Hacking & Security

Baseball scouting exec gets 46 months for guessing rival team’s password

Sophos Naked Security - 20 Červenec, 2016 - 14:54
Chris Correa, ex-scouting director for the Cardinals, was sentenced for breaching the Astros' internal database and email.

Researcher dials for dollars using two-factor authentication phone calls

Sophos Naked Security - 20 Červenec, 2016 - 14:22
Belgian security researcher Arne Swinnen found Google, Microsoft and Facebook vulnerable to a flaw in their 2FA phone verification systems.

Beware! Your iPhone Can Be Hacked Remotely With Just A Message

The Hacker News - 20 Červenec, 2016 - 14:14
In Brief Do you own an iPhone? Mac? Or any Apple device? Just one specially-crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker. The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with
Kategorie: Hacking & Security

Petya Ransomware Analysis Part I

InfoSec Institute Resources - 20 Červenec, 2016 - 14:00

Introduction What makes Petya a special ransomware is that it doesn’t aim to encrypt each file individually, but aims for low-level disk encryption. In this series, we’ll be looking into the “green” Petya variant that comes with Mischa. Mischa is launched when Petya fails to run as a privileged process. All that Mischa does is […]

The post Petya Ransomware Analysis Part I appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Bitcoin May Turn from Cybercriminals’ Biggest Asset into Their Biggest Liability

InfoSec Institute Resources - 20 Červenec, 2016 - 14:00

Why is Bitcoin the cybercriminals’ most favorite payment method? Adam Kujawa is the head researcher at the antivirus company Malwarebytes, and he estimates that ransomware nowadays amounts to 70% of all malware downloaded from web pages on the Internet. One look at the cybersecurity headlines from the beginning of the year is enough to name […]

The post Bitcoin May Turn from Cybercriminals’ Biggest Asset into Their Biggest Liability appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Škodlivý kód HummingBad infikoval deset miliónů tabletů a smartphonů

Novinky.cz - bezpečnost - 20 Červenec, 2016 - 11:46
Bezpečnostním expertům dělá v posledních měsících vrásky na čele škodlivý kód HummingBad, který se zaměřuje na chytré telefony a tablety s operačním systémem Android. Tento nezvaný návštěvník totiž nakazil za pouhých pár měsíců na deset miliónů mobilních zařízení. Vyplývá to z analýzy bezpečnostní společnosti Check Point.
Kategorie: Hacking & Security

Avast na sněmu republikánů nainstaloval zákeřné hotspoty a nachytal delegáty

Zive.cz - bezpečnost - 20 Červenec, 2016 - 11:10
Ostře sledovaný republikánský konvent v Clevelandu, který vybral Donalda Trumpa za svého kandidáta na prezidenta USA, navštívili i specialisté z Avastu. Na místě však nebyli proto, aby si vyslechli Trumpův projev, ale aby spustili vlastní zákeřné Wi-Fi hotspoty a sledovali, jak se na ně budou ...
Kategorie: Hacking & Security

Bezpečnostní experti vyzráli na vyděračské viry. Všechny soubory však nezachrání

Novinky.cz - bezpečnost - 20 Červenec, 2016 - 09:51
Vyděračské viry se těší mezi počítačovými piráty v posledních měsících obrovské popularitě. To by se ale mohlo v dohledné době změnit. Tým bezpečnostních výzkumníků totiž nalezl řešení, jak proti těmto nezvaným návštěvníkům požadujícím výkupné účinně bojovat. Všechna data však experti zachránit nedovedou.
Kategorie: Hacking & Security

Cici’s Pizza: Card Breach at 130+ Locations

Krebs on Security - 20 Červenec, 2016 - 03:13

Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used to siphon card data from Cici’s customers in real-time.

In a statement released Tuesday evening, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.

