Security News for Wednesday, July 1 2015

Scammers have found a new way to use the tech support ruse to trick victims into clicking on malicious links. They are now using Javascript to generate browser popups that include the ISP of the victim which can make the seem extremely convincing:

This article is reporting on a newly discovered flaw affecting Adobe Flash that is already being exploited to deliver ransomware. Ransomware is a type of malware that encrypts all of your personal files with strong encryption and forces you to pay for the decryption key. From the article:

The bug that was fixed is designated CVE-2015-3133, and it is a remote code execution (RCE) bug that Adobe admitted was “being actively exploited in the wild via limited, targeted attacks.”

However, Adobe went on to temper that statement by adding, “Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.”


Posted in Security News | Leave a comment

Security News for Wednesday, June 17 2015

This article discusses Duqu 2.0, what it labels as “the most sophisticated malware ever seen”.  Duqu 2.0 exploits a number of zero-day vulnerabilities on target systems. From the article:

“Duqu 2.0, the cyberespionage tool that was used to compromise security firm Kaspersky Lab, has also been used in a number of other attack campaigns against a range of targets, including several telecoms firms.

This article examines various email-based attacks such as spear-phishing. Because pretty much everyone uses email, it is still a very popular attack vector so this article is worth taking a look at. from the article:

Here we have collected several real world examples of how all types of attacks utilize emails. Spreading ransomware and bankers, phishing, targeted campaigns and large ones – all rely on emails and social engineering to get the job done.

According to this article, various Samsung smartphones include a keyboard app that could leave you open to attack. The app in question (SamsungIME) includes an auto-update feature that performs updates without performing any verification. From the article:

This is a similar bug to the hole we recently wrote about in Hospira drug pumps, where a researcher found he could upload a firmware update without worrying about verification.

That sort of vulnerability makes it much easier than it ought to be for a crook to feed fake code or data into your device, and ultimately to reprogram it almost arbitrarily.

Posted in Security News | Leave a comment

Security News for Monday, June 8 2015

This article discusses how a security researcher was able to modify a discontinued children’s toy to open a garage door in less than 10 seconds. From the article:

The exploit only works against garage doors that respond to a “fixed code” that is transmitted by a wireless remote rather than newer, more secure alternative doors which use a “rolling code” that changes with each button press

This article is reporting that California has passed a law requiring warrants to search computers and mobile devices. From the article:

As the LA Times reports, California on Wednesday joined the ranks of states that require police to have a warrant if they want to search computers, mobile phones, tablets and other devices, or if they want to siphon off location data from any of those devices.

According to this article, and based on recently released research, a new zero-day vulnerability affecting Mac OS X could allow attackers to not only modify the system BIOS, but to also install a rootkit and potentially take full control of a vulnerable system. From the article:

The critical vulnerability, discovered by well-known OS X security researcher Pedro Vilaca, affects Mac computers shipped before mid-2014 that are allowed to go into sleep mode.

Posted in Security News | Leave a comment

Security News for Tuesday, June 2 2015

This article takes a look at a white-hat or  “ethical hacker” and describes what they do in the course of their job. From the article:

These hackers work with businesses to probe their networks for security holes and vulnerabilities to social engineering, while considering the mindset of someone who might have criminal motivations. To learn about what such work is like we spoke with Ben Miller, an ethical hacker at Parameter Security.

This article is reporting on the newly launched Google “My Account” dashboard that allows you to control setting relating to privacy and data. From the article:

Privacy and security are two sides of the same coin: if your information isn’t secure, it certainly can’t be private. My Account gives you quick access to the settings and tools that help you safeguard your data, protect your privacy, and decide what information is used to make Google services work better for you. It also provides more context to help you understand your options and make the right choices for you.

According to this article, and based on a recently released analysis from security vendor NopSec, the financial industry takes an average of 176 days to patch security vulnerabilities. From teh article:

The report analyzed over 65,000 vulnerabilities logged within the National Vulnerability Database, a US government repository of standards-based vulnerability management data which includes security related software flaws, misconfigurations, product names, and impact metrics.

By analyzing this data across a 20-year period, NopSec was able to determine how long on average has taken players in different industries to recognize and patch problems, ranging from the finance sector to education.

Posted in Security News | Leave a comment

Security News for Monday, June 1 2015

According to this article, and based on recently released research by the Anti-Phishing Working Group (APWG), more than half (54%) of targeted phishing attacks in the period covered affected 3 major brands, Apple, Paypal, and Chinese marketplace Taobao. from the article:

This shows that phishers are regularly updating their approaches, probing new areas and looking out for new victims in niche industry segments and regions, as well as taking aim at larger global players and their users.

