Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Pez
« on: 12. March 2014., 15:29:50 »

Threats Timeline Tracks Recent Security Breaches

As a supplement to the latest McAfee Labs Threats Report, published this week, we offer this timeline of leading threats that made news in the fourth quarter of 2013.




  • October 3: Adobe reports personal information relating to customer orders has been accessed in an attack on the company’s systems.[1] The total amounts to 152 million records, including names, customer IDs, encrypted passwords, encrypted debit or credit card numbers with expiration dates, and source code, according to DataLossDB.[2]

  • October 7: McAfee Labs announces criminal activities around the Quarian backdoor, which targets government agencies and embassies around the world, including the United States.[3]

  • October 18: McAfee Labs researchers discover a targeted attack using a technique that ensures the malware can run only on the targeted computer by using its IP address as a decryption key.[4]

  • October 31: McAfee Labs discovers a suspicious sample targeting a Microsoft Office vulnerability.[5] McAfee Labs confirms this is a zero-day attack and immediately shares its findings with the Microsoft Security Response Center, which on November 5 sends its warning about a previously unknown security vulnerability of a Microsoft graphics component. The attack, which exploits CVE-2013-3906, downloads an executable, a RAR SFX containing another executable and a fake Word document. (For details, see page 6 of the McAfee Labs Threats Report.)

  • November 5: Android/HackDrive: McAfee sends an alert on mobile malware used in a sabotage campaign in the Middle East.[6]

  • November 13: Intego blogs about a new variant of the Remote Control System, spyware from the Hacking Team. Targeting Macs, this program is described as an expensive rootkit used by governments during targeted attacks. Nicknamed OSX/Crisis, it can collect audio, pictures, screenshots, and keystrokes, and report everything to a remote server.

  • November 21 and 27: McAfee Labs reports that Japanese and Korean Android apps on Google Play steal mobile devices phone numbers.[7]

  • December 6: McAfee Labs explains how Android/Balloonpopper, a game recently revoked from Google Play, can secretly upload stolen conversations and pictures that can be retrieved by anyone who knows the phone number of the victim.[8]

  • December 16: McAfee reports a substantial amount of suspicious apps can secretly collect Google account IDs on Google Play.[9] Some of these applications, detected as Android/GaLeaker, are downloaded between 10,000 and 50,000 times.

  • December 16: The Hürriyet Daily News reports that Russian hackers stole ID data of 54 million Turkish citizens.[10]

  • December 17: McAfee Labs discovers variants of Reveton (Ransom-FFK!, Ransom-FFM!, Ransom-FFN!, Ransom-FFO!, and Ransom-FFQ!) that come with various flavors of encryption to evade antimalware detections.[11]

  • December 17: CVE-2013-5329 on Adobe Flash Version 11.9.900.117 is found integrated in the Angler exploit kit.[12]

  • December 19: Target confirms approximately 40 million credit and debit card accounts may have been impacted after unauthorized access to its payment system.[13] Later, Target raised the figure to 70 million.[14]


[1] http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

[2] http://datalossdb.org/

[3] http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spearphishing-attacks

[4] http://blogs.mcafee.com/mcafee-labs/targeted-attack-focuses-on-single-system

[5] http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2

[6] http://blogs.mcafee.com/consumer/mobile-malware-used-in-sabotage-campaign-by-hackers-in-the-middle-east

[7] http://blogs.mcafee.com/mcafee-labs/more-japanese-chat-apps-on-google-play-steal-phone-numbers

[8] http://blogs.mcafee.com/mcafee-labs/androidballoonpopper-sums-up-mobile-threat-landscape-in-2013

[9] http://blogs.mcafee.com/mcafee-labs/suspicious-apps-on-google-play-leak-google-account-ids

[10] http://www.hurriyetdailynews.com/russian-hackers-stole-54-million-turkish-citizens-id-data-claim.aspx

[11] http://blogs.mcafee.com/mcafee-labs/reveton-ransomware-hides-behind-encryption

[12] http://malware.dontneedcoffee.com/2013/12/cve-2013-5329-or-cve-2013-5330-or.html

[13] http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores

[14] http://money.cnn.com/2014/01/10/news/companies/target-hacking/


Original article: By Francois Paget on Mar 11, 2014
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising