In the latest attack that shows how hard it is for users to identify phone numbers with premium call charges, a researcher has found that he could have earned millions by abusing the online phone verification systems used by Google, Microsoft, and Instagram.Many websites and mobile apps allow users to associate a phone number with their account. This can be used for two-factor authentication or as an account recovery and verification option. Many of these systems rely on codes sent via text messages, but also offer the option to call the user and dictate such codes.Last year, a Belgian IT security consultant named Arne Swinnen started wondering if such systems test if the numbers entered by users have premium charges attached to them and set out to test several popular services.To read this article in full or to leave a comment, please click here
In the latest attack that shows how hard it is for users to identify phone numbers with premium call charges, a researcher has found that he could have earned millions by abusing the online phone verification systems used by Google, Microsoft, and Instagram.Many websites and mobile apps allow users to associate a phone number with their account. This can be used for two-factor authentication or as an account recovery and verification option. Many of these systems rely on codes sent via text messages, but also offer the option to call the user and dictate such codes.Last year, a Belgian IT security consultant named Arne Swinnen started wondering if such systems test if the numbers entered by users have premium charges attached to them and set out to test several popular services.To read this article in full or to leave a comment, please click here
Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses was stolen.Canonical announced the security breach on Friday after being notified that someone was claiming to have a copy of the UbuntuForums.org database. An investigation revealed that an attacker did get access to the website's user records through a vulnerability.The exploited SQL injection flaw was located in the Forum Runner add-on for vBulletin, commercial web forum software that powers over 100,000 community websites on the Internet and is especially popular with companies. The vulnerability was known, but the Canonical IS team had failed to apply the patch for it in a timely manner.To read this article in full or to leave a comment, please click here
Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses was stolen.Canonical announced the security breach on Friday after being notified that someone was claiming to have a copy of the UbuntuForums.org database. An investigation revealed that an attacker did get access to the website's user records through a vulnerability.The exploited SQL injection flaw was located in the Forum Runner add-on for vBulletin, commercial web forum software that powers over 100,000 community websites on the Internet and is especially popular with companies. The vulnerability was known, but the Canonical IS team had failed to apply the patch for it in a timely manner.To read this article in full or to leave a comment, please click here
Cisco Systems released patches this week for several vulnerabilities in its IOS software for networking devices and the Cisco and WebEx conferencing servers.The most serious vulnerability affects the Cisco IOS XR software for the Cisco Network Convergence System (NCS) 6000 Series Routers. It can lead to a denial-of-service condition, leaving affected devices in a nonoperational state.Unauthenticated, remote attackers can exploit the vulnerability by initiating a number of management connections to an affected device over the Secure Shell (SSH), Secure Copy Protocol (SCP) or Secure FTP (SFTP).To read this article in full or to leave a comment, please click here
Cisco Systems released patches this week for several vulnerabilities in its IOS software for networking devices and the Cisco and WebEx conferencing servers.The most serious vulnerability affects the Cisco IOS XR software for the Cisco Network Convergence System (NCS) 6000 Series Routers. It can lead to a denial-of-service condition, leaving affected devices in a nonoperational state.Unauthenticated, remote attackers can exploit the vulnerability by initiating a number of management connections to an affected device over the Secure Shell (SSH), Secure Copy Protocol (SCP) or Secure FTP (SFTP).To read this article in full or to leave a comment, please click here
Cisco Systems released patches this week for several vulnerabilities in its IOS software for networking devices and the Cisco and WebEx conferencing servers.The most serious vulnerability affects the Cisco IOS XR software for the Cisco Network Convergence System (NCS) 6000 Series Routers. It can lead to a denial-of-service condition, leaving affected devices in a nonoperational state.Unauthenticated, remote attackers can exploit the vulnerability by initiating a number of management connections to an affected device over the Secure Shell (SSH), Secure Copy Protocol (SCP) or Secure FTP (SFTP).To read this article in full or to leave a comment, please click here
The creators of the widespread Locky ransomware have added a fallback mechanism in the latest version of their program for situations where the malware can't reach their command-and-control servers.Security researchers from antivirus vendor Avira have found a new Locky variant that starts encrypting files even when it cannot request a unique encryption key from the attacker's servers because the computer is offline or a firewall blocks the communication.Calling home to a server is important for ransomware programs that use public key cryptography. In fact, if they're unable to report back to a server after they infect a new computer, most such programs don't start encrypting files.To read this article in full or to leave a comment, please click here
The creators of the widespread Locky ransomware have added a fallback mechanism in the latest version of their program for situations where the malware can't reach their command-and-control servers.
Security researchers from antivirus vendor Avira have found a new Locky variant that starts encrypting files even when it cannot request a unique encryption key from the attacker's servers because the computer is offline or a firewall blocks the communication.
Calling home to a server is important for ransomware programs that use public key cryptography. In fact, if they're unable to report back to a server after they infect a new computer, most such programs don't start encrypting files.To read this article in full or to leave a comment, please click here
Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.To read this article in full or to leave a comment, please click here
Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.To read this article in full or to leave a comment, please click here
Juniper Networks has fixed several vulnerabilities in the Junos operating system used on its networking and security appliances, including a flaw that could allow hackers to gain administrative access to affected devices.The most serious vulnerability, rated 9.8 out of 10 in the Common Vulnerability Scoring System, is located in the J-Web interface, which allows administrators to monitor, configure, troubleshoot and manage routers running Junos OS. The issue is an information leak that could allow unauthenticated users to gain admin privileges to the device.To read this article in full or to leave a comment, please click here
The security team of the popular Drupal content management system worked with the maintainers of three third-party modules to fix critical vulnerabilities that could allow attackers to take over websites.The flaws allow attackers to execute rogue PHP code web servers that host Drupal websites with the RESTWS, Coder or Webform Multiple File Upload modules installed. These modules are not part of Drupal's core, but are used by thousands of websites.The RESTWS module is a popular tool for creating Rest application programming interfaces (APIs) and is currently installed on over 5,800 websites. Unauthenticated attackers can exploit the remote code execution vulnerability in its page callback functionality by sending specially crafted requests to the website.To read this article in full or to leave a comment, please click here
The security team of the popular Drupal content management system worked with the maintainers of three third-party modules to fix critical vulnerabilities that could allow attackers to take over websites.The flaws allow attackers to execute rogue PHP code web servers that host Drupal websites with the RESTWS, Coder or Webform Multiple File Upload modules installed. These modules are not part of Drupal's core, but are used by thousands of websites.The RESTWS module is a popular tool for creating Rest application programming interfaces (APIs) and is currently installed on over 5,800 websites. Unauthenticated attackers can exploit the remote code execution vulnerability in its page callback functionality by sending specially crafted requests to the website.To read this article in full or to leave a comment, please click here
Microsoft's new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.The patches, released Tuesday, are arranged in 11 security bulletins, 10 of which are for Microsoft products. The remaining patch covers Adobe Flash Player, which is bundled with Internet Explorer in Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2 and Windows 10.Six security bulletins, including the Flash Player one, are rated critical and primarily cover remote code execution vulnerabilities that could lead to a complete system compromise.To read this article in full or to leave a comment, please click here
Microsoft's new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.The patches, released Tuesday, are arranged in 11 security bulletins, 10 of which are for Microsoft products. The remaining patch covers Adobe Flash Player, which is bundled with Internet Explorer in Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2 and Windows 10.Six security bulletins, including the Flash Player one, are rated critical and primarily cover remote code execution vulnerabilities that could lead to a complete system compromise.To read this article in full or to leave a comment, please click here
Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies.The malware program, which researchers from security firm SentinelOne have dubbed Furtim’s Parent, is a so-called dropper -- a program designed to download and install additional malware components and tools. The researchers believe it was released in May and was created by state-sponsored attackers.The goal of droppers is to prepare the field for the installation of other malware components that can perform specialized tasks. Their priority is to remain undetected, gain privileged access, and disable existing protections. These are all tasks that Furtim’s Parent does well.To read this article in full or to leave a comment, please click here
Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies.The malware program, which researchers from security firm SentinelOne have dubbed Furtim’s Parent, is a so-called dropper -- a program designed to download and install additional malware components and tools. The researchers believe it was released in May and was created by state-sponsored attackers.The goal of droppers is to prepare the field for the installation of other malware components that can perform specialized tasks. Their priority is to remain undetected, gain privileged access, and disable existing protections. These are all tasks that Furtim’s Parent does well.To read this article in full or to leave a comment, please click here
If you're running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, it's a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the site's admin account.The vulnerability is in the plug-in's Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.The Bot Blocker feature is designed to detect and block spam bots based on their user agent and referer header values, according to security researcher David Vaartjes, who found and reported the issue.If the Track Blocked Bots setting is enabled -- it's not by default -- the plug-in will log all requests that were blocked and will display them on an HTML page inside the site's admin panel.To read this article in full or to leave a comment, please click here
If you're running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, it's a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the site's admin account.The vulnerability is in the plug-in's Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.The Bot Blocker feature is designed to detect and block spam bots based on their user agent and referer header values, according to security researcher David Vaartjes, who found and reported the issue.If the Track Blocked Bots setting is enabled -- it's not by default -- the plug-in will log all requests that were blocked and will display them on an HTML page inside the site's admin panel.To read this article in full or to leave a comment, please click here