Lucian Constantin
Author Archives: Lucian Constantin
- Home → Author's archive:
Lucian Constantin
0
MySQL zero-day exploit puts some servers at risk of hacking
A publicly disclosed vulnerability in the MySQL database could allow attackers to completely compromise some servers.The vulnerability affects "all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions," as well as the MySQL-derived databases MariaDB and Percona DB, according to Dawid Golunski, the researcher who found it.The flaw, tracked as CVE-2016-6662, can be exploited to modify the MySQL configuration file (my.cnf) and cause an attacker-controlled library to be executed with root privileges if the MySQL process is started with the mysqld_safe wrapper script.The exploit can be executed if the attacker has an authenticated connection to the MySQL service, which is common in shared hosting environments, or through an SQL injection flaw, a common type of vulnerability in websites.To read this article in full or to leave a comment, please click here
0
Thousands of Seagate NAS boxes host cryptocurrency mining malware
Thousands of publicly accessible FTP servers, including many from Seagate network-attached storage devices, are being used by criminals to host cryptocurrency mining malware.Researchers from security vendor Sophos made the discovery when they investigated a malicious program dubbed Mal/Miner-C, which infects Windows computers and hijacks their CPUs and GPUs to generate Monero, a bitcoin-inspired cryptocurrency.With most cryptocurrencies, users can generate new units by devoting their computing resources to solving complex math problems needed to validate transactions in the network. This process, known as "mining," provides an incentive for attackers to hijack other people's computers and use them for their own gain.To read this article in full or to leave a comment, please click here
0
Thousands of Seagate NAS boxes host cryptocurrency mining malware
Thousands of publicly accessible FTP servers, including many from Seagate network-attached storage devices, are being used by criminals to host cryptocurrency mining malware.Researchers from security vendor Sophos made the discovery when they investigated a malicious program dubbed Mal/Miner-C, which infects Windows computers and hijacks their CPUs and GPUs to generate Monero, a bitcoin-inspired cryptocurrency.With most cryptocurrencies, users can generate new units by devoting their computing resources to solving complex math problems needed to validate transactions in the network. This process, known as "mining," provides an incentive for attackers to hijack other people's computers and use them for their own gain.To read this article in full or to leave a comment, please click here
0
Xen Project patches serious virtual machine escape flaws
The Xen Project has fixed four vulnerabilities in its widely used virtualization software, two of which could allow malicious virtual machine administrators to take over host servers.Flaws that break the isolation layer between virtual machines are the most serious kind for a hypervisor like Xen, which allows users to run multiple VMs on the same underlying hardware in a secure manner.The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies like Linode, which had to reboot some of its servers over the past few days to apply the new patches.To read this article in full or to leave a comment, please click here
0
Xen Project patches serious virtual machine escape flaws
The Xen Project has fixed four vulnerabilities in its widely used virtualization software, two of which could allow malicious virtual machine administrators to take over host servers.Flaws that break the isolation layer between virtual machines are the most serious kind for a hypervisor like Xen, which allows users to run multiple VMs on the same underlying hardware in a secure manner.The Xen hypervisor is widely used by cloud computing providers and virtual private server hosting companies like Linode, which had to reboot some of its servers over the past few days to apply the new patches.To read this article in full or to leave a comment, please click here
0
Google Chrome to start marking HTTP connections as insecure
To push more websites to implement encryption and to better protect users, Google will start flagging plain HTTP connections as insecure in its popular Chrome browser.The plan will go into effect in January with the release of Chrome 56 and will roll out in stages. Chrome 56 will display a "not secure" indicator before HTTP URLs in the browser's address bar, but only for those web pages that contain password or credit card form fields.Transmitting such sensitive information over HTTP is dangerous because the data can be intercepted by man-in-the-middle attackers on public wireless networks or via compromised routers, for example.In later Chrome releases, the HTTP warnings will be further expanded. First, HTTP pages will be labeled as "not secure" when accessed in the browser's privacy-oriented Incognito mode. Eventually, Chrome will show the warning for all HTTP pages and will switch the security indicator to the red triangle now used for broken HTTPS connections.To read this article in full or to leave a comment, please click here
0
Google Chrome to start marking HTTP connections as insecure
To push more websites to implement encryption and to better protect users, Google will start flagging plain HTTP connections as insecure in its popular Chrome browser.The plan will go into effect in January with the release of Chrome 56 and will roll out in stages. Chrome 56 will display a "not secure" indicator before HTTP URLs in the browser's address bar, but only for those web pages that contain password or credit card form fields.Transmitting such sensitive information over HTTP is dangerous because the data can be intercepted by man-in-the-middle attackers on public wireless networks or via compromised routers, for example.In later Chrome releases, the HTTP warnings will be further expanded. First, HTTP pages will be labeled as "not secure" when accessed in the browser's privacy-oriented Incognito mode. Eventually, Chrome will show the warning for all HTTP pages and will switch the security indicator to the red triangle now used for broken HTTPS connections.To read this article in full or to leave a comment, please click here
0
A USB device is all it takes to steal credentials from locked PCs
Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here
0
A USB device is all it takes to steal credentials from locked PCs
Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.For his attack, Fuller used a flash-drive-size computer called USB Armory that costs $155, but the same attack can be pulled off with cheaper devices, like the Hak5 LAN Turtle, which costs $50.To read this article in full or to leave a comment, please click here
0
Google Safe Browsing gives more details to compromised website owners
Google is now providing more information to website owners whose online properties are temporarily blocked as unsafe by its Safe Browsing technology as a way to help them fix the identified problems faster.Google Safe Browsing is a technology used by Google's search engine, the Google Chrome browser, Mozilla Firefox, Apple Safari, and Android to steer users away from websites that host malicious or deceptive content.On the back-end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads, or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications.To read this article in full or to leave a comment, please click here
