Lucian Constantin

Author Archives: Lucian Constantin

Baidu Android app component puts 100 million devices at risk

A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.The SDK is called Moplus and while it's not open to the public, it was integrated in more than 14,000 apps, of which only around 4,000 were created by Baidu, security researchers from Trend Micro said in a blog post Sunday.The company estimates that the affected apps are used by over 100 million users.To read this article in full or to leave a comment, please click here

All CoinVault and Bitcryptor ransomware victims can now recover their files for free

If your computer was infected with the CoinVault or Bitcryptor ransomware programs you're in luck -- at least compared to other ransomware victims. Chances are high that you can now recover your encrypted files for free, if you still have them.Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, two related ransomware threats.Those keys have been uploaded to Kaspersky's ransomware decryptor service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.To read this article in full or to leave a comment, please click here

Xen’s highly critical virtual machine escape flaw gets a fix

The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.Vulnerabilities that break the isolation layer between virtual machines are the most serious type for a hypervisor like Xen, whose main goal is to allow running multiple VMs on the same hardware in a secure manner.The Xen patches released Thursday fix a total of nine vulnerabilities, but the privilege escalation one identified as CVE-2015-7835 is the most serious one.It stems not from a traditional programming error, but from a logic flaw in how Xen implements memory virtualization for PV (paravirtualized) VMs. PV is a technique that enables virtualization on CPUs that don't support hardware-assisted virtualization.To read this article in full or to leave a comment, please click here

Hackers infect MySQL servers with malware for DDoS attacks

Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that's used to launch distributed denial-of-service (DDoS) attacks.Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos that has variants for both Windows and Linux.This Trojan is not new and was first documented in 2013 by incident responders from the Polish Computer Emergency Response Team (CERT.PL). At that time the malware was being installed on servers after using brute-force dictionary attacks to guess SSH (Secure Shell) login credentials.However, the new attacks observed by Symantec abuse the user-defined function (UDF) capability of the MySQL database engine. UDF allows developers to extend the functionality of MySQL with compiled code.To read this article in full or to leave a comment, please click here

Google threatens action against Symantec-issued certificates following botched investigation

Google wants Symantec to disclose all certificates issued by its SSL business going forward, after what Google considers a botched investigation into how Symantec employees issued SSL certificates for domain names that the company did not own. The browser maker also wants the security firm to publish a detailed analysis of how the incident was investigated. Through its acquisition of Verisign's authentication business unit in 2010, Symantec became one of the largest certificate authorities (CAs) in the world. Such organizations are trusted by browsers and operating systems to issue digital certificates to domain owners which are then used to encrypt online communications.To read this article in full or to leave a comment, please click here

US copyright law exemption allows good-faith car, medical device hacking

The U.S. Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action.On Tuesday, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The U.S. Copyright Office is a department of the Library of Congress.The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines.To read this article in full or to leave a comment, please click here

US says it’s ok to hack cars and medical devices (sometimes)

The U.S. Copyright Office has given security researchers reason to hope that they'll be able to search for flaws in car systems and medical devices without the threat of legal action. On Tuesday, the Librarian of Congress, who makes final rulings on exemptions to copyright rules, granted several exceptions to Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of the technological methods that are used to protect copyright works. The U.S. Copyright Office is a department of the Library of Congress. The exemptions allow for "good-faith security research" to be performed on computer programs that run on lawfully acquired cars, tractors and other motorized land vehicles; medical devices designed to be implanted in patients and their accompanying personal monitoring systems and other devices that are designed to be used by consumers, including voting machines.To read this article in full or to leave a comment, please click here

South Korean manufacturing industry targeted with new backdoor program

South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.The malware has been dubbed Duuzer and while it's not exclusively used against targets in South Korea, it does seem that the hacker group behind it have a preference for that country's manufacturing industry, according to security firm Symantec.Duuzer was designed to work on both 32-bit and 64-bit Windows versions and opens a back door through which attackers can gather system information; create, list and kill processes; access, modify and delete files; execute commands and more."It’s clearly the work of skilled attackers looking to obtain valuable information," researchers from Symantec's security response team said in a blog post.To read this article in full or to leave a comment, please click here

Webmasters have only hours to deploy patches, Joomla incident shows

Four hours -- that's the time Joomla website owners had to apply a patch recently before attackers started to exploit the flaw it fixed. Those who still haven't updated their websites are likely to find them compromised. On Thursday, the developers of Joomla released version 3.4.5 of the popular content management system in order to fix an SQL injection vulnerability that allows attackers to gain administrative privileges by hijacking an active administrator session. Less than four hours after the update's release and the publishing of a technical overview by security researchers at Trustwave, attackers were already exploiting the flaw. Web security firm Sucuri said it saw attacks against two of its customers who operate very popular Joomla-based websites.To read this article in full or to leave a comment, please click here

Germany probes Regin-powered cyberespionage

It looks like Chancellor Angela Merkel is not the only German official who might have been spied on by the nation's allies. The head of a German Federal Chancellery unit reportedly had his laptop infected with Regin, a cyberespionage program believed to be used by the U.S. National Security Agency and its closest intelligence partners. The German federal prosecutor's office has opened an investigation into the breach, which came to light in 2014, German news magazine Der Spiegel reported Friday. The Chancellery is the federal agency that serves Merkel's office.To read this article in full or to leave a comment, please click here

