Ceptera Security Newswire » Security News

Dear Jailbreaker, Apple Wants to Have a Word with You

Gray Grantham — Sat, 19 May 2012 01:59:50 +0000

After banning the word “jailbreak” from its app store and music library, Apple today reversed course and again permits the term – slang for hacking into a device to download unauthorized content — to appear on iTunes and its App Store.

On Thursday bloggers noticed Apple had censored the word, using the Thin Lizzy album “Jailbreak” as an example. For awhile, the title was listed as “J******k” in Apple’s music library, at least its U.S. version. In other instances, digital content continued to bear the full name Jailbreak.

Weekly Roundup: May 18, 2012 – Smartphone Security, Cyber Threat Trends and the Importance of Secure Development

Gray Grantham — Fri, 18 May 2012 23:36:00 +0000

Trending Security News Security news stories this week focused on smartphone security and GPS tracking; our Security Development Conference in DC; and a report on security technology trends with a few stories also covering malware stats and cyber-attacks…(read more)

Tech Insight: Practical Threat Intelligence

Gray Grantham — Fri, 18 May 2012 21:20:04 +0000

Today’s ever-changing threat landscape requires proactive security efforts to identify threats and adapt defenses quickly.

Facebook sued for $15 billion over alleged privacy infractions

Gray Grantham — Fri, 18 May 2012 21:20:04 +0000

A class-action lawsuit filed by Stewarts Law US combines 21 cases across the U.S.

Originally posted at News – Internet & Media

Bogus Pinterest Pins Lead to Survey Scams

Gray Grantham — Fri, 18 May 2012 20:18:23 +0000

The continuing increase in visitors to the Pinterest site may be a primary cause why it’s becoming a hit for cybercriminals’ scams and schemes. In March, we spotted scammers using popular brands to lure users into “pinning” fake posts that led to surveys scams. This new wave of survey scams I found came from my search using “pinterest” as keyword.

Users who re-pin the posts from the sample above will most likely spread the post.

In addition, I also spotted posts using URL shorteners such as bit.ly and goo.gl. When clicked, the shortened URLs/the fake posts lead to any of the following URLs:

http://pinterest.co{BLOCKED}t.info/?419
http://pinterest.com-{BLOCKED}key.info/Thank-You/fb/
http://pinterest.co{BLOCKED}s.info
http://pinterest.{BLOCKED}one.info
http://pinterestgift.{BLOCKED}hing.info
http://pinterests.{BLOCKED}onus.info

Upon clicking the link, users are redirected to a Pinterest-like webpage offering prizes, vouchers, gift cards and others:

Made to resemble like a typical Pinterest webpage, the fake site features a search field, add+, an about. However, these are mere images and are not clickable. The clickable links are those that redirect to survey scams such as Body Age Quiz.

After a user fills out the fields required in the scam page, users are also required to enter their mobile numbers. Users who do provide their numbers will receive a code on their mobile phones and will continue to receive unwanted messages, charges and other scams via text message.

And Via Email, Too

Another thing I’ve noticed is that the fake site requires an email address:

Users entering their email addresses are brought to complete several steps to get the supposed offer. Users receive an email claiming to be from Pinterest. The email urges the user to click on the link found in the message body to confirm the subscription. Clicking on the link redirects the user to a Pinterest-like scam page. Again, all the clickable links lead to the same scam pages.

Upon closer investigation of these attacks, I noticed that before users are redirected to the fake Pinterest sites, the connection passes through ad-tracking sites. This way, the number of visitors are tracked, determining the supposed earnings of the scammers. Based on our data, the fake Pinterest URLs are being visited since May 2. Fake Pinterest posts hosting scams are likely to spread within Pinterest via users who re-pin the posts. The “offers” in these fake Pinterest posts look enticing after all. Plus, some users would want to ask the rest of the Pinterest community to verify such offers, like this user.

Pinterest has since removed some of the fake Pinterest posts. Trend Micro users are also protected from these scams by the web reputation technology in our Smart Protection Network™.

Post from: TrendLabs | Malware Blog – by Trend Micro

Bogus Pinterest Pins Lead to Survey Scams

FBI ‘looking at’ law making Web sites wiretap-ready, director says

Gray Grantham — Fri, 18 May 2012 20:17:00 +0000

Director Robert Mueller says FBI needs to be able to “capture communications” of people under surveillance, but declines to elaborate on renewed lobbying effort reported by CNET two weeks ago.

Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops

Gray Grantham — Fri, 18 May 2012 19:34:50 +0000

Defense giant Northrop Grumman is hiring software engineers to help it carry out “offensive cyberspace operations,” according to a recent job posting.

ZTE Score M Android Phone Found to Have Backdoor Installed

Gray Grantham — Fri, 18 May 2012 19:03:41 +0000

UPDATE–An Android handset produced by Chinese manufacturer ZTE has a backdoor installed that could enable an attacker to take control of an affected device remotely and run arbitrary code. The manufacturer has acknowledged the issue in the ZTE Score M, which includes a harcoded password, and says that it plans to push out a fix soon.

Global Payments Breach A Year Older Than First Reported

Gray Grantham — Fri, 18 May 2012 19:02:39 +0000

Alerts issued by Visa and Mastercard earlier this week suggest that a breach at payment processor Global Payments dates to January 2011, a full year earlier than the company initially announced.

Microsoft Adopts CVRF Format for Security Bulletins

Gray Grantham — Fri, 18 May 2012 17:52:11 +0000

Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there’s a effort underway, called the Common Vulnerability Reporting Framework, to standardize the way that vulnerabilities are reported so that they’re in a common, machine-readable format.