Lucian Constantin

Author Archives: Lucian Constantin

Adobe patches critical flaws in Flash Player, Reader and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.The Flash Player update fixes 13 vulnerabilities, 12 that can lead to remote code execution and one that allows attackers to bypass a security restriction and disclose information. Adobe is not aware of any exploit for these flaws existing in the wild.Users are advised to upgrade to Flash Player version 24.0.0.194 on Windows, Mac and Linux. The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer will be automatically upgraded through those browsers' respective update mechanisms.To read this article in full or to leave a comment, please click here

Microsoft releases one of its smallest monthly security patch bundles

Microsoft has released its first batch of patches for this year, and it's one of the smallest ever for the company, with only three vulnerabilities fixed across its entire product portfolio.The patches are covered in four security bulletins, but one is dedicated to Flash Player, for which Microsoft distributed patches through Windows update.The only security bulletin rated as critical is the one for Microsoft Office and Office Services and Web Apps. It covers a memory corruption vulnerability that can be exploited by tricking users to open specially crafted files and can lead to remote code execution.To read this article in full or to leave a comment, please click here

Microsoft releases one of its smallest monthly security patch bundles

Microsoft has released its first batch of patches for this year, and it's one of the smallest ever for the company, with only three vulnerabilities fixed across its entire product portfolio.The patches are covered in four security bulletins, but one is dedicated to Flash Player, for which Microsoft distributed patches through Windows update.The only security bulletin rated as critical is the one for Microsoft Office and Office Services and Web Apps. It covers a memory corruption vulnerability that can be exploited by tricking users to open specially crafted files and can lead to remote code execution.To read this article in full or to leave a comment, please click here

Disk-wiping malware Shamoon targets virtual desktop infrastructure

A cybersabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has returned and is able to target server-hosted virtual desktops.The malware, known as Shamoon or Disttrack, is part of a family of destructive programs known as disk wipers. Similar tools were used in 2014 against Sony Pictures Entertainment in the U.S. and in 2013 against several banks and broadcasting organizations in South Korea.Shamoon was first observed during the 2012 cyberattack against Saudi Aramco. It spreads to other computers on a local network by using stolen credentials and activates its disk-wiping functionality on a preconfigured date.To read this article in full or to leave a comment, please click here

Disk-wiping malware Shamoon targets virtual desktop infrastructure

A cybersabotage program that wiped data from 30,000 computers at Saudi Arabia's national oil company in 2012 has returned and is able to target server-hosted virtual desktops.The malware, known as Shamoon or Disttrack, is part of a family of destructive programs known as disk wipers. Similar tools were used in 2014 against Sony Pictures Entertainment in the U.S. and in 2013 against several banks and broadcasting organizations in South Korea.Shamoon was first observed during the 2012 cyberattack against Saudi Aramco. It spreads to other computers on a local network by using stolen credentials and activates its disk-wiping functionality on a preconfigured date.To read this article in full or to leave a comment, please click here

This tool can help weed out hard-coded keys from software projects

A security researcher has developed a tool that can automatically detect sensitive access keys that have been hard-coded inside software projects.The Truffle Hog tool was created by U.S.-based researcher Dylan Ayrey and is written in Python. It searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and which have a high entropy. A high Shannon entropy, named after American mathematician Claude E. Shannon, would suggest a level of randomness that makes it a candidate for a cryptographic secret, like an access token.Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. Unfortunately this practice is very common.To read this article in full or to leave a comment, please click here

This tool can help weed out hard-coded keys from software projects

A security researcher has developed a tool that can automatically detect sensitive access keys that have been hard-coded inside software projects.The Truffle Hog tool was created by U.S.-based researcher Dylan Ayrey and is written in Python. It searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and which have a high entropy. A high Shannon entropy, named after American mathematician Claude E. Shannon, would suggest a level of randomness that makes it a candidate for a cryptographic secret, like an access token.Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. Unfortunately this practice is very common.To read this article in full or to leave a comment, please click here

More than 10,000 exposed MongoDB databases deleted by ransomware groups

Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.To read this article in full or to leave a comment, please click here