Russian cyberspies targeted the MH17 crash investigation

A Russian cyberespionage group that frequently targets government institutions from NATO member countries tried to infiltrate the international investigation into the crash of Malaysia Airlines Flight 17 (MH17).MH17 was a passenger flight from Amsterdam to Kuala Lumpur that crashed in eastern Ukraine close to the Russian border on 17 July, 2014. All 283 passengers and 15 crew members lost their lives.The Dutch Safety Board led an international investigation into the incident and released a final report on Oct. 13, concluding that the Boeing 777-200 aircraft was shot down by a warhead launched from a Russian-built Buk missile system.To read this article in full or to leave a comment, please click here

Attackers hijack CCTV cameras and network-attached storage devices to launch DDoS attacks

We've reached a point that security researchers have long warned is coming: insecure embedded devices connected to the Internet are routinely being hacked and used in attacks.The latest example is a distributed denial-of-service (DDoS) attack detected recently by security firm Imperva. It was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras protecting businesses around the world instead of a typical computer botnet.The attack peaked at 20,000 requests per second and originated from around 900 closed-circuit television (CCTV) cameras running embedded versions of Linux and the BusyBox toolkit, researchers from Imperva's Incapsula team said in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Mozilla mulls early cutoff for SHA-1 digital certificates

In light of recent advances in attacks against the SHA-1 cryptographic function, Mozilla is considering banning digital certificates signed with the algorithm sooner than expected.The CA/Browser Forum, a group of certificate authorities and browser makers that sets guidelines for the issuance and use of digital certificates, had previously decided that new SHA-1-signed certificates should not be issued after Jan. 1, 2016.Browser makers have also decided that existing SHA-1 certificates will no longer be trusted in their software starting Jan. 1, 2017, even if they're technically set to expire after that date.On Tuesday, Mozilla announced that it's re-evaluating the cutoff date and is considering the feasibility of pushing it forward by six months, on July 1, 2016. The decision is guided by recent research that improves the practicality of attacks against SHA-1.To read this article in full or to leave a comment, please click here

Oracle slams door on Russian cyberspies who hacked Nato PCs through Java

Oracle has fixed a vulnerability in Java that a Russian cyberespionage group used to launch stealthy attacks earlier this year.At the same time, Oracle fixed 153 other security flaws in Java and a wide range of its other products, it said Tuesday.The Java vulnerability can be used to bypass the user confirmation requirement before a Web-based Java application is executed by the Java browser plug-in. This type of protection mechanism is commonly referred to as click-to-play.The flaw was reported to Oracle by security researchers from Trend Micro, who first spotted the vulnerability in July in attacks launched by a Russian hacker group dubbed Pawn Storm that commonly targets military and governmental institutions from NATO member countries.To read this article in full or to leave a comment, please click here

Western Digital self-encrypting external hard disk drives have flaws that can expose data

The hardware-based encryption built into popular Western Digital external hard disk drives has flaws that could allow attackers to recover data without knowing the user password.A team of three security researchers investigated how the self-encryption feature was implemented in several popular Western Digital My Passport and My Book models. Depending on the type of microchip used for the encryption operation, they found design flaws and backdoor-like features that enable brute-force password guessing attacks or even decryption of the data without knowing the password.In some cases they found that the encryption is performed by the chip that bridges the USB and SATA interfaces. In other cases the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation.To read this article in full or to leave a comment, please click here

Google makes full-disk encryption and secure boot mandatory for some Android 6.0 devices

Google's plan to encrypt user data on Android devices by default will get a new push with Android 6.0, also known as Marshmallow.The company requires Android devices capable of decent cryptographic performance to have full-disk encryption enabled in order to be declared compatible with the latest version of the mobile OS.Google's first attempt to make default full-disk encryption mandatory for phone manufacturers was with Android 5.0 (Lollipop), but it had to abandon that plan because of performance issues on some devices.To read this article in full or to leave a comment, please click here

Flash Player emergency patch fixes one flaw already being exploited, and two others

Adobe released a patch for a critical vulnerability in Flash Player faster than it originally anticipated in response to high-profile cyberespionage attacks against governmental targets.The latest Flash Player updates released Friday address a flaw that's already exploited by a Russian espionage group known as Pawn Storm, as well as two other critical vulnerabilities reported privately to Adobe.The CVE-2015-7645 vulnerability is actively exploited by the Pawn Storm group in attacks targeting several foreign affairs ministries from around the globe, security researchers from Trend Micro reported Tuesday.To read this article in full or to leave a comment, please click here

Cisco fixes privilege escalation flaws in AnyConnect Secure Mobility Client

The Cisco AnyConnect Secure Mobility Client has been updated to fix vulnerabilities that could allow attackers to gain system or root privileges on Windows, Linux and Mac OS X computers. The AnyConnect Secure Mobility Client allows employees to work remotely by securely connecting back to their company's network. It provides virtual private networking over SSL and additional features like identity services, network access control and Web security. The vulnerability in the Linux and Mac OS X version of the client was discovered and reported by researchers from Dutch security firm Securify. It can be exploited to execute arbitrary files with the highest system privileges, also known as root.To read this article in full or to leave a comment, please click here

New Android vulnerabilities put over a billion devices at risk of remote hacking

Newly discovered vulnerabilities in the way Android processes media files can allow attackers to compromise devices by tricking users into visiting maliciously-crafted Web pages.The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report scheduled to be published Thursday.The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android's media libraries previews such files.To read this article in full or to leave a comment, please click here

Dyreza malware steals IT supply chain credentials

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post."We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."To read this article in full or to leave a comment, please click here

1 45 46 47 48 49 58