Lucian Constantin

Author Archives: Lucian Constantin

VMware patches virtual machine escape issue on Windows

VMware has released security updates for several of its virtualization products in order to address critical vulnerabilities that could allow attackers to break out of virtual machines and execute rogue code on the host operating systems.The code execution flaws affect the Windows versions of VMware Workstation, VMware Player and VMware Horizon Client. They were discovered by Kostya Kortchinsky of the Google Security Team and stem from a printer virtualization feature that allows a virtual machine’s guest OS to access the printer attached to the host computer.“On VMware Workstation 11.1, the virtual printer device is added by default to new VMs, and on recent Windows Hosts, the Microsoft XPS Document Writer is available as a default printer,” Kortchinsky explained in an advisory. “Even if the VMware Tools are not installed in the Guest, the COM1 port can be used to talk to the Host printing Proxy.”To read this article in full or to leave a comment, please click here

The Duqu cyberespionage group compromised venues hosting Iran nuclear negotiations

A state-sponsored espionage group that uses a malware platform called Duqu has compromised the computer networks of several hotels and venues that hosted negotiations over Iran’s nuclear program.The attacks that took place in 2014 and this year involved the use of a new version of the Duqu cyberespionage malware, according to antivirus firm Kaspersky Lab, which also found the malware on its own systems.Kaspersky Lab discovered in early spring that several of its internal systems had been compromised and the subsequent investigation resulted in the identification of what the company now calls Duqu 2.0.Duqu is a highly sophisticated malware platform used for cyberespionage that was originally found in 2011. It is believed to be related to Stuxnet, the computer worm developed by the U.S. and Israel to sabotage Iran’s nuclear program.To read this article in full or to leave a comment, please click here

European authorities bust cybercrime gang that hijacked business payments

Police in several European countries arrested 49 suspected members of a gang they say broke into corporate email accounts, using them to divert payments from business customers.The gang operated in Italy, Spain, Poland, the U.K., Belgium and Georgia, according to Eurojust and Europol, the two agencies that coordinated and provided support to the police operation on the ground.The gang’s members, who were mainly from Nigeria, Cameroon and Spain, used malware and social engineering to compromise the computers of various large European companies. They then gained access to corporate email accounts and monitored them for payment-related communications from customers.To read this article in full or to leave a comment, please click here

Adobe fixes Flash Player flaws that could lead to info theft, malware attacks

Adobe Systems fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure.Users should upgrade to Flash Player 18.0.0.160 for Windows and Mac, Adobe Flash Player 11.2.202.466 for Linux, or Flash Player 13.0.0.292 if they are on the extended support release channel.Users of Internet Explorer on Windows 8.x and Google Chrome on Windows, Linux and Mac will receive the Flash Player update for their respective browser automatically.Adobe also released updates for the AIR runtime on Windows, Mac and Android, as well AIR SDK and Compiler, because these programs bundle Flash Player.To read this article in full or to leave a comment, please click here

Cybercriminals increasingly target point of sales systems

The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America—but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world.Hacked point-of-sale (PoS) terminals were responsible for 65 percent of the data compromises investigated by security firm Trustwave last year in North America, compared to only 10 percent in Europe, Middle East and Africa and 11 percent in the Asia and Pacific region. Worldwide, the company investigated 574 breaches, half of them in the U.S.The difference between PoS breach numbers in North America and other regions is largely due to a payment card standard called EMV (Europay, MasterCard, and Visa), which mandates the use of electronic chips in cards for antifraud protection. These are also called Chip-and-PIN or Chip-and-Signature cards and they have only recently started to be introduced in the U.S. and Canada.To read this article in full or to leave a comment, please click here

Memory scraping malware targets Oracle Micros point-of-sale customers

A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products.Micros, which was acquired by Oracle last year, develops front and back office customer service systems that are popular in the hospitality, food and retail industries. Its technology is used at over 330,000 customer sites in 180 countries, according to the company.Security researchers from antivirus firm Trend Micro recently came across a highly configurable memory scraping malware program that they dubbed MalumPoS.This kind of program monitors the memory of other processes for payment card track data—the information that’s encoded on the magnetic stripe of payment cards and which can be used to clone them.To read this article in full or to leave a comment, please click here

Hacker turns toy into tool that can open garage doors in seconds

Owners of fixed-code garage door openers might want to consider upgrading them because a researcher has developed a technique that guesses the numbers in seconds.To showcase the new attack, which he dubbed Open Sesame, security researcher Samy Kamkar reprogrammed a children's toy designed for short-distance texting called Radica Girl Tech IM-me because it has all the needed wireless components and because "it's pink," his favorite color.With a fixed-code garage door opener, the remote control, or "clicker" always transmits the same 8 to 12-bit binary code. For a 12-bit code, there are 4,096 possible combinations -- strings of 1s and 0s.To read this article in full or to leave a comment, please click here