“The point-of-sale vendor immediately began an investigation to assess the problem and initiated heightened security measures,” the company said in a press release. “After malware was found on some point-of-sale systems, the company began a restaurant-by-restaurant review and remediation, and retained a third-party cybersecurity firm, 403 Labs, to perform a forensic analysis.”

According to Cici’s, “the vast majority of the intrusions began in March of 2016,” but the company acknowledges that the breach started as early as 2015 at some locations. Cici’s said it was confident the malware has been removed from all stores. A list of affected locations is here (PDF).

On June 3, 2016, KrebsOnSecurity reported that sources at multiple financial institutions suspected a card breach at Cici’s. That story featured a quote from Stephen P. Warne, vice president of service and support for Datapoint POS, a point-of-sale provider that services a large number of Cici’s locations. Warne told this author that the fraudsters responsible for the intrusions had tricked employees into installing the card-stealing malicious software.

On June 8, 2016, this author published Slicing Into a Point-of-Sale Botnet, which brought readers inside of the very crime machine the perpetrators were using to steal credit card data in real-time from Cici’s customers. Along with card data, the malware had intercepted private notes that Cici’s Pizza employees left to one another about important developments between job shifts.

Point-of-sale based malware has driven most of the credit card breaches over the past two years, including intrusions at Target and Home Depot, as well as breaches at a slew of point-of-sale vendors. The malware usually is installed via hacked remote administration tools. Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register.

Thieves can then sell the data to crooks who specialize in encoding the stolen data onto any card with a magnetic stripe, and using the cards to buy gift cards and high-priced goods from big-box stores like Target and Best Buy.

Readers should remember that they’re not liable for fraudulent charges on their credit or debit cards, but they still have to report the phony transactions. There is no substitute for keeping a close eye on your card statements. Also, consider using credit cards instead of debit cards; having your checking account emptied of cash while your bank sorts out the situation can be a hassle and lead to secondary problems (bounced checks, for instance).

Kategorie: Hacking & Security

Software flaw puts mobile phones and networks at risk of complete takeover

Ars Technica - 20 Červenec, 2016 - 01:06

(credit: Carl Lender)

A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday.

The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One.

"The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

Wave of business websites hijacked to deliver crypto-ransomware

Ars Technica - 19 Červenec, 2016 - 23:56

(credit: JaviDex)

If you've visited the do-it-yourself project site of Dunlop Adhesives, the official tourism site for Guatemala, or a number of other legitimate (or in some cases, marginally legitimate) websites, you may have gotten more than the information you were looking for. These sites are redirecting visitors to a malicious website that attempts to install CryptXXX—a strain of cryptographic ransomware first discovered in April.

The sites were most likely exploited by a botnet called SoakSoak or a similar automated attack looking for vulnerable WordPress plugins and other unpatched content management tools, according to a report from researchers at the endpoint security software vendor Invincea. SoakSoak, named for the Russian domain it originally launched from, has been around for some time and has exploited thousands of websites. In December of 2014, Google was forced to blacklist over 11,000 domains in a single day after the botnet compromised their associated websites by going after the WordPress RevSlider plugin.

In this recent wave of compromises, SoakSoak planted code that redirects visitors to a website hosting the Neutrino Exploit Kit, a "commercial" malware dropping Web tool sold through underground marketplaces. The latest string of compromises appears to have begun in May. But since then, both the malware kit and the ransomware have been upgraded. The latest version of the exploit kit attempts to evade security software or virtual machines.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

HTTPoxy – the disease that could make your web server spring a leak

Sophos Naked Security - 19 Červenec, 2016 - 19:48
We're sure you can work it out for yourself, so we'll just say that the bug has to do with HTTP requests and poisoned proxy settings.

WikiLeaks suffers ‘sustained attack’ after announcing release of Turkish government docs

Sophos Naked Security - 19 Červenec, 2016 - 19:28
Given the timing, it suspects a "Turkish state power faction or its allies."

