Lucian Constantin

Author Archives: Lucian Constantin

Many embedded devices ship without adequate security tests, analysis shows

An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them, pointing to poor security testing by manufactuers.The study was performed by researchers from the Eurecom research center in France and Ruhr-University Bochum in Germany, who built an automated platform capable of unpacking firmware images, running them in an emulated environment and starting the embedded Web servers that host their management interfaces.The researchers started out with a collection of 1,925 Linux-based firmware images for embedded devices from 54 manufacturers, but they only managed to start the Web server on 246 of them. They believe that with additional work and tweaks to their platform that number could increase.To read this article in full or to leave a comment, please click here

Google-owned VirusTotal starts analyzing Mac malware in a sandbox

VirusTotal, the most widely used online file-scanning service, is now executing suspicious Mac apps submitted by users inside a sandbox to generate information that could improve the analysis and detection of Mac malware.This comes at a time when, according to security vendors, the number of potentially unwanted Mac OS X applications, especially adware programs, is at an all time high.VirusTotal, a Google-owned service, allows users to upload suspicious files and scan them with 54 different antivirus products. However, its scan results are not perfect and should not be taken as guarantees that files are safe.To read this article in full or to leave a comment, please click here

Adobe patches flaws in ColdFusion, LiveCycle Data Services and Premiere Clip

Adobe has released security updates for its ColdFusion application server, LiveCycle Data Services framework and Premiere Clip iOS app. The company published hotfixes for ColdFusion versions 11 and 10, namely ColdFusion 11 Update 7 and ColdFusion 10 Update 18. Both updates address two input validation issues that could be exploited to execute cross-site scripting (XSS) attacks. In addition, the hotfixes include an updated version of BlazeDS, a Java messaging protocol for rich Internet applications, that resolves an important server-side request- forgery vulnerability.To read this article in full or to leave a comment, please click here

Microsoft touts new, holistic approach to enterprise security

Microsoft is putting a lot of effort and money into building a holistic security platform that combines the attack protection, detection and response features built into Windows 10, Office 365, Azure and the Microsoft Enterprise Mobility Suite to help companies safeguard their data regardless of where it resides.Talking at the Microsoft Government Cloud Forum in Washington, D.C., Tuesday, Microsoft CEO Satya Nadella said that the company is spending more than  $1 billion a year in research and development to build security into its products, because "security has to be core to the operational systems used by enterprises."To read this article in full or to leave a comment, please click here

Millions of sensitive records exposed by mobile apps leaking back-end credentials

Thousands of mobile applications, including popular ones, implement cloud-based, back-end services in a way that lets anyone access millions of sensitive records created by users, according to a recent study.The analysis was performed by researchers from the Technical University and the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, and the results were presented Friday at the Black Hat Europe security conference in Amsterdam. It targeted applications that use Backend-as-a-Service (BaaS) frameworks from providers like Facebook-owned Parse, CloudMine or Amazon Web Services.To read this article in full or to leave a comment, please click here

State-sponsored cyberspies inject victim profiling and tracking scripts in strategic websites

Web analytics and tracking cookies play a vital role in online advertising, but they can also help attackers discover potential targets and their weaknesses, a new report shows.Security researchers from FireEye have discovered an attack campaign that has injected computer profiling and tracking scripts into over 100 websites visited by business executives, diplomats, government officials and academic researchers.The researchers believe the compromised websites attract visitors involved in international business travel, diplomacy, energy production and policy, international economics and official government work. They include sites belonging to embassies, educational and research institutions, governments, visa services, energy companies, media organizations and non-profit organizations.To read this article in full or to leave a comment, please click here

BitLocker encryption can be defeated with trivial Windows authentication bypass

Companies relying on Microsoft BitLocker to encrypt the drives of their employees' computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part of a domain, a common configuration on enterprise networks.When domain-based authentication is used on Windows, the user's password is checked against a computer that serves as domain controller. However, in situations when, for example, a laptop is taken outside of the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine.To read this article in full or to leave a comment, please click here