0
Google Safe Browsing gives more details to compromised website owners
Google is now providing more information to website owners whose online properties are temporarily blocked as unsafe by its Safe Browsing technology as a way to help them fix the identified problems faster.Google Safe Browsing is a technology used by Google's search engine, the Google Chrome browser, Mozilla Firefox, Apple Safari, and Android to steer users away from websites that host malicious or deceptive content.On the back-end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads, or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications.To read this article in full or to leave a comment, please click here
0
Google’s 3-level Android patch could cause confusion
Google has released another large monthly batch of security patches for Android, this time fixing 55 vulnerabilities, eight of which are rated critical.The novelty of this release is that the fixes are split into three different "security patch levels" -- date strings that indicate to users how up-to-date their devices are. While this could make it easier for device manufacturers to integrate patches applicable to their devices, it could lead to confusion among regular users.Since August 2015 Google has released security updates for Android according to a monthly schedule. This was intended to add some predictability to Android patches and indeed, some device makers committed to monthly security updates as well.To read this article in full or to leave a comment, please click here
0
Google’s 3-level Android patch could cause confusion
Google has released another large monthly batch of security patches for Android, this time fixing 55 vulnerabilities, eight of which are rated critical.The novelty of this release is that the fixes are split into three different "security patch levels" -- date strings that indicate to users how up-to-date their devices are. While this could make it easier for device manufacturers to integrate patches applicable to their devices, it could lead to confusion among regular users.Since August 2015 Google has released security updates for Android according to a monthly schedule. This was intended to add some predictability to Android patches and indeed, some device makers committed to monthly security updates as well.To read this article in full or to leave a comment, please click here
0
Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86
Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.To read this article in full or to leave a comment, please click here
0
Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86
Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove.Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.To read this article in full or to leave a comment, please click here
0
Sophos false positive detection ruins weekend for some Windows users
A bad malware signature caused Sophos antivirus products to detect a critical Windows file as malicious on Sunday, preventing some users from accessing their computers.The false positive detection flagged winlogon.exe, an important component of the Windows Login subsystem, as a Trojan program called Troj/FarFli-CT. Because the file was blocked, some users who attempted to log into their computers were greeted by a black screen.Sophos issued an update to fix the problem within a few hours and said that the issue only affected a specific 32-bit version of Windows 7 SP1 and not Windows XP, Vista, 8 or 10."Based on current case volume and customer feedback, we believe the number of impacted systems to be minimal and confined to a small number of cases," the company said in a support article.To read this article in full or to leave a comment, please click here
0
Sophos false positive detection ruins weekend for some Windows users
A bad malware signature caused Sophos antivirus products to detect a critical Windows file as malicious on Sunday, preventing some users from accessing their computers.The false positive detection flagged winlogon.exe, an important component of the Windows Login subsystem, as a Trojan program called Troj/FarFli-CT. Because the file was blocked, some users who attempted to log into their computers were greeted by a black screen.Sophos issued an update to fix the problem within a few hours and said that the issue only affected a specific 32-bit version of Windows 7 SP1 and not Windows XP, Vista, 8 or 10."Based on current case volume and customer feedback, we believe the number of impacted systems to be minimal and confined to a small number of cases," the company said in a support article.To read this article in full or to leave a comment, please click here
0
Suspect arrested in 5-year-old kernel.org breach
Five years after a security breach forced the Linux Foundation to take kernel.org offline and to rebuild several of its servers, police have arrested a suspect in the case.Donald Ryan Austin, a 27-year-old computer programmer from El Portal, Florida, was arrested during a traffic stop on Aug. 28 based on a sealed indictment returned by a federal grand jury in the Northern District of California in June.Austin is charged with intentionally damaging four protected servers operated by the Linux Foundation and one of its members in 2011. More specifically, the programmer is accused to have installed rootkit and trojan software on the servers in order to steal the credentials of authorized users connecting to them via SSH (Secure Shell).To read this article in full or to leave a comment, please click here
0
Suspect arrested in 5-year-old kernel.org breach
Five years after a security breach forced the Linux Foundation to take kernel.org offline and to rebuild several of its servers, police have arrested a suspect in the case.Donald Ryan Austin, a 27-year-old computer programmer from El Portal, Florida, was arrested during a traffic stop on Aug. 28 based on a sealed indictment returned by a federal grand jury in the Northern District of California in June.Austin is charged with intentionally damaging four protected servers operated by the Linux Foundation and one of its members in 2011. More specifically, the programmer is accused to have installed rootkit and trojan software on the servers in order to steal the credentials of authorized users connecting to them via SSH (Secure Shell).To read this article in full or to leave a comment, please click here
0
Microsoft bug bounty program adds .NET Core and ASP.NET Core
Microsoft has expanded its bug bounty programs to cover the open-source .NET Core and ASP.NET Core application development platforms.The .NET Core and ASP.NET Core technologies are used to create server applications that can run on Windows, Linux, and Mac. The ability to write code once and have it run on multiple platforms have made these technologies popular with enterprise software developers.Microsoft will pay monetary rewards between US$500 and $15,000 for critical vulnerabilities in the RTM (release to manufacturing), Beta, or RC (release candidate) releases of these platforms.Flaws in Microsoft's cross-platform Kestrel web server are also covered by the new bug bounty program, as well as vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later.To read this article in full or to leave a comment, please click here