2. Facebook helps FBI shut down Butterfly Botnet
US Department of Justice
arrested 10 suspects involved
in global Butterfly botnet
operation that infected more
than 11 million systems and
caused more than $850m in
losses. Yahos targeted
Facebook users from 2010 to
October 2012. Facebook’s
security team provided
assistance to law enforcement
throughout the investigation
by helping to identify the root
cause, the perpetrators, and
those affected by the malware.
3. Yahoo! mail hijacking exploit
A “cross-site scripting” (XSS)
weakness in yahoo.com lets
attackers steal cookies from
Yahoo! Webmail users. The
XSS flaw falls into the
category of a stored
vulnerability, which inserts
malicious code into a file,
database, or back-end
system. The malicious script
is then retrieved from the
server when it requests the
stored information.
4. 25-GPU cluster cracks every standard Windows
password in <6 hours
A five-sever Linux-based GPU cluster
running the Virtual OpenCL cluster
platform that harnesses the power
of 25 AMD Radeon graphics cards
achieves 350 billion-guess-per-
second speed when cracking
password hashes generated by the
NTLM cryptographic algorithm that
Microsoft has included in every
version of Windows since Server
2003. As a result, it can try an
astounding 95^8 combinations in
just 5.5 hours, enough to brute force
every possible eight-character
password containing upper- and
lower-case letters, digits, and
symbols. Such password policies are
common in many enterprise settings.
5. New series of DDoS attacks against U.S Financial
Institutions
After an almost one-month
hiatus, five U.S.-based
banks, U.S. Bancorp,
JPMorgan Chase, Bank of
America, PNC Financial
Services Group, and
SunTrust, are again being
targeted for a series of
denial of service (DoS)
attacks by a hacker group
called Izz ad-Din al-Qassam
Cyber Fighters.
6. Google's Android app scanner falls short in security
test
The Google scanner that
checks apps for malware
before they are installed on an
Android smartphone or tablet
has a detection rate that falls
far behind that of third-party
antivirus products. Out of
more than 1,200 malware
samples, the Google scanner
detected 193 for a "low
detection rate of 15.32%”.
Antivirus software needs to
have a rate of more than 80%
to be considered at least good.
7. Syria suffers nation-wide communications outage
On 29 November, Syria witnessed
a nation-wide Internet blackout.
The blackout isolated the country,
blocking landlines and cellphone
networks. Many speculated that
the outage was caused by
President Bashar Assad’s regime,
as the exclusive provider of
Internet access in Syria is the
state-run Syrian
Telecommunications
Establishment. The regime
however, blamed it on the rebels
as a “terrorist act”.
8. Samsung Smart TV security hole allows hackers to
watch you, change channels or plug in malware
Researchers at ReVuln have found a
vulnerability in an unspecified model
of a Samsung LED 3D TV that they
exploited to get root access to the TV
and any attached USB drives. The
researcher’s could access :
• TV settings and channel lists
• SecureStorage accounts
• Widgets and their configurations
• History of USB movies
• ID
• Firmware
• Whole partitions
• USB drives attached to the TV
9. Internet Explorer flaw
A flaw in the way Internet
Explorer implements the
Event Model allows an
attacker to track mouse
movements anywhere on
the screen, even outside of
the browser, regardless of
the browser window’s state
(minimized, maximized,
focused or unfocused) as
well as the state of the
control, shift and alt keys.