TV failure
CVE number for this vulnerability  is CVE-2014-3566:

This is an industry-wide vulnerability affecting the SSL3.0 protocol itself and is not specific to the windows operating system. All supported version of Microsoft implement this protocol and are  affected by this vulnerability. Considering the attack scenario, this vulnerability is not considered as high risk.

 What is SSL? 
 Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security over the Internet. SSL encrypts the data transported over the network, using cryptography for privacy  and a keyed message authentication code for message reliability.

What is TLS?
Transport Layer Security (TLS) is a standard protocol that is used to provide secure web communications on the Internet or on intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. TLS is the latest version of the Secure Sockets Layer (SSL) protocol.

What causes the vulnerability? 
The vulnerability is caused by a weakness in the CBC encryption algorithm used in SSL 3.0.

Impact:

The vulnerability In SSL3.0 allows attackers to decrypt encrypted website connections. The attackers can exploit a weakness in the protocol’s design to garb secret session cookies and can steal or tamper with your sensitive information while it’s in transit.

Mitigating Factor:

  • The attacker must make several hundred HTTPS requests before tha attack could be successful.
  • TSL 1.0, TLS1.1, TLS1.2 and all cipher suit that do not use CBC mode are not affected.

Affected Operating System:

Windows server 2003 service pack 2

Windows server 2003 x64 Edition service pack 2

Windows server 2003 with SP2 for Itanium-based system

Windows vista service pack 2

Windows vista x64 Edition service pack 2

Windows server 2008 for 32-bit system SP2

Windows server 2008 for x64-based system SP2

Windows server 2008 for Itanium-based system SP2

Windows 7 for 32-bit system SP1

Windows 7 for x64-based system SP1

Windows server 2008 R2 for x64-based system SP1

Windows server 2008 R2 for Itanium-based system SP1

Windows 8 for 32-bit system

Windows 8 for x64-based system

Windows 8.1 for 32-bit system

Windows 8.1 for x64-based system

Windows server 2012

Windows server 2012 R2

Windows RT

Windows RT 8.1

Resolution:

Microsoft is investigating on this vulnerability, and will take the appropriate action to help protect their customers. This may include providing a security update through monthly release process or providing an out-of-cycle security update. Microsoft has suggested a workaround to disable SSL3.0 to mitigate this vulnerability. This workaround will disable SSL3.0 for all server software installed on a system, Including IIS.

Workarounds:

1)    Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, TLS 1.2 in Internet Explorer.

You can disable the SSL 3.0 protocol in Internet Explorer by modifying the Advanced Security settings in Internet Explorer.

To change the default protocol version to be used for HTTPS requests, perform the following steps:

  1. On the Internet Explorer Tools menu, click Internet Options.
  2. In the Internet Options dialog box, click the Advanced tab.
  3. In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
  4. Click OK.
  5. Exit and restart Internet Explorer.

Note:  After applying this workaround, Internet Explorer will fail to connect to Web servers that only support SSL up to 3.0 and don’t support TLS 1.0, TLS 1.1, and TLS 1.2.

2)    Disable SSL 3.0 and Enable TLS 1.0, TLS 1.1, TLS 1.2 in Internet Explorer in Group Policy.

You can disable support for the SSL 3.0 protocol in Internet Explorer via Group Policy by modifying the Turn Off Encryption Support Group Policy Object.

  1. Open Group Policy Management.
  2. Select the group policy object to modify, right click and select Edit.
  3. In the Group Policy Management Editor, browse to the following setting:

Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Advanced Page -> Turn off encryption support

  1. Double-click the Turn off Encryption Support setting to edit the setting.
  2. Click Enabled.
  3. In the Options window, change the Secure Protocol combinations setting to “Use TLS 1.0, TLS 1.1, and TLS 1.2“.
  4. Click OK.

Note Administrators should make sure this group policy is applied appropriately by linking the GPO to the appropriate OU in their environment.

Note After applying this workaround, Internet Explorer will fail to connect to Web servers that only support SSL up to 3.0 and don’t support TLS 1.0, TLS 1.1, and TLS 1.2.

3)    Disable SSL 3.0 in Windows.

You can disable support for the SSL 3.0 protocol on Windows by following these steps:

  1. Click Start, click Run, type regedt32or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 3.0\Server

Note If the complete registry key path does not exist, you can create it by expanding the available keys and using the New -> Key option from the Edit menu.

