Hacking & Security

Místo slíbené tisícovky hromada problémů. Podvodníci líčí pasti na Facebooku

Novinky.cz - bezpečnost - 14 Září, 2016 - 20:45
Je to už starý trik, ale evidentně pořád funguje – právě proto jej počítačoví piráti zkouší znovu a znovu. Pod hlavičkou České spořitelny líčí na Facebooku falešné nabídky, ve kterých slibují za použití nové verze internetového bankovnictví finanční bonus ve výši 1000 Kč. Pokud ale na to uživatelé přistoupí, zadělají si na velké problémy.
Kategorie: Hacking & Security

Myslíte na ochranu webových kamer a domácích routerů? Soukromí máte jen jedno

Novinky.cz - bezpečnost - 14 Září, 2016 - 19:36
Komerční článek – Nedostatečně silné heslo a slabé zabezpečení domácích routerů jsou stále častějším důvodem průniku hackerů do domácích internetových sítí.
Kategorie: Hacking & Security

AdBlock Plus launches its ad-selling platform

Sophos Naked Security - 14 Září, 2016 - 18:41
The company has rolled the dice on its relationship with both users and publishers

324,000 Financial Records with CVV Numbers Stolen From A Payment Gateway

The Hacker News - 14 Září, 2016 - 16:22
Around 324,000 users have likely had their payment records stolen either from payment processor BlueSnap or its customer Regpack; however, neither of the company has admitted a data breach. BlueSnap is a payment provider which allows websites to take payments from customers by offering merchant facilities, whereas RegPack is a global online enrollment platform that uses BlueSnap to process
Kategorie: Hacking & Security

Massive Data Breach Exposes 6.6 Million Plaintext Passwords from Ad Company

The Hacker News - 14 Září, 2016 - 16:10
Another Day, Another Data Breach! And this time, it's worse than any recent data breaches. Why? Because the data breach has exposed plaintext passwords, usernames, email addresses, and a large trove of other personal information of more than 6.6 Million ClixSense users. ClixSense, a website that claims to pay users for viewing advertisements and completing online surveys, is the latest
Kategorie: Hacking & Security

Pay-to-click ad service hacked, 6.6M plaintext passwords dumped

Sophos Naked Security - 14 Září, 2016 - 15:19
It was 20 years ago today, no, make that 40, that Sergeant Pepper taught us not to store plaintext passwords...

Google Project Zero Prize Pays $200,000 for Critical Vulnerability Chains

Threatpost - 14 Září, 2016 - 15:00
Google Project Zero announced a six-month Android bug bounty program that requires researchers to file bugs as they find them, rather than hoard the whole chain.
Kategorie: Hacking & Security

SIEM as a Service

InfoSec Institute Resources - 14 Září, 2016 - 14:00

Not all SaaS solutions are equal Traditionally an organization needing a SIEM deployment has had two options. Either build, maintain and use the SIEM on-premises or pay an external service provider for an MSS-type model, where that service provider takes on most of the SIEM responsibilities. A few more options have opened up recently. Since […]

The post SIEM as a Service appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Becoming a Penetration Tester: Successes in The Field

InfoSec Institute Resources - 14 Září, 2016 - 14:00

The job of an ethical hacker is to uncover weaknesses or vulnerabilities in a computer network to help that company to protect itself from less ethical hackers. The so-called black hat hackers may be looking to steal data such as credit card numbers, damage or destroy the network system, or otherwise disrupt the inner workings […]

The post Becoming a Penetration Tester: Successes in The Field appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Rooting Pokémons in Google Play Store

Kaspersky Securelist - 14 Září, 2016 - 13:50

A few days ago we reported to Google the existence of a new malicious app in the Google Play Store. The Trojan presented itself as the “Guide for Pokémon Go”. According to the Google Play Store it has been downloaded more than 500,000 times. Our data suggests there have been at least 6,000 successful infections, including in Russia, India and Indonesia. However, since the app is oriented towards English-speaking users, people in such geographies, and more, are also likely to have been hit.

Analysis reveals that the app contains a malicious piece of code that downloads rooting malware – malware capable of gaining access to the core Android operating system, in this case for the purposes of unsolicited app install and adware.

Kaspersky Lab products detect the Trojan as HEUR:Trojan.AndroidOS.Ztorg.ad.

At least one other version of this particular app was available through Google Play in July 2016. Further, we have tracked back at least nine other apps infected with this Trojan and available on Google Play Store at different times since December 2015.

Trojan characteristics

The Trojan has many layers of defense in place to help it bypass detection. This includes a commercial packer that decrypts the original executable file to make it harder to analyze. The unpacked executable file contains useful code related to the malicious Pokémon Go guide, and one small and obfuscated module.

Process of infection

This small module doesn’t start when the user launches the app. Instead, it waits for the user to install or uninstall another app, then checks to see if that app runs on a real device or on a virtual machine. If it turns out that it’s dealing with a device, the Trojan will wait for a further two hours before starting its malicious activity.

The first thing it does is connect to its command-and-control (CnC) server and upload data about the device, including country, language, device model and OS version.

If the server wants the Trojan to continue it will respond with an ID string. Only if the Trojan receives this ID string will it make its next request to the CnC. If it doesn’t receive anything, it will wait for two hours and then resubmit the first request. This feature is included so that the control server can stop the attack from proceeding if it wants to – skipping those users it does not wish to target, or those which it suspects are a sandbox/virtual machine, for example. Among other things, this provides an additional layer of protection for the malware.

