Hacking & Security

Neoficiální verze hry Pokémon Go mohou obsahovat viry, varovali tvůrci

Novinky.cz - bezpečnost - 14 Červenec, 2016 - 09:04
Tvůrci titulu Pokémon Go varovali uživatele, že by neměli stahovat neoficiální verze této hry. Podle nich se totiž nebývalé popularity novinky snaží využít i počítačoví piráti, kteří prostřednictvím neoficiálních verzí mohou šířit škodlivé kódy.
Kategorie: Hacking & Security

FDIC was hacked by China, and CIO covered it up

Ars Technica - 14 Červenec, 2016 - 00:43

Insuring deposits, but not your identity. Thanks, FDIC. (credit: Matthew G. Bisanz)

A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015.

The FDIC failed at the time of the "advanced persistent threat" attacks to report the incidents. Then-inspector general at the FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg's chances of confirmation.

The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October "Florida incident." On October 23, 2015, a member of the Federal Deposit Insurance Corporation's Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC's data loss prevention system of a significant breach of sensitive data—more than 1,200 documents, including Social Security numbers from bank data for more than 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC's Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at the FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

In wake of Appelbaum fiasco, Tor Project shakes up board of directors

Ars Technica - 14 Červenec, 2016 - 00:01

(credit: Tor Project)

Over a month after a prominent staffer at the Tor Project left the organization amid public accusations of sexual misconduct, the project has shaken up its entire seven-person board of directors, replacing the seven who have left as of Wednesday with six new members.

The Tor Project is the Massachusetts-based nonprofit that maintains Tor, the well-known open-source online anonymity tool.

In June 2016, Jacob Appelbaum, one of Tor’s most public-facing developers and a member of the "Core Team," denounced the accusations as a "calculated and targeted attack has been launched to spread vicious and spurious allegations against me."

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Bug bounties and automotive firewalls: Dealing with the car hacker threat

Ars Technica - 13 Červenec, 2016 - 23:38

(credit: Aurich / Getty)

As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack. The car-hacking problem gained widespread attention in July 2015, when hackers revealed that 1.4 million Chrysler and Dodge vehicles were vulnerable to an exploit—via the car's infotainment system—that could allow a malicious hacker to take over control of the vehicles' throttle, brakes, and even steering.

On Wednesday morning, Fiat Chrysler Automobiles (FCA) announced it has created a bug bounty program, using Bugcrowd's platform to allow the security community to inform it about possible exploits.

"We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers," said Titus Melnyk, senior manager of security architecture at FCA. "Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer. Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all."

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

Fiat Chrysler Launches Bug Bounty with $1.5K Payout Cap

Threatpost - 13 Červenec, 2016 - 23:22
Automaker Fiat Chrysler Automobiles is giving up to $1,500 to hackers who find bugs in its software.
Kategorie: Hacking & Security

Congressional Report: China Hacked FDIC And Agency Covered It Up

Threatpost - 13 Červenec, 2016 - 22:23
A Congressional report accuses China of hacking the FDIC and the agency of covering up the attacks.
Kategorie: Hacking & Security

Drupal Patches Remote Code Execution Vulnerabilities in Three Modules

Threatpost - 13 Červenec, 2016 - 21:33
Developers with the open source content management framework Drupal patched a series of highly critical remote code execution bugs in three separate modules today. If exploited, the bugs could let an attacker take over any site running the modules.
Kategorie: Hacking & Security

20-year-old Windows bug lets printers install malware—patch now

Ars Technica - 13 Červenec, 2016 - 19:58

Enlarge (credit: Vectra Networks)

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.

The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it.

Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect.

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security

Ransomware that demands money and gives you back… nothing!

Sophos Naked Security - 13 Červenec, 2016 - 19:45
Ransomware isn't a laughing matter, especially if you're the victim. But we smiled here... we're calling this one "boneidleware."