  1. On the Editmenu, click Add Value.
  2. In the Data Typelist, click DWORD.
  3. In the Value Namebox, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.

  1. Type 00000000in Binary Editor to set the value of the new key equal to “0”.
  2. Click OK. Restart the computer.

Note This workaround will disable SSL 3.0 for all server software installed on a system, including IIS.

Note After applying this workaround, clients that rely only on SSL 3.0 will not be able to communicate with the server.

 

tv - programer

  1. ctrlq.org/screenshots – for capturing screenshots of web pages on mobile and desktops.
  2. dictation.io – online voice recognition in the browser itself.
  3. zerodollarmovies.com – find full-length movies on YouTube.
  4. screenr.com – record movies of your desktop and send them straight to YouTube.
  5. goo.gl – shorten long URLs and convert URLs into QR codes.
  6. unfurlr.come – find the original URL that’s hiding behind a short URL.
  7. qClock – find the local time of a city using a Google Map.
  8. copypastecharacter.com – copy special characters that aren’t on your keyboard.
  9. postpost.com – a better search engine for twitter.
  10. lovelycharts.com – create flowcharts, network diagrams, sitemaps, etc.
  11. iconfinder.com – the best place to find icons of all sizes.
  12. office.com – download templates, clipart and images for your Office documents.
  13. followupthen.com – the easiest way to setup email reminders.
  14. jotti.org – scan any suspicious file or email attachment for viruses.
  15. wolframalpha.com – gets answers directly without searching   – see more wolfram tips.
  16. printwhatyoulike.com – print web pages without the clutter.
  17. joliprint.com – reformats news articles and blog content as a newspaper.
  18. ctrql.org/rss – a search engine for RSS feeds.
  19. e.ggtimer.com – a simple online timer for your daily needs.
  20. coralcdn.org – if a site is down due to heavy traffic, try accessing it through coral CDN.
  21. random.org – pick random numbers, flip coins, and more.
  22. pdfescape.com – lets you can quickly edit PDFs in the browser itself.
  23. tubemogul.com – simultaneously upload videos to YouTube and other video sites.
  24. scr.im – share you email address online without worrying about spam.
  25. spypig.com – now get read receipts for your email.
  26. sizeasy.com – visualize and compare the size of any product.
  27. myfonts.com/WhatTheFont – quickly determine the font name from an image.
  28. google.com/webfonts – a good collection of open source fonts.
  29. regex.info – find data hidden in your photographs – see more EXIF tools.
  30. livestream.com – broadcast events live over the web, including your desktop screen.
  31. iwantmyname.com – helps you search domains across all TLDs.
  32. homestyler.com – design from scratch or re-model your home in 3d.
  33. join.me – share you screen with anyone over the web.
  34. onlineocr.net – recognize text from scanned PDFs – see other OCR tools.
  35. flightstats.com – Track flight status at airports worldwide.
  36. wetransfer.com – for sharing really big files online.
  37. hundredzeros.com – the site lets you download free Kindle books.
  38. polishmywriting.com – check your writing for spelling or grammatical errors.
  39. marker.to – easily highlight the important parts of a web page for sharing.
  40. typewith.me – work on the same document with multiple people.
  41. whichdateworks.com – planning an event? find a date that works for all.
  42. everytimezone.com – a less confusing view of the world time zones.
  43. gtmetrix.com – the perfect tool for measuring your site performance online.
  44. noteflight.com – print music sheets, write your own music online (review).
  45. imo.im – chat with your buddies on Skype, Facebook, Google Talk, etc. from one place.
  46. translate.google.com – translate web pages, PDFs and Office documents.
  47. kleki.com – create paintings and sketches with a wide variety of brushes.
  48. similarsites.com – discover new sites that are similar to what you like already.
  49. wordle.net – quick summarize long pieces of text with tag clouds.
  50. bubbl.us – create mind-maps, brainstorm ideas in the browser.
  51. kuler.adobe.com – get color ideas, also extract colors from photographs.
  52. liveshare.com – share your photos in an album instantly.
  53. lmgtfy.com – when your friends are too lazy to use Google on their own.
  54. midomi.com – when you need to find the name of a song.
  55. bing.com/images – automatically find perfectly-sized wallpapers for mobiles.
  56. faxzero.com – send an online fax for free – see more fax services.
  57. feedmyinbox.com – get RSS feeds as an email newsletter.
  58. ge.tt – qiuckly send a file to someone, they can even preview it before downloading.
  59. pipebytes.com – transfer files of any size without uploading to a third-party server.
  60. tinychat.com – setup a private chat room in micro-seconds.
  61. privnote.com – create text notes that will self-destruct after being read.
  62. boxoh.com – track the status of any shipment on Google Maps – alternative.
  63. chipin.com – when you need to raise funds online for an event or a cause.
  64. downforeveryoneorjustme.com – find if your favorite website is offline or not?
  65. ewhois.com – find the other websites of a person with reverse Analytics lookup.
  66. whoishostingthis.com – find the web host of any website.
  67. google.com/history – found something on Google but can’t remember it now?
  68. aviary.com/myna – an online audio editor that lets record, and remix audio clips online.
  69. disposablewebpage.com – create a temporary web page that self-destruct.
  70. urbandictionary.com – find definitions of slangs and informal words.
  71. seatguru.com – consult this site before choosing a seat for your next flight.
  72. sxc.hu – download stock images absolutely free.
  73. zoom.it – view very high-resolution images in your browser without scrolling.
  74. scribblemaps.com – create custom Google Maps easily.
  75. alertful.com – quickly setup email reminders for important events.
  76. picmonkey.com – Picnik is offline but PicMonkey is an even better image editor.
  77. formspring.me – you can ask or answer personal questions here.
  78. sumopaint.com – an excellent layer-based online image editor.
  79. snopes.com – find if that email offer you received is real or just another scam.
  80. typingweb.com – master touch-typing with these practice sessions.
  81. mailvu.com – send video emails to anyone using your web cam.
  82. timerime.com – create timelines with audio, video and images.
  83. stupeflix.com – make a movie out of your images, audio and video clips.
  84. safeweb.norton.com – check the trust level of any website.
  85. teuxdeux.com – a beautiful to-do app that looks like your paper dairy.
  86. deadurl.com – you’ll need this when your bookmarked web pages are deleted.
  87. minutes.io – quickly capture effective notes during meetings.
  88. youtube.com/leanback – Watch YouTube channels in TV mode.
  89. youtube.com/disco – quickly create a video playlist of your favorite artist.
  90. talltweets.com – Send tweets longer than 140 characters.
  91. pancake.io – create a free and simple website using your Dropbox account.
  92. builtwith.com – find the technology stack of any website.
  93. woorank.com – research a website from the SEO perspective.
  94. mixlr.com – broadcast live audio over the web.
  95. radbox.me – bookmark online videos and watch them later (review).
  96. tagmydoc.com – add QR codes to your documents and presentations (review).
  97. notes.io – the easiest way to write short text notes in the browser.
  98. ctrlq.org/html-mail – send rich-text mails to anyone, anonymously.
  99. fiverr.com – hire people to do little things for $5.
  100. otixo.com – easily manage your online files on Dropbox, Google Docs, etc.

