After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.
NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.
I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.
What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.
This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.
Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).
Zendesk hacks and other various warnings
Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.
How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:
We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.
The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.
Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.
Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.
It is important to secure your tablet’s web browser before you go internet surfing. Here are five ways to do it…
- Use a secured wireless network for WiFi or 3G/4G connection. Using unencrypted wireless networks are very insecure and can be a way for hackers and other threats to happen to your device.
- Use a Virtual Private Network (VPN). VPNs are available through your mobile service provider (if you have one, like 3G/4G access). They provide an extra layer of protection (sometimes multiple layers of encryption) to secure your web browsing.
- Keep the OS and apps up-to-date. Check for updates at least twice a week for the OS and apps. System upgrades provide multiple security and functionality updates. It’s good to keep apps up-to-date to avoid security exploits.
- Only download from trusted sources. If it looks bad, it probably is. Stick to trusted apps stores such as Apple App Store, Google Play, Amazon: App Store.
- Have a good secure plan. Use a pin code or passphrase to secure access. It’s important to use adequate mobile protection. Because hackers and virus makers are always crafting new threats. Monitoring the latest security threats is a great idea as well, to know how to stay protected from them also.
The title of this article is a question, because somebody decided to take Apple’s apps and put them on Google Play. Was it Apple? Nope. Apple wouldn’t offer their full-size applications for a mobile device, and definitely not $4.99.
AndroidAuthority reports about this small mess. Here’s a screenshot from AndroidAuthority:
Although the Google Play team did take down the apps a few hours later, much damage was already done apparently. It’s very obvious that Google’s team did not take a good look at the apps. What does that tell you? They may not be holding to their promises of reviewing apps, they let in viruses and trojans all the time…etc.
If you want to be free from viruses, the best way would be to protect yourself with Kaspersky Mobile Security – download now.
iOS 6.0.1 was released recently, fixing a slew of issues in the mobile operating system, here’s the overview:
- Fixes a bug that prevents iPhone 5 from installing software updates wirelessly over the air
- Fixes a bug where horizontal lines may be displayed across the keyboard
- Fixes an issue that could cause camera flash to not go off
- Improves reliability of iPhone 5 and iPod Touch (5th generation) when connected to encrypted WPA2 Wi-Fi networks
- Resolves an issue that prevents iPhone from using the cellular network in some instances
- Consolidated the Use Cellular Data switch for iTunes Match
- Fixes a Passcode Lock bug that sometimes allowed access to Passbook pass details from lock screen
- Fixes a bug affecting Exchange meetings
This update is highly recommended, especially because the Passbook issue being fixed. It also includes an update tool, which automatically prepares the iPhone/tablet OS for future updates.
The latest security studies are in, and here are the analyses from seCURE Connexion…
- Android malware has overgrown, with an extreme growth by the end of July to the month of August, and into September and October. Get protected now with the latest in mobile security, so your smartphone can stay secure from the dangers of the app world.
- Another rise for Android issues, would be apps that act like aggressive adware, by collecting way too much personal information. It is continuously a problem, dealing with apps that collect a load of personal information, and some have worried about identity theft.
- Vendors of software have seen a continual rise in vulnerabilities for the past couple of years. However, Apple seems to have the worst problem, but so does Google. Both companies have seen varying degrees of intensity and quantity of attacks, and it’s to question that Microsoft is seeing a break in the action. The good part is, Microsoft only shown half as many vulnerabilities as Google, and only one-quarter as many as Apple. Though these numbers are only speculative, based on looking over the lists of the past few months.
- Some of the major malware on Windows systems have included Trojan.ZeroAccess, Worm.Conficker, and more.
- Corporate and government entities have seen an extreme rise in the number of cyberattacks. Worries about a cyberwar are continually heating up, and it’s unknown the origin of most of the attacks.
- According to the Symantec Internet Security Threat Report (ISTR), 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day.
Overall, the spectrum of cyberattacks has increased on an extreme level, whether it’d be cyberwar related, or cybercrime. It’s definitely best to consider this declared war, and work constantly to protect our computers and our own livelihood.