Continuous integration tools can be the Achilles heel for a company’s IT security

Some of the most popular automated software building and testing tools used by developers have not been designed with security in mind and can open the door for attackers to compromise enterprise networks.These so-called continuous integration (CI) tools allow developers to automatically create software builds when code changes are contributed by developers to a central repository. The creation of these builds, which are used for quality control, is coordinated by a CI master server based on predefined rules and done on CI slave machines.If hackers manage to access a CI master server, they can steal proprietary source code, but also gain the ability to execute commands on all the machines that operate as CI slaves, security researcher and penetration tester Nikhil Mittal said Friday in a presentation at the Black Hat Europe security conference in Amsterdam. "This access could be used for lateral movement to get access to more machines."To read this article in full or to leave a comment, please click here

Self-encrypting drives are hardly any better than software-based encryption

Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees' laptops should be aware that this technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday.Self-encrypting drives perform the data encryption and decryption operations on a dedicated crypto processor that is part of the drive controller. That gives them several, mainly performance-related, benefits compared to software-based encryption products which rely on the CPU.To read this article in full or to leave a comment, please click here

Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.The flaw is located in Apache Commons, a library that contains a widely used set of Java components maintained by the Apache Software Foundation. The library is used by default in multiple Java application servers and other products including Oracle WebLogic, IBM WebSphere, JBoss, Jenkins and OpenNMS.The flaw is specifically in the Collections component of Apache Commons and stems from unsafe deserialization of Java objects. In programming languages, serialization is the process of converting data to a binary format for storing it in a file or memory, or for sending it over the network. Deserialization is the reverse of that process.To read this article in full or to leave a comment, please click here

First Linux ransomware program cracked, for now

Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There's now a free tool that can decrypt their files.The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.The program makes files unreadable by using the Advanced Encryption Standard (AES), which uses the same key for both the encryption and decryption operations. The AES key is then encrypted too by using RSA, an asymmetric encryption algorithm.To read this article in full or to leave a comment, please click here

Iranian cyberespionage group attacked over 1,600 high-profile targets in one year

In a single year, a cyberespionage group with possible ties to the Iranian government has targeted over 1,600 defense officials, diplomats, researchers, human rights activists, journalists and other high-profile individuals around the world.The group, known as Rocket Kitten, has been active since early 2014 and its attacks have been analyzed by various security vendors. However, a major breakthrough in the investigation came recently when researchers from Check Point Software Technologies obtained access to the command-and-control servers used by the attackers.Compared to other cyberespionage groups, Rocket Kitten is not very sophisticated, but it is persistent. It makes extensive use of social engineering through spear-phishing attacks that infect victims with custom-written malware, the Check Point researchers said in a report published Monday.To read this article in full or to leave a comment, please click here

File-encrypting ransomware starts targeting Linux Web servers

Ransomware authors continue their hunt for new sources of income. After targeting consumer and then business computers, they've now expanded their attacks to Web servers.Malware researchers from Russian antivirus vendor Doctor Web have recently discovered a new malware program for Linux-based systems that they've dubbed Linux.Encoder.1.Once run on a system with administrator privileges it starts traversing the whole file system and encrypting files in specific directories, including the user's home directory, the MySQL server directory, the logs directory and the Web directories of the Apache and Nginx Web servers.To read this article in full or to leave a comment, please click here

Deploying application whitelisting? NIST has some advice for you

If you're trying to bar the door to malware infections, automated application whitelisting is a tactic that the U.S. National Institute of Standards and Technology thinks you should try -- and the agency wants to help you implement it in an effective way.The Department of Commerce agency, which is tasked with developing standards and recommendations including in the area of IT security, has published a guide to application whitelisting that explains the technology in detail and offers practical advice for how it should be used.For one, before looking at third-party products, organizations should consider using the application whitelisting mechanisms included in the operating systems they use on their desktops, laptops and servers. The reason is that they're easier to use, can be centrally managed and their use keeps additional costs minimal.To read this article in full or to leave a comment, please click here

