Lucian Constantin
Author Archives: Lucian Constantin
- Home → Author's archive:
Lucian Constantin
0
New macOS ransomware spotted in the wild
A new file-encrypting ransomware program for macOS is being distributed through bittorrent websites and users who fall victim to it won't be able to recover their files, even if they pay.Crypto ransomware programs for macOS are rare. This is the second such threat found in the wild so far, and it's a poorly designed one. The program was named OSX/Filecoder.E by the malware researchers from antivirus vendor ESET who found it.OSX/Filecoder.E masquerades as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac and is being distributed as a bittorrent download. It is written in Apple's Swift programming language by what appears to be an inexperienced developer, judging from the many mistakes made in its implementation.To read this article in full or to leave a comment, please click here
0
Microsoft pushes out critical Flash Player patches with one week delay
After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here
0
Microsoft pushes out critical Flash Player patches with one week delay
After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.This month's Flash Player patches were released by Adobe on February 14 and address 13 vulnerabilities that could lead to remote code execution. Typically Adobe releases patches on the same day as Microsoft, a day known in the industry as Patch Tuesday. This month, though, Microsoft postponed its updates at the last minute due to an unspecified issue that, it said, could have affected customers.To read this article in full or to leave a comment, please click here
0
Java and Python FTP attacks can punch holes through firewalls
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.To read this article in full or to leave a comment, please click here
0
Java and Python FTP attacks can punch holes through firewalls
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.To read this article in full or to leave a comment, please click here
0
Hackers behind bank attack campaign use Russian as decoy
The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.Researchers from cybersecurity firm BAE Systems have recently obtained and analyzed additional malware samples related to an attack campaign that has targeted 104 organizations -- most of them banks -- from 31 different countries.They found multiple commands and strings in the malware that appear to have been translated into Russian using online tools, the results making little sense to a native Russian speaker.To read this article in full or to leave a comment, please click here
0
Hackers behind bank attack campaign use Russian as decoy
The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.Researchers from cybersecurity firm BAE Systems have recently obtained and analyzed additional malware samples related to an attack campaign that has targeted 104 organizations -- most of them banks -- from 31 different countries.They found multiple commands and strings in the malware that appear to have been translated into Russian using online tools, the results making little sense to a native Russian speaker.To read this article in full or to leave a comment, please click here
0
Insecure Android apps put connected cars at risk
Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could prevent tampering by hackers.Researchers from antivirus vendor Kaspersky Lab took seven of the most popular Android apps that accompany connected cars from various manufacturers and analyzed them from the perspective of a compromised Android device. The apps and manufacturers have not been named.The researchers looked at whether such apps use any of the available countermeasures that would make it hard for attackers to hijack them when the devices they're installed on are infected with malware. Other types of applications, such as banking apps, have such protections.To read this article in full or to leave a comment, please click here
0
Insecure Android apps put connected cars at risk
Android applications that allow millions of car owners to remotely locate and unlock their vehicles are missing security features that could prevent tampering by hackers.Researchers from antivirus vendor Kaspersky Lab took seven of the most popular Android apps that accompany connected cars from various manufacturers and analyzed them from the perspective of a compromised Android device. The apps and manufacturers have not been named.The researchers looked at whether such apps use any of the available countermeasures that would make it hard for attackers to hijack them when the devices they're installed on are infected with malware. Other types of applications, such as banking apps, have such protections.To read this article in full or to leave a comment, please click here
0
Israeli soldiers hit in cyberespionage campaign using Android malware
More than 100 members of the Israel Defense Forces (IDF), the majority of them stationed around the Gaza strip, fell victim to a cyberespionage attack that used malicious Android applications to steal information from their mobile devices.The attack campaign started in July and continues to date, according to researchers from antivirus firm Kaspersky Lab, who cooperated in the investigation with the IDF Information Security Department.The Israeli soldiers were lured via Facebook Messenger and other social networks by hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The victims were tricked into installing a malicious Android application, which then scanned the phone and downloaded another malicious app that masqueraded as an update for one of the already installed applications.To read this article in full or to leave a comment, please click here
0
Israeli soldiers hit in cyberespionage campaign using Android malware
