New iFrame Injections Leverage PNG Image Metadata | Sucuri Blog

New iFrame Injections Leverage PNG Image Metadata | Sucuri Blog.

Costco email scam making the rounds

A new scam is making the rounds via email, this one claiming to be Costco. As always, Majorgeeks recommends never clicking an email link but rather if you suspect it is real, log on to your account, in this case Costco, to see if there is a real problem. Since this email does not come from Costco, you can rest assured deleting it and\or marking it as spam and forgetting it is the simple solution here.
The scam here is that only part of the money will be returned if you don’t reply quickly. It attempts to scam you by making it seem urgent in the hopes that this urgency will cause you to have a momentary lapse in your common sense.

The email reads something like this:

“Scheduled Home Delivery

On Sun, Jan 5, 2014 at 9:20 PM, Costco Shipping Manager <manager@vanheerdensafaris.com>wrote: 

Unfortunately the delivery of your order COS-0016079690 was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us. 

Please do this within the period of one week – if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas”

Live Video

SMH at Yahoo! Why are you trying to look like Google?

I have noticed some changes with Yahoo! trying to look like Google and I just can’t understand why they just don’t give up and go away like Excite did. Below you could see the similarities of both. Even the new logo looks like shit I think IMHO.

Man finds $92,233,720,368,547,800 in his PayPal account

Some people would be happy with a windfall of a few bucks, but 92 quadrillion?

Delaware County resident Chris Reynolds received just such a shocking delivery from PayPal on Friday, when he opened his monthly statement from the online money-transfer company via email and saw that his ending balance was $92,233,720,368,547,800.

Yahoo! to buy Qwiki – Another short video app like Vine and Instagram (Fail)

Yahoo Inc said that it will buy Qwiki Inc, a mobile app for creating videos in Apple Inc’s iPhone, as it tries to increase its presence in the world of smartphones and tablets.

The company paid about $50 million for the deal, tech blog AllThingsD cited sources as saying. Terms of the deal however were not disclosed.

This is Yahoo’s third acquisition since May when it bought blogging service Tumblr for $1.1 billion in cash. Earlier this week, the company reportedly acquired Bignoggins Productions, another mobile app developer.

Yahoo has seen its revenue shrink in recent years in the face of competition from Google Inc and Facebook Inc, but since she took charge in 2012 CEO Marissa Mayer has tried to turn the tide through a string of acquisitions.

Qwiki’s app would continue to be supported by Yahoo and its employees would move to Yahoo’s New York offices.

http://www.qwiki.com/

Is MySpace back? Redesign sees 31 million unique visitors in first 2 weeks

MySpace says their new layout and design is working with 31 million unique visitors in the last 2 weeks since it started up a 20 million dollar ad campaign. Of course most of us were at least curious, myself included, so the advertising campaign is working. The iPhone app also downloaded 995,000 times and MySpace was trending on Twitter. 

The biggest confusion for me is that they want you to know this is a place to hang out for music, which is what I thought it had turned into as it began to fade away. The original MySpace was more of a hangout for everyone but as I and many others left, it really seemed to be mostly musicians left using it which begs the question; Can MySpace survive resurrecting what it was when it failed?

Ransomeware poses as Anti-virus on Android phones

Android smartphones are now threatened with malware disguised as anti-virus software that locks the desktop and tries to extort money to unlock it. Away from the Google Play Store, Symantec has discovered one such piece of malware which, like the BKA trojan, uses pornographic content to extort money from users. Even after the ransom is paid, the malware has embedded itself deep into the system and continues to annoy the user.

The Android ransomware markets itself as “Free Calls Update”. IF it is installed, the malware confronts the user with a “trial version” of Android Defender (see video). It is not compatible with all phones, but if it finds one that is compatible, it launches the con.

The malware does not lurk in Google Play. It can only be found on alternative sources such as app catalogues, forums and file-sharing applications. To install apps from non-trusted sources, users have to activate what’s known as sideloading. Users who only install apps from Google Play have little to fear.

Google Chrome’s Flash has spycam vulnerability

A problem fixed by Adobe in October 2011 has now surfaced in Google Chrome. The flaw allows attackers to take control of webcams and microphones from Flash content. This is an old problem called click-jacking.

A transparent Flash animation panel appears over an image and then makes the permissions dialog for accessing the webcam and microphone appear. All that is needed then is to convince the user to click on the right part of the image. In security consultant Egor Homakov’s proof of concept this is done by using an image which suggests a possibly risque video is available for viewing and placing the play button where the “OK” button on the permissions dialog has been positioned.

The trick works depending on the way the browser handles Flash player elements marked to be transparent. Firefox 21 and Opera ignore transparent Flash, drawing it opaquely so the panel is visible. However, on Chrome 27 and IE 10 the transparent area is invisible and the user can be tricked into clicking on it.

Adobe told The Register that the issue is something Google has to fix and that the company is expecting to release a patch this week. The trick does require user interaction and it does not prevent the LEDs that usually come on when the camera is live from lighting up.

So have you also given up on Java?

Since the April 16 Java Critical Patch Update was released by Oracle, they also noticed that businesses have been slow to apply the Version 7 Update 21 patch into their environment. Based on their analysis, they identified the following trends:

– 2 days after the release of the patch, less than 2% of users had adopted Java SE Version 7 Update 21.
– After a full week, the average adoption of the newest version of Java was at less than 3%.
– 2 weeks after the newest Java version was released, the trend line had moved to a little over 4%.
– One month after release, the number of live web requests using the most recent version of Java was only around 7%.

Their investigations further revealed that the busiest period of patch adoption was during the second week after release, and that adoption is continuing although at a slower rate. As news spreads of an available patch, they’ve noted that some organizations are then more willing to apply the patch.

Check out your Java version now at http://www.java.com/en/download/help/java_update.xml