Patch Tuesday for July 2014 - 6 bulletins, 2 RCEs, 3 EoPs and get ready to reboot
JULY 6th 2014
Here's what to expect from Microsoft in the July 2014 edition of Patch Tuesday, scheduled to ship on Tuesday 08 July 2014.
Things are fairly straightforward this month, with six bulletins, two of which are critical patches dealing with remote code execution holes.
SEA hacks Israeli Defence Force Twitter account, posts bogus nuclear warning
JULY 4th 2014
Residents of the Southern District of Israel may have felt alarmed on Thursday after the Twitter account of the Israeli Defence Force warned of a possible leak at the Dimona nuclear facility:
#WARNING: Possible nuclear leak in the region after 2 rockets hit Dimona nuclear facility
Facebook shrugs as 'emotional contagion' research outrages its users
JULY 3rd 2014
Over the weekend, a paper was published in a prestigious journal by Facebook researchers who, for one week, intentionally modulated the news feeds of Facebook users.
Not "passively monitored", mind you; rather, actively manipulated.
Microsoft stops Patch Tuesday emails, blames Canada, then does U-turn
JULY 1st 2014
Well, it's been a busy few days for Microsoft.
First it decided we would all have to kiss its Patch Tuesday emails goodbye.
The Redmondians sent out a decree on Friday saying that regular email notifications of security advisories are coming to a stop on 1 July.
4 password mistakes small companies make and how to avoid them
JUNE 30th 2014
When it comes to IT security, very small businesses and micro-enterprises are in a tight spot.
They're almost always heavily dependent on computers but not large enough to have dedicated IT staff; everyone is busy doing their day job (and probably a few other jobs as well) and the 'IT cap' is simply handed to the least non-technical person.
US House votes "overwhelmingly" to cut funding of NSA surveillance
JUNE 23rd 2014
A strong majority of the US House of Representatives on Thursday night voted to cut funding for surveillance on citizens.
The vote came in at 293 to 123 in favor of an amendment to a defense appropriations bill that would cut funding for National Security Agency (NSA) operations that include warrantless spying on Americans or installing hardware or software backdoors into products to enable communications interception.
The NSA currently collects emails, browsing and chat history under Section 702 of the FISA Amendments Act and searches this information without a warrant for the communications of Americans - a practice known as "backdoor searches".
'Yo' app hacked by college students, hires one of the hackers
JUNE 23rd 2014
Yo is crazy simple: you just message "Yo" to a contact.
Or, as the company puts it:
Wanna say "good morning"? just Yo.
Wanna say "Baby I'm thinking about you"? - Yo.
"I've finished my meeting, come by my office" - Yo.
"Are you up?" - Yo.
The possibilities are endless.
It was whipped up in 8 hours of coding at the behest of Moshe Hogeg, the CEO of image-sharing startup Mobli, who didn't have time to call or text his assistant and just wanted a way to hit one big button to do it for him, according to the Financial Times.
Facebook privacy case to be referred to European Court of Justice
JUNE 20th 2014
The High Court in Ireland has referred a data-sharing case to the European Court of Justice (ECJ), over the social network's relationship with the NSA and its PRISM programme.
The referral follows a High Court Challenge by Austrian law student Max Schrems who fronts a privacy group called Europe v Facebook.
Domino's Pizza hacked, customer database held to ransom
JUNE 16th 2014
Hackers who claim to have cracked a Domino's Pizza database say they have stolen the details of more than 650,000 dough-loving customers.
The hacker group, going by the name of Rex Mundi, says the data will be released later today if the pizza chain fails to pay a ransom of €30,000 ($40,590, £23,930).
People demand better privacy but don't take basic steps to protect themselves
JUNE 16th 2014
The majority of internet users think they have less privacy now than a year ago and most expect their privacy is going to be even harder to maintain in future, according to a recent study by EMC.
The EMC's Privacy Index looked into attitudes towards privacy across 15 countries and 15,000 consumers.
Google's after your health data with 'Google Fit' service
JUNE 16th 2014
Google's about to jump into the growing fitness data marketplace - a mosh pit that consumer advocates are already calling a privacy nightmare - to wrestle with Apple and Samsung for the data created by fitness trackers and health-related apps.
Sources told Forbes that Google's planning to launch its new health service, called Google Fit, at its Google I/O developers conference, held on 25 and 26 June 2014.
How to 'double your money on PayPal!' and why you should NOT try it
JUNE 16th 2014
You can double your money by bilking PayPal with a loophole in its terms of service, according to a Romanian man convicted in 2012 of temporarily blocking the systems of the US Army, Pentagon and NASA.
Cernãianu Manole Rãzvan, who has published under his hacker handle TinKode in the past, was released a few months after Romanian law nabbed him.
GAME OVER ZEUS & CRYPTOLOCKER THREATS!
JUNE 4th 2014
This morning the UK's National Crime Agency (NCA) put out a warning for all PC users to ensure their security systems are up to date due to a powerful threat reported to take place in two weeks on the back of the Cryptolocker and GoZeus malware. With F-Secure your customers will be completely protected against these threats. Ensure your customers security and software programs are up-to-date and all data is backed up.
