Facebook has announced the expansion of their alliance with antivirus companies in hopes to better secure its users and promote good privacy… here is a quick scope of the details:
Today, we are excited to announce the expansion of our AV Marketplace to include 7 new partners to our growing coalition of security companies. Starting now, Facebook users will be able to download software from – avast!, AVG, Avira, Kaspersky, Panda, Total Defense, and Webroot. Not only do we have new partners but also many of our existing partners – Microsoft, McAfee, Norton, TrendMicro, and Sophos – will begin offering anti-virus software for your mobile devices. You can visit the AV Marketplace now to download your free anti-virus software for PC, Mac and Mobile.
Our new anti-virus partners bring with them both the latest software and comprehensive intelligence. As with our existing partners, these seven companies will help protect Facebook’s community of over a billion users by improving our URL blacklist system. This system scans trillions of clicks per per day, and before each click, the system consults the databases of all our AV Marketplace partners to make sure the website you are about to visit is safe. This means that whenever you click a link on our site you are protected both by Facebook and 12 of the industry leaders in computer security. We will be cooperating with these partners more in the future, and look forward to announcing new tools soon.
Read more now at the Facebook blog
New hacking group dubbed r00tbeersec, with main leader r00tbeer has posted details about an attack on AMD blogging, the Intel chips rival. Some 30 KB of data was apparently stolen, that contained a total of 189 usernames/passwords from their WordPress blog site.
The main AMD blogs site shows the following image (after redirect):
Last week, US-CERT found flaw in VMware: SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware
To patch the vulnerabilities, VMware released the updates for several versions:
- VMware Workstation 8.0.4 and later
- Player 4.0.4 and later
- Fusion 4.x (but not the Mac version)
- All versions of ESXi and ESX
The main flaws were:
- Input data not validated correctly with Checkpoint files. Which means a specifically crafted Checkpoint file can exploit the virtualization environment.
- Traffic from remote virtual devices not being intercepted correctly. An attacker can manipulate the traffic, and crash the VM.
It is recommended to immediately patch your environment: updates
- Ring3 Attackers: 64-bit Privilege Escalation Vulnerability on Intel CPU Hardware (secureconnexion.wordpress.com)
Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
Find out more about this story at US-CERT: www.kb.cert.org/vuls/id/649219
You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against these types of threats.