Users tricked by spam messages to open malicious Word documents that distribute the Dridex online banking Trojan might have a surprise: they'll get a free anitivirus program instead.That's because an unknown person -- possibly a white hat hacker -- gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced it with an installer for Avira Free Antivirus.Dridex is one of the three most widely used computer Trojans that target online banking users. Last year, law enforcement authorities from the U.S. and U.K. attempted to disrupt the botnet and indicted a man from Moldova who is believed to be responsible for some of the attacks.To read this article in full or to leave a comment, please click here
Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.The NMS300 can be installed on Windows XP, 7, 8, 10, as well as Windows Server 2003, 2008 and 2012. It allows network administrators to centrally manage network switches, routers, wireless access points, printers, network-attached storage systems, firewall appliances and other devices that support SNMP (Simple Network Management Protocol).The software is free for managing up to 200 devices and provides an easy-to-use Web graphical interface that can be accessed remotely.To read this article in full or to leave a comment, please click here
Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.The NMS300 can be installed on Windows XP, 7, 8, 10, as well as Windows Server 2003, 2008 and 2012. It allows network administrators to centrally manage network switches, routers, wireless access points, printers, network-attached storage systems, firewall appliances and other devices that support SNMP (Simple Network Management Protocol).The software is free for managing up to 200 devices and provides an easy-to-use Web graphical interface that can be accessed remotely.To read this article in full or to leave a comment, please click here
Over the past two years security researchers have shown that many Internet-connected "smart" devices have not been designed with security in mind. This also seems to be the case for their back-end systems.The latest example are flaws found in the Web services operated by smart-toy makers which could expose children's personal information and location.Researchers from security firm Rapid7 found serious vulnerabilities in the Web application programming interfaces (APIs) used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.In the case of Smart Toy devices, the researchers found that the manufacturer's Web service did not properly validate request senders. Through the exposed APIs, they could enumerate all customers and find their toy ID, name, type and associated child profile; they could access all children's profiles, including their names, birth dates, gender and spoken languages; they could find out when a parent or child is interacting with their toy and could associate someone's toy with a different account, effectively hijacking it.To read this article in full or to leave a comment, please click here
Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor.Socat is a more complex and feature-rich reimplementation of netcat, a cross-platform networking service that can establish outbound and inbound connections on different ports and protocols. It is also a popular tool for network debugging.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
Socat can create encrypted connections using the Diffie-Hellman (DH) key exchange mechanism, which fundamentally relies on a prime number to derive the shared secrets for key exchanges. It turns out that the 1024-bit DH parameter used by Socat was not actually a prime number.To read this article in full or to leave a comment, please click here
Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel's memory and allow for the execution of arbitrary code in the kernel -- the highest privileged area of the operating system.These flaws are critical because the attack doesn't require any user interaction, can be exploited remotely and can lead to a complete device compromise.To read this article in full or to leave a comment, please click here
Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.The rogue apps were discovered by researchers from Russian antivirus vendor Doctor Web and were reported to Google last week. The researchers dubbed the new threat Android.Xiny.19.origin.Malicious Android apps were a common occurrence on Google Play until a few years ago when Google implemented more rigorous checks. This included an automated scanner called Bouncer that used emulation and behavior-based detection.Bypassing Bouncer detection is not impossible, but is hard enough to keep most malware creators away. Most Android Trojans these days are distributed through third-party app stores, targeting users who have enabled the installation of apps from "unknown sources."To read this article in full or to leave a comment, please click here
Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.Cisco has patched this vulnerability in the 1.0.7.2 firmware version for RV220W devices. Manual workarounds include disabling the remote management functionality or restricting it to specific IP addresses.To read this article in full or to leave a comment, please click here
Cisco Systems has released a new batch of security patches this week for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.Cisco has patched this vulnerability in the 1.0.7.2 firmware version for RV220W devices. Manual workarounds include disabling the remote management functionality or restricting it to specific IP addresses.To read this article in full or to leave a comment, please click here
HSBC customers in the U.K. who waited until the last day to pay their taxes might have had trouble doing so because the institution's online banking system was unavailable Friday.In an emailed statement, the bank said that it was the target of a denial-of-service attack which affected its U.K. personal banking website."HSBC has successfully defended against the attack, and customer transactions were not affected," the company said. "We are working hard to restore normal service."In addition to today being the last day when private individuals can pay the tax owed for the year that ended on Apr. 5, 2015, it is also a pay day.The company has been answering a large number of complaints from frustrated customers via its Twitter account.To read this article in full or to leave a comment, please click here