More than 10,000 exposed MongoDB databases deleted by ransomware groups

Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.To read this article in full or to leave a comment, please click here

KillDisk cyber sabotage tool evolves into ransomware

A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations, cutting power for thousands of people. A month before that, it was used against a major news agency in Ukraine.Since then, KillDisk has been used in other attacks, most recently against several targets from the shipping sector, according to security researchers from antivirus vendor ESET.However, the latest versions have evolved and now act like ransomware. Instead of wiping the data from the disk, the malware encrypts it and displays a message asking for 222 bitcoins to restore them. That's the equivalent of $216,000, an unusually large sum of money for a ransomware attack.To read this article in full or to leave a comment, please click here

KillDisk cyber sabotage tool evolves into ransomware

A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations, cutting power for thousands of people. A month before that, it was used against a major news agency in Ukraine.Since then, KillDisk has been used in other attacks, most recently against several targets from the shipping sector, according to security researchers from antivirus vendor ESET.However, the latest versions have evolved and now act like ransomware. Instead of wiping the data from the disk, the malware encrypts it and displays a message asking for 222 bitcoins to restore them. That's the equivalent of $216,000, an unusually large sum of money for a ransomware attack.To read this article in full or to leave a comment, please click here

Plone dismisses claim that flaw in its CMS was used to hack FBI

The security team behind Plone, a content management system that powers many enterprise websites, has dismissed claims that hackers have access to information about an unpatched critical vulnerability.The dismissal comes after a hacker who uses the online alias CyberZeist published a list of log-in credentials and hashed passwords that he claimed were obtained by hacking into the FBI.gov website by using a Plone zero-day exploit.CyberZeist, who claims to act in the name of the Anonymous hacktivist movement, said in a post on Pastebin Monday that he didn't find the Plone vulnerability himself, but he was asked to test it out by the person who did.To read this article in full or to leave a comment, please click here

Plone dismisses claim that flaw in its CMS was used to hack FBI

The security team behind Plone, a content management system that powers many enterprise websites, has dismissed claims that hackers have access to information about an unpatched critical vulnerability.The dismissal comes after a hacker who uses the online alias CyberZeist published a list of log-in credentials and hashed passwords that he claimed were obtained by hacking into the FBI.gov website by using a Plone zero-day exploit.CyberZeist, who claims to act in the name of the Anonymous hacktivist movement, said in a post on Pastebin Monday that he didn't find the Plone vulnerability himself, but he was asked to test it out by the person who did.To read this article in full or to leave a comment, please click here

HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks

Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.To read this article in full or to leave a comment, please click here

HTTPS scanning in Kaspersky antivirus exposed users to MITM attacks

Security vendor Kaspersky Lab has updated its antivirus products to fix an issue that exposed users to traffic interception attacks.The problem was found by Google vulnerability researcher Tavis Ormandy in the SSL/TLS traffic inspection feature that Kaspersky Anti-Virus uses to detect potential threats hidden inside encrypted connections.Like other endpoint security products, Kaspersky Anti-Virus installs a self-signed root CA certificate on computers and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers.To read this article in full or to leave a comment, please click here

Ransomware on smart TVs is here and removing it can be a pain

It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult. Ransomware for Android phones has already been around for several years and security experts have warned in the past that it's only a matter of time until such malicious programs start affecting smart TVs, especially since some of them also run Android. In November 2015, a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat. While that infection was just a demonstration, this Christmas, the owner of an LG Electronics TV experienced the real deal.To read this article in full or to leave a comment, please click here

Ransomware on smart TVs is here and removing it can be a pain

It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult. Ransomware for Android phones has already been around for several years and security experts have warned in the past that it's only a matter of time until such malicious programs start affecting smart TVs, especially since some of them also run Android. In November 2015, a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat. While that infection was just a demonstration, this Christmas, the owner of an LG Electronics TV experienced the real deal.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

New year’s resolution for IoT vendors: Start treating LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn't require any authentication.In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.To read this article in full or to leave a comment, please click here

1 12 13 14 15 16 58