Released new version of exploit detection engine 2.5.12.1737 Mon Jun 11 14:27:17 2012

Enhancements: * Added code to detect HTTP level redirections.

WIS BETA Thu May 10 10:14:28 2012

Web Investigation System is BETA now. Major bugs were fixed and the core functionality enhanced to provide even better detection.
We're thrilled to get your feedback so start using it and share with us your experience.

Go to WIS!

Released new version of exploit detection engine 2.5.11.1732 Tue May 8 14:05:13 2012

Changes:
* Fixed multi-lined output to investigation log
* Added domain name validation for first level domains
* Fixed crash due to invalid URL handling

We are pleased to announce the first release of the command-line based URL Scanner! Wed Feb 8 08:46:18 2012

Quttera releases new product - Quttera URL scanner. It is command-line based url scanner which is developed for the end users to run scan locally from their PC stations. URL scanner allows investigating the content of the URL and it returns the scan details per each downloaded file. Current release detects wide range of the web-based threats and it is very intuitive and simple to use. Download your FREE url scanner here

Free ALPHA web investigation service(WIS) is launched. Thu Mar 31 14:05:13 2011

For those users who would like to ensure that the URLs they are visiting are malware-free we created this service.It is absolutely free.The infrastructure is in its ALPHA stage.We're working to improve its capability.

Hackers crack CAPTCHA website security measures Mon Jun 25 12:16:34 2012

Hackers are able to bypass CAPTCHA security measures using computer-assisted tools and crowdsourcing to gain access to personal and financial information, Imperva warned in its latest Hacker Intelligence Report. Attackers are using optical character recognition and machine learning, as well as crowdsourcing through third parties, to solve a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). CAPTCHA is a challenge-response test used to ensure that the response is generated by a person, not a computer. Users are asked to read and type a string of distorted characters in order to ensure that the user is a human, not a computer trying to access a website or account.

Adobe fixes Flash Player for Firefox to stop crashes Mon Jun 25 12:16:34 2012

Adobe has updated Flash Player to solve a weeks-long problem for users of Mozilla's Firefox browser. The update, Flash Player 11.3.300.262, was released Thursday and applies only to Firefox on Windows. Since Adobe shipped an update to Flash Player to 11.3 two weeks ago, users of Firefox, including older editions as well as the current Firefox 13, had reported crashes when trying to access Flash content. Initial suspicions at Mozilla pointed to Flash Player 11.3's new sandboxed plug-in for Firefox, but yesterday Adobe claimed that there were "different causes" for the crashes, which seemed to be concentrated on Windows Vista and Windows 7 machines.

Google detects 9500 malicious sites per day Wed Jun 20 17:27:22 2012

Five years after it was first introduced, Google's Safe Browsing program continues to provide an invaluable service to the 600 million Chrome, Firefox, and Safari users, as well as those searching for content through the company's eponymous search engine. According to Google Security Team member Niels Provos, the program detects about 9,500 new malicious websites and pops up several million warnings every day to Internet users.

Compromised WordPress Blogs: A Phisher's Paradise Tue Jun 19 18:17:40 2012

One of the ongoing trends in the phishing attacks the VRT monitors is the use of poorly secured WordPress blogs as staging points for exploit kits. Every time I hover over a link in the latest "UPS Tracking" or "Airline Ticket Confirmation" email, I'm looking for "/wp-content/", "/wp-includes/", or some other indicator of a poor, unsuspecting person who thinks they're telling the world everything they know about growing tulips, when in fact they're unwittingly serving as an accomplice to cybercrime. More and more often, those indicators crop up, with blatantly compromised web sites serving as the first point of entry into someone's Blackhole, Phoenix, or other exploit kit. How often, you ask, are compromised WordPress installs being abused in this manner? I've been collecting phishes and other malicious emails for the last month or so, and in that time, over 5 percent of these messages have contained links with a WordPress-related URL in them. Given the fractured nature of attacks on the Internet - your average cybercriminal is generally looking to avoid detection, and as such is always looking for the latest obfuscation technique - any time you get a common thread appearing in attacks at that sort of a rate, it's actually significant from a detection perspective.

