Information Security News
Twitter on Wednesday was briefly overrun by a powerful computer worm that caused tens of thousands of users to tweet a message that contained self-propagating code exploiting a bug in the TweetDeck app.
Within a few hours, the cross-site scripting (XSS) attack caused at least
It's by no means the first time a worm has slithered through Twitter. Worms based on clickjacking exploits and XSS attacks were documented as long ago as 2009 and were also used maliciously in 2011 to spread scam messages.
News aggregator Feedly was made inaccessible by attackers who are demanding a ransom to stop their crippling assault. Two other cloud-based servers, Evernote and Deezer, have also buckled under distributed denial of service (DDoS) attacks in recent days.
Most or all of Feedly's 12 million or so users were unable to access its website early Wednesday morning. A few hours later, parts of the site gradually came back online. In an advisory, officials wrote:
2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.
We are working in parallel with other victims of the same group and with law enforcement.
We want to apologize for the inconvenience. Please know that your data is safe and you will be able to re-access your feedly as soon as the attack is neutralized.
On Tuesday, Evernote also experienced connectivity problems that it attributed to DDoS attacks. The service seemed to be working normally as of press time. Cloud-based music service Deezer suffered a DDoS attack over the weekend, according to The Inquirer, which cited e-mails company officials sent to subscribers.
Automatically updating Android apps could get riskier thanks to a change Google developers have made to the way the OS discloses new app permissions, such as the ability to send potentially costly text messages or track a user's precise geographic location.
Previously, automatically updated apps displayed explicit details when a new version gained additional privileges. For example, an app that previously tracked only coarse GPS coordinates would warn users if an update would begin receiving fine coordinates. Similarly, a newly assigned ability to send SMS messages would also be disclosed. Under changes implemented through the latest Play store app, neither new privilege is displayed if a user has previously accepted any other permission in the same category as the new permission. In other words, by accepting one permission from a category, users agree that every other permission in that category can be added without notification in future updates.
The change is an attempt by Google to streamline and simplify the process of installing updates. Rather than providing lengthy details many users likely don't understand, the new permission disclosure is much less verbose. Permissions are indicated only by a very general category such as Location, SMS, or Contacts/Calendar. Users who want to track precisely how a permission may have changed must click the category to see if specific new capabilities have been added. As a result, an app update that replaces coarse location with fine location simply shows the location category. End users must manually drill down to learn of the change.
Posted by InfoSec News on Jun 11http://www.networkworld.com/article/2360983/security0/annual-cost-of-cybercrime-hits-near-400-billion.html
Posted by InfoSec News on Jun 11http://www.computerweekly.com/news/2240222263/UK-finance-industry-launches-cyber-security-framework
Posted by InfoSec News on Jun 11http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/