Oracle has released another large batch of patches, fixing many critical vulnerabilities in enterprise products that are used to store and work with critical business data.About 40 percent of the patched flaws are located in Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server. Many of these flaws can be exploited remotely without authentication to compromise the affected components.In total, Oracle's October Critical Patch Update (CPU) contains 253 security fixes across hundreds of products including database servers, networking components, operating systems, application servers and ERP systems.To read this article in full or to leave a comment, please click here
Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.To read this article in full or to leave a comment, please click here
Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.To read this article in full or to leave a comment, please click here
A new security audit has found critical vulnerabilities in VeraCrypt, an open-source, full-disk encryption program that's the direct successor of the widely popular, but now defunct, TrueCrypt.Users are encouraged to upgrade to VeraCrypt 1.19, which was released Monday and includes patches for most of the flaws. Some issues remain unpatched because fixing them requires complex changes to the code and in some cases would break backward compatibility with TrueCrypt.However, the impact of most of those issues can be avoided by following the safe practices mentioned in the VeraCrypt user documentation when setting up encrypted containers and using the software.To read this article in full or to leave a comment, please click here
A new security audit has found critical vulnerabilities in VeraCrypt, an open-source, full-disk encryption program that's the direct successor of the widely popular, but now defunct, TrueCrypt.Users are encouraged to upgrade to VeraCrypt 1.19, which was released Monday and includes patches for most of the flaws. Some issues remain unpatched because fixing them requires complex changes to the code and in some cases would break backward compatibility with TrueCrypt.However, the impact of most of those issues can be avoided by following the safe practices mentioned in the VeraCrypt user documentation when setting up encrypted containers and using the software.To read this article in full or to leave a comment, please click here
Cybercriminals have unleashed a new banking Trojan program on the internet and it bears striking similarities to Dyre, a malware threat believed to have been dead for almost a year.The new Trojan is called TrickBot and first appeared in September, targeting users of banks in Australia. After a closer analysis, researchers from Fidelis Cybersecurity believe that it is a rewrite of the Dyre Trojan that plagued online banking users for over a year until the gang behind it was dismantled by Russian authorities.While TrickBot is still a work in progress and doesn't have all of Dyre's features, there are enough similarities in their components to suggest that at the very least one served as inspiration for the other. At the same time, there are also significant differences in how some functions have been implemented in the new Trojan, which also has more C++ code than its predecessor.To read this article in full or to leave a comment, please click here
Cybercriminals have unleashed a new banking Trojan program on the internet and it bears striking similarities to Dyre, a malware threat believed to have been dead for almost a year.The new Trojan is called TrickBot and first appeared in September, targeting users of banks in Australia. After a closer analysis, researchers from Fidelis Cybersecurity believe that it is a rewrite of the Dyre Trojan that plagued online banking users for over a year until the gang behind it was dismantled by Russian authorities.While TrickBot is still a work in progress and doesn't have all of Dyre's features, there are enough similarities in their components to suggest that at the very least one served as inspiration for the other. At the same time, there are also significant differences in how some functions have been implemented in the new Trojan, which also has more C++ code than its predecessor.To read this article in full or to leave a comment, please click here
Users around the world have had trouble accessing some HTTPS websites due to an error at GlobalSign, one of the world's largest certificate authorities.As part of a planned exercise, GlobalSign revoked one of its cross-certificates that allowed end-user certificates to chain to alternate root certificates. GlobalSign operates multiple roots, which are trusted in browsers and operating systems by default, and links them together through these cross-certificates.The revocation of such a certificate was interpreted by some browsers and systems also as a revocation of the intermediate certificates that chained back to it. This was not really the case or the company's intention.To read this article in full or to leave a comment, please click here
Users around the world have had trouble accessing some HTTPS websites due to an error at GlobalSign, one of the world's largest certificate authorities.As part of a planned exercise, GlobalSign revoked one of its cross-certificates that allowed end-user certificates to chain to alternate root certificates. GlobalSign operates multiple roots, which are trusted in browsers and operating systems by default, and links them together through these cross-certificates.The revocation of such a certificate was interpreted by some browsers and systems also as a revocation of the intermediate certificates that chained back to it. This was not really the case or the company's intention.To read this article in full or to leave a comment, please click here
Almost 6,000 online shops have been compromised by hackers who added specially crafted code that intercepts and steals payment card details.These online skimming attacks were first discovered by Dutch researcher Willem de Groot a year ago. At that time, he found 3,501 stores containing the malicious JavaScript code. However, instead of getting better, the situation is increasingly worse.By March the number of infected shops grew by almost 30 percent to 4,476, and by September, it reached 5,925. More than 750 online stores who were unwillingly skimming payment card details for attackers in 2015 are still doing so today, showing that this type of activity can go undetected for months, the researcher said in a blog post.To read this article in full or to leave a comment, please click here
