Lucian Constantin

Author Archives: Lucian Constantin

Most Android phones can be hacked with a simple MMS message or multimedia file

The vast majority of Android phones can be hacked by sending them a specially crafted multimedia message (MMS), a security researcher has found.The scary exploit, which only requires knowing the victim’s phone number, was developed by Joshua Drake, vice president of platform research and exploitation at mobile security firm Zimperium.Drake found multiple vulnerabilities in a core Android component called Stagefright that’s used to process, play and record multimedia files. Some of the flaws allow for remote code execution and can be triggered when receiving an MMS message, downloading a specially crafted video file through the browser or opening a Web page with embedded multimedia content.To read this article in full or to leave a comment, please click here

Even without breaches, don’t count on websites to hide that you have an account with them

Companies often fail to hide if an email address is associated with an account on their websites, even if the nature of their business calls for this and users implicitly expect it.This has been highlighted by data breaches at online dating sites AdultFriendFinder.com and AshleyMadison.com, which cater to people looking for one-time sexual encounters or extramarital affairs. Both were vulnerable to a very common and rarely addressed website security risk known as account or user enumeration.In the Adult Friend Finder hack, information was leaked on almost 3.9 million registered users, out of the 63 million registered on the site. With Ashley Madison, hackers claim to have access to customer records, including nude pictures, conversations and credit card transactions, but have reportedly leaked only 2,500 user names so far. The site has 33 million members.To read this article in full or to leave a comment, please click here

Researchers disclose four unpatched vulnerabilities in Internet Explorer

Security researchers published limited details about four unpatched vulnerabilities in Internet Explorer because Microsoft has not moved quickly enough to fix them.The flaws could potentially be exploited to execute malicious code on computers when users visit compromised websites or open specially crafted documents. They were reported through Hewlett-Packard’s Zero Day Initiative (ZDI) program.HP’s TippingPoint division, which sells network security products, pays researchers for information on unpatched high-risk vulnerabilities in popular software. The company uses the information to create detection signatures, giving it a competitive advantage, but also reports the flaws to the affected vendors so they can be fixed.To read this article in full or to leave a comment, please click here

WordPress gets patch for critical XSS flaw

Developers of the popular WordPress blogging platform have released a critical security update to fix a vulnerability that can be exploited to take over websites.WordPress 4.2.3, released Thursday, resolves a cross-site scripting (XSS) vulnerability that could allow users with the Contributor or Author roles to compromise a website, said Gary Pendergast, a member of the WordPress team, in a blog post.While this is not as critical as a flaw that can be exploited without authentication, it still poses a high risk for many websites because the compromise of a single non-administrator user account can turn into a complete website takeover.To read this article in full or to leave a comment, please click here

Microsoft follows Google to crack down on revenge porn

Microsoft will make it easier for people to request the removal of links to intimate images or videos from the company's Bing search engine if such content was posted online without their consent. This move comes in response to an increasingly prevalent phenomenon dubbed "revenge porn," where jilted former partners or extortionists upload sexually explicit content depicting the victims in an embarrassing light. "Unfortunately, revenge porn is on the rise across the globe," said Jacqueline Beauchere, Microsoft's chief online safety officer, in a blog post. "It can damage nearly every aspect of a victim's life: relationships, career, social activities. In the most severe and tragic cases, it has even led to suicide."To read this article in full or to leave a comment, please click here

Bug exposes OpenSSH servers to brute-force password guessing attacks

A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.A security researcher who uses the online alias Kingcope disclosed the issue on his blog last week, but he only requested a public vulnerability ID to be assigned Tuesday.By default, OpenSSH servers allow six authentication retries before closing a connection and the OpenSSH client allows three incorrect password entries, Kingcope said.To read this article in full or to leave a comment, please click here

Former Hacking Team supplier stops selling zero-day exploits on ethical grounds

Italian surveillance software maker Hacking Team recently claimed that it hasn’t lost any customers after the massive leak of its internal data two weeks ago. But it has lost at least one business partner: U.S.-based penetration testing specialist and zero-day exploit broker Netragard.Over the weekend, Netragard announced that it is terminating its long-time running Exploit Acquisition Program (EAP), citing revelations about Hacking Team’s customers as one of the reasons.Set up in 1999, EAP allowed Netragard to broker the sale of exploits for unpatched vulnerabilities—also known as zero-day exploits—between private researchers and select organizations interested in such computer intrusion tools.To read this article in full or to leave a comment, please click here