This article is reporting that hackers have compromised the accounts of approximately 100,000 IRS tax accounts using data stolen in earlier attacks. From teh article:

These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.

Posted in Security News | Leave a comment

Security News for Tuesday, May 26 2015

This article is reporting on recently released research by security vendor ESET regarding a new worm that is affecting Linux-based routers in order to commit social networking fraud. From the article:

In their investigation, ESET’s team observed the worm creating bogus accounts on sites such as Instagram, and automatically following users. In many cases the rise in followers was carefully staggered over some days, seemingly to avoid raising alarms in automated systems built by the social networks to identify suspicious behaviour.

According to this article, Malicious Minecraft Android applications have been downloaded from the Google Play Store anywhere between 660,000- and 2.8 million times. From the article:

All of the discovered apps were fake in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a dangerous virus,” ESET researcher Lukas Stefanko wrote in a blog post.

Posted in Security News | Leave a comment

Security News for Wednesday, May 20 2015

News of a security researcher hacking into the in-flight entertainment (IFE) system  and crossing over to system that control avionics (all while the plane was in flight) has been making the rounds over the last week. While many in the security industry feel that this story is being blown out of proportion, it is still being actively reported on.  This article takes a look at how such an attack could take place. From the article:

It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.

But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.

It is worth saying that all of this should be taken with a grain of salt until it is proven that the hacker actually did what he claims (he also claimed to hack the international Space Station (ISS) and altered the temperature of the craft.

In this article, a spokesman for Boeing states that IEF and avionic systems are isolated from one another and the claims made by the hacker are false. From the article:

While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions…

Posted in Security News | Leave a comment

Security News for Monday, May 18 2015

This article discusses the recently discovered “Venom” vulnerability that is said to affect millions of systems connected to the Internet. While the flaw was recently discovered, it is said to have been exposed since 2004 and affects virtualization platforms. From the article:

“VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”

This article is reporting that United Airlines is offering free air miles in a new bug bounty program that will pay researchers to find flaws in the airlines website. From the article:

United’s bug bounty program, however, offers rewards in the form of air miles – ranging from 50,000 free miles for low-level bugs (cross-site request forgery, bugs in third party software affecting United), to 1 million miles for the highest level kind of bug – remote code execution.

To qualify for a reward, hackers need to be signed up as members of the airline’s MileagePlus reward program – and they need to comply with a strict set of eligibility rules.


Posted in Security News | Leave a comment

Security News for Tuesday, May 12 2015

This article is reporting on a new Breaking Bad themed ransomware  that has been found in the wild. So far the ransomware is targeting Australian computers but will no doubt spread over time. From the article:

The malware authors cooked up their ransom demand message using the ‘Los Pollos Hermanos’ branding image found in the show. Along with this, part of the email address used in the extortion demand is based on a quote by the show’s protagonist Walter White, who declared “I am the one who knocks.”

You would think that the answer to the question “should hacking be legalized” would be common sense but this article examines the question regardless. From the article:

I don’t believe hacking should be legalized. It takes a special kind of mind to express curiosity despite the threat of severe outcomes, and I think that kind of pressure helps mold and mature the hacker mind (and eventually take it out of the realm of *criminal* curiosity).

Posted in Security News | Leave a comment

Security News for Friday, April 10 2015

According to this article, and base on a recently released report by news organization USA Today,  the US national power grid is subject to physical or online attacks approximately once every four days. From the article:

Although the repeated security breaches have never resulted in the type of cascading outage that swept across the Northeast in 2003, they have sharpened concerns about vulnerabilities in the electric system. A widespread outage lasting even a few days could disable devices ranging from ATMs to cellphones to traffic lights, and could threaten lives if heating, air conditioning and health care systems exhaust their backup power supplies.

By now most people are familiar with ransomware. This type of malware encrypts your files on your hard drive and forces you to pay money in order to obtain the decryption key. This article is reporting on a new strain of ransomware found in the wild. Fortunately, this strain was coded poorly which can allow victims to unencrypt their data without coughing up cash for the decryption key. From the article:

The Scraper ransomware, originally known as Torlocker, was discovered in October last year and granted the name Trojan-Ransom.Win32.Scrape. The ransomware encrypts a victim’s files — including documents, video, images and database copies — and demands a ransom of at least $300 to unlock and decrypt documents.

However, due to errors in encryption algorithms, in 70 percent of cases files can be unlocked without submitting to the attacker’s demands.

Posted in Security News | Leave a comment