tv crime2A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned.

According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet, which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US.

The most interesting thing to notice about this botnet is that it uses a special method of spreading via a search service of Reddit posts to a Minecraft server list subreddit to collect the IP addresses for its command and control (CnC) network. The user who had posted that subreddit data has now been shut down though the malware creators are likely to form another server list.

It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and – as a search query – specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date,” the Russian company said in a statement on its website.

The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

Though the researchers did not mention how Mac.BackDoor.iWorm spreads, but they shared that the “dropper” program of the malware allows it to be installed in the Library directory within the affected user’s account home folder, disguised as an Application Support directory for “JavaW” and sets itself to autostart.

CLICK TO ENLARGE

Once a Mac has been infected, the software establishes a connection with the command and control server. The backdoor on the user’s system can be used to receive instructions in order to perform a variety of tasks, from stealing sensitive information to receiving or spreading other malicious software. It could also change configuration or put a Mac to sleep.

Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically,” the company added.

The Mac.BackDoor.iWorm is likely to send spam emails, flood websites with traffic, or mine bitcoins. Most of the compromised machines are located in the US, Canada ranked second, with 1,235 comprised addresses, followed by the United Kingdom with 1,227 addresses and the rest is in Europe, Australia, the Russian Federation, Brazil and Mexico.

tv-300x2241

There are a large number of websites and programs that prompt end users to save passwords on their personal computer(s). Popular web browsers such as Mozilla Firefox, Internet Explorer, Google Chrome, and instant messaging software like Windows Live Messenger are capable of saving user logins and passwords on the local computer. A common task that arises for the end-user is to find stored passwords on a computer in order to recover lost or forgotten access information. Depending on the application being used, operating system, and specific user permissions, the task can be as easy as choosing some options in the OS or having to download specific tools to crack the password file hash.

