Archive for the ‘Security Advisories’ Category
October 8th, 2012 | 
Author: Cyber Criminals are starting a Skype based campaign aimed at spreading malicious software. We have heard reports of many users reported receiving messages that appear to come from their friends in their Skype contact lists. These messages are part of a a social engineering agains skype user.
Read More: http://countermeasures.trendmicro.eu/skype-worm-spreading-fast/
Due to a security flaw in the Samsung Galaxy S3 your phones data can be wipe just by surfing web pages (on a compromised website). Hackers have become aware of this security flaw and they are placing hidden code in webpages that will trigger the remote wipe feature of this phone without the permission or any input from the phones user. This code is presently circulating online through websites but it’s also possible that attackers may adopt the code to a test message distribution method, QR code or NFC tag.
Other reports on the internet are saying that they have uncovered more codes built into Samsung devices that could be used in other attacks like killing the phones SIM card. Beside claim we have not seen any evidence of such code yet.
It is also believed that this code may also trigger a factory reset on Galaxy S2 and other Samsung devices that use Samsung's "TouchWiz" interface.
How to Protect you self for this issue:
Backup you Smart Phone content, and check regularly on the Samsung website to see if they have released an update to fix your phone.
The only way to guard against the attacks is to switch off "service loading" in settings, and disable QR code and NFC apps.
How to Test your Phone
You can test your phone by entering any one of the two codes provide here:
*2767*688#
or
*2767*2878#
Please make BACKUP of your all data on your phone before use this code because it you phone is vulnerable the code will wipe all data on your phone and reset it back to factory default.
Devices from other Android manufacturers appear to be unaffected
Internet SCAM
An internet Scam target at Bank of Ireland 365 customer has been detected. The Hackers are sending email to targeting Irish email address with a message saying that your account has been temporally limited. This emails is designed to look as if it has come from Bank of Ireland 365 online banking. The emails that we have received have not come from Bank of Ireland and the link in the email does not take you to a bank of Ireland server. This is a social engineering attack by cybercriminal to steal your banking login details.
If you have already fallen victim to this attack change your banking login details immediately.
————————————————————————————–.
From: 365 Online [mailto:no-reply@365online.ie]
Sent: Friday, March 09, 2012 12:45 PM
To: niall@securityitrust.com
Subject: Your account has been temporarily limited. ID: 201203WJS2
Dear Customer,
Your account has been temporarily limited.
To remove the limitation from your account
please confirm your credit card details on file.
For confirmation, please click the link below:
Sign In to 365online account – (Link to fake website desgned to look like 365 Online).
We apologise for any inconvenience caused.
Thank you.
——————————————————–.
Posted in Irish IT Security, IT News, IT Security News, Online Fraud, Scam Alert, Security Advisories, Security Alerts, Spam | 
Tags: Bank Of Ireland, Internet SCAM Alert | 
No Comments »
Google Chrome Style Handling Memory Corruption Vulnerability
Software Google Chrome 10.x
Critical Level: High
Impact: System could become compromised leading to Possible System Access
Solution: Update to version 10.0.648.133
Constructr CMS Cross-Site Scripting plus SQL Injection Vulnerabilities
Software: Constructr CMS 3.x
Critical Level: Medium
Impact: Cross Site Scripting
Solution:
SAP GUI Insecure Library Loading Vulnerability
Software: SAP GUI 6.x – 7.x
Critical Level: High
Impact: Possible system access
Solution: Apply the vendor patch
WordPress WP Forum Plugin Multiple SQL Injection Vulnerabilities
Software: WP Forum Plugin 1.x
Critical Level: High
Impact: Manipulation of data
Solution:
There are reports that a new mass-mailing worm is spreading. The worm spreads through email messages with the subject line "Here you have;" the body of the message includes a link that appears to lead to a PDF file, but instead leads to a malicious executable file. Once the worm has infected the PC it will try to disable security software and then sends itself to everyone in the infected computer's email contact list.
According to various reports, in the past few days a large number of websites created using WordPress have been hacked. . Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted.
The hacked web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page. When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.
Experts are currently still puzzled over which hole was actually exploited for the large-scale attack. The only thing that seems certain at this point is that the problem didn’t originate in WordPress, because if this was the case considerably more pages would have been infected. It is still unknown which version of wordpress are been attacked.