An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through Apple's normal review process, potentially opening the door to abuse and security risks for users.The technique is a variation of hot patching, which is a way of dynamically updating a system or application without restarting it. In this case, an iOS application is updated without the developer having to submit a new version to the official iOS app store and then wait for Apple's review of the changes, which can be a lengthy process.An implementation of this hot patching method comes from an open-source project called JSPatch, which provides an engine that app developers can integrate into their apps and which bridges JavaScript code to Objective-C, the programming language used by iOS apps.To read this article in full or to leave a comment, please click here
Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that."Oracle plans to deprecate the Java browser plugin in JDK 9," the Java Platform Group said in a blog post Wednesday. "This technology will be removed from the Oracle JDK and JRE in a future Java SE release."The Java Development Kit (JDK) 9, the reference implementation for the next version of Java SE, is expected to reach general availability in March 2017. By then, however, most modern browsers will no longer accept the Java browser plug-in anyway.To read this article in full or to leave a comment, please click here
File-encrypting ransomware applications that target Android devices are becoming increasingly sophisticated. One new such program is using clickjacking techniques to trick users into granting it administrator privileges.Clickjacking is a method that involves manipulating the user interface in a way that allows attackers to hijack users' clicks and trigger unauthorized actions. It is mostly used in Web-based attacks, where various technologies allow creating invisible buttons and positioning them on top of seemingly harmless page elements.Due to the restrictive application permissions system in Android, ransomware apps targeting the OS have historically been less effective than on Windows. For example, many of the early Android ransomware threats only displayed a persistent window on the screen with an alert intended to scare users into paying fictitious fines. Most of them impersonated law enforcement agencies and claimed that the devices were locked because illegal content was found on them.To read this article in full or to leave a comment, please click here
PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.The vulnerability is part of a class of bugs that stem from Java object deserialization and which security researchers have warned about a year ago.In programming languages, serialization is the process of converting data to a binary format for storing it or for sending it over the network. Deserialization is the reverse of that process.Deserialization is not an issue in itself, but like most processes that involve processing potentially untrusted input, measures need to be taken to ensure that it is performed safely. For example, an attacker could craft a serialized object that includes a Java class that the application accepts and which could be abused for something malicious.To read this article in full or to leave a comment, please click here
Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances.
In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections.
The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here
Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances.
In December, Juniper Networks announced that it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for 2 years or more, could have allowed remote attackers to gain administrative access to the vulnerable devices or to decrypt VPN connections.
The U.S. House of Representatives' Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how the affected organizations responded to the incident.To read this article in full or to leave a comment, please click here
If you're running an online shop based on the Magento e-commerce platform, it's a good idea to update it as soon as possible. The latest patches fix critical vulnerabilities that could allow attackers to hijack administrative accounts.One issue was discovered by researchers from Web security firm Sucuri and stems from improper validation of email addresses in the customer registration form.The flaw allows a malicious user to include JavaScript code in the email field, leading to a so-called stored cross-site scripting (XSS) attack. The JavaScript code is saved along with the form and is triggered when the user account is listed in the website's back-end panel.To read this article in full or to leave a comment, please click here
Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company's own product security team.To read this article in full or to leave a comment, please click here
Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company's own product security team.To read this article in full or to leave a comment, please click here
Cisco Systems has released software updates to fix critical issues that could allow attackers to compromise digital encoders, unified computing system management servers and Firepower 9000 series security appliances.The Cisco Modular Encoding Platform D9036, a hardware appliance that provides multi-resolution, multi-format encoding for applications that require high video quality, has a hard-coded static password for the root account.This is the highest privileged account on the operating system and is created at installation time. The account and password cannot be changed or deleted without impacting the functionality of the system, Cisco said in an advisory.To read this article in full or to leave a comment, please click here
Lucian Constantin