20% of all malware ever created appeared in 2013

According to the latest PandaLabs report, malware creation hit a new milestone. In 2013 alone, cyber-criminals created and distributed 20 percent of all malware that has ever existed, with a total of 30 million new malicious strains in circulation, at an average of 82,000 per day.

Despite Trojans have continued to be the most common security threat, the company’s anti-malware laboratory has observed a wide variety of attacks, with a notable resurgence of ransomware (CryptoLocker being one of the nastiest examples).

The proportion of infected computers around the world was 31.53 percent, very similar to the 2012 figures.

Besides offering an overview of the most significant events in the computer security field, the 2013 Annual Security Report also forecasts future trends for 2014. Much of 2014’s headlines will focus on the Internet of Things (IoT) and Android devices, which will continue to be exploited by attackers to steal users’ data and money.

PandaLabs expects to see hundreds of thousands of new strains of Android-targeting malware in circulation. 2013 saw a large number of Android scams that used malicious ads in legitimate apps, and it has been estimated that last year alone cyber-criminals released more than two million new malware threats for Android.

Source:
http://www.net-security.org/malware_news.php?id=2737

Posted in Internet, Privacy, Security | No Comments

United States to give up its oversight on domain name assignment

In the wake of an NSA spying scandal which has shaken the faith of many in the United States’ dedication to digital privacy, the U.S government has announced that it will be ceding its oversight of ICANN – the organization which manages domain name assignment for every site on the internet.

According to a press release from the NTIA, a branch of the U.S Department of Commerce, the United States seeks to turn over this authority to an international group which will have its structure and administration determined over the course of next year.

The task is currently handled by ICANN, an organization which has managed the assignment of domain names (like .com, .org and .net) since its inception 1998. Now, the U.S has asked ICANN to “convene global stakeholders” and transition the role the U.S government currently plays into a more overarching structure, which will be handled by an outside organization.

According to a statement made by ICANN president Fadi Chehadé, the group will hold its first meeting on the transition on March 23rd in Singapore. ICANN also hopes to include participation from all major governments and internet organizations, as a means of promoting communication and proper development.

Source:
http://www.neowin.net/news/united-states-to-give-up-its-oversight-on-domain-name-assignment

Posted in Internet, Privacy, Security | No Comments

All major browsers fall during second day at Pwn2Own hacking contest

Security researchers demonstrated zero-day exploits against Google Chrome, Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Adobe Flash Player during the second day of the Pwn2Own hacking competition Thursday, racking up total prizes of US$450,000.

A team from French vulnerability research firm Vupen hacked Google Chrome by exploiting a use-after-free vulnerability that affects both the WebKit and Blink rendering engines. The researchers then successfully bypassed Chrome’s sandbox protection to execute arbitrary code on the underlying system.

On Wednesday, the first day of the contest that takes place every year at the CanSecWest security conference in Vancouver, researchers from the same team hacked Internet Explorer 11, Firefox, Flash Player and Adobe Reader.

Another anonymous researcher presented a Chrome remote code execution exploit Thursday, but the contest judges declared it only a partial win because some details of the hack were similar to those of an exploit presented earlier at Pwnium, Google’s own hacking contest that runs aside Pwn2Own.

Well known iPhone and PlayStation 3 hacker George Hotz, known online as geohot, demonstrated a remote code execution exploit against Firefox, making it the competition’s fourth successful hack against Mozilla’s browser. Aside from Team Vupen, security researchers Jüri Aedla and Mariusz Mlynski had also compromised Firefox during the first day of the contest by exploiting different vulnerabilities.

Source:
http://news.techworld.com/security/3506807/all-major-browsers-fall-during-second-day-at-pwn2own-hacking-contest/

Posted in Internet, Privacy, Security, Software, Windows | No Comments

Major security flaw threatens Linux users

A source code mistake in the GnuTLS library an open-source software building block used in a large number of different Linux distributions to handle secure Internet connections could prove a serious threat to the privacy of Linux users, as developers rush to patch the vulnerability.

Nikos Mavrogiannopolous, the developer of GnuTLS, announced Monday in a mailing list message that he had implemented a fix to the source code that closes the loophole. The flaw would have enabled an attacker to spoof GnuTLS’ system for verifying certificates, exposing supposedly secure connections to stealthy eavesdropping.

By creating a specific type of fake certificate, an attacker could trick GnuTLS into accepting it as genuine, granting access to an otherwise-secure connection. This done, the intruder could monitor traffic flowing through the connection in plain text, and even interject code of his own, potentially opening further avenues of attack.

Source:
http://news.techworld.com/operating-systems/3505192/major-security-flaw-threatens-linux-users/

Posted in Internet, Linux, Privacy, Security | No Comments

Apple security flaw could allow hackers to beat encryption

A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.

If attackers have access to a mobile user’s network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same.

“It’s as bad as you could imagine, that’s all I can say,” said Johns Hopkins University cryptography professor Matthew Green.

Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.

But a statement on its support website was blunt: The software “failed to validate the authenticity of the connection.”

Apple released software patches and an update for the current version of iOS for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later.

Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site, Green said.

After analyzing the patch, several security researchers said the same flaw existed in current versions of Mac OSX, running Apple laptop and desktop computers. No patch is available yet for that operating system, though one is expected soon.

Source:
http://www.reuters.com/article/2014/02/22/us-apple-flaw-idUSBREA1L01Y20140222

Posted in Internet, Mobile, Privacy, Security | No Comments