A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research.
Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday.
Cassidy, who is CTO of Praesido Inc., notified LastPass of the issues. In a blog post, LastPass said it has made improvements that should make such an attack harder to pull off without a user knowing.To read this article in full or to leave a comment, please click here
Apple hasn't completely fixed a weakness in Gatekeeper, its security technology that blocks harmful applications from being installed.
Patrick Wardle, director of research with the company Synack, said in an interview he reverse-engineered a patch Apple released in October and found it wasn't quite the fix he expected.
Wardle found he could still bypass Gatekeeper and install malware. He's going public with his latest findings on Sunday at the Shmoocon security conference, which starts Friday in Washington, D.C. To read this article in full or to leave a comment, please click here
One-time passcodes, a crucial defense for online banking applications, are being intercepted by a malware program for Android, according to new research from Symantec.The malware, called Android.Bankosy, has been updated to intercept the codes, which are part of so-called two-factor authentication systems.Many online banking applications require a login and password plus a time-sensitive code in order to gain access. The one-time passcode is sent over SMS but also can be delivered via an automated phone call.Some banks have moved to call-based delivery of passcodes. In theory, that provides better security since SMS messages can be intercepted by some malware, wrote Dinesh Venkatesan of Symantec in a blog post on Tuesday.To read this article in full or to leave a comment, please click here
Keeping accurate time has never been more important. Inaccurate time can cause servers and applications to go awry, causing service disruptions.For example: As fighter Manny Pacquiao was ready to square off against Floyd Mayweather in May 2015, the fight was delayed due to a technical problem with pay-per-view orders. More than 4.4 million U.S. customers shelled out $100 to watch the fight but had trouble accessing it. The fight was delayed 45 minutes. It turns out the trouble was a problem with time. A time server was so far out of sync that people were disqualified from watching the fight because of a discrepancy with the time stamps.To read this article in full or to leave a comment, please click here
A discovery by a well-known Google security researcher provides further proof how antivirus programs designed to shield computers from attacks can sometimes provide a doorway for hackers.
Tavis Ormandy, an information security engineer with Google, wrote he found bugs in Trend Micro's antivirus product that could allow remote code execution by any website and steal all of a users' passwords.
The security firm has confirmed it has released an automatic update that fixes the problems.
"As part of our standard vulnerability response process we worked with him to identify and address the vulnerability," wrote Christopher Budd, global threat communications manager at Trend Micro, in an email on Monday. "Customers are now getting protections through automatic updates."To read this article in full or to leave a comment, please click here
A new study of a cyberattack last month against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers.Instead, the malware provided a foothold for key access to networks that allowed the hackers to then open circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team.Experts have warned for years that industrial control systems used by utilities are vulnerable to cyberattacks. The Dec. 23 attacks in Ukraine are the most prominent example yet of those fears coming to fruition.To read this article in full or to leave a comment, please click here
A cyberattack that knocked out power in the Ukraine last month is believed to have been initiated by a hacking group with strong Russian interests.iSight Partners, a cybersecurity firm headquartered in Dallas, wrote on Thursday that a group called Sandworm was likely involved.The link was made after a study of a malware sample called KillDisk and a related one used by Sandworm in the past called BlackEnergy 3, wrote John Hultquist, director of cyberespionage analysis at iSight Partners.To read this article in full or to leave a comment, please click here
Smart TVs running older versions of Android are being targeted by several websites offering apps containing malware, according to Trend Micro.The security vendor wrote on Thursday that it found a handful of app websites targeting people in the U.S. and Canada by offering the malicious apps.The apps are exploiting a flaw in Android that dates to 2014, showing that many smart TVs do not have the latest patches."Most smart TVs today use older versions of Android, which still contain this flaw," wrote Ju Zhu, a mobile threats analyst with Trend. "While most mobile Android devices can easily be upgraded to the latest version, upgrading smart TV sets may be more challenging for users because they are limited by the hardware."To read this article in full or to leave a comment, please click here
Cybercriminals are taking advantage of an organization that issues free digital certificates, sparking a disagreement over how to deal with such abuse.On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers.The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend.If a user went to the site, the subdomain would show a malicious advertisement that would redirect the user to sites hosting the Angler exploit kit, which looks for software vulnerabilities in order to install malware.To read this article in full or to leave a comment, please click here
Smart TVs are opening a new window of attack for cybercriminals, as the security defenses of the devices often lag far behind those of smartphones and desktop computers.
Running mobile operating systems such as Android, smart TVs present a soft target due to how to manufacturers are emphasizing convenience for users over security, a trade-off that could have severe consequences.
Smart TVs aren't just consumer items, either, as the devices are often used in corporate board rooms. Sales of smart TVs are expected to grow more than 20 percent per year through 2019, according to Research and Markets.
While attacks against smart TVs are not widespread yet, security experts say it is only a matter of time before cybercriminals take note of the weaknesses.To read this article in full or to leave a comment, please click here
A new law passed by China's Parliament on Sunday requires technology companies to assist the government in decrypting content, a provision that the country maintains is modeled after Western law.
