A botnet, called Qbot, to have infected over 500,000 systems.

Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe.

According to Proofpoint, attacks by type drive-by-dovnload carried out with the help of compromised sites on the WordPress platform.

This Proofpoint research report provides a detailed and rarely seen inside view of the infrastructure, tools and techniques that enabled this cybercrime group to infect over 500,000 PCs.

It is noteworthy that in order to make a profit, attackers were selling access to the compromised systems.

You will learn more about the Proofpoint report at: http://www.proofpoint.com/

Users continue to work with vulnerable browser in Android 4.3

According to researchers from the company Lookout, now a vulnerable version of the browser is set at 45% of its customers. It should be noted that these users may have a separate browser, such as the Chrome or Firefox browser, installed.

In the last month we’ve learned about the vulnerability to bypass security restrictions in the Google Android Browser. In Lookout reported that the largest number of vulnerable browsers used by clients of the company, registered in Japan (81%) and Spain (73%). People in these countries have to get patches in the first place, however, it seems that they still have not.

The vulnerabilities affect Android versions 4.3 and earlier. Google replaced the AOSP browser with the more modern (and more feature-rich) Chrome Browser in Android 4.4, so updated users need not worry.

Researcher Rafay Baloch found vulnerable two separate “same-origin policy” (SOP) bugs in AOSP’s browser in September (learn more about first CVE-2014-6041). The vulnerabilities affect Android versions 4.3 and earlier.

To ensure data security, we recommend the following steps:

Update Android 4.3 to a later version.

If your phone is not possible to upgrade the platform, it is best to buy a new device, in which the vulnerability has already been fixed.

Upload, Chrome or Firefox.

Make Chrome or Firefox as the default browser.

Learn more about the Lookout study at: https://blog.lookout.com/

Yahoo, Lycos and WinZip websites subjected to hacker attacks with the exploitation of the ShellShock vulnerability

The authorized scan for ShellShock vulnerability may lead to information disclosure.

The number of Shellshock attacks continues to rise: experts argue that actively exploited vulnerability shell Bash, what used in UNIX-based systems, has been involved in the attack on the Yahoo, Lycos and WinZip servers.

Hackers intrusion on company servers using ShellShotsk was discovered by Jonathan Hall, security researcher and president of consulting firm Future South Technologies. According to the expert, hackers tried to use the compromised servers Yahoo to crack the game’s servers, which visited by millions of users every day. In addition, were compromised the company’s servers Lycos and payment system of the WinZip supplier.

Learn more at: http://www.futuresouth.us/wordpress/

A Zero-day vulnerability in Bugzilla can affect the Mozilla and Red Hat products

Bugzilla is a widely used bug-tracking software with a substantial number of public and private installations. Popular open source projects managing their bugs using Bugzilla include Apache, Firefox, the Linux kernel, OpenSSH, Eclipse, KDE, and GNOME as well as, many Linux distributions.

Check Point experts used a bug in the Perl language to break the popular bug tracking service Bugzilla.

Security researchers from Check Point Software Technologies used a vulnerability in the programming language Perl, to discredit the popular bug tracking system Bugzilla. In the experiment, experts added four accounts in the Administrators group, giving them privileges view information about undisclosed vulnerabilities.

According to Shahar Tal researcher, the gap affects the software is not less than 150 major developers of open source software – from the Mozilla OpenOffice and ending with Red Hat, as well as the kernel Linux. All of these programs use the vulnerable code, intended for bug tracking.

Read the report of Check Point at: http://www.checkpoint.com/blog/bug-bug-tracker/