Lucian Constantin

Author Archives: Lucian Constantin

Chrome for Android blocks access to malware and scam websites

If you've ever seen the scary red pages in Google Chrome that prevent you from visiting a dangerous website, and wished you had them on your phone, then you're in luck: Google has extended Safe Browsing, the technology behind those security alerts, to Android.Safe Browsing is now integrated into Google Play Services, starting with version 8.1, and apps are able to use it. Chrome for Android is the first to do so.As in the desktop version of Chrome, Safe Browsing protects against websites that are known to host malware, potentially unwanted programs as well as phishing and other scams.If you've surfed from an Android phone extensively you've probably been bombarded with persistent ads claiming that your phone is not running properly, that your battery drains too fast or that the device is insecure. All of them try to push some application that allegedly solves the made-up problems.To read this article in full or to leave a comment, please click here

DDoS attacks increase in number, endanger small organizations

While the power of distributed denial-of-service (DDoS) attacks has decreased in recent months, their number has spiked, a trend that could signal trouble for smaller companies and websites.The number of DDoS attacks recorded in the third quarter of this year has grown by 180 percent compared to Q3 2014, exceeding 1,500, Akamai said in the latest edition of its State of the Internet report published Tuesday.Despite their large number, the attacks were shorter in duration, had lower bandwidth and smaller volumes compared to both the same period last year and the previous quarter.Smaller companies' websites are increasingly at risk due to the rising popularity of DDoS-for-hire services and are also a prime target for attackers that use DDoS as an extortion tool.To read this article in full or to leave a comment, please click here

DDoS attacks increase in number, endanger small organizations

While the power of distributed denial-of-service (DDoS) attacks has decreased in recent months, their number has spiked, a trend that could signal trouble for smaller companies and websites.The number of DDoS attacks recorded in the third quarter of this year has grown by 180 percent compared to Q3 2014, exceeding 1,500, Akamai said in the latest edition of its State of the Internet report published Tuesday.Despite their large number, the attacks were shorter in duration, had lower bandwidth and smaller volumes compared to both the same period last year and the previous quarter.Smaller companies' websites are increasingly at risk due to the rising popularity of DDoS-for-hire services and are also a prime target for attackers that use DDoS as an extortion tool.To read this article in full or to leave a comment, please click here

Google patches critical media processing and rooting vulnerabilities in Android

Google has released a new batch of security fixes for its Nexus smartphones and tablets, addressing flaws that could allow attackers to compromise the Android devices via rogue emails, Web pages, and MMS messages.Firmware updates are being rolled out to supported Nexus devices as an over-the-air update and the patches will be added the Android Open Source Project (AOSP) over the next 48 hours. Builds LMY48Z and Android Marshmallow with a Dec. 1, 2015, Security Patch Level contain these fixes, Google said in its security bulletin.The updates address five vulnerabilities rated as critical, 12 rated as high and two as moderate. A significant number of flaws were again located in the OS' media processing components, which handle audio and video file playback and corresponding file metadata parsing.To read this article in full or to leave a comment, please click here

Vulnerabilities found in Lenovo, Toshiba, Dell support software

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.To read this article in full or to leave a comment, please click here

Russian spy group adopts new tools to hack defense contractor networks

A Russian cyberespionage group known as Pawn Storm has adopted new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.Pawn Storm, also known as Sofacy, after its primary malware tool, has been active since at least 2007 and has targeted governmental, security and military organizations from NATO member countries, as well as media organizations, Ukrainian political activists and Kremlin critics.Since August, the group has been engaged in an ongoing attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.To read this article in full or to leave a comment, please click here

Widespread exploit kit, password stealer and ransomware program mixed into dangerous cocktail

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.To read this article in full or to leave a comment, please click here

No more security fixes for older OpenSSL branches

The OpenSSL Software Foundation has released new patches for the popular open-source cryptographic library, but for two of its older branches they will likely be the last security updates.This could spell trouble for some enterprise applications that bundle the 0.9.8 or 1.0.0 versions of OpenSSL and for older systems -- embedded devices in particular -- where updates are rare.OpenSSL 1.0.0t and 0.9.8zh, which were released Thursday, are expected to be the last updates because support for these these two branches will end on Dec. 31, as listed in the organization's release strategy document.To read this article in full or to leave a comment, please click here

New attack campaign against SMBs uses a botnet to deliver PoS malware

A group of sophisticated attackers are repurposing penetration testing tools to break into the networks of small and medium-size businesses worldwide with the goal of infecting point-of-sale systems with malware.The new attack campaign started in September and has been dubbed operation Black Atlas by researchers from antivirus vendor Trend Micro. The attackers use a wide set of tools to scan the Internet and identify potential weak spots in the networks of various organizations, the researchers said.Their toolset includes port scanners, brute-force password guessing tools, SMTP (Simple Mail Transfer Protocol) scanners, remote desktop viewers and other attack applications that are easy to find on the Internet.To read this article in full or to leave a comment, please click here

