Security

A WordPress plugin downloaded half a million times has been used in zero day attacks that served up malware.

The plugin in question is called FancyBox and creates a lightbox-like interface with which to look at images. It's been used by unknown actors to deliver a malicious iframe through a persistent cross-site scripting vulnerability identified by Russian researchers Gennady and Konstantin Kovshenin.

The duo provided details to Sucuri chief tech bod Daniel Cid who issued an advisory warning users to dump the plug in.

A security vulnerability in BMW's Connected Drive system allowed researchers to imitate BMW servers and send remote unlocking instructions to vehicles.

The problem was discovered by the Allgemeiner Deutscher Automobil-Club (ADAC), a German motoring association, and was verified on several models of BMW cars.

Outlook for iOS and Android was released to rave reviews yesterday, but it now looks like it's on a one-way ticket to Borksville, calling at Securitygeddon and Hackesberg.

The app, based on Acompli, which was purchased by the company last year, has been described as superior to the Gmail and Apple stock apps, but a post from security blogger Rene Winkelmeyer points to a whole bunch of problems that make it an absolute mare.

Distributed denial-of-service (DDoS) attacks designed to silence end users and sideline Web sites grew with alarming frequency and size last year, according to new data released this week. Those findings dovetail quite closely with the attack patterns seen against this Web site over the past year.

Arbor Networks, a major provider of services to help block DDoS assaults, surveyed nearly 300 companies and found that 38% of respondents saw more than 21 DDoS attacks per month. That’s up from a quarter of all respondents reporting 21 or more DDoS attacks the year prior.

After six months of silence, the ZeroAccess botnet -- aka Sirefet -- is back in action. Fortunately, it's operating at a smaller scale than it was a couple years ago.

Researchers at Dell SecureWorks Counter Threat Unit have discovered new activity by the once-disrupted botnet. ZeroAccess is actually two peer-to-peer botnets -- one for 32-bit Windows, one for 64-bit -- that both manipulate all major search engines and web browsers. Historically, it hijacked search results, directing users to malicious sites or fraudulently charging businesses for extra clicks on their ads.

At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered.

Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. 

The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE, he noted for Computerworld.

Singapore's government will set up a new agency to strengthen cyber security, Prime Minister Lee Hsien Loong's office said Tuesday, amid more reports of high-profile hacking incidents worldwide.

The Cyber Security Agency of Singapore, to be established on April 1, "will provide dedicated and centralized oversight of national cyber security functions," Lee's office said in a statement.

A recently fixed vulnerability in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device, which is marketed as a more secure way to protect communications from government and criminal snoops.

A fault in a widely used component of most Linux distributions could allow an attacker to take remote control of a system after merely sending a malicious email.

The vulnerability, nicknamed "Ghost," is in the GNU C Library known as glibc, according to security vendor Qualys, which disclosed the issue on Tuesday as many Linux distributions released patches. Glibc is a C library that defines system calls.

The website of Malaysia Airlines was commandeered for several hours by hackers who referenced the Islamic State jihadists and threatened to expose data taken from the carrier's servers.

The attack, whose motivation remained unclear, was claimed by the "Lizard Squad", a group that has taken credit previously for denial-of-service attacks around the world.

It is not clear why the troubled airline was targeted, but the Lizard Squad said on its Twitter feed that it was: "Going to dump some loot found on malaysiaairlines.com servers soon."