Sourceforge Hijacks the Nmap Sourceforge Account

LinuxSecurity.com: Hi Folks! You may have already read the recent news about Sourceforge.net hijacking the GIMP project account to distribute adware/malware. Previously GIMP used this Sourceforge account to distribute their Windows installer, but they quit after Sourceforge started tricking users with fake download buttons which lead to malware rather than GIMP.

From: Linux Security

Hola VPN used to perform DDoS attacks, violate user privacy

LinuxSecurity.com: Hola is a VPN provider that purports to offer its users freedom from censorship, a way to access geoblocked content, and anonymous browsing. The service claims that more than 47 million people are part of its peer-to-peer network. But according to a group of researchers (calling themselves Adios), it’s dangerously insecure: the client software has flaws that allow for remote code execution and features of the client enabled tracking.

From: Linux Security

Majority of websites have serious, unfixed vulnerabilities

LinuxSecurity.com: In a recent analysis of more than 30,000 websites, most had at least one serious vulnerability for 150 or more days last year. “These are the vulnerabilities that can get you into trouble,” said Jeremiah Grossman, founder at WhiteHat Security, the company behind the report. “They can compromise some or all of your systems, get user data, or take over accounts.”

From: Linux Security

Moose Malware Uses Linux Routers For Social Network Fraud

LinuxSecurity.com: A new worm targeting Linux routers is exploiting them not through a vulnerability per se, but rather by simply brute-forcing weak passwords, according to researchers at ESET. The malware, which researchers have dubbed Linux/Moose, could be used for a wide variety of purposes — including DNS hijacking, DDoSing, and deep network penetration — but so far attackers only seem to be using it for tame social networking fraud.

From: Linux Security