Cisco Systems has released software updates to fix critical issues that could allow attackers to compromise digital encoders, unified computing system management servers and Firepower 9000 series security appliances.The Cisco Modular Encoding Platform D9036, a hardware appliance that provides multi-resolution, multi-format encoding for applications that require high video quality, has a hard-coded static password for the root account.This is the highest privileged account on the operating system and is created at installation time. The account and password cannot be changed or deleted without impacting the functionality of the system, Cisco said in an advisory.To read this article in full or to leave a comment, please click here
After being caught off guard by the disclosure of a serious flaw in the Linux kernel this week, Google has quickly developed a patch for Android and shared it with device manufacturers.It might take weeks for device makers to start releasing firmware updates that include the fix, but that's not a huge problem since, according to Google's assessment, the flaw doesn't affect many Android devices to begin with.The privilege escalation vulnerability allows attackers to gain full control over Linux-based systems if they have access to a limited account or trick users into running a malicious application. It was found by researchers from Israeli threat defense start-up Perception Point.To read this article in full or to leave a comment, please click here
Facebook has added the option to route traffic from its Android mobile app over the Tor anonymity network. This will come as good news for privacy-conscious users or those living in countries where the service is censored.Users can enable the new feature, which is still experimental, from the Facebook app's settings. However, they first need to install a separate application from Google Play called Orbot that functions as a proxy for routing traffic through Tor.To read this article in full or to leave a comment, please click here
A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.The tool, known as the Intel Driver Update Utility, can be downloaded from Intel's support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.The vulnerability stems from the tool using unencrypted HTTP connections to check for driver updates. Such connections can be intercepted and modified by attackers located on the same local network as affected computers or in control of a router along their Internet connection paths.To read this article in full or to leave a comment, please click here
Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the Hippocratic Oath.The group, which advocates for better security in life-impacting computers like those used in modern cars, medical devices or critical infrastructure, has published an open letter to the health-care industry, calling for a commitment to five principles when creating, using and maintaining medical devices.Those principles are security by design, collaboration with security researchers, ensuring that evidence of potential failures is captured and preserved for later analysis, safeguarding critical elements under the assumption that they'll operate in adverse conditions and providing easy-to-install security updates.To read this article in full or to leave a comment, please click here
For almost three years, a serious vulnerability in the Linux kernel could have allowed attackers to take full control over Linux-based PCs, servers, Android phones and other embedded devices.The flaw, which stems from the kernel's keyring facility, allows applications running under a local user to execute code in the kernel. As a result, an attacker with access to only a limited account on a Linux system can escalate their privileges to root.The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.To read this article in full or to leave a comment, please click here
Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.To read this article in full or to leave a comment, please click here
Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.
Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.
But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.
Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.To read this article in full or to leave a comment, please click here
Hackers managed to compromise payment cards used at 250 Hyatt Hotels locations in around 50 countries after infecting the company's payment processing systems with malware.Hyatt announced the data breach back in December and launched an investigation. On Thursday, it published the full list of affected locations and the time interval during which the payment cards were exposed: Aug 13. to Dec. 8.Most of the potentially compromised cards were used at restaurants in the affected locations, but a small percentage were used at spas, golf shops, parking systems, front desks and sales offices.To read this article in full or to leave a comment, please click here
If you're connecting to servers over the secure shell (SSH) protocol using an OpenSSH client, you should update it immediately. The latest version patches a flaw that could allow rogue or compromised servers to read users' private authentication keys.The vulnerability stems from an experimental feature known as roaming that allows SSH connections to be resumed. This feature has been enabled by default in OpenSSH clients since version 5.4, released in March 2010, but is not present in the OpenSSH server implementation. As a result only clients are affected.The vulnerability allows a server to read information from a connecting client's memory, including its private keys. It has been fixed in OpenSSH 7.1p2, released Thursday.To read this article in full or to leave a comment, please click here
An Android Trojan that targets mobile banking users has evolved into a sophisticated, persistent and hard-to-detect threat, suggesting that it is part of a well-organized attack campaign.Researchers from security firm FireEye first documented the Trojan in December and named it SlemBunk. Once installed, it starts monitoring the processes running on the device and when it detects that a mobile banking app is launched, it displays a fake user interface on top of it to trick users into inputting their credentials.The Trojan can spoof the user interfaces of apps from at least 31 banks from across the world and two mobile payment service providers.To read this article in full or to leave a comment, please click here
Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.To read this article in full or to leave a comment, please click here
Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.The Cisco Aironet 1830e, 1830i, 1850e and 1850i series access points contain a default account with a static password that attackers can use to gain unauthorized access, the company said in an advisory.Fortunately, the account does not have administrative privileges, so the vulnerability is only rated as high impact instead of critical.To read this article in full or to leave a comment, please click here
A cybercriminal has built a ransomware program based on proof-of-concept code released online, but messed up the implementation, resulting in victims' files being completely unrecoverable.Researchers from antivirus vendor Trend Micro recently spotted a new file-encrypting ransomware program distributed as a Flash Player update through a compromised website in Paraguay.After they analyzed the program's code, they realized that it was a modification of a proof-of-concept file encryptor application called Hidden Tear that was published on GitHub in August by a Turkish security enthusiast.Hidden Tear comes with a disclaimer that the code may only be used for education purposes and a warning that people using it as ransomware could go to jail.To read this article in full or to leave a comment, please click here
Microsoft has released the first batch of security updates for 2016 and they include critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.The company has also fixed remote code execution and elevation of privilege vulnerabilities in Windows and an address spoofing flaw in Exchange Server, that were rated important, not critical, due to various mitigating factors.In total, Microsoft issued 9 security bulletins covering patches for 24 vulnerabilities.According to Wolfgang Kandek, the CTO of security firm Qualys, administrators should prioritize the MS16-005 security bulletin, especially for systems running Windows Vista, 7 and Server 2008.To read this article in full or to leave a comment, please click here
A cyberespionage group has been discovered using a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products.The malware was discovered by researchers from Arbor Networks while investigating attacks in Myanmar that were launched from compromised government websites.The researchers linked the compromises to a sophisticated group of attackers known as Group 27, who are known to use different malware programs in their operations, some with overlapping capabilities.Arbor Networks has uncovered seven malware programs used by the group so far, including three remote access Trojans: PlugX, 9002, and the new Trochilus.To read this article in full or to leave a comment, please click here
Developers of the popular Drupal content management system are working to secure the software's update mechanism after a researcher recently found weaknesses in it.Last week, researcher Fernando Arnaboldi from security firm IOActive disclosed several issues with the update mechanism in Drupal: the failure of the back-end administration panel to report update errors, a cross-site request forgery (CSRF) flaw that could allow attackers to force admins to repeatedly trigger update checks, and the lack of encryption for update downloads.The last issue was the most significant one, because it could have allowed attackers who could intercept the traffic between a Drupal-based site and the official Drupal servers, to inject back-doored updates. Such an attack could lead to the compromise of the site and its database.To read this article in full or to leave a comment, please click here
Earlier this week, Mozilla was forced to backpedal on banning new SHA-1 digital certificates because the move completely cut off some Firefox users from the encrypted Web. It appears that Google saw the problem coming.Instead of banning all digital certificates signed with SHA-1 and issued after Jan. 1, Google plans to only "untrust" those that originate from public certificate authorities.This decision takes into account that some companies might still use self-generated SHA-1 certificates internally on their networks, or that some antivirus programs and security devices will continue to generate such certificates when inspecting HTTPS traffic.To read this article in full or to leave a comment, please click here
Imagine getting a call from your company's IT department telling you your workstation has been compromised and you should stop what you're doing immediately. You're stumped: You went through the company's security training and you're sure you didn't open any suspicious email attachments or click on any bad links; you know that your company has a solid patching policy and the software on your computer is up to date; you're also not the type of employee who visits non-work-related websites while on the job. So, how did this happen?
A few days later, an unexpected answer comes down from the security firm that your company hired to investigate the incident: Hackers got in by exploiting a flaw in the corporate antivirus program installed on your computer, the same program that's supposed to protect it from attacks. And all it took was for attackers to send you an email message that you didn't even open.To read this article in full or to leave a comment, please click here
The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an update check has failed, for example due to inability to access the update server. Instead, the back-end panel will continue to report that the CMS is up to date, even if it's not.This can be a problem, considering that hackers are quick to exploit vulnerabilities in popular content management systems like Drupal, WordPress or Joomla, after they appear. In one case in 2014, users had only a seven-hour window to deploy a critical Drupal patch until attackers started exploiting the vulnerability that it fixed.To read this article in full or to leave a comment, please click here
Lucian Constantin