secure sandbox were largely reserved for the Windows versions. In February, Google introduced Pepper Flash for 64-bit Linux, which isolates the plug-in process within a chroot environment, and blocks communication with other processes. The recently released Chrome 20 now adds a seccomp sandbox. According to a Google developer, Chrome 20’s native 64-bit Flash plugin is, at least in the current Ubuntu 12.04, isolated within a seccomp sandbox. It thus complements the Pepper Flash sandbox. Because the Windows sandbox essentially relies on the integrity levels introduced in Vista and therefore permits processes to read whatever they like, the doubled-up Linux sandbox is probably currently the safest method for executing Flash content in a browser.