Cyberspies love exploits from Hacking Team leak

The leaked files from surveillance software maker Hacking Team have proven to be a great resource for cyberespionage groups, which have used at least two Flash Player exploits from the company’s arsenal.Last Tuesday, security researchers from security firm FireEye detected targeted attacks against organizations in Japan, with the attackers using an exploit for CVE-2015-5122, a Flash Player vulnerability patched by Adobe Systems that same day.The vulnerability was publicly known before that date because an exploit for it was found in the 400GB data cache recently leaked by a hacker from Milan-based Hacking Team.To read this article in full or to leave a comment, please click here

Latest Flash Player version has improved exploit defenses

The Flash Player update released Tuesday not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the future.There were three low-level defenses added in Flash Player 18.0.0.209, two of which block a technique that has been used by many Flash exploits since 2013.The technique involves corrupting the length of an ActionScript Vector buffer object so that malicious code can be placed at predictable locations in memory and executed. ActionScript is the programming language in which Flash applications are written.This method was used by at least two of the Flash Player exploits found among the files leaked from Italian surveillance software maker Hacking Team, as well as in two other flash zero-day exploits used by cyberespionage groups this year, researchers from Google said in a blog post Thursday.To read this article in full or to leave a comment, please click here

New point-of-sale malware distributed by Andromeda botnet

Cybercriminals are casting increasingly wider nets in their search for new point-of-sale systems to infect. This appears to be the case with a new memory scraping malware program called GamaPoS that’s distributed by a large botnet known as Andromeda.GamaPoS was recently discovered by security researchers from antivirus vendor Trend Micro, who found systems infected with it inside organizations from 13 U.S. states and Vancouver, Canada.The program is written in Microsoft’s .NET, which is unusual for RAM scraping malware. These type of threats monitor the memory of point-of-sale systems for payment card data and steal it while it’s being passed from the physical card readers to the commerce applications.To read this article in full or to leave a comment, please click here

Encrypted Web and Wi-Fi at risk as RC4 attacks become more practical

There’s an old saying in the security community: Attacks always get better. The latest case where that holds true is for the aging RC4 cipher that’s still widely used to encrypt communications on the Internet.Researchers Mathy Vanhoef and Frank Piessens from the University of Leuven in Belgium devised a new attack method that can recover authentication cookies and other sensitive information from Web connections encrypted with RC4.The RC4 (Rivest Cipher 4) algorithm was designed in 1987 by renowned cryptographer Ron Rivest and remained a trade secret until 1994, when it was leaked on the Internet. Since then it has been implemented in a number of popular protocols, including SSL (Secure Socket Layer) and its successor, TLS (Transport Layer Security); the WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) wireless security standards; Microsoft’s RDP (Remote Desktop Protocol) and MPPE (Microsoft Point-to-Point Encryption), BitTorrent and others.To read this article in full or to leave a comment, please click here

Oracle fixes zero-day Java flaw and over 190 other vulnerabilities

Go ahead and update Java—or disable it if you don’t remember the last time you actually used it on the Web: Oracle’s latest patch, released Tuesday, fixes 25 vulnerabilities in the aging platform, including one that’s already being exploited in attacks.In addition to Java, Oracle also updated a wide range of other products, fixing a total of 193 vulnerabilities, 44 stemming from third-party components.The patched products include Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager, Oracle E-Business Suite, Oracle Supply Chain Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Communications Applications, Oracle Java SE, Oracle Sun Systems Products Suite, Oracle Linux and Virtualization, and Oracle MySQL.To read this article in full or to leave a comment, please click here

Hacking Team’s malware uses UEFI rootkit to survive OS reinstalls

Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on.The company developed a tool that can be used to modify a computer’s UEFI (Unified Extensible Firmware Interface) so that it silently reinstalls its surveillance tool even if the hard drive is wiped clean or replaced.UEFI is a replacement for the traditional BIOS (Basic Input/Output System) and is meant to standardize modern computer firmware through a reference specification. But there are multiple companies that develop UEFI firmware, and there can be significant differences between the implementations used by PC manufactures.To read this article in full or to leave a comment, please click here

Cyberespionage group Pawn Storm uses exploit for unpatched Java flaw

A sophisticated group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn’t been patched by Oracle.The zero-day exploit was recently observed by researchers from antivirus vendor Trend Micro in attacks against the armed forces of an unnamed NATO country and a U.S. defense organization. Those targets received spear-phishing emails that contained links to Web pages hosting the exploit.The cyberespionage group, known as APT28 and Pawn Storm, has been active since at least 2007. Some security vendors believe that it operates out of Russia and has ties to that country’s intelligence services.To read this article in full or to leave a comment, please click here

Hacking Team’s arsenal included at least three unpatched exploits for Flash Player

