A pair of vulnerabilities found in hardware and software for playing Blu-ray discs might come in handy for secret snooping by the U.S. National Security Agency.Stephen Tomkinson of NCC Group, a U.K.-based security consultancy, engineered a Blu-ray disc which detects the type of player the disc is running on and then picks one of two exploits to land malware on a computer. He presented the research at the Securi-Tay conference at Abertay University in Scotland on Friday.One of the problems is in PowerDVD, an application made by Taiwanese company CyberLink for playing DVDs on Windows computers. The company’s applications are often preinstalled on computers from manufacturers including HP, Dell, Acer, Lenovo, Toshiba and ASUS, according to its website.To read this article in full or to leave a comment, please click here
D-Link routers have several unpatched vulnerabilities, the worst of which could allow an attacker to gain total control over a device, according to a systems engineer in Canada.Peter Adkins, who does security research in his free time, released details of the flaws on Thursday. Adkins said in a phone interview that he has been in intermittent contact with D-Link since Jan. 11 on the issues, but the company has not indicated when it might patch.“I believe it’s probably better for the end user to know that these exist than be completely in the dark for months on end while the vendor prepares patches,” he said.D-Link officials did not have an immediate comment.To read this article in full or to leave a comment, please click here
An email-based attack spotted in Brazil recently employed an unusual but potent technique to spy on a victim’s Web traffic.The technique exploited security flaws in home routers to gain access to the administrator console. Once there, the hackers changed the routers’ DNS (Domain Name System) settings, a type of attack known as pharming.Pharming is tricky to pull off because it requires access to an ISP’s or an organization’s DNS servers, which translate domain names into the IP addresses of websites. Those DNS systems are typically well-protected, but home routers often are not.Security firm Proofpoint wrote in a blog post Thursday that launching the attack via email was a novel approach since pharming is normally a network-based attack.To read this article in full or to leave a comment, please click here
The redirection of both Lenovo’s website and Google’s main search page for Vietnam this week highlights weaknesses with the Internet’s addressing system.On Wednesday, visitors to lenovo.com were greeted with what appeared to be webcam images of a bored young man sitting in a bedroom, and the song “Breaking Free” from an old Disney movie. On Monday, Google’s site for Vietnam also briefly redirected people to another website.Both Google and Lenovo were victims of “domain hijacking,” a type of attack against the Domain Name System (DNS), which translates domain names into IP addresses that can be called into a browser.To read this article in full or to leave a comment, please click here
Google is scrapping Pwnium, its annual bug hunting event, and folding it into an existing year-round program in part to reduce security risks.The company held Pwnium annually at CanSecWest, a security conference in Vancouver, to find security problems in its Chrome OS, Chrome browser and affiliated applications.But Tim Willis of the Chrome Security Team wrote in a blog post that the annual event isn’t best for either researchers or the company.To read this article in full or to leave a comment, please click here
The Anthem data breach may have exposed 78.8 million records, according to a more finely tuned estimate by the health insurance company, but Anthem is still investigating exactly how many records hackers extracted from a database.Hackers accessed a database at Anthem that contained customer and employee records with names, birth dates, Social Security numbers, addresses, phone numbers, email addresses and member IDs, the health insurance company said on Feb. 4. Some records included employment information and income levels, but no financial information was compromised, it said.It marked one of the largest data breaches to affect the health care industry, adding to a string of recent attacks that have shaken large companies, including retailers Home Depot, Target and Michaels.To read this article in full or to leave a comment, please click here
Attackers who penetrate company networks often pose as legitimate users for long periods of time, causing lengthy delays before victims figure out they’ve been hacked.FireEye’s Mandiant forensics service found that it took a median of 205 days for an organization to detect a compromise, down slightly from 229 days in 2013, according to its 2015 Threat Report.The drop is nearly insignificant. “I don’t think it’s enough to make a claim that people are getting better at this,” said Matt Hastings, a senior consultant with Mandiant who works on incident response.To read this article in full or to leave a comment, please click here
Telegram, a messaging application that markets itself as a secure communication tool, doesn’t handle encrypted conversations securely, according to the founder of a mobile security company.Zuk Avraham of Zimperium wrote in a blog post Monday that he found several weak points that allowed him to recover plain text messages.Avraham didn’t try to directly crack messages encrypted by Telegram, which is backed by Pavel Durov, founder of the popular Russian social networking site Vkontakte. Instead, Avraham focused on an alternative attack using a kernel exploit to gain root access on an Android device and then looking at how Telegram handled messages in memory.To read this article in full or to leave a comment, please click here
Next time you turn off your Android phone, you might want take the battery out just to be certain.Security vendor AVG has spotted a malicious program that fakes the sequence a user sees when they shut off their phone, giving it freedom to move around on the device and steal data.When someone presses the power button on a device, a fake dialog box is shown. The malware then mimics the shutdown animation and appears to be off, AVG’s mobile malware research team said in a blog post.“Although the screen is black, it is still on,” they said. “While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.”To read this article in full or to leave a comment, please click here
A Swedish man pleaded guilty Wednesday to peddling one of the most prevalent spying programs called Blackshades that was widely used by the criminal underground.Alex Yucel, 24, pleaded guilty to one count of distributing malicious software. He could face a maximum of 10 years in prison, the U.S. Attorney’s Office for the Southern District of New York said. He is expected to be sentenced on May 22.BlackShades, a remote access trojan, was marketed by its developers as a program for legitimate computer monitoring but was mostly used for stealing payment card data, recording a computer’s keystrokes and secretly controlling webcams. It was sold for between US$40 to $100.To read this article in full or to leave a comment, please click here
A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys.John Matherly used Shodan, a specialized search engine for querying Internet-connected devices, and found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key.+ ON THE LIGHTER SIDE: Most Memorable Saturday Night Live Techie Skits & Bits +Matherly, who founded Shodan, performed the search after someone posted a shorter version of a public key—called a fingerprint—for their device.To read this article in full or to leave a comment, please click here
Israeli institutions have been targeted by an Arab-speaking hacker group that sought to extract sensitive documents, according to Trend Micro.The campaign, which Trend called Operation Arid Viper, focused on sending phishing emails to targets. Those emails came with malware packaged with a short pornographic video, according to the company’s report.The phishing emails were sent to targets including a government office, infrastructure providers, a military organization and academic institutions in Israel and Kuwait.The attacks “targeted professionals who might be receiving very inappropriate content at work and so would hesitate to report the incident,” Trend wrote. “These victims’ failure to act on the threat could have then allowed the main malware to remain undiscovered.”To read this article in full or to leave a comment, please click here
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia.Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.The tools, exploits and malware used by the group—named after its penchant for encryption—have strong similarities with NSA techniques described in top-secret documents leaked in 2013.Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.To read this article in full or to leave a comment, please click here
A still-active cybercriminal gang has stolen up to a $1 billion from banks in at least 25 countries over the last two years, infiltrating networks with malware and spying on employees’ computers to facilitate large wire transfers, Kaspersky Lab said Sunday.The computer security vendor, which said it will release a report Monday on its findings, said the gang penetrated deeply into the banks’ networks, taking time to learn about internal procedures to make their fraudulent activity less suspicious.In some cases, the gang learned about wire transfer systems by watching administrators’ computers over video.“In this way the cybercriminals got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out,” Kaspersky said in a news release.To read this article in full or to leave a comment, please click here
Jeremy Kirk