Myspace emails cringe-worthy old photos to lure users back
JUNE 4th 2014
The 'We know what you're doing' website is still out there, still collating our ferociously embarrassing, publicly posted Facebook updates.
Think posts that mention how much we hate our bosses, how hungover we are, what drugs we're taking, or what our new phone number is.
And oh, look - the site's now offering a Foursquare location finder tool, in case people who publicly broadcast their locations haven't already had their homes ransacked while they're away.
Sydney teen arrested as hacking hoaxster sends SWAT team to his house
JUNE 4th 2014
A teenager from Sydney, Australia, was arrested on Wednesday morning after a hoax message led 20 police officers in bulletproof vests to an address in the suburb of Arncliffe.
Having been told that residents were tied up inside the home, and that shots had been fired, the officers swooped on the address at 4.40 am.
Mathew McGrath, 18, surrendered immediately and was taken to Kogarah police station where he was questioned and subsequently released without charge, having told officers that he did not make the prank call.
Apple ransomware strikes Australia - pay Oleg $100 or else
MAY 27th 2014
This morning, a number of Australian iPad and iPhone users woke up to a strange sight.
A message, saying something like this:
Device hacked by Oleg Pliss. For unlock device...
We haven't seen a screenshot of the whole message, but some reports say that Mr Pliss is asking for $50, while others report that he wants $100 or €100 via Paypal "for unlock device."
11 arrested as Europol busts Bulgarian carding gang
MAY 26th 2014
A joint operation between French and Bulgarian law enforcement backed by Europol's European Cybercrime Centre (EC3) has brought down a carding gang operating out of Bulgaria and targeting victims in France and other European countries.
11 people were arrested and 29 properties searched on 20 May 2014.
That was the "action day" for a plan referred to as Operation Echo, the result of over a year investigating and tracking the gang.
Google's vision: ads on cars, refrigerators, watches, thermostats, and yes, glasses MAY 26th 2014
Imagine how your advertising-fueled Google refrigerator might greet you in the morning:
° Good morning from your Google fridge. I see you have chosen Orange with your breakfast. Are you aware that Tescos is having a [buy one, get one free] offer on Orange?
° Good morning from your Google fridge. I see you have chosen milk. Are you aware.......
That scenario comes to us courtesy of stnluk, a commenter on a story from The Guardian about how Google's eyeing a future of ads in cars, refrigerators, watches, glasses and thermostats.
Over 100 arrested in FBI Blackshades RAT raids
MAY 19th 2014
Over 100 people have been arrested as part of a global operation against a popular Remote Access Trojan (RAT) known as Blackshades.
According to officials who spoke to Time Magazine, law enforcement agencies swooped on Blackshades users in Europe, Asia and the US.
Blackshades, which can be used for legitimate purposes such as accessing a work machine from home, is better known for the shady things that hackers have used it for including keystroke logging and the taking over of webcams.
Android "police warning" ransomware - how to avoid it, and what to do if you get caught MAY 19th 2014
Ransomware has become a hot topic in recent years.
One sort, such as the Reveton family, leaves your data intact but locks you out of your computer, and demands a fee to let you back in.
The other main sort of ransomware, such as CryptoLocker, leaves your computer running fine but scrambles your data and demands a fee for the decryption key to get it back.
Patch Tuesday for May 2014 - 8 bulletins, 2 critical, 0/zero/zilch/zip for XP
MAY 13th 2014
A quick note to remind you that tomorrow is Patch Tuesday, so here's what to expect.
The scorecard is "2 from 8", with eight security bulletins due, two of which are rated Critical.
Top of the list, literally and figuratively, is the usual Internet Explorer (IE) cumulative rollup, with all supported versions of IE getting patches.
US Navy sailor allegedly led team that hacked government computers
MAY 12th 2014
A US Navy systems administrator stationed on the nuclear aircraft carrier USS Harry S. Truman acted as ringleader for a gang of anti-government cyber crooks, prosecutors alleged last week.
According to a charging document filed in federal court in Tulsa, Oklahoma on 5 May, the enlisted serviceman, 27-year-old Nicholas Paul Knight, was an alleged hacker since the age of 16.
He was also the self-professed leader of the gang, which called itself Team Digi7al.
"Open the iPhone door, Siri!" - Apple's digital helper coughs up another lock screen hole
MAY 12th 2014
A hacker has found a way to bypass the iPhone 5's lock screen to get at your contacts.
Ironically, he got in by asking Siri, Apple's voice-activated "helper."
In a video posted to YouTube, hacker Sherif Hashim demonstrated tricking Siri into opening the contact list without entering the passcode.
This latest lock screen loophole means that anyone who gets their hands on your iPhone 5 could exploit this bug to make.
Cops get serious about cybercrime, and not before time
MAY 6th 2014
The world's police forces are, it seems, starting to appreciate the scale and significance of the cybercrime problem.
The director of the FBI, James Comey, told journalists last week that cyber threats were a major priority for his agency.
He admitted that there is a serious shortage of digital skills in law enforcement, and said the FBI's specialists were constantly being called on by police forces working on cyber offences to cover that skills gap.