WordPress plugin Foxypress uploadify.php Arbitrary Code Execution Thu Jun 14 11:02:55 2012

Arbitrary code execution detected in wordpress plugin Foxypress in file uploadify.php.  Metasploit exploit code could here (http://www.exploit-db.com/exploits/19100

Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability Mon Jun 11 15:43:25 2012

Arbitrary file upload detected in Wordpress Top Quark Architecture Version 2.10. Software Link: http://downloads.wordpress.org/plugin/topquark.zip. Vulnerable page : http://mysite.com/wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/script.php

Wordpress User Meta Version 1.1.1 Arbitrary File Upload Vulnerability Mon Jun 11 15:43:25 2012

Detected arbitrary file upload in wordpress User Meta Version 1.1.1. Software Link: http://downloads.wordpress.org/plugin/user-meta.1.1.1.zip. Vulnerable page : http://mysite.com/wp-content/plugins/user-meta/framework/helper/uploader.php.

South Korean newspaper hit by major cyber attack Mon Jun 11 08:56:37 2012

SEOUL (AFP) - A conservative South Korean newspaper said on Monday it had been the victim of a major cyber attack, less than a week after North Korea threatened the paper and other Seoul media over their reports. Police are investigating Pyongyang's possible involvement in the hacking of the Internet news site and database server at the JoongAng Ilbo and sister paper the Korea JoongAng Daily, the Daily reported.

ClanSuite 2.9 Arbitrary File Upload Vulnerability Tue May 29 15:43:25 2012

Arbitrary file upload detected in ClanSuite 2.9. Software Link : https://github.com/jakoch/Clansuite. Vulnerable page : uploads/uploadify.php

Hackers increasingly targeting Facebook, mobile devices Mon May 21 15:38:46 2012

Between the explosion of Facebook and other social networks and our ever expanding use of mobile devices, hackers continue finding new ways to get our information. In just the past week, several new warnings have been issued about growing security threats. Among them is a new computer virus spreading via the chat window on Facebook. The instant messenger pops up with what appears to be a message from a 'friend' with a link to an innocuous looking website. But clicking on the link instantly infects your computer or device. "It's not that unique anymore. One of the most common ways people get infected is by clicking on a link in Facebook," said David Blake, systems engineer with Seattle-based SWAT systems.

Anonymous Hackers Hit Chicago Web Sites Mon May 21 15:38:46 2012

The Web sites for the City of Chicago and the Chicago Police Department were taken down yesterday by members of Anonymous. "Members of AntiS3curityOPS, which claims to be affiliated with Anonymous, posted a video on YouTube taking credit for a hacking that allegedly brought down the [Chicago Police Department] page and accusing Chicago police of brutality during clashes Saturday night with protesters, who were demonstrating against the NATO summit discussing the ongoing war in Afghanistan," writes CNET News' Steven Musil. "The Chicago Police Department website, cityofchicago.org/police, was down temporarily Sunday, but was functioning again in the afternoon," CBS News reports. "The main portal to cityofchicago.org was not accessible for part of Sunday morning, but appeared to be functioning again by about 12:40 p.m."

British hackers get jail terms Fri May 18 20:03:16 2012

Two separate and very different cases in the UK saw hackers receive jail terms of twelve and eighteen months. In one case a 21-year old British man, Gareth Crosskey of West Sussex, plead guilty to hacking into a US citizen's Facebook account and gaining access to that person's email account in January 2011. The Metropolitan Police Service's Police Central e-Crime Unit (PCeU) was informed of the breach via the FBI and arrested Crosskey in July 2011 under the Computer Misuse Act. The PCeU says that "By taking swift action" it was "able to quickly detain Crosskey thereby preventing further disruption to the victim", and says it hopes the prosecution acts as a deterrent.