How to Find Stored Passwords in Windows XP

Microsoft Windows has the capability to manage stored user names and passwords for individual users so unique software may not be required for this purpose.

Step 1 – Click on the “Start” menu button and launch the “Control Panel”.

Step 2 – Locate the “Pick a category” menu label the select “User Accounts” menu option.

Step 3 – Open the “Stored User Names and Passwords” menu option by selecting “Manage my network passwords” beneath the “Related Tasks” menu label. If you are logged in as an administrator, select your user account. Then under related tasks choose the “Manage my network passwords.”

Step 4 – View the list of stored usernames and passwords.

How to Find Stored Passwords in Windows 7

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “User Accounts”

Step 3 – In the left pane, click “Manage your network passwords”.

How to Find Stored Passwords in Windows 8

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “Credential Manager”

How to View Stored Passwords on a MAC

On computers than run the Mac OS X operating system, when a user tells their computer to store a password associated with an application, website, or wireless network, the information is saved on the computer’s hard drive. OS X uses the Keychain Access utility to help Mac users to look-up and manage their stored passwords.

Step 1 – Launch the OS X “Finder” by clicking the menu icon on the computer’s dock. Then, navigate to the “Utilities” folder which is located under the “Applications” section on the Mac hard drive.

Step 2 – Open the “Keychain Access” program icon to launch the password utility application. Then, select “Passwords” from the options located in the lower left corner of the program window.

Step 3 – From the list find the application, web site or network name associated with the password you want to view and double click on it. A new window showing information about it will display.

Step 4 – Click on the “Show password” checkbox to reveal the password. You will be asked to enter your user password, and click “Allow”, in order to see it. Once you do it will be visible in the “Show password” field.

How to Find Stored Passwords in Firefox

The Mozilla FireFox Password Manager application stores user names and passwords on your computer’s hard drive and will automatically enter the data when visiting websites that require the information.

Steps to Use the Mozilla FireFox Password Manager

Step 1 – Launch Mozilla Firefox by double clicking the program icon on your computer’s desktop.

Step 2 – Select the “FireFox” menu button and then click the “Options” menu choice.

Step 3 – Select the “Security” menu tab that is located at the upper portion of the “Options” window.

Step 4 – Select the “Remember Passwords for Sites” check box if not already selected.

Step 5 – Log into a website that requires a username and password. Choose the “Remember” menu button on the subsequently displayed dialog box to save a new password in the FireFox Password Manager. Alternatively, you can choose the “Never for This Site” menu option to add an exception to the Password manger.

Step 6 – Choose the “Exceptions” menu button in FireFox to view the current exception list that the web browser is configured to never save a password. Sites can be removed from this list by clicking the “Remove All” menu button (removes all exceptions) or individually by selecting a site and choosing the “Remove” button.

Step 7 – View the saved passwords in the Password Manager by selecting the “Saved Passwords” menu button. You can also remove passwords from this window by clicking the “Remove All” or “Remove” menu buttons.

Steps to Change the FireFox Password Manager Master Password

The FireFox master password is used to protect the master key for the FireFox browser on your computer. The master key is used to encrypt email passwords, web site passwords, and other potentially sensitive information stored by the Form and Password Manager on your computer.

Step 1 – Launch Mozilla FireFox by double clicking the program icon.

Step 2 – Select the “FireFox” menu button, then click the “Options” menu choice, and choose the “Security” tab.

Step 3 – If the “Use a master password” checkbox is not selected you don’t have a master password. If it is selected then click on the “Change Master Password” button.

Step 4 – Enter your current password, and then in the fields below enter and re-enter the new password you wish to set.

How to Recover Passwords Hidden Behind Asterisks

A common problem that arises for end-users is determining what passwords are saved by their web browser if they do not have access to the Password Manager or equivalent application on their computer. The BulletsPassView utility is one of the most used freeware applications capable of performing this task. The program is a tool that is designed to reveal the passwords stored behind the asterisks in the standard password text box on the Windows operating system and Internet Explorer web browsers.