More than 100 members of the Israel Defense Forces (IDF), the majority of them stationed around the Gaza strip, fell victim to a cyberespionage attack that used malicious Android applications to steal information from their mobile devices.The attack campaign started in July and continues to date, according to researchers from antivirus firm Kaspersky Lab, who cooperated in the investigation with the IDF Information Security Department.The Israeli soldiers were lured via Facebook Messenger and other social networks by hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The victims were tricked into installing a malicious Android application, which then scanned the phone and downloaded another malicious app that masqueraded as an update for one of the already installed applications.To read this article in full or to leave a comment, please click here
0
Microsoft’s monthlong delay of patches may pose risks
Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with."I was surprised to learn that Microsoft wants to postpone by a full month," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. "Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion."Microsoft took everyone by surprise on Tuesday when it announced that this month's patches had to be delayed because of a "last minute issue" that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wrench in some systems administrators' patch deployment plans.To read this article in full or to leave a comment, please click here
0
Microsoft’s monthlong delay of patches may pose risks
Microsoft has decided to bundle its February patches together with those scheduled for March, a move that at least some security experts disagree with."I was surprised to learn that Microsoft wants to postpone by a full month," said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. "Even without knowing all the details, I find such a decision very hard to justify. They are aware of vulnerabilities in their products and have developed fixes; those should always be made available to customers in a timely fashion."Microsoft took everyone by surprise on Tuesday when it announced that this month's patches had to be delayed because of a "last minute issue" that could have had an impact on customers. The company did not initially specify for how long the patches will be postponed, which likely threw a wrench in some systems administrators' patch deployment plans.To read this article in full or to leave a comment, please click here
0
JavaScript-based ASLR bypass attack simplifies browser exploits
Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.To read this article in full or to leave a comment, please click here
0
JavaScript-based ASLR bypass attack simplifies browser exploits
Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn't rely on a software bug, fixing the problem is not easy.Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.To read this article in full or to leave a comment, please click here
0
Russian cyberspies blamed for US election hacks are now targeting Macs
Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.To read this article in full or to leave a comment, please click here
0
Russian cyberspies blamed for US election hacks are now targeting Macs
Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. Democratic National Committee last year.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.To read this article in full or to leave a comment, please click here
0
Forget the network perimeter, say security vendors
What if all your company’s computers and applications were connected directly to the Internet? That was the assumption behind BeyondCorp, a new model for network security that Google proposed back in 2014, and it’s one that’s starting to get some attention from networking and security vendors.Enterprises have moved beyond the traditional workspace in recent years, allowing employees to work remotely by using their personal devices and accessing apps in private or public clouds. To bring roaming workers back into the fold, under the security blanket of their local networks, companies rely on VPNs and endpoint software to enforce network access controls.To read this article in full or to leave a comment, please click here
0
Forget the network perimeter, say security vendors
What if all your company’s computers and applications were connected directly to the Internet? That was the assumption behind BeyondCorp, a new model for network security that Google proposed back in 2014, and it’s one that’s starting to get some attention from networking and security vendors.Enterprises have moved beyond the traditional workspace in recent years, allowing employees to work remotely by using their personal devices and accessing apps in private or public clouds. To bring roaming workers back into the fold, under the security blanket of their local networks, companies rely on VPNs and endpoint software to enforce network access controls.To read this article in full or to leave a comment, please click here
0
Forget the network perimeter, say security vendors
What if all your company’s computers and applications were connected directly to the Internet? That was the assumption behind BeyondCorp, a new model for network security that Google proposed back in 2014, and it’s one that’s starting to get some attention from networking and security vendors.Enterprises have moved beyond the traditional workspace in recent years, allowing employees to work remotely by using their personal devices and accessing apps in private or public clouds. To bring roaming workers back into the fold, under the security blanket of their local networks, companies rely on VPNs and endpoint software to enforce network access controls.To read this article in full or to leave a comment, please click here