Almost 6,000 online shops have been compromised by hackers who added specially crafted code that intercepts and steals payment card details.These online skimming attacks were first discovered by Dutch researcher Willem de Groot a year ago. At that time, he found 3,501 stores containing the malicious JavaScript code. However, instead of getting better, the situation is increasingly worse.By March the number of infected shops grew by almost 30 percent to 4,476, and by September, it reached 5,925. More than 750 online stores who were unwillingly skimming payment card details for attackers in 2015 are still doing so today, showing that this type of activity can go undetected for months, the researcher said in a blog post.To read this article in full or to leave a comment, please click here
Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here
Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here
Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.To read this article in full or to leave a comment, please click here
Researchers warn that many 1024-bit keys used to secure communications on the internet today might be based on prime numbers that have been intentionally backdoored in an undetectable way.Many public-key cryptography algorithms that are used to secure web, email, VPN, SSH and other types of connections on the internet derive their strength from the mathematical complexity of discrete logarithms -- computing discrete logarithms for groups of large prime numbers cannot be efficiently done using classical methods. This is what makes cracking strong encryption computationally impractical.Most key-generation algorithms rely on prime parameters whose generation is supposed to be verifiably random. However, many parameters have been standardized and are being used in popular crypto algorithms like Diffie-Hellman and DSA without the seeds that were used to generate them ever being published. That makes it impossible to tell whether, for example, the primes were intentionally "backdoored" -- selected to simplify the computation that would normally be required to crack the encryption.To read this article in full or to leave a comment, please click here
Researchers warn that many 1024-bit keys used to secure communications on the internet today might be based on prime numbers that have been intentionally backdoored in an undetectable way.Many public-key cryptography algorithms that are used to secure web, email, VPN, SSH and other types of connections on the internet derive their strength from the mathematical complexity of discrete logarithms -- computing discrete logarithms for groups of large prime numbers cannot be efficiently done using classical methods. This is what makes cracking strong encryption computationally impractical.Most key-generation algorithms rely on prime parameters whose generation is supposed to be verifiably random. However, many parameters have been standardized and are being used in popular crypto algorithms like Diffie-Hellman and DSA without the seeds that were used to generate them ever being published. That makes it impossible to tell whether, for example, the primes were intentionally "backdoored" -- selected to simplify the computation that would normally be required to crack the encryption.To read this article in full or to leave a comment, please click here
The top management of StartCom and WoSign will be replaced and the two certificate authorities will undergo audits after browser vendors discovered that they mis-issued many digital certificates, violating industry rules.
The investigation launched by Mozilla led to the discovery of 13 instances where China-based WoSign and its subsidiary StartCom issued certificates with various types of problems. Evidence was also found that both CAs issued certificates signed with the SHA-1 algorithm after Jan. 1 in violation of industry rules and intentionally backdated them to avoid being caught.
As a result, Mozilla said that it has lost faith in the ability of WoSign and StartCom to correctly carry out the functions of a CA and announced that it will stop trusting new certificates from the two companies. Apple followed suit and announced its own ban for future WoSign and StartCom certificates last week.To read this article in full or to leave a comment, please click here
The top management of StartCom and WoSign will be replaced and the two certificate authorities will undergo audits after browser vendors discovered that they mis-issued many digital certificates, violating industry rules.
The investigation launched by Mozilla led to the discovery of 13 instances where China-based WoSign and its subsidiary StartCom issued certificates with various types of problems. Evidence was also found that both CAs issued certificates signed with the SHA-1 algorithm after Jan. 1 in violation of industry rules and intentionally backdated them to avoid being caught.
As a result, Mozilla said that it has lost faith in the ability of WoSign and StartCom to correctly carry out the functions of a CA and announced that it will stop trusting new certificates from the two companies. Apple followed suit and announced its own ban for future WoSign and StartCom certificates last week.To read this article in full or to leave a comment, please click here
In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.The goal for ransomware programs is to affect as many valuable files as possible in order to increase the chance that affected users will pay to have them restored. For consumers these files are things like personal photos, videos, documents and even game saves, but for businesses, its usually data stored in databases.The problem for hackers is that write access to database files can be blocked by the OS if they're already being used by other processes, which prevents the ransomware program from encrypting them.To read this article in full or to leave a comment, please click here
In order to encrypt some of the most important data stored on computers and servers, the Cerber ransomware now tries to kill processes associated with database servers.The goal for ransomware programs is to affect as many valuable files as possible in order to increase the chance that affected users will pay to have them restored. For consumers these files are things like personal photos, videos, documents and even game saves, but for businesses, its usually data stored in databases.The problem for hackers is that write access to database files can be blocked by the OS if they're already being used by other processes, which prevents the ransomware program from encrypting them.To read this article in full or to leave a comment, please click here