MIT Anonymity Network Riffle Promises Efficiency, Security

Threatpost - 13 Červenec, 2016 - 19:39
Riffle, a new anonymity network concocted by MIT researchers, can guarantee anonymity among a large group of users, as long as there's one honest server.
Kategorie: Hacking & Security

Intel Patches Local EoP Vulnerability Impacting Windows 7

Threatpost - 13 Červenec, 2016 - 17:15
Intel issued an important security patch Monday for a vulnerability that could allow hackers to execute arbitrary code on targeted systems running Windows 7.
Kategorie: Hacking & Security

Adobe, Microsoft Patch Critical Security Bugs

Krebs on Security - 13 Červenec, 2016 - 15:26

Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software.

First off, if you have Adobe Flash Player installed and haven’t yet hobbled this insecure program so that it runs only when you want it to, you are playing with fire. It’s bad enough that hackers are constantly finding and exploiting zero-day flaws in Flash Player before Adobe even knows about the bugs.

The bigger issue is that Flash is an extremely powerful program that runs inside the browser, which means users can compromise their computer just by browsing to a hacked or malicious site that targets unpatched Flash flaws.

The smartest option is probably to ditch this insecure program once and for all and significantly increase the security of your system in the process. I’ve got more on that approach — as well as slightly less radical solutions — in A Month Without Adobe Flash Player.

If you choose to update, please do it today. The most recent versions of Flash should be available from this Flash distribution page or the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). Chrome and IE should auto-install the latest Flash version on browser restart.

Happily, Adobe has delayed plans to stop distributing direct download links to its Flash Player program. The company had said it would decommission the direct download page on June 30, 2016, but the latest, patched Flash version 22.0.0.209 for Windows and Mac systems is still available there. The wording on the site has been changed to indicate the download links will be decommissioned “soon.”

Adobe’s advisory on the Flash flaws is here. The company also released a security update that addresses at least 30 security holes in Adobe Reader. The latest version of Reader for most Windows and Mac users is v. 15.017.20050.

Six of the 11 patches Microsoft issued this month earned its most dire “critical” rating, which Microsoft assigns to software bugs that can be exploited to remotely commandeer vulnerable machines with little to no help from users, save from perhaps browsing to a hacked or malicious site.

In fact, most of the vulnerabilities Microsoft fixed this Patch Tuesday are in the company’s Web browsers — i.e., Internet Explorer (15 vulnerabilities) and its newer Edge browser (13 flaws). Both patches address numerous browse-and-get-owned issues.

Another critical patch from Redmond tackles problems in Microsoft Office that could be exploited through poisoned Office documents.

For further breakdown on the patches this month from Adobe and Microsoft, check out these blog posts from security vendors Qualys and Shavlik. And as ever, if you encounter any problems downloading or installing any of the updates mentioned above please leave a note about your experience in the comments below.

Kategorie: Hacking & Security

Seeking Alpha Mobile Financial App Forgoes Encryption

Threatpost - 13 Červenec, 2016 - 15:05
The Seeking Alpha mobile app operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk.
Kategorie: Hacking & Security

Security Log Collection for Cloud Solutions

InfoSec Institute Resources - 13 Červenec, 2016 - 14:00

Something all Information Security Controls have in common is the data output they produce in the form of logged events and alerts. With an increase in the size of an organization or an increase in security levels, the size of this data and its storage requirements will also rapidly grow. Traditionally organizations purchase more and […]

The post Security Log Collection for Cloud Solutions appeared first on InfoSec Resources.

