An anonymous reader writes "Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog. A closer look at the e-mails' header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the 'Sent from Yahoo! Mail on Android' signature. Google has denied the allegations. 'The evidence does not support the Android botnet claim,' a Google spokesperson said in a statement. 'Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using.'"

EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

bs0d3 writes "In Holland, a major ISP (KPN) has found a major security flaw for their customers. It seems that all customers have had the same default password of 'welkom01'. Up to 140,000 customers had retained their default passwords. Once inside attackers could have found bank account and credit card numbers. KPN has since changed all the passwords of the 140,000 customers with weak passwords. They also do not believe anyone has actually been burglarized since discovering this weak spot in security."

Google is retiring the iGoogle page, but on a much shorter time scale, Apple is shutting down an iService of its own: the cloud-storage site iWork.com (linked to Apple's office apps suite iWork) is slated to go offline at the end of this month. Says the article, over at SlashCloud: "As of that date, 'you will no longer be able to access your documents on the iWork.com site or view them on the Web,' reads Apple’s note on the matter, followed by a recommendation that anyone with documents on iWork download them to the desktop." Both of these announcements remind me why I covet local storage for documents and the ability to set my own GUI prefs.

New submitter DavidGilbert99 writes "Security experts have discovered what is claimed to be the first ever piece of malware to be found in the Apple App Store. While Android is well known for malware, Apple has prided itself on being free from malicious apps ... until now. The app steals your contact data and uploads it to a remote server before sending spam SMS messages to all your contacts, but the messages look like they are coming from you."

First time accepted submitter fotoguzzi writes "Garden State Fireworks is investigating how the entire Fourth of July show was launched after a signal was sent to the barges that would set the timing for the rest of the show after the introduction. Can anyone suggest how such a trivial step could go so disastrously wrong?" It's not the first time such a thing has happened, either.

First time accepted submitter bargainsale writes "Many recent updates from Apple's App store are crashing immediately, including Instapaper. Instapaper's creator, Marco Arment, thinks this is due to corrupt binaries being distributed. As Angry Birds Space is among those affected, there is some hope that Apple may acknowledge the problem and fix it ..."

solardiz writes "A new community-enhanced version of John the Ripper adds support for GPUs via CUDA and OpenCL, currently focusing on slow-to-compute hashes and ciphers such as Fedora's and Ubuntu's sha512crypt, OpenBSD's bcrypt, encrypted RAR archives, WiFi WPA-PSK. A 5x speedup over AMD FX-8120 CPU per-chip is achieved for sha512crypt on NVIDIA GTX 570, whereas bcrypt barely reaches the CPU's speed on an AMD Radeon HD 7970 (a high-end GPU). This result reaffirms that bcrypt is a better current choice than sha512crypt (let alone sha256crypt) for operating systems, applications, and websites to move to, unless they already use one of these 'slow' hashes and until a newer/future password hashing method such as one based on the sequential memory-hard functions concept is ready to move to. The same John the Ripper release also happens to add support for cracking of many additional and diverse hash types ranging from IBM RACF's as used on mainframes to Russian GOST and to Drupal 7's as used on popular websites — just to give a few examples — as well as support for Mac OS X keychains, KeePass and Password Safe databases, Office 2007/2010 and ODF documents, Firefox/Thunderbird/SeaMonkey master passwords, more RAR archive kinds, WPA-PSK, VNC and SIP authentication, and it makes greater use of AMD Bulldozer's XOP extensions."

nk497 writes "The FBI is set to pull the plug on DNSChanger servers on Monday, leaving as many as 300,000 PCs with the wrong DNS settings, unable to easily connect to websites — although that's a big improvement from the 4m computers that would have been cut off had the authorities pulled the plug when arresting the alleged cybercriminals last year. The date has been pushed back once already to allow people more time to sort out their infected PCs, but experts say it's better to cut off infected machines than leave them be. 'Cutting them off would force them to get ahold of tech support and reveal to them that they've been running a vulnerable machine that's been compromised,' said F-Secure's Sean Sullivan. 'They never learn to patch up the machine, so it's vulnerable to other threats as well. The longer these things sit there, the more time there is for something else to infect.'"

An anonymous reader writes "If you thought that Facebook's recent unannounced change of its users' email address tied with their account to Facebook ones was bad, you'll be livid if you check your mobile phone contacts and discover that the change has deleted the email addresses of many of your friends. According to Facebook, the glitch was due to a bug in its application-programming interface, and causes the last added email address to be pulled and added to the user's phone Contacts. The company says they are working hard at fixing the problem, but in the meantime, a lot of users have effectively lost some of the information stored on their devices."

Nerval's Lobster writes "Tech writer David Strom starts a discussion about how you should go about securing virtual machines for your organization. 'The need to protect physical infrastructure is well known at this point: most enterprises would balk at a network without any firewalls, intrusion prevention devices or anti-virus scanners. Yet these devices aren’t as well deployed in the virtual context. ... Take firewalls, for example. The traditional firewalls from Checkpoint or Juniper aren’t designed to inspect and filter the vast amount of traffic originating from a hypervisor running, say, ten virtualized servers. Because VMs can start, stop, and move from hypervisor to hypervisor at the click of a button, protective features have to be able to handle these movements and activities with ease and not set off all sorts of alarms within an IT department.' He goes through the main functional areas that need protection, and points out that many vendors make it difficult to price out a given security plan."

wiredmikey writes "The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of 'Paunch,' who continuously updates the browser exploit software, looks like it has just received another upgrade. The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain. Moreover, the kit's recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft's XML Core Services, which remains unpatched. Unfortunately, the changes prove once again that the criminal economy online is alive and well."

Sparrowvsrevolution writes "On Monday, Twitter published its first-ever Transparency Report, detailing how many times governments around the world demanded its users' information and asked it to remove content. The results show that the U.S. government asked for more Twitterers' private data than all other governments combined: 679 requests in the first half of 2012, of which 75% were at least partially granted. That's more than all of last year, with half of 2012 still to go. Within hours, the issue of governments helping themselves to Twitter users' private data was illustrated in the case of Malcolm Harris, an Occupy Wall Street protester who had his Twitter data subpoenaed in a criminal case for 'disorderly conduct.' Twitter had fought the request, which will help prosecutors identify Harris as the tweets' source. But a Manhattan judge ruled that users have no expectation of privacy for their Twitter data."

ShipLives writes "Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit. As part of an effort to identify potential weaknesses in smartphone platforms, the team was able to develop a proof-of-concept prototype rootkit that attacks the Android framework, rather than the underlying operating system kernel."

An anonymous reader writes "Last week, a number of Cisco customers began reporting problems with three specific Linksys-branded routers. When owners of the E2700, E3500, are E4500 attempted to log in to their devices, they were asked to login/register using their 'Cisco Connect Cloud' account information. The story that's emerged from this unexpected "upgrade" is a perfect example of how buzzword fixation can lead to extremely poor decisions."