Cisco patches permission hijacking issue in WebEx Meetings app for Android

Cisco has fixed a vulnerability in its WebEx Meetings application for Android that allowed potentially rogue applications to hijack its permissions.The issue, which affected all versions of the app older than 8.5.1, stemmed from the way custom application permissions were implemented and assigned at initialization time.In addition to the default permissions defined by the OS, applications can declare and request custom permissions, a feature that the Android developers recommend be used only if absolutely necessary. It is also possible for apps to request to use custom permissions declared by another application.To read this article in full or to leave a comment, please click here

Cisco patches permission hijacking issue in WebEx Meetings app for Android

Cisco has fixed a vulnerability in its WebEx Meetings application for Android that allowed potentially rogue applications to hijack its permissions.The issue, which affected all versions of the app older than 8.5.1, stemmed from the way custom application permissions were implemented and assigned at initialization time.In addition to the default permissions defined by the OS, applications can declare and request custom permissions, a feature that the Android developers recommend be used only if absolutely necessary. It is also possible for apps to request to use custom permissions declared by another application.To read this article in full or to leave a comment, please click here

Microsoft enables potential unwanted software detection for enterprise customers

It’s time to throw adware, browser hijackers and other potentially unwanted applications (PUAs) off corporate networks, Microsoft has decided. The company has started offering PUA protection in its anti-malware products for enterprise customers.The new feature is available in Microsoft's System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) as an option that can be turned on by system administrators.PUA signatures are included in the anti-malware definition updates and cloud protection, so no additional configuration is needed.Potentially unwanted applications are those programs that, once installed, also deploy other programs without users' knowledge, inject advertisements into Web traffic locally, hijack browser search settings, or solicit payment for various services based on false claims.To read this article in full or to leave a comment, please click here

Older Dell devices also affected by dangerous eDellRoot certificate

Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.To read this article in full or to leave a comment, please click here

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.To read this article in full or to leave a comment, please click here

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.To read this article in full or to leave a comment, please click here

Lenovo patches serious vulnerabilities in PC system update tool

For the third time in less than six months security issues have forced Lenovo to update one of the tools preloaded on its PCs.Last week, the company released version 5.07.0019 of Lenovo System Update, a tool that helps users keep their computers' drivers and BIOS up to date and which was previously called ThinkVantage System Update. The new version fixes two local privilege escalation vulnerabilities discovered by researchers from security firm IOActive.One of the vulnerabilities is located in the tool's help system and allows users with limited Windows accounts to start an instance of Internet Explorer with administrator privileges by clicking on URLs in help pages. That's because Lenovo System Update itself runs under a temporary administrator account that the application creates when installed, so any process it spawns will run under the same account.To read this article in full or to leave a comment, please click here

And then there were two: Another dangerous Dell root certificate discovered

The plot thickens: After Dell confirmed that one of its support tools installed a dangerous self-signed root certificate and private key on computers, users discovered a similar certificate deployed by a different Dell tool. The second certificate is called DSDTestProvider and is installed by an application called Dell System Detect (DSD). Users are prompted to download and install this tool when they visit the Dell support website and click the “Detect Product” button. The first certificate, which was reported over the weekend, is called eDellRoot and is installed by the Dell Foundation Services (DFS), an application that implements several support functions.To read this article in full or to leave a comment, please click here

What you need to know about Dell’s root certificate security debacle

In an attempt to streamline remote support, Dell installed a self-signed root certificate and corresponding private key on its customers' computers, apparently without realizing that this exposes users' encrypted communications to potential spying.Even more surprising is that the company did this while being fully aware of a very similar security blunder by one of its competitors, Lenovo, that came to light in February.To read this article in full or to leave a comment, please click here

Dell installs self-signed root certificate on laptops, endangering users’ privacy

Dell laptops are coming preloaded with a self-signed root digital certificate that lets attackers spy on traffic to any secure website.The reports first surfaced on Reddit and were soon confirmed by other users and security experts on Twitter and blogs. The root certificate, which has the power of a certificate authority on the laptops it's installed on, comes bundled with its corresponding private key, making the situation worse.With the private key, which is now available online, anyone can generate a certificate for any website that will be trusted by browsers such as Internet Explorer and Google Chrome that use the Windows certificate store on affected laptops. Security experts have already generated proof-of-concept certificates for *.google.com and bankofamerica.com.To read this article in full or to leave a comment, please click here

Adware program Vonteera blocks security products with simple Windows UAC trick

A well-known adware program is preventing users from installing antivirus products by leveraging a Windows feature that was designed for security.The program, known as Vonteera, abuses the digital signature check performed by the Windows User Access Control (UAC) for executable files.UAC prompts users for confirmation whenever a program wants to make a system change that requires administrator-level privileges. It therefore prevents malware from silently gaining full system access if executed from a limited user account.Depending on whether an executed file is digitally signed by a trusted publisher, the UAC displays confirmation prompts indicating different levels of risk. For example, if the file is unsigned, or is signed with a self-generated certificate that Windows can't link back to a trusted certificate authority, the UAC prompt will have a yellow exclamation mark.To read this article in full or to leave a comment, please click here

1 43 44 45 46 47 58