Improvements made to the BulletsPassView application from the legacy Asterisk Logger utility include support for Windows 7/8/Vista, support for Internet Explorer password text boxes, improved command line support, Unicode support to properly capture non-English language passwords, and not revealing the password inside of the password text-box itself (inside of the main window of the application only). The new version of BulletsPassView does have limitations; however, as it is not able to retrieve passwords displayed in the Chrome, FireFox, or Opera web browsers as well as the network and dial-up passwords on Windows. This is due to the fact that these applications do not save the password stored behind the asterisks to improve security.

Steps to Use BulletsPassView

Step 1 – Download the appropriate version of BulletsPassView for your computer. Please note that if you are using a 64 bit Windows computer there is a different version of the software than for 32 bit computers. You can tell if your Windows computer is a 64 bit by selecting “Start,” “Control Panel,” and “System” menu options and the OS type will be listed about half-way down the subsequently displayed screen.

Step 2 – Double-click the executable file downloaded to launch the application. The BulletsPassView program does not require an installation process. On launch, the program will make a first scan to locate any password text-boxes actively displayed and show the result on the program’s main window.

Step 3 – Open a website in Internet Explorer that has a password saved which you need to recover. Then click the “Refresh” menu button on BulletsPassView or press the “F5” key on your computer to display the password. Alternatively, the application supports an “Auto Refresh” option that is selectable under the “Options” menu to automatically scan for new passwords every few minutes.

Step 4 – Open the Windows command prompt by selecting the “Start” menu button and entering “CMD” in the search text field. Then, enter the fully qualified path to the BulletsPassView application and include “/stext <Filename>” followed by pressing the “Enter” key. This will save the list of passwords currently displayed on the computer’s screen to save the information in a simple text file.

BulletsPassView Command Line Options

BulletsPassView supports a number of command line options to save on-screen data into a number of formats to include text, XML, HTML, CSV.

/stext <Filename>       Save the list of bullet passwords into simple text file.

/stab <Filename>         Save the list of bullet passwords into a tab-delimited text file.

/scomma <Filename> Save the list of bullet passwords into a comma-delimited text file (csv).

/stabular <Filename>   Save the list of bullet passwords into a tabular text file.

/shtml <Filename>      Save the list of bullet passwords into HTML file (Horizontal).

/sverhtml <Filename>  Save the list of bullet passwords into HTML file (Vertical).

/sxml <Filename>        Save the list of bullet passwords into XML file.

 

Find Stored Passwords Using Cain & Abel

Cain & Abel is able to disclose or recover stored passwords on computers using the Windows operating system (OS). The application is distributed as freeware and includes the capability to conduct password-box revealing, network sniffing, brute-force, and dictionary attacks. The application does not exploit software bugs or vulnerabilities to ensure a higher quality of service. The primary purpose of the software is to simplify the recovery of passwords and credentials for network administrators, security professionals, and security software vendors. The current version of the software is faster than previous versions and provides support for encrypted protocols such as SSH-1 and HTTPS.

Find Stored Passwords in ZIP Files Using ALZip

ALZip is freeware produced by ESTSoft and is designed to recover lost or forgotten passwords from ZIP files. ALZip allows end-users to compress, uncompress, and recover lost passwords for zip file archives. The application has a “Password Recovery” menu option that when selected will recover the lost information for the end-user.

Other Popular Password Recovery Tools

Some of the other popular password recovery tools found are the freeware utilities produced by NirSoftFreeware, Ultimate ZIP Cracker, and the Password Recovery Tool for MS Access 1.

NirSoftFreeware has a number of handy freeware utilities for recovering lost passwords from IE, Outlook, and various Instant Messaging clients.

Ultimate ZIP Cracker (shareware from VDGSoftware) recovers passwords from ZIP, ARJ, MS Word, and MS Excel formats. The program supports Brute Force attacks, Smart, Dictionary, Date, and Customized searches when recovering passwords associated with the supported file formats.

Password Recovery Tool for MS Access 1 (from Hongxin Technology & Trade) is a free tool to recover MS Access passwords. The application provides support for MS Access database files through the 2003 version. The ability to recover passwords for newer versions of Access is not stated to be supported.

tv-virus

The six-year old Conficker worm is still a major presence in the threat landscape, accounting for 38% of all detections in the first half of 2014, according to security vendor F-Secure’s latest Threat Report.

The Finnish firm’s H1 round-up found, by contrast, that detection’s of malicious Java plug-ins in the browser dropped from over 40% last year to just 11% in the first six months of 2014.

“Finally, the current versions of Java are such that there are too many hurdles in the way for Java to be easily exploited,” commented security adviser Sean Sullivan during a webcast to discuss the report.

