Hacking & Security

Flash Player má kritickou bezpečnostní chybu

Novinky.cz - bezpečnost - 25 Červen, 2015 - 13:23
Kritická bezpečnostní chyba byla odhalena v programu Flash Player od společnosti Adobe. Ten slouží k přehrávání videí na internetu a po celém světě jej používají milióny lidí. Zranitelnost, kterou se již podařilo počítačovým pirátům zneužít, je naštěstí možné snadno opravit.
Kategorie: Hacking & Security

Blackshades RAT co-author sentenced to 57 months in prison

Sophos Naked Security - 25 Červen, 2015 - 13:12
Alex Yucel, co-creator of the Blackshades Remote Access Trojan (RAT), has been sentenced for selling and distributing the malware since 2010.

Hundreds of Australian nude images posted without women's consent

Sophos Naked Security - 25 Červen, 2015 - 12:44
"Come at me Aussie police," the uploader jeered, threatening to repost the images to the Deep Web.

Cybercriminal Group Using Zeus and SpyEye Dismantled by European Forces

LinuxSecurity.com - 25 Červen, 2015 - 11:13
LinuxSecurity.com: Individuals in Ukraine were arrested by European law enforcement last week in a joint operation that targeted members of a group suspected of developing, distributing and using Zeus and SpyEye banking malware.
Kategorie: Hacking & Security

Mind Blowing Radar-based Gesture Recognition Technology for Everything

The Hacker News - 25 Červen, 2015 - 09:50
Since it introduced at the annual Google I/O conference, Project Soli has been trending on the Internet. Project Soli is one of Google's latest cutting-edge experiments that could actually transform the way humans interact with technology. Project Soli is not a wearable watch you might think it is. So what is Project Soli? It's you. Yes, you heard it right. Google's secretive
Kategorie: Hacking & Security

Rusko a Čína nahánějí strach. NATO musí pracovat na kybernetické obraně, vyzval Carter

Novinky.cz - bezpečnost - 25 Červen, 2015 - 09:28
Severoatlantická aliance by měla zlepšit svou obranu proti potenciálním hackerským útokům z cizích zemí dříve, než vybuduje své vlastní útočné kybernetické prostředky. Prohlásil to ve středu americký ministr obrany Ashton Carter při jednání se svými resortními kolegy z členských zemí NATO v Bruselu. Jeho výzva je podle agentury AP v protikladu k názoru řady expertů či politiků, podle nichž by Aliance měla vyvíjet kybernetické zbraně, aby zastrašila své soky.
Kategorie: Hacking & Security

Projekt Turris detekoval 9000 napadených routerů ASUS

CSIRT.cz - 25 Červen, 2015 - 09:15

Kolegové z projektu Turris publikovali velice zajímavý blogpost, popisující problém, který může znamenat závažné ohrožení velkého množství uživatelů Internetu.

Kategorie: Hacking & Security

Not OK, Google: Chromium voice extension pulled after spying concerns

Ars Technica - 25 Červen, 2015 - 00:37

Google has removed an extension from Chromium, the open source sibling to the Chrome browser, after accusations that the extension was installed surreptitiously and subsequently eavesdropped on Chromium users.

The issue first came to light in late May when a bug was filed in the Debian bug tracker. Chromium version 43 was seen downloading a binary extension from Google, and there was neither any ability to prevent this download, nor any source code available for the extension. The extension, called "Chrome Hotword," was found to be responsible for providing the browser's "OK, Google" functionality. Although off by default, both Chrome and Chromium, when set to use Google as their default search engine, can permanently listen to the microphone and respond instantly to voice queries, with "OK Google" used as the trigger keyword.

Concern about the nature and purpose of the extension was compounded by the way the browser did and didn't disclose the extension's existence. The list of extensions visible at chrome://extensions/ doesn't include Hotword. Conversely, Hotword's own status page, chrome://voicesearch/ said that by default the extension was enabled and had access to the microphone.

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security

OPM director on security issues: We’re trying very hard

Ars Technica - 24 Červen, 2015 - 23:48

With the total number of people affected by the data breach at the Office of Personnel Management now estimated to be as many as 18 million, OPM Director Katherine Archuleta has mounted a public relations counter-attack, defending the agency's efforts to improve security during her tenure and crediting those efforts with finding the malware at the heart of the breach in the first place. But the news of the exposure has caused a wave of fear and distrust among federal employees—with some who work in the intelligence community now concerned for their families' safety.

