Lucian Constantin

Author Archives: Lucian Constantin

BitTorrent programs can be abused to amplify distributed denial-of-service attacks

BitTorrent applications used by hundreds of millions of users around the world could be tricked into participating in distributed denial-of-service (DDoS) attacks, amplifying the malicious traffic generated by attackers by up to 50 times.DDoS reflection is a technique that uses IP (Internet Protocol) address spoofing to trick a service to send responses to a third-party computer instead of the original sender. It can be used to hide the source of malicious traffic.The technique can typically be used against services that communicate over the User Datagram Protocol (UDP), because unlike the Transmission Control Protocol (TCP), UDP does not perform handshakes and therefore source IP address validation. This means an attacker can send a UDP packet with a forged header that specifies someone else’s IP address as the source, causing the service to send the response to that address.To read this article in full or to leave a comment, please click here

Zero-day flaw in Google Admin app allows malicious apps to read its files

An unpatched vulnerability in the Google Admin application for Android can allow rogue applications to steal credentials that could be used to access Google for Work acccounts.One of the main aspects of the Android security model is that apps run in their own sandboxes and cannot read each other’s sensitive data through the file system. There are APIs for applications to interact with each other and exchange data, but this requires mutual agreement.But researchers from security consultancy firm MWR InfoSecurity in the U.K. discovered a flaw in the Google Admin app that could be exploited by potentially malicious applications to break into the app’s sandbox and read its files.To read this article in full or to leave a comment, please click here

Cisco warns customers about attacks installing rogue firmware on networking gear

Installing rogue firmware on embedded devices has long been a concern for security researchers, and it seems that such attacks have started to gain ground with hackers.In an advisory Tuesday, Cisco Systems warned customers that it is aware of a limited number of cases where attackers have replaced the boot firmware on devices running its IOS operating system. IOS runs on most Cisco routers and switches and provides a complex set of networking tools and features.MEET CISCO'S NEW CEO: The Real Chuck RobbinsTo read this article in full or to leave a comment, please click here

Cisco warns customers about attacks installing rogue firmware on networking gear

Installing rogue firmware on embedded devices has long been a concern for security researchers, and it seems that such attacks have started to gain ground with hackers.In an advisory Tuesday, Cisco Systems warned customers that it is aware of a limited number of cases where attackers have replaced the boot firmware on devices running its IOS operating system. IOS runs on most Cisco routers and switches and provides a complex set of networking tools and features.MEET CISCO'S NEW CEO: The Real Chuck RobbinsTo read this article in full or to leave a comment, please click here

Cisco warns customers about attacks installing rogue firmware on networking gear

Installing rogue firmware on embedded devices has long been a concern for security researchers, and it seems that such attacks have started to gain ground with hackers.In an advisory Tuesday, Cisco Systems warned customers that it is aware of a limited number of cases where attackers have replaced the boot firmware on devices running its IOS operating system. IOS runs on most Cisco routers and switches and provides a complex set of networking tools and features.MEET CISCO'S NEW CEO: The Real Chuck RobbinsTo read this article in full or to leave a comment, please click here

Ten scary hacks I saw at Black Hat and DEF CON

Security researchers and hackers gathered in Las Vegas over the past week to show off and learn about the latest vulnerabilities that affect devices and software that the world relies on every day. Black Hat and DEF CON, the world’s top security conferences, did not disappoint.Hackers can mess with the music in your car, and then cause you to crashThe highlight of this year’s Black Hat conference was a remote hack of the Jeep Cherokee and other Fiat Chrysler vehicles demonstrated by security researches Charlie Miller and Chris Valasek.To read this article in full or to leave a comment, please click here

Internal LTE/3G modems can be hacked to help malware survive OS reinstalls

With their own dedicated processor and operating system, LTE/3G modems built into new business laptops and tablets could be a valuable target for hackers by providing a stealthy way to maintain persistent access to an infected device.In a presentation Saturday at the DEF CON security conference in Las Vegas, researchers Mickey Shkatov and Jesse Michael from Intel’s security group demonstrated how a malware program installed on a computer could rewrite the firmware of a popular Huawei LTE modem module that’s included in many devices.The module runs a Linux-based OS, more specifically a modification of Android, that is completely independent from the computer’s main operating system. It’s connected to the computer through an internal USB interface, which means that it could be instructed to emulate a keyboard, mouse, CD-ROM drive, network card, or other USB device. Those would appear connected to the primary OS.To read this article in full or to leave a comment, please click here