Google Chrome Malware Leads to Sketchy Facebook Likes

Threatpost - 19 Červenec, 2016 - 19:13
A researcher shined a light on how malware-laced Chrome extensions can give hackers control over your Facebook feed and more.
Kategorie: Hacking & Security

Ex-Cardinals Exec Sentenced Four Years for Astros Hack

Threatpost - 19 Červenec, 2016 - 19:02
A U.S. Federal Court sentenced Christopher Correa to almost four years in prison for hacking into a computer system that belongs to the Houston Astros.
Kategorie: Hacking & Security

A Positive Technologies Expert Helped to Protect ABB Digital Substations from Cyberattacks

Positive Research Center - 19 Červenec, 2016 - 15:18

Image credit: ABB
ABB, a Switzerland-based company that produces software for control systems in the energy industry, has acknowledged that its PCM600 suffers from four vulnerabilities related to insecure password storage. The one who detected and reported them to the vendor was Ilya Karpov, an ICS security expert from Positive Technologies.

As noted in the ICS-CERT advisory, the ABB engineer software for industrial automation management (protective relay, IED) is deployed in electric power substations around the world. PCM600s up to and including version 2.6 suffer from the vulnerabilities found by Ilya Karpov. Exploiting these flaws allows a low-skilled attacker or malicious software access a local machine that has ABB's PCM600 installed, reconfigure a project or obtain critical information to leverage read and write access via OPC.

All four PCM600 vulnerabilities are related to sensitive data storage and processing:

  • CVE-2016-4511 — Weak hashing algorithms for project password storage
  • CVE-2016-4516 — Passwords are stored in plain text, if a user doesn’t readdress the dialog box for changing a project password via the configuration menu
  • CVE-2016-4524 — OPC server passwords are stored in plain text 
  • CVE-2016-4527 — Insecure transfer and storage of sensitive data in the database

ABB has already issued a hot fix for version 2.6 and released version 2.7 that resolves all reported vulnerabilities. The company recommends that customers apply the update at earliest convenience.
Other measures include:
⎯ Restricting physical access to objects for unauthorized persons
⎯ Forbidding ICS direct Internet connection
⎯ Forbidding usage of online services (email, messengers) at user workstations
⎯ Connecting to other networks exclusively via firewalls with a limited amount of open ports
⎯ Antivirus scanning of all portable computers and storage devices prior to connection to control systemsYou may find the details on maintaining PCM600 security in the vendor’s manual.

It is worth mentioning that the ABB control systems are popular in Russia. According the Positive Technologies ICS security research, ABB product specialists in Russia hold the third place in the segment of programmable logic controllers.

Apple Fixes Vulnerabilities Across OS X, iOS, Safari

Threatpost - 19 Červenec, 2016 - 14:16
Apple fixed dozens of vulnerabilities across its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS.
Kategorie: Hacking & Security

Law Enforcement and the Dark Web: A Never-Ending Battle

InfoSec Institute Resources - 19 Červenec, 2016 - 14:00

Illegal activities in the Dark Web continue to grow The Dark web is a privileged place for cyber criminals that, under specific conditions, could operate in anonymity. The United Nation’s Office on Drugs and Crime (UNODC) has published its annual report that contains a specific mention to the illicit trade of goods and drugs in this hidden part of […]

The post Law Enforcement and the Dark Web: A Never-Ending Battle appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Riffle Anonymity Network

InfoSec Institute Resources - 19 Červenec, 2016 - 14:00

Everyone wants to maintain privacy while surfing the internet and most of them rely on TOR network to achieve anonymity while online. As we all know TOR has its limitations and the anonymity of the users can be broken. In come the Riffle Anonymity Network; a prototype developed by Massachusetts Institute of Technology (MIT) and […]

The post Riffle Anonymity Network appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Why you should use a password manager

Sophos Naked Security - 19 Červenec, 2016 - 13:39
Password managers are a fantastic tool to keep your online credentials secure. Here's why you should use one.
Syndikovat obsah