New ransomware program Chimera threatens to leak user files

Ransomware creators have taken their extortion one step further: in addition to encrypting people's private files and asking for money before releasing a key, they now threaten to publish those files on the Internet if they're not paid.This worrying development has recently been observed in a new ransomware program dubbed Chimera that was documented by the Anti-Botnet Advisory Centre, a service of the German Association of the Internet Industry.The attackers behind this new threat target mainly businesses by sending rogue emails to specific employees that masquerade as job applications or business offers. The emails contain a link to a malicious file hosted on Dropbox.To read this article in full or to leave a comment, please click here

Trojanized Android apps flood third-party stores, compromise phones

Attackers are creating rogue versions of popular Android applications that compromise the security of devices and are extremely hard to remove.Researchers from mobile security firm Lookout have found more than 20,000 samples of such trojanized apps. They're typically fully functional copies of top Android applications like Candy Crush, Facebook, Google Now, NYTimes, Okta, SnapChat, Twitter or WhatsApp, but with malicious code added to them.The goal of these rogue apps is to aggressively display advertisements on devices. A scary development though is that, unlike traditional adware, they root the devices where they get installed in order to prevent users from removing them.To read this article in full or to leave a comment, please click here

VBulletin resets patches and issues emergency patches following breach

VBulletin Solutions has reset the passwords for over 300,000 accounts on its website following a security breach, and also released emergency security patches. The company's Internet forum software is used on tens of thousands of websites.It's not clear if the patches were prompted by the security breach, but the hacker who claimed to have compromised the vBulletin.com database put a zero-day vBulletin exploit -- an exploit for an unpatched vulnerability -- up for sale on Monday.VBulletin Solutions did not immediately respond to an inquiry seeking more details about the patches and their relationship to the breach.To read this article in full or to leave a comment, please click here

VBulletin resets passwords, issues emergency patches following breach

VBulletin Solutions has reset the passwords for over 300,000 accounts on its website following a security breach, and also released emergency security patches. The company's Internet forum software is used on tens of thousands of websites. It's not clear if the patches were prompted by the security breach, but the hacker who claimed to have compromised the vBulletin.com database put a zero-day vBulletin exploit -- an exploit for an unpatched vulnerability -- up for sale on Monday. VBulletin Solutions did not immediately respond to an inquiry seeking more details about the patches and their relationship to the breach.To read this article in full or to leave a comment, please click here

Google researchers poke holes in Galaxy S6 Edge, show OEMs add risky code

Google's security researchers hunted for bugs in Samsung's Galaxy S6 Edge phone as part of an experiment to see how vulnerable the code that manufacturers add to Android can be. It's pretty bad.The researchers found 11 vulnerabilities in Samsung's code that could be exploited to create files with system privileges, steal the user's emails, execute code in the kernel and escalate the privilege of unprivileged applications."Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device which slowed us down," the security researchers said in a blog post. "The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review."To read this article in full or to leave a comment, please click here

Google patches critical media processing flaws in Android

New security patches for Google's Nexus devices address seven vulnerabilities, two of which are critical and could allow for remote code execution when handling media files.The updates, released on Monday, are part of Google's recently introduced monthly patch cycle and are available for Nexus devices running both Android 5.1 (Lollipop) and 6.0 (Marshmallow). The source code for the fixes will also be added to the Android Open Source Project (AOSP) over the next 48 hours.The most serious flaws patched in this release are tracked as CVE-2015-6608 and CVE-2015-6609, and are located in the mediaserver and libutils components of Android, respectively. Both vulnerabilities can be exploited remotely through specially crafted media files.To read this article in full or to leave a comment, please click here

1 44 45 46 47 48 58