Hackers show off long-distance Wi-Fi radio proxy at DEF CON

A talk about a radio-based privacy device dubbed ProxyHam that promised to allow hackers to connect to Wi-Fi networks from as far as 2.5 miles away was abruptly pulled from the DEF CON schedule by its creator a few weeks ago.The incident, which some speculated was the result of pressure from the FBI or the NSA, outraged the security community. But as hackers are not the type to give up easily, they quickly came up with a replacement that in many respects is better than the original.Called HamSammich, the new device is the creation of security researchers Robert Graham and David Maynor and can proxy data over the 900 Mhz radio band from 20 miles away at up to 56kbps—the top speed of a dial-up modem from the late 1990s. It was presented at the DEF CON hacking conference on Friday.To read this article in full or to leave a comment, please click here

Researchers find way to steal Windows Active Directory credentials from the Internet

An attack using the SMB file sharing protocol that has been believed to work only within local area networks for over a decade can also be executed over the Internet, two researchers showed at the Black Hat security conference.The attack, called an SMB relay, causes a Windows computer that’s part of an Active Directory domain to leak the user’s credentials to an attacker when visiting a Web page, reading an email in Outlook or opening a video in Windows Media Player.Those credentials can then be used by the attacker to authenticate as the user on any Windows servers where the user has an account, including those hosted in the cloud.In an Active Directory network, Windows computers automatically send their credentials when they want to access different types of services like remote file shares, Microsoft Exchange email servers or SharePoint enterprise collaboration tools. This is done using the NTLM version 2 (NTLMv2) authentication protocol and the credentials that get sent are the computer and user name in plain text and a cryptographic hash derived from the user’s password.To read this article in full or to leave a comment, please click here

Design flaw in Intel processors opens door to rootkits, researcher says

A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers, a security researcher said Thursday. Such malware could be undetectable by security products.The vulnerability stems from a feature first added to the x86 architecture in 1997. It was disclosed Thursday at the Black Hat security conference by Christopher Domas, a security researcher with the Battelle Memorial Institute.By leveraging the flaw, attackers could install a rootkit in the processors System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers.To read this article in full or to leave a comment, please click here

Attackers could take over Android devices by exploiting built-in remote support apps

Many smart phone manufacturers preload remote support tools on their Android devices in an insecure way, providing a method for hackers to take control of the devices through rogue apps or even SMS messages.The vulnerability was discovered by researchers from security firm Check Point Software Technologies, who presented it Thursday at the Black Hat security conference in Las Vegas. According to them, it affects hundreds of millions of Android devices from many manufacturers including Samsung Electronics, LG Electronics, HTC, Huawei Technologies and ZTE.Most of the flagship phones from different vendors come preloaded with remote support tools, Check Point researchers Ohad Bobrov and Avi Bashan said. In some cases they are installed by the manufacturers themselves, while in other cases by mobile carriers, they said.To read this article in full or to leave a comment, please click here

Attackers could use Internet route hijacking to get fraudulent HTTPS certificates

Inherent insecurity in the routing protocol that links networks on the Internet poses a direct threat to the infrastructure that secures communications between users and websites.The Border Gateway Protocol (BGP), which is used by computer network operators to exchange information about which Internet Protocol (IP) addresses they own and how they should be routed, was designed at a time when the Internet was small and operators trusted each other implicitly, without any form of validation.If one operator, or autonomous system (AS), advertises routes for a block of IP addresses that it doesn’t own and its upstream provider passes on the information to others, the traffic intended for those addresses might get sent to the rogue operator.To read this article in full or to leave a comment, please click here

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.Researchers from security firm Imperva found that attackers could easily hijack user accounts for services from Dropbox, Google Drive, Microsoft OneDrive and Box if they gain limited access to computers where such programs run—without actually stealing user names and passwords.Once the accounts are hijacked, attackers could use them to grab the data stored in them, and to remotely control the compromised computers without using any malware programs that could be detected by antivirus and other security products.To read this article in full or to leave a comment, please click here