Recently breached surveillance software maker, Hacking Team, had access to three different exploits for previously unknown vulnerabilities in Flash Player. All of them are now out in the open, putting Internet users at risk.Milan-based Hacking Team develops and sells surveillance software to government agencies from around the world. On July 5, a hacker released over 400GB of data stolen from the company on the Internet, including email communications, business documents, source code and other internal files.On Tuesday, researchers found a proof-of-concept exploit among Hacking Team’s files that worked against the latest version of Flash Player. Cybercriminals were quick to adopt it and were already using it in large-scale attacks by the time Adobe Systems released a patch for it on Wednesday.To read this article in full or to leave a comment, please click here

Second Flash Player zero-day exploit found in Hacking Team’s data

The huge cache of files recently leaked from Italian surveillance software maker Hacking Team is the gift that keeps on giving for attackers. Researchers sifting through the data found a new exploit for a previously unknown vulnerability in Adobe’s Flash Player.This is the second Flash Player zero-day exploit discovered among the files and the third overall—researchers also found a zero-day exploit for a vulnerability in Windows.A zero-day exploit is a previously unknown vulnerability for which a patch does not exist.To read this article in full or to leave a comment, please click here

VMware patches vulnerabilities in Workstation, Player, Fusion and Horizon View Client

VMware released patches for serious vulnerabilities in several of its products that could lead to arbitrary code execution, privilege escalation on the host OS and denial of service.VMware Workstation and Horizon View Client for the Windows platform had multiple memory manipulation issues that could allow a guest to execute code on the host OS or to trigger a denial-of-service condition. Workstation, Player, and Fusion also had a flaw that could enable a denial-of-service attack against the guest or host operating systems.To address the code execution issue, VMware released Workstation 11.1.1 and 10.0.6; VMware Player 7.1.1 and 6.0.6; and Horizon Client for Windows 3.4.0, 3.2.1 and 5.4.2 (with local mode). The company also fixed the separate denial-of-service issue in VMware Workstation 10.0.5 and VMware Player 6.0.6 for all platforms and Fusion 7.0.1 and 6.0.6 for OS X.To read this article in full or to leave a comment, please click here

OpenSSL fixes serious flaw that could enable man-in-the-middle attacks

A flaw in the widely used OpenSSL library could allow man-in-the-middle attackers to impersonate HTTPS servers and snoop on encrypted traffic. Most browsers are not affected, but other applications and embedded devices could be.The OpenSSL 1.0.1p and 1.0.2d versions released Thursday fix an issue that could be used to bypass certain checks and trick OpenSSL to treat any valid certificates as belonging to certificate authorities. Attackers could exploit this to generate rogue certificates for any website that would be accepted by OpenSSL.“This vulnerability is really only useful to an active attacker, who is already capable of performing a man-in-the-middle (MITM) attack, either locally or upstream from the victim,” said Tod Beardsley, security engineering manager at Rapid7, via email. “This limits the feasibility of attacks to actors who are already in a privileged position on one of the hops between the client and the server, or is on the same LAN and can impersonate DNS or gateways.”To read this article in full or to leave a comment, please click here

Emergency Flash Player updates fix vulnerability used in widespread attacks

Adobe Systems was forced to rush the release of a Flash Player update after an exploit for a previously unknown vulnerability was leaked on the Internet and quickly adopted by cybercriminals.Users are advised to upgrade to the newly released Flash Player 18.0.0.203 for Windows and Mac, Flash Player 11.2.202.481 for Linux, or Flash Player 13.0.0.302, if they’re on the extended support channel.The Flash Player plug-in bundled with Google Chrome and Internet Explorer on Windows 8.x will be automatically updated.The company also released version 18.0.0.180 of the AIR runtime, AIR SDK and AIR SDK & Compiler, because these products also bundle Flash Player.To read this article in full or to leave a comment, please click here

Hacker group that hit Twitter, Facebook, Apple and Microsoft intensifies attacks

The hackers that targeted Twitter, Facebook, Apple and Microsoft developers two years ago have escalated their economic espionage efforts as they seek confidential business information and intellectual property they can profit from.The group, which security researchers from Kaspersky Lab and Symantec call Wild Neutron or Morpho, has broken into the networks of over 45 large companies since 2012.After the 2013 attacks against Twitter, Facebook, Apple and Microsoft were highly publicized, the group went underground and temporarily halted its activity. However, its attacks resumed in 2014 and have since intensified, according to separate reports released Wednesday by Kaspersky Lab and Symantec.To read this article in full or to leave a comment, please click here

1 49 50 51 52 53 58