Archuleta defended her tenure before a Senate hearing on June 23. "I'm as angry as you are that this is happening," she said in a message to federal employees and retirees during her testimony. "I am dedicated to ensuring that OPM does everything in its power to protect the federal workforce, and to ensure that our systems will have the best cyber security posture the government can provide.” And she insisted that no one at OPM was to blame for the breaches, saying, "If there is anyone to blame, it is the perpetrators."

Archuleta also acknowledged for the first time that the breach was at least partially related to the breach last year of an OPM investigative contractor, KeyPoint. Attackers used credentials stolen from a KeyPoint employee to access OPM's network initially, gaining access to the EPIC background investigation software tools.

Read 16 remaining paragraphs | Comments

Kategorie: Hacking & Security

Hotels.com Phishing Scam Duping Travelers

Threatpost - 24 Červen, 2015 - 22:25
An undisclosed number of travelers who use Hotels.com may have been victims of a phishing scheme.
Kategorie: Hacking & Security

Hershey Park Investigates Card Fraud Pattern

Krebs on Security - 24 Červen, 2015 - 19:45

Hershey Park, a popular resort and amusement park in Hershey, Pa. has hired a security firm to investigate reports from multiple financial institutions about a possible credit card breach, KrebsOnSecurity has learned.

Contacted after reports by several financial institutions about a pattern of fraudulent charges on customer cards that trace back to Hershey properties, the company says it is investigating.

“We have received reports from some of our guests that fraud charges appeared on their payment cards after they visited our property,” said Kathleen McGraw, director of communications for Hershey Entertainment and Resorts Company.

“We take reports like this very seriously,” McGraw continued. “While our company does have security measures in place designed to prevent unauthorized access to our network, we immediately began to investigate our system for signs of an issue and engaged an external computer security firm to assist us. The investigation is ongoing.”

Sources at three financial institutions say they have detected a pattern of fraudulent activity on customer cards that were used at Hershey properties in Pennsylvania between mid-March and late May 2015. According to the banks, the cards were used at a variety of Hershey locations, including food and beverage outlets, ticketing stations and the Hershey Lodge.

Kategorie: Hacking & Security

Details Available on Patched Adobe, Windows Font Vulnerabilities

Threatpost - 24 Červen, 2015 - 19:22
Details have been disclosed on a patched Adobe Type Manager Font Driver flaw that could enable takeover of a number of systems supporting modern font engines.
Kategorie: Hacking & Security

Patch early, patch often: Adobe pushes emergency fix for active 0-day

Ars Technica - 24 Červen, 2015 - 19:13

Yet again, Adobe has released a new patch to fix a critical vulnerability that "could potentially allow an attacker to take control of the affected system," according to the company.

Adobe acknowledged that the flaw (CVE-2015-3113) is "being actively exploited in the wild via limited, targeted attacks." Known affected systems run Internet Explorer for Windows 7 and below and Firefox on Windows XP, according to the patch details. Adobe says the following software can potentially be impacted:

  • Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux

The company recommends updating to the latest version of Flash to avoid the risk of exploitation, but at this point users should take a hard look at how necessary Flash is to their daily Internet use. In 2015 alone, we've seen Adobe issue multiple emergency Flash updates to patch critical vulnerabilities under active attack—including three such instances in the first five weeks of the year. The situation has gotten so grim that security reporter Brian Krebs recently experimented with a month without having the Flash Player installed at all. "The result? I hardly missed it at all," Krebs writes.

This newest flaw was uncovered through the help of FireEye security researchers. A Singapore-based FireEye team discovered the vulnerability in June by detecting a phishing campaign exploiting CVE-2015-3113. "The attackers’ e-mails included links to compromised Web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113," FireEye writes.

FireEye identified APT3, a China-based group also known as UPS, as responsible for these attacks (see more on the group in FireEye's report on Operation Clandestine Fox). APT3 has previously introduced other browser-based zero-day attacks against Internet Explorer and Firefox. FireEye notes APT3's tactics are difficult to monitor given there's little overlap between campaigns, and the group typically moves quickly ("After successfully exploiting a target host, this group will quickly dump credentials, move laterally to additional hosts, and install custom backdoors," the new report states). According to the security researchers, APT3 has implemented these phishing schemes against companies in aerospace and defense, engineering, telecommunications, and transportation this year.

