The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people's reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem.
Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.To read this article in full or to leave a comment, please click here
The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people's reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem.
Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.To read this article in full or to leave a comment, please click here
A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.To read this article in full or to leave a comment, please click here
A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.The flaw was found by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was released Saturday. However, it turns out that the patch was incomplete and can be bypassed.To read this article in full or to leave a comment, please click here
Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.To read this article in full or to leave a comment, please click here
Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.The company had previously announced at its Worldwide Developers’ Conference in June that all apps submitted to the App Store will need support the App Transport Security (ATS) feature starting January 1st, 2017. It has not yet set a new deadline.ATS is a feature first introduced in iOS 9 that forces apps to communicate with internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections. It's an improvement over the third-party frameworks that developers previously used to implement HTTPS because it ensures that only industry-standard encryption protocols and ciphers are used.To read this article in full or to leave a comment, please click here
The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) earlier this year has also infiltrated the Ukrainian military through a trojanized Android application used by its artillery units.The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent that has variants for Windows, Android, and iOS.Fancy Bear has been responsible for many cyberespionage operations around the world over the years, and its selection of targets has frequently reflected Russia's geopolitical interests. Researchers from security firm CrowdStrike believe the group is likely tied to the Russian Military Intelligence Service (GRU).To read this article in full or to leave a comment, please click here
Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts.Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.Open Whisper Systems, the company that develops Signal -- a free, open-source app -- faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple's FaceTime and other voice-over-IP apps were also being blocked.To read this article in full or to leave a comment, please click here
Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts.Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.Open Whisper Systems, the company that develops Signal -- a free, open-source app -- faced this problem recently when access to its service started being censored in Egypt and the United Arab Emirates. Some users reported that VPNs, Apple's FaceTime and other voice-over-IP apps were also being blocked.To read this article in full or to leave a comment, please click here
VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.To read this article in full or to leave a comment, please click here
Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.The company's Project Wycheproof, which was released on GitHub, contains more than 80 test cases for widely used cryptographic algorithms, including RSA, AES-GCM, AES-EAX, Diffie-Hellman, Elliptic Curve Diffie-Hellman (ECDH), and the digital signature algorithm (DSA).Google's researchers have developed these tests by implementing some of the most common cryptographic attacks. So far, the tests have helped them uncover more than 40 security bugs in cryptographic libraries, and they have been reported to affected vendors.To read this article in full or to leave a comment, please click here
On Feb. 5, employees at Hollywood Presbyterian Medical Center in Los Angeles, California, started having network access problems that prevented electronic communications. Over the next few days, they learned that the hospital was the victim of a ransomware attack that encrypted files on multiple computers.After several days during which staff had to resort to pen and paper for some record keeping, the hospital decided to pay the $17,000 ransom -- the equivalent of 40 bitcoins that the attackers had requested. It was deemed to be the fastest way to restore the affected files and systems.This was to be the first in a string of ransomware attacks that affected multiple healthcare organizations in the U.S. over the following months, including the Chino Valley Medical Center, the Desert Valley Hospital and Methodist Hospital in Henderson, Kentucky.To read this article in full or to leave a comment, please click here
On Feb. 5, employees at Hollywood Presbyterian Medical Center in Los Angeles, California, started having network access problems that prevented electronic communications. Over the next few days, they learned that the hospital was the victim of a ransomware attack that encrypted files on multiple computers.After several days during which staff had to resort to pen and paper for some record keeping, the hospital decided to pay the $17,000 ransom -- the equivalent of 40 bitcoins that the attackers had requested. It was deemed to be the fastest way to restore the affected files and systems.This was to be the first in a string of ransomware attacks that affected multiple healthcare organizations in the U.S. over the following months, including the Chino Valley Medical Center, the Desert Valley Hospital and Methodist Hospital in Henderson, Kentucky.To read this article in full or to leave a comment, please click here
Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time.One such trojan is called Faketoken and its primary functionality is to generate fake login screens for more than 2,000 financial applications in order to steal login credentials. The malicious app also displays phishing pages to steal credit card information, and it can read and send text messages.Faketoken's creators have added the ability to encrypt user files stored on the phone's SD card sometime in July and have since released thousands of builds with this functionality, according to researchers from Kaspersky Lab.To read this article in full or to leave a comment, please click here
Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time.One such trojan is called Faketoken and its primary functionality is to generate fake login screens for more than 2,000 financial applications in order to steal login credentials. The malicious app also displays phishing pages to steal credit card information, and it can read and send text messages.Faketoken's creators have added the ability to encrypt user files stored on the phone's SD card sometime in July and have since released thousands of builds with this functionality, according to researchers from Kaspersky Lab.To read this article in full or to leave a comment, please click here
Without the macOS update released this week, Apple's disk encryption can be easily defeated by connecting a specially crafted device to a locked Macbook.The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature. The DMA mechanism is typically used by disk drive controllers, graphics cards, network cards, and sound cards because accessing the memory through the CPU would otherwise keep the processor busy and unavailable for other tasks.Apple's macOS has DMA protections, but they only kick in when the OS is running. However, the EFI (Extensible Firmware Interface) -- the modern BIOS -- initializes Thunderbolt devices at an early stage in the boot process and this enables them to use DMA before the OS is started, security researcher Ulf Frisk said in a blog post.To read this article in full or to leave a comment, please click here
Without the macOS update released this week, Apple's disk encryption can be easily defeated by connecting a specially crafted device to a locked Macbook.The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature. The DMA mechanism is typically used by disk drive controllers, graphics cards, network cards, and sound cards because accessing the memory through the CPU would otherwise keep the processor busy and unavailable for other tasks.Apple's macOS has DMA protections, but they only kick in when the OS is running. However, the EFI (Extensible Firmware Interface) -- the modern BIOS -- initializes Thunderbolt devices at an early stage in the boot process and this enables them to use DMA before the OS is started, security researcher Ulf Frisk said in a blog post.To read this article in full or to leave a comment, please click here
The No More Ransom project, a coalition of law enforcement and security companies, has expanded with 30 new members and added 32 new decryption tools for various ransomware variants.The project, which consists of a website dedicated to fighting ransomware, was originally launched by Europol’s European Cybercrime Centre in partnership with the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab, and Intel Security.The website has a tool that allows users to determine which type of ransomware has affected their files but also contains general information about ransomware, prevention advice, and instruction on reporting incidents to law enforcement.To read this article in full or to leave a comment, please click here
The No More Ransom project, a coalition of law enforcement and security companies, has expanded with 30 new members and added 32 new decryption tools for various ransomware variants.The project, which consists of a website dedicated to fighting ransomware, was originally launched by Europol’s European Cybercrime Centre in partnership with the National High Tech Crime Unit of the Netherlands police, Kaspersky Lab, and Intel Security.The website has a tool that allows users to determine which type of ransomware has affected their files but also contains general information about ransomware, prevention advice, and instruction on reporting incidents to law enforcement.To read this article in full or to leave a comment, please click here
Internet giant Yahoo announced a massive data breach Wednesday that affected over one billion accounts, making it by far the largest data breach in history. This follows the disclosure in September of a different breach that affected more than 500 million of the company's customers.What stands out with this new security compromise is that it occurred over three years ago, in August 2013, and that hackers walked away with password hashes that can be easily cracked.To read this article in full or to leave a comment, please click here
Lucian Constantin