ISPs and telecommunication companies must provide technical assistance to the government, including decrypting communications, for terrorism-related investigations, according to Xinhua, China's official news agency.
Xinhua quoted Li Shouwei, of the National People's Congress Standing Committee legislative affairs commission, as saying the law doesn't require technology companies to install "backdoors," the term for code that would give security agencies consistent, secret access to data, in software.To read this article in full or to leave a comment, please click here
An experiment by a cybersecurity research center shows attackers are trying to find Juniper firewalls that haven't been patched to remove unauthorized spying code.The SANS Internet Storm Center set up a honeypot -- a term for a computer designed to lure attackers in order to study their techniques -- that mimicked a vulnerable Juniper firewall.The honeypot was configured so that it appeared to run ScreenOS, the operating system of the affected Juniper firewalls, wrote Johannes Ullrich, CTO of the Internet Storm Center, on Monday in a blog post.To read this article in full or to leave a comment, please click here
Cisco Systems has launched an internal code review following Juniper's disclosure last week of unauthorized spying code found in its enterprise firewall products.So far, "we have no indication of unauthorized code in our products," wrote Anthony Grieco, senior director of Cisco's Security and Trust Organization, in a blog post Monday.The code review was initiated by Cisco and not the result of contact by law enforcement, Grieco wrote.Juniper said on Thursday an internal audit uncovered code that could allow secret remote access and also compromise encrypted VPN connections. The code was found in some versions of an operating system called ScreenOS that powers firewall devices.To read this article in full or to leave a comment, please click here
The discovery of spying code nestled deeply in Juniper's networking equipment, the latest example of a major IT vendor caught up in an damaging cyberattack, raises many questions.Juniper said Thursday that one of its firewall operating systems had been modified to allow secret access, posing a huge threat to companies and organizations using the equipment.Security experts wondered how the modifications could have been made years ago to some of Juniper's most sensitive source code without it knowing until recently. Companies try to vigorously protect their source code, which is an IT company's core intellectual property.But the fact that Juniper's Chief Information Officer, Bob Worrell, came forward with the findings has been met with praise, although there is hope the company will soon provide greater detail.To read this article in full or to leave a comment, please click here
Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering.
The affected products are those running ScreenOS, one of Juniper's operating systems that runs on a range of appliances that act as firewalls and enable VPNs. ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable, according to an advisory.
The unauthorized code was found during a recent internal review, wrote Bob Worrall, Juniper's chief information officer. He did not indicate where Juniper thinks the code originated.To read this article in full or to leave a comment, please click here
Three men have been charged over a hacking scheme that allegedly collected tens of millions of personal records for use in spam campaigns.U.S. prosecutors say the trio broke into the networks of three companies and improperly accessed the network of a fourth one where one of the men was employed.Their primary goals revolved around obtaining email addresses for consumers in order to advertise insurance companies or online sites that sold narcotics without prescriptions, according to a news release.They also used used the email systems of some hacked companies to send spam in an attempt to avoid antispam security filters.To read this article in full or to leave a comment, please click here
Google researchers found a software flaw in several models of FireEye's security appliances that they say could give a cyberattacker full access to a company's network.It's not unheard of to find security flaws in security software, but the latest discovery highlights once again how no technology is immune to such problems.FireEye issued a statement on Tuesday saying it had issued a patch for the flaw, which affects its NX, EX, FX and AX Series appliances. The appliances passively monitor network traffic and pluck out suspicious files for study away from the live network.To read this article in full or to leave a comment, please click here
The open-source project behind the widely used Joomla content management system has issued a patch for a vulnerability that is now being widely used by hackers.Sucuri, a company that specializes in securing websites, wrote on Monday that attackers have been trying exploit the flaw for the last two days.As of Monday, Sucuri said "the wave of attacks is even bigger, with basically every site and honeypot we have being attacked. That means that probably every other Joomla site out there is being targeted as well."The vulnerability, which affects Joomla versions 1.5 to 3.4.5, involves the user agent string, which is information transmitted by a browser to a Web server when a user visits a Web page.To read this article in full or to leave a comment, please click here
A former Electronic Frontier Foundation executive director will lead the Tor Project, the widely used anonymity tool that frequently comes up in debates over encryption and privacy.
Shari Steele was selected in part for her experience in growing non-profits and "will be especially valuable as we continue our campaign to diversify our funding sources," wrote Roger Dingledine, Tor's interim executive director, in a blog post.
Steele spent 20 years at the EFF, starting as a staff attorney, then legal director and eventually executive director.To read this article in full or to leave a comment, please click here
Several companies have moved quickly to add encryption to their mobile apps after it was discovered they failied to encrypt payment card information in transit, putting users at risk.
The apps were not using SSL/TLS (Secure Sockets Layer/Transport Layer Security), an encryption protocol that scrambles data as it's sent across the Internet, according to Wandera, a cloud and mobile security vendor.
"With so many breaches and costly data loss incidents in the news, it's hard to believe that any business would fail to take such a basic precaution as to encrypt sensitive traffic as it's transmitted to or from a website," said Michael J. Covington, senior product manager, in a video posted Wednesday.To read this article in full or to leave a comment, please click here
Jeremy Kirk