FireEye's report on CVE-2015-3113 offers much greater detail than Adobe's patch notes. For instance, the typical phishing e-mails were spam-like offers for refurbished iMacs:

"Save between $200-450 by purchasing an Apple Certified Refurbished iMac through this link. Refurbished iMacs come with the same 1-year extendable warranty as new iMacs. Supplies are limited, but update frequently.

Don't hesitate . . .>Go to Sale"

FireEye also broke down where unfortunate targets were directed after clicking such URLs—a compromised server hosting JavaScript profiling scripts. "Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF file and an FLV file," FireEye reports. "This ultimately resulted in a custom backdoor known as SHOTPUT, detected by FireEye as Backdoor.APT.CookieCutter, being delivered to the victim’s system. The payload is obscured using xor encoding and appended to a valid GIF file."

Read on Ars Technica | Comments

Kategorie: Hacking & Security

PITA Side-Channel Attack Steals GPG Key from Laptops

Threatpost - 24 Červen, 2015 - 17:27
Researchers at Tel Aviv University have developed a compact, untethered tool capable of extracting GnuPG crypto keys (RSA and ElGamal) from laptops.
Kategorie: Hacking & Security

False positive: National Archives files matched OPM signature, but were legit [Updated]

Ars Technica - 24 Červen, 2015 - 17:24

Update: National Archives officials now report that the "indicators of compromise" found on three Archives systems were a false positive, and that no breach has occurred, contrary to a NextGov report yesterday. Laura Diachenko, a spokesperson for the National Archives, told Ars in an e-mail that there had been files that matched a fingerprint for the malware  had been detected on the Archives' network.

"The National Archives (NARA) detected two files on three individual workstations that matched some of the criteria that the Department of Homeland Security provided, in the wake of the Office of Personnel Management hack," Diachenko told Ars. "We took precaution by immediately reporting to US-CERT. US-CERT has deemed the files found on NARA's computers to be legitimate files and not associated with the OPM incident. NARA is partnering with DHS and US-CERT pro-actively to ensure that NARA systems are protected to the fullest extent possible."

The "indicators of compromise", or IOCs, shared by the Department of Homeland Security, had been fed into the National Archives' in-house vulnerability scanning tool. They triggered an alert. However, contrary to NextGov's report, those files were in fact found to be benign, and related to Internet Explorer.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Naléhavá záplata pro Adobe Flash

CSIRT.cz - 24 Červen, 2015 - 17:02

Společnost Adobe dnes vydala mimořádnou záplatu, která opravuje zranitelnost nultého dne, jenž byla aktivně zneužívána útočníky během cílených útoků. Uživatelům se doporučuje provést záplatování co nejdříve.

Kategorie: Hacking & Security

Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates

Threatpost - 24 Červen, 2015 - 16:53
A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services.
Kategorie: Hacking & Security

Now you can avoid email sender's remorse with Gmail's 'Undo Send' feature

Sophos Naked Security - 24 Červen, 2015 - 15:01
Wrong recipients and forgotten attachments could soon become a thing of the past with Gmail's new 'Undo Send' feature.

Interview: Chris Rouland

InfoSec Institute Resources - 24 Červen, 2015 - 14:15

Chris Rouland is a 25-year veteran of the information security industry and a valued member of the Atlanta technology community. Chris has founded several companies focused on providing cyber security to Fortune 500 corporations and government establishments earning him the distinction of one of Atlanta’s most respected technology entrepreneurs. Most recently, Chris founded Bastille, the […]

The post Interview: Chris Rouland appeared first on InfoSec Institute.

Kategorie: Hacking & Security

Identifying Vulnerable Code

InfoSec Institute Resources - 24 Červen, 2015 - 14:00

No matter how much care you take during development of any software, security issues creep in. Hence, it is important to get the code reviewed for security loopholes. Code is the only advantage for organizations over the hackers and they need to utilise this fact in a planned way. Relying only on penetration testing is […]

The post Identifying Vulnerable Code appeared first on InfoSec Institute.

Kategorie: Hacking & Security
Syndikovat obsah