F-Secure chief research officer, Mikko Hypponen, added that Conficker’s persistence is likely down to regions in which there are still a large number of legacy systems and high piracy rates. Brazil, for example, was the number one country when it came to Conficker detection’s, he said.

“When you’re running pirated versions of applications or the operating system itself patching is more problematic, so you have more security problems,” Hypponen added.

Web-based attacks, during which malware redirects the victim’s browser to malicious sites, accounted for 20% of detection’s, with ‘other’ taking up the remaining 38%.

Elsewhere, F-Secure spotted 25 new malware variants specifically targeting Mac machines.

Although their capabilities and distribution methods are becoming more sophisticated, Hypponen   claimed that “the situation isn’t out of hand” on the Apple platform, relative to Windows PCs and Android mobile devices for which there are far greater numbers of malware variants.

The Google mobile platform, for example, witnessed 294 new malware families or variants in the first half of this year, compared to just one for the more tightly controlled iOS ecosystem, according to the report.

The other notable trend of the period was a growth in ransomware activity on desktop and mobile platforms, with the likes of Cryptolocker, Koler, Slocker and other malware all causing problems for users, said F-Secure.

tv crime2Until now we have seen a series of different malware targeting Windows operating system and not Mac, thanks to Apple in way it safeguard its devices’ security. But with time, cyber criminals and malware authors have found ways to exploit Mac as well.
GROUP BEHIND THE MAC VERSION OF BACKDOOR
Researchers have unmasked a group of cyber criminals that has recently started using a new variant of XSLCmd backdoor program to target Mac OS X systems. This Mac version of backdoor shares a significant portion of its code with the Windows version of the same backdoor that has been around since at least 2009.
According to FireEye researchers, the group, dubbed as GREF, is already infamous for its past cyber espionage attacks against the US Defense Industrial Base (DIB), companies from the electronics and engineering sectors worldwide, foundations and other NGO’s as well.

We track this threat group as “GREF” due to their propensity to use a variety of Google references in their activities – some of which will be outlined later in this report. Our tracking of GREF dates back to at least the 2009 timeframe, but we believe they were active prior to this time as well.” researcher said.

WINDOWS MALWARE NOW TARGETING MAC OS X
The malicious program used by the group has ability to open a reverse shell, list and transfer files and install additional malware on the computer it infects. The Mac version of backdoor can also log keystrokes as well as capture screenshots. The group has been using the same XSLCmd backdoor to target Windows users for years.

The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process,” security researchers from FireEye said Thursday in a blog post.

HOW BACKDOOR HIDE ITSELF
Once installed on a Macintosh computer, the malware copies itself to /Library/Logs/clipboardd and$HOME/Library/LaunchAgents/clipboardd. The malware also creates a com.apple.service.clipboardd.plistfile to ensure its execution after the system reboots.
The code contained in the malware checks for the OS X version of the devices, but account for version 10.8 (Mountain Lion) and versions older than that. This indicates that the malware lack in support for OS X version 10.9, the current version of Mac.
Indeed, this specific sample of malware “..uses an API from the private Admin framework that is no longer exported in 10.9, causing it to crash.
GROWING MARKET OF MAC MALWARE
In a follow-up blog titled, Apple OS X: Security Through Obscurity is becoming an Absurdity, FireEye researchers mention Forrester in claiming that the usage of Apple devices is growing rapidly with 52 percent of newly issued computers in the enterprise being Macs.
Since 41 percent of enterprise including VIPs, executives and manager level employees are Apple users, they automatically becomes the prime and rich targets of the cyber criminals. So, cyber criminals are trying every effort to turn malicious and complex Windows malwares to target Mac users.

 

Originally posted on Naked Security:

The FBI says it is investigating the alleged theft of nude and other photos of female celebrities, including Jennifer Lawrence and Rihanna.

Jennifer Lawrence by Gage Skidmore. WikipediaFBI Spokesperson Laura Eimiller told NBC News:

The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.

Meanwhile, Apple also said that it is “actively investigating” the theft of personal images after it was alleged that its iCloud service was exploited by the person who posted the photos online. Speaking to Recode, Apple spokeswoman Natalie Kerris said:

We take user privacy very seriously and are actively investigating this report.

Though it hasn’t been confirmed, many sources have speculated that the photos were stolen from iCloud accounts.

Actress Kirsten Dunst, also named on the list, appears to think her photos were taken…

View original 294 more words