Hackers target Indian sites again to protest blocking of Vimeo, others Fri May 18 20:03:16 2012

New Delhi:  The websites of the Congress party, the Department of Telecommunications and Reliance Big Entertainment were brought down on Friday by hacker group OpIndia, which claims to be partnering with international hacking group Anonymous. At 6 pm, the sites were back up. The group says it plans to attack the website of the Bharatiya Janata Party (BJP) soon. The hackers claim this is their way of fighting "Internet censorship". In a video uploaded on YouTube on May 6, Anonymous referred to the fact that Internet Service Providers (ISPs) have been blocking torrent and file-sharing sites.

Chrome 19 Patches Over 20 Security Flaws Wed May 16 20:03:16 2012

Google's recently-released Chrome 19 patches more than 20 flaws, including eight high-severity vulnerabilities. "This is a major update to Chrome, relative to the recent ones that Google has pushed out," notes Threatpost's Dennis Fisher. "The company updates Chrome on a frequent basis, essentially whenever there are even two or three vulnerabilities to be fixed. But in this release, Google fixed 21 vulnerabilities, with ... a large number of high-risk flaws among them." "[The] vast majority of all these errors are memory related flaws," writes InternetNews' Sean Michael Kerner. "These are the same type that Google fixes every patch cycle. No they are not diminishing in number either, which leads me to speculate that there is a never ending fountain at the Googleplex that spews out memory flaws for researchers to pluck for cash rewards. Either that, or Chrome's underlying memory management is just insecure by architecture."

Computer Virus Could Interrupt Internet Service Wed May 16 06:23:13 2012

The FBI says a new computer virus could interrupt Internet service for hundreds of thousands of computer users this summer.  Agents say they've caught the hackers responsible for the DNS Changer virus, but a temporary solution keeping infected machines online will go away in July. The FBI is urging computer users to check their machines for the Trojan malware, which can affect both Windows and Mac systems. Linux, iPhone, iPad and Android devices, however, cannot be affected by the virus, which redirects users to servers controlled by cyber criminals. To see if your computer is at risk, visit the DNS Changer Working Group at WWW DOT DCWG DOT ORG

State sets up fake websites to warn people about -- fake websites Wed May 16 06:23:13 2012

The state of Massachusetts is trying a novel tactic to protect consumers from online scam websites -- setting up its own phony websites, which will link unsuspecting consumers to informational websites that will tell them how they narrowly escaped being cheated. “You need to find a way to reach people where the scam artists are reaching them,” said Barbara Anthony, undersecretary of the Office of Consumer Affairs and Business Regulation.

Technical paper - Fake anti-virus: The journey from Trojan to a persistent threat Wed May 16 06:23:12 2012

Fake anti-virus (also known as scareware) has grown over the years into a persistent and prevalent threat and is now one of the largest families of malware that we've seen in recent history. In this new technical paper from SophosLabs, threat researcher Jagadeesh Chandraiah studies the evolution of fake anti-virus over the last three and a half years.

10 hacks that made headlines Wed May 16 06:23:11 2012

Hacking has been around for decades. Today's crimes are often financially-motivated fraud. Here are 10 hacking incidents that made history. Here are ten hacking incidents through history that made some of the biggest headlines. Markus Hess hacks on behalf of the KGB A German citizen recruited by the KGB to spy for the Soviets in the 1980s, Hess was tasked with breaking into US military computers to obtain classified information. From the University of Bremen in Germany, Hess used the German Datex-P network via satellite link or transatlantic cable to the Tymnet International Gateway. He was able to eventually attack 400 US military computers, including those at military installations in Germany and Japan, as well as machines at MIT in Cambridge, Massachusetts and the OPTIMIS Database at the Pentagon.