Kategorie: Hacking & Security

State-Sponsored SCADA Malware targeting European Energy Companies

The Hacker News - 13 Červenec, 2016 - 13:12
Security researchers have discovered a new campaign targeting energy companies in Western Europe with a sophisticated malware that almost goes to great lengths in order to remain undetected while targeting energy companies. Researchers from SentinelOne Labs discovered the malware, which has already infected at least one European energy company, is so sneaky and advanced that it is likely
Kategorie: Hacking & Security

Paint it black: Revisiting the Blackphone and its cloudy future

Ars Technica - 13 Červenec, 2016 - 13:00

The Blackphone and its parent, Silent Circle, have taken some knocks over the past few months, as the company prepares a new course. Will hardware be part of it? (credit: Sean Gallagher)

When we reviewed the Blackphone 2 last September, the company behind the privacy-focused smartphone was in transition. Silent Circle had moved to bring the Blackphone joint venture with the Madrid-based Geeksphone back under its umbrella, hired a telecom industry veteran as CEO, and was fine-tuning its marketing to go after an enterprise audience. The phone’s Android-based operating system, rebranded as Silent OS, became simultaneously more user-friendly and more hardened, paving the way for features that would be incorporated into Android for Work.

Less than a year later, Silent Circle has substantially changed. For starters, that new CEO is gone. Bill Conner resigned June 27 after, as he put it, Silent Circle "extended its privacy leadership into the enterprise as a secure communications SAAS [Software as a Service] company." The company’s general counsel is now serving as interim CEO as it seeks new leadership.

Over the course of the last year, many more core security team members—including co-founder and Chief Technology Officer Jon Callas, Chief Architect Mike Kershaw (AKA "dragorn," creator of the Kismet wireless network security tool), and Chief Security Officer Dan Ford—left the company. Callas remains as an investor, but he now works for Apple. There have also been layoffs.

Read 21 remaining paragraphs | Comments

Kategorie: Hacking & Security

New tool sniffs out leaked passwords reused on other sites

Sophos Naked Security - 13 Červenec, 2016 - 12:51
A nice idea, but boy, could this go wrong fast.

California lawmakers want to bring down the hammer on ransomware

Sophos Naked Security - 13 Červenec, 2016 - 12:23
The proposed bill would make ransomware punishable by imprisonment in a county jail for 2-4 years and a fine not exceeding $10,000.

Critical Print Spooler Bug allows Attackers to Hack any version of Microsoft Windows

The Hacker News - 13 Červenec, 2016 - 12:17
Microsoft's July Patch Tuesday offers 11 security bulletins with six rated critical resolving almost 50 security holes in its software. The company has patched a security flaw in the Windows Print Spooler service that affects all supported versions of Windows ever released, which if exploited could allow an attacker to take over a device via a simple mechanism. The "critical" flaw (
Kategorie: Hacking & Security

Aplikace Pokémon GO instalovaná z alternativních umístění přináší malware DroidJack

CSIRT.cz - 13 Červenec, 2016 - 08:40

Jedna z nejstahovanějších aplikací posledních dní Pokémon GO, která se těší neočekávanému zájmu, přitahuje nejen hráče, ale i útočníky. Kvůli velkému zájmu a omezené dostupnosti nabízí nyní řada stránek alternativní odkazy pro stažení aplikace. Pro její instalaci pak musí uživatelé povolit instalaci z alternativních zdrojů. Podle expertů však mnoho z těchto odkazů vede na verzi aplikace Pokémon GO infikovanou nástrojem DroidJack, který umožňuje vzdálené ovládnutí telefonu. Zda má uživatel nainstalovánu infikovanou verzi pozná podle přidělených oprávnění. Pokud se v nich vyskytují položky jako přímé vytáčení telefonních čísel, editace a čtení SMS, nahrávání audia, přístup k historii prohlížených stránek, modifikování a čtení kontaktů, čtení a zápis informací o hovorech a změny síťového nastavení, pak by měli uživatelé aplikaci okamžitě odinstalovat. Je však potřeba dodat, že i samotná oficiální aplikace Nintenda je terčem kritiky, neboť svým tvůrcům umožňuje získat kompletní kontrolu nad Google účtem uživatele, včetně například čtení e-mailů.

Kategorie: Hacking & Security
Syndikovat obsah