Upon receiving the second request, the CnC server will send the Trojan a JSON file containing a URL. The Trojan downloads file from the specified URL, decrypts it and executes. In our case the Trojan downloaded a file detected as HEUR:Trojan.AndroidOS.Ztorg.a. This file is obfuscated too.

After execution, the Trojan will drop and download some more files. All downloaded files are encrypted and most of them are local root exploit packs for vulnerabilities dating from 2012 to 2015, including one that was previously used by Hacking Team.

These other files represent additional modules of the Trojan and are detected by Kaspersky Lab as:

HEUR:Backdoor.AndroidOS.Ztorg.c, HEUR:Trojan.AndroidOS.Muetan.b, HEUR:Trojan.AndroidOS.Ztorg.ad, HEUR:Backdoor.AndroidOS.Ztorg.h, HEUR:Backdoor.AndroidOS.Ztorg.j, HEUR:Trojan-Dropper.AndroidOS.Agent.cv, HEUR:Trojan.AndroidOS.Hiddad.c. And a few clean tools like busybox and chattr.

Using these exploit packs the Trojan will gain root access rights to the device. After gaining root access, the Trojan will install its modules into the system folders, silently installing and uninstalling other apps and displaying unsolicited ads to the user.

Most of the other apps with this Trojan module available in Google Play had about 10,000 downloads (according to Google Play), but one – “Digital Clock” had more than 100,000 downloads.

MD5 of Malicious Files Mentioned in Article
8CB3A269E50CA1F9E958F685AE4A073C
0235CE101595DD0C594D0117BB64C8C3

The Project Zero Contest — Google will Pay you $200,000 to Hack Android OS

The Hacker News - 14 Září, 2016 - 13:40
Why waiting for researchers and bug hunters to know vulnerabilities in your products, when you can just throw a contest for that. Google has launched its own Android hacking contest with the first prize winner receiving $200,000 in cash. That's a Hefty Sum! The contest is a way to find and destroy dangerous Android vulnerabilities before hackers exploit them in the wild. <!-- adsense -->
Kategorie: Hacking & Security

Piráti ukazují, jak jednoduše odposlechnout pražské strážníky. V systému, který stál 680 milionů korun

Zive.cz - bezpečnost - 14 Září, 2016 - 13:32
** Pražskou městskou policii nebo zdravotnickou službu lze odposlechnout DVB-T tunerem ** Hlasová komunikace může obsahovat citlivé osobní údaje ** Do sítě lze vysílat falešné zprávy
Kategorie: Hacking & Security

Instagram users to take control over abusive comments

Sophos Naked Security - 14 Září, 2016 - 13:04
The photo and video app now allows users to control and filter comments to thwart online nastiness.

Nezvaný návštěvník vydělává kyberzločincům peníze. Zobrazuje reklamu a volá na prémiové linky

Novinky.cz - bezpečnost - 14 Září, 2016 - 11:35
Velký pozor by si uživatelé měli dát na nový škodlivý kód zvaný CallJam, který objevili bezpečnostní experti společnosti Check Point. Tento nezvaný návštěvník totiž dokáže z chytrého telefonu volat na placená čísla a tím uživateli pěkně prodražit pravidelné vyúčtování. Navíc zobrazuje reklamu na displeji přístroje, díky čemuž útočníci inkasují další peníze.
Kategorie: Hacking & Security

Microsoft and Adobe Rolls Out Critical Security Updates - Patch Now!

The Hacker News - 14 Září, 2016 - 10:42
In BriefYou should not miss this month’s Patch Updates, as it brings fixes for critical issues in Adobe Flash Player, iOS, Xcode, the Apple Watch, Windows, Internet Explorer, and the Edge browser. Adobe has rolled out a critical update to address several issues, most of which are Remote Code Execution flaws, in its widely-used Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.
Kategorie: Hacking & Security

Why hackers hack: Is it all about the money?

LinuxSecurity.com - 14 Září, 2016 - 10:25
LinuxSecurity.com: You get what you pay for in the cybersecurity industry, but bug bounty programs are not just about the money, according to new research. In today's world, where data breaches and information leaks have come close to a daily occurrence, it is too easy to merge the terms "cybercriminal" and "hacker."
Kategorie: Hacking & Security

Cybersecurity In The Obama Era

LinuxSecurity.com - 14 Září, 2016 - 10:21
LinuxSecurity.com: On February 9, President Barack Obama announced the Cybersecurity National Action Plan (CNAP), which he described as the capstone of more than seven years of determined effort by his administration. The plan builds upon lessons learned from cybersecurity trends, threats, and intrusions.
Kategorie: Hacking & Security

Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON

LinuxSecurity.com - 14 Září, 2016 - 10:19
LinuxSecurity.com: Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.
Kategorie: Hacking & Security

NTP reflection attacks hit record high

LinuxSecurity.com - 14 Září, 2016 - 10:11
LinuxSecurity.com: Distributed denial of service attacks that take advantage of misconfigured NTP servers were up 276 percent last quarter compared to the same time last year, reaching a new record high, according to a new report.
Kategorie: Hacking & Security

Ruští hackeři opět zaútočili na systém WADA a odhalili údajnou korupci v americkém sportu

Zive.cz - bezpečnost - 14 Září, 2016 - 09:40
Světová antidopingová agentura (WADA) nedává ruským hackerům spát. Jen měsíc poté, co na ni zaútočili, zosnovali další útok. Tentokrát získali data například o amerických hvězdných tenistkách sestrách Wlliamsových nebo gymnastce Simone Biles. Stránka hackerské skupiny Fancy Bear Útok byl namířen ...
Kategorie: Hacking & Security
Syndikovat obsah