Ads on Wikipedia can point to malware infection Wed May 16 06:23:10 2012

Every now and then, Wikipedia's popularity and brand are misused by malware peddlers, typosquatters and scammers. But the fact that the Wikipedia project is funded exclusively by donors and the site never display ads also makes it a good litmus test for discovering whether one's machine is infected with certain types of malware. "If you’re seeing advertisements for a for-profit industry or anything but our fundraiser, then your web browser has likely been infected with malware," Wikipedia's Director of Community Advocacy Philippe Beaudette pointed out in a recent blog post.

Banking Trojan masquerading as Chrome installer Wed May 16 06:23:10 2012

Brazilian and Peruvian users looking to install Google's Chrome browser are in grave danger of downloading information-stealing malware instead. "We recently found some suspicious looking URLs which suggest that a malicious file named ChromeSetup.exe is hosted in domains like Facebook and Google," Trend Micro researchers warn.

Cyber viruses cost Vietnam over $320 mil a year: report Sun May 13 14:05:13 2012

Computer viruses cause Vietnam "time damage" worth VND559 billion (US$26.7 million) every month, according to a new report by Vietnam Internet security firm Bkav. The estimation, released May 10, was based on the incomes of the computer users and the time their work was interrupted by virus attacks, Saigon Tiep Thi reported.

Wordpress wp-gpx-map version 1.1.21 Arbitrary File Upload Vulnerability Fri May 11 15:43:25 2012

Arbitrary file upload detected in Wordpress wp-gpx-map version 1.1.21. Software Link: http://downloads.wordpress.org/plugin/wp-gpx-maps.1.1.21.zip. Vulnerable page : http://mysite.com/wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php

Hackers attacking smaller companies Thu May 10 14:05:13 2012

Hackers are increasingly targeting small and medium-size businesses for cyber attacks, said experts speaking at the Connect Southern California Innovation Conference Thursday in San Diego. The event featured two panels on cyber security – one geared toward security regulations facing corporate information technology departments and a second focused on what companies can do to protect themselves from cyber attacks.

Hotel internet an open hacking door Thu May 10 14:05:13 2012

Have you ever downloaded a software update from your hotel room or a coffee shop? If your answer is yes, then you may have been hacked According to an alert issued by the Internet Crime Complaint Centre, which is affiliated to the FBI in the US, hackers are now targeting travellers using hotel internet connections. In the alert issued yesterday, the ICCC says that hotel and other ‘public’ internet connections that travellers and tourist use are often easy targets for hackers and scammers because security was usually poor. In its Global Security Report for 2012, security company Trustwave found that hotel internet connections were easy targets for hackers because security was often lax.

Cyber crime as a Market Wed May 9 14:05:13 2012

Stephen Cobb, security evangelist at ESETMay 09, 2012
Say “cyber crime market” to the average MBA in America and they probably think you mean the market for security solutions to prevent cyber crime. In Russia the term “cyber crime market” apparently means the amount of money to be made from cyber crime. In 2011, that amount was $12.5 billion according a report recently published by Moscow-based Group-IB. Their analysts concluded that about one third of that total was “earned” by Russian-speaking hackers, and about half of that was earned by hackers inside Russia.

India 5th among cyber crime affected countries Mon May 7 14:05:13 2012

BANGALORE: India is ranked fifth in the worldwide ranking of countries affected by cyber crime, claims a report by the Security and Defence Agenda (SDA) and McAfee. According to the report titled ‘Cyber Security: The Vexed Question of Global Rules’, the premium on internet privacy in the country is quite low. SDA, a leading defence and security think-tank in Brussels, spoke to� leading global security experts to ensure that findings would offer useful recommendations and actions. “Much of the vulnerability is explained by widespread computer illiteracy and easily pirated machines,” pointed out the report. This is another reason for the phishing and other scams, it said.


  • Connect With Us
  • Facebook
  • Twitter
  • YouTube

Powered by Quttera © 2014. All rights reserved