It took just a day for cybercriminals to start using a new and yet-to-be-patched Flash Player exploit that was leaked from a surveillance software developer.The exploit was found by security researchers yesterday among the 400GB worth of files stolen recently from Hacking Team, an Italian company that develops and sells intrusion and surveillance software to government agencies.Adobe Systems confirmed the vulnerability, which received the identifier CVE-2015-5119, and is planning to release a patch for it later today. However, cybercriminals have already jumped on the opportunity to use it to infect computers with malware on a large scale.To read this article in full or to leave a comment, please click here
Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.There are also reports of exploits for a vulnerability in Windows and one in SELinux, a Linux kernel security module that enforces access control policies. The flaws were supposedly used by the company’s customers to silently deploy its software on computers belonging to surveillance targets.Hacking Team was incorporated as HT in Milan and develops a computer surveillance program called Remote Control System (RCS), or Galileo. The system is sold to law enforcement and other government agencies from around the world, along with access to computer intrusion tools that are needed to deploy it.To read this article in full or to leave a comment, please click here
Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.OpenSSL implements multiple cryptographic protocols and algorithms including TLS (Transport Layer Security), which underpins encryption on the Web as part of protocols like HTTPS (HTTP Secure), IMAPS (Internet Message Access Protocol Secure) and SMTPS (Simple Mail Transfer Protocol Secure).The project didn’t say which part of the library is affected, but high severity flaws in OpenSSL are usually a big deal, especially if they impact TLS.To read this article in full or to leave a comment, please click here
The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free.The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according to a malware research outfit called Malware Must Die (MMD). The leak was kept under wraps by the researchers as they tried to stop the files from becoming widely available, an effort that ultimately exceeded their resources.As a result, the group decided to go public with the information Sunday in order to alert the whole security community so that mitigation strategies can be developed.To read this article in full or to leave a comment, please click here
Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.The new and somewhat surprising behavior was recently observed by a malware researcher known online as Kafeine, who specializes in tracking drive-by download attacks that use exploit kits.Kovter is used for so-called click or advertising fraud. Once installed on a computer, it hijacks the browser process and uses it to simulate user clicks on online advertisements in order to generate revenue for its creators.To read this article in full or to leave a comment, please click here
Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.The Cisco Unified CDM is part of the Cisco Hosted Collaboration System and provides automation and administrative functions for the Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Jabber applications, associated phones and software clients.The privileged account is created when Unified CDM is first installed and cannot be changed or removed without affecting the system’s functionality—although exactly how, Cisco didn’t say in its security advisory. The only solution, the company said, is to install the patches it released.To read this article in full or to leave a comment, please click here
Servers could be haunted by a ghost from the 1980s, as hackers have started abusing an obsolete routing protocol to launch distributed denial-of-service attacks.DDoS attacks observed in May by the research team at Akamai abused home and small business (SOHO) routers that still support Routing Information Protocol version 1 (RIPv1). This protocol is designed to allow routers on small networks to exchange information about routes.RIPv1 was first introduced in 1988 and was retired as an Internet standard in 1996 due to multiple deficiencies, including lack of authentication. These were addressed in RIP version 2, which is still in use today.To read this article in full or to leave a comment, please click here
A hacker group known as Team GhostShell is publishing snippets of sensitive data allegedly stolen from the databases of hundreds of compromised websites.The group, which previously targeted government organizations, law enforcement agencies and companies from various industries in 2012, announced in March 2013 that it was halting its activities.In a surprise return Monday the group started posting on Twitter the names of websites it claims to have hacked as part of a new campaign, along with links to samples of data extracted from their databases.So far the group has published the names of over 450 websites, but claims that it has hacked many more. The alleged victims range from companies to education institutions and government organizations from different countries.To read this article in full or to leave a comment, please click here
Apple released patches for several exploits that could allow maliciously crafted applications to destroy apps that already exist on devices, access their data or hijack their traffic, but a large number of iOS devices are still vulnerable.The vulnerabilities allow for so-called Masque attacks because they involve the impersonation of existing apps or their components. Three of them were patched in iOS version 8.1.3 that was released in January and two newer ones were patched in iOS 8.4, released Tuesday.In order to attack iOS devices with these flaws, hackers would have to trick their owners into installing rogue apps through the enterprise provisioning system. Companies use this mechanism to deploy in-house developed apps that are not published on the official App Store.To read this article in full or to leave a comment, please click here
Cisco Systems plans to pay $635 million in cash to buy OpenDNS, a company that leverages the Domain Name System (DNS) to provide security services including Web filtering, threat intelligence and malware and phishing protection.The DNS is a core Internet protocol. It’s used to translate Web addresses that are easy for people to remember, like website names, into numerical IP (Internet Protocol) addresses that computers need to communicate with each other.OpenDNS customers configure their computers or networks to use the company’s DNS resolution servers instead of the ones provided by their ISPs and this allows OpenDNS to provide additional services.To read this article in full or to leave a comment, please click here
Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.On Saturday, a malware researcher known online as Kafeine spotted a drive-by download attack done with the Magnitude exploit kit that was exploiting a Flash Player vulnerability patched Tuesday.The flaw, tracked as CVE-2015-3113 in the Common Vulnerabilities and Exposures database, had zero-day status—that is, it was previously unpatched—when Adobe released a patch for it. It had already been exploited by a China-based cyberespionage group for several weeks in targeted attacks against organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.To read this article in full or to leave a comment, please click here
Despite a big push over the past few years to use encryption to combat security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures in business applications.The scale of the problem is significant. Cryptographic issues are the second most common type of flaws affecting applications across all industries, according to a report this week by application security firm Veracode.The report is based on static, dynamic and manual vulnerability analysis of over 200,000 commercial and self-developed applications used in corporate environments.To read this article in full or to leave a comment, please click here
A computer Trojan that hides its malicious code inside PNG image files counts healthcare organizations in the U.S. among its primary targets.The Stegoloader Trojan uses digital steganography techniques to sneak past computer and network defenses. It originally appeared in 2012, but has seen a resurgence over the past several months.According to a recent report from Dell SecureWorks, the Trojan is designed to steal files, information and passwords from infected systems, but has additional modules that extend its functionality.To read this article in full or to leave a comment, please click here
Several antivirus products from security firm ESET had a critical vulnerability that was easy to exploit and could lead to a full system compromise.The discovery of the flaw, which has now been patched, comes on the heels of a report that intelligence agencies from the U.K. and the U.S. are reverse engineering antivirus products in search for vulnerabilities and methods to bypass detection.The vulnerability in ESET products was discovered by Google security engineer Tavis Ormandy and was located in their emulator, the antivirus component responsible for unpacking and executing potentially malicious code inside a safe environment so that it can be scanned.To read this article in full or to leave a comment, please click here
Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group.Over the past several weeks, a hacker group identified as APT3 by security firm FireEye has used the vulnerability to attack organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.The hacking group targeted the companies with generic phishing emails that contained a link to a compromised server, researchers from FireEye said in a blog post Tuesday. The server used JavaScript code to profile potential victims and then served the Flash exploit to the ones meeting attackers’ criteria, the company said.To read this article in full or to leave a comment, please click here
Government organizations are struggling when it comes to securing the computer software they use, which could partially explain the large data breaches reported in that sector over the past several years.Three out of four applications used by government organizations are not compliant with one of the primary software security policies and most of the flaws found in them never get fixed, according to a report released Tuesday by U.S.-based application security firm Veracode.The report is based on an analysis of more than 200,000 applications over the past 18 months that are used by organizations in various industries. The tests were performed using Veracode’s cloud-based application security testing platform that uses static analysis, dynamic analysis and manual penetration testing techniques.To read this article in full or to leave a comment, please click here
LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw’s Chopin airport on Sunday after hackers attacked its ground computer systems.The IT attack, which was not described in detail, left the company unable to create flight plans for outbound flights, grounding around 1,400 passengers.The company said that plane systems were not affected and aircraft that were already in the air were able to continue their flight or to land. The incident only affected the ability of planes to depart from the airport for several hours.It’s not clear what kind of attack it was and whether it was the hackers’ intention to ground planes or if the systems were taken offline as part of incident response procedures.To read this article in full or to leave a comment, please click here
Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.Even worse, these software makers wouldn’t be able to tell which of their applications are affected by a known component flaw even if they wanted to because of poor inventory practices.Last year, large software and financial services companies downloaded 240,757 components on average from one of the largest public repositories of open-source Java components. Over 15,000 of those components, or 7.5 percent, had known vulnerabilities, according to Sonatype, the company that manages the repository.To read this article in full or to leave a comment, please click here
Windows 10 will have a new mechanism that will allow software developers to integrate their applications with whatever antimalware programs exist on users’ computers.The goal of the new Antimalware Scan Interface (AMSI) is to let applications send content to the locally installed antivirus product to be checked for malware.According to Microsoft, this can have important benefits when dealing with script content in particular, because malicious scripts are commonly obfuscated to bypass antivirus detection. Scripts also typically get executed in the memory of the applications that are designed to interpret them, so they don’t create files on disk for antivirus programs to scan.To read this article in full or to leave a comment, please click here
The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran.On Wednesday, Moscow-based antivirus firm Kaspersky Lab, which has been deeply involved in exposing sophisticated cyberespionage campaigns over the past few years, revealed that it too fell victim to such an attack.The company discovered in early spring that several of its internal systems were infected with a new version of Duqu, a sophisticated malware platform believed to be related to the Stuxnet worm used to sabotage Iran’s nuclear enrichment centrifuges at Natanz.To read this article in full or to leave a comment, please click here
Lucian Constantin