Hacker steals Bitdefender customer log-in credentials, attempts blackmail

A hacker extracted customer log-in credentials from a server owned by Bitdefender that hosted the cloud-based management dashboards for its small and medium-size business clients.The antivirus firm confirmed the security breach, but said in an emailed statement that the attack affected less than 1 percent of its SMB customers, whose passwords have since been reset. Consumer and enterprise customers were not affected, the company said.The hacker, who uses the online alias DetoxRansome, first bragged about the breach on Twitter Saturday and later messaged Bitdefender threatening to release the company’s “customer base” unless he was paid US$15,000.To read this article in full or to leave a comment, please click here

Researchers improve de-anonymization attacks for websites hiding on Tor

Researchers have developed a new technique that could allow attackers to determine with a high degree of accuracy which Tor websites users are accessing and where those websites are hosted.The new attack, which improves upon previous traffic fingerprinting techniques, was devised by researchers from the Massachusetts Institute of Technology (MIT) and the Qatar Computing Research Institute (QCRI), who found ways to differentiate between different types of connections in a user’s encrypted Tor traffic.The Tor anonymity network was built to hide from network snoopers which websites or other Internet resources that user is accessing. It does this by wrapping the user’s requests in several layers of encryption and routing them through multiple computers that run the Tor software.To read this article in full or to leave a comment, please click here

Critical BIND denial-of-service flaw could disrupt large portions of the Internet

Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users.The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND 9.10.2-P2, and can be exploited to crash DNS servers that are powered by the software.The Domain Name System is the Internet’s phone book. It’s used to convert domain and host names into numerical Internet Protocol (IP) addresses that computers need to communicate with each other. The DNS is made up of a global network of servers and a very large number of them run BIND, a software package developed and maintained by a nonprofit corporation called the Internet Systems Consortium (ISC).To read this article in full or to leave a comment, please click here

OPM, Anthem hackers reportedly also breached United Airlines

The cyberespionage group that stole the personal records of millions of Americans from U.S. health insurer Anthem and the U.S. Office of Personnel Management (OPM) has also reportedly breached United Airlines.The data stolen from United includes flight manifests, which contain information on passengers, their travel origins and destinations, Bloomberg reported Wednesday citing unnamed people familiar with the investigation.The breach may have been discovered with the help of investigators in the OPM case who built a list of other potential victims after analyzing the domain names, phishing emails and attack infrastructure used by the group, the media organization reported.To read this article in full or to leave a comment, please click here

Maliciously crafted MKV video files can be used to crash Android phones

A malicious application or Web page could be used to crash Android devices, in some cases persistently, due to a vulnerability in a multimedia processing component.The announcement, by security researchers from Trend Micro, comes days after other Android media processing flaws were revealed. Those flaws could allow attackers to compromise devices with a simple MMS message.The latest vulnerability is located in Android’s mediaserver component, more specifically in how this service handles files that use the Matroska video container (MKV), the Trend Micro researchers said in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Darkode cybercrime forum might be making a comeback

The former administrator of Darkode, the online cybercrime forum that was recently shut down by law enforcement agencies, is preparing to bring it back, with better security and privacy for its members.On July 15, the U.S. Department of Justice announced that the Darkode hacking forum where cybercriminals had gathered to exchange services and tools for years, was dismantled following an operation that involved agencies in 20 countries.Seventy suspected Darkode members from many countries were searched, arrested or charged after the FBI infiltrated the forum’s invitation-only membership and gathered evidence.To read this article in full or to leave a comment, please click here

Xen patches new virtual-machine escape vulnerability

A new vulnerability in emulation code used by the Xen virtualization software can allow attackers to bypass the critical security barrier between virtual machines and the host operating systems they run on.The vulnerability is located in the CD-ROM drive emulation feature of QEMU, an open source hardware emulator that’s used by Xen, KVM and other virtualization platforms. The flaw is tracked as CVE-2015-5154 in the Common Vulnerabilities and Exposures database.The Xen Project released patches for its supported releases Monday and noted that all Xen systems running x86 HVM guests without stubdomains and which have been configured with an emulated CD-ROM drive model are vulnerable.To read this article in full or to leave a comment, please click here

1 48 49 50 51 52 58