Researcher warns popular gaming plug-in puts millions of web users at risk from data thieves

A researcher is warning that a gaming plug-in installed on over 200 million PCs contains a flaw that could let attackers steal users’ data from websites they’re logged into, such as their Web mail and social networking accounts.The technology in question, from Unity Technologies, is used by hundreds of thousands of developers to create online games and other interactive 3D content. The flaw, which the researcher says hasn’t been patched yet, is located in the Unity Web Player, a plug-in that needs to be installed inside browsers in order to display Unity-based Web apps.Unity Technologies, based in San Francisco, didn’t immediately respond to a request for comment.To read this article in full or to leave a comment, please click here

Users with weak SSH keys had access to GitHub repositories for popular projects

A number of high-profile source-code repositories hosted on GitHub could have been modified using weak SSH authentication keys, a security researcher has warned.The potentially vulnerable repositories include those of music streaming service Spotify, the Russian Internet company Yandex, the U.K. government and the Django Web application framework.Earlier this year, researcher Ben Cox collected the public SSH (Secure Shell) keys of users with access to GitHub-hosted repositories by using one of the platform’s features. After an analysis, he found that the corresponding private keys could be easily recovered for many of them.The SSH protocol uses public-key cryptography, which means that authenticating users and encrypting their connections requires a private-public key pair. The server configured to accept SSH connections from users needs to know their respective public keys and the users need to have the corresponding private keys.To read this article in full or to leave a comment, please click here

Fraud campaign installs rogue app on non-jailbroken iPhones

Cybercriminals in Japan are targeting iPhone users with an online scam that tricks them into installing a malicious application when they attempt to view porn videos.This type of attack, known as one-click fraud, is not new and has been used for years against Windows, Mac and Android users. However, what’s interesting in this particular case is that it works even against non-jailbroken iPhones.Apple tightly controls how iOS apps are distributed to users by forcing developers to publish them on the official App Store where they are subject to Apple’s review procedures. However, there are exceptions to this rule in the form of special development programs for which participants have to pay extra.To read this article in full or to leave a comment, please click here

New SOHO router security audit uncovers over 60 flaws in 22 models

In yet another testament of the awful state of home router security, a group of security researchers uncovered more than 60 vulnerabilities in 22 router models from different vendors, most of which were distributed by ISPs to customers.The researchers performed the manual security review in preparation for their master’s thesis in IT security at Universidad Europea de Madrid in Spain. They published details about the vulnerabilities they found Sunday on the Full Disclosure security mailing list.The flaws, most of which affect more than one router model, could allow attackers to bypass authentication on the devices; inject rogue code into their Web-based management interfaces; trick users into executing rogue actions on their routers when visiting compromised websites; read and write information on USB storage devices attached to the affected routers; reboot the devices, and more.To read this article in full or to leave a comment, please click here

Tor connections to hidden services could be easy to de-anonymize

Identifying users who access Tor hidden services—websites that are only accessible inside the Tor anonymity network—is easier than de-anonymizing users who use Tor to access regular Internet websites.Security researchers Filipo Valsorda and George Tankersley showed Friday at the Hack in the Box security conference in Amsterdam why Tor connections to hidden services are more vulnerable to traffic correlation attacks.One of Tor’s primary goals is to provide anonymity for Internet users. This is achieved by routing their Web traffic through a series of randomly chosen nodes or relays before passing it back onto the public Internet.To read this article in full or to leave a comment, please click here

Like routers, most USB modems also vulnerable to drive-by hacking

The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.The flaws could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS (Domain Name System) configuration of affected modems, but also to execute arbitrary commands on their underlying operating systems. In some cases, the devices can be turned into malware delivery platforms, infecting any computers they’re plugged into.Russian security researchers Timur Yunusov and Kirill Nesterov presented some of the flaws and attacks that can be used against USB modems Thursday at the Hack in the Box security conference in Amsterdam.To read this article in full or to leave a comment, please click here

Synology patches serious flaws in its network-attached storage devices

Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices’ software, one of which could allow attackers to compromise the data stored on them.The most serious vulnerability is located in the Synology Photo Station, a feature of DiskStation Manager (DSM), the Linux-based operating system that runs on the company’s NAS devices.Synology Photo Station allows users to create online photo albums and blogs that can be accessed remotely using the NAS device’s public IP (Internet Protocol) address.Researchers from Dutch firm Securify found that Photo Station did not properly sanitize user input, allowing potential attackers to inject system commands that would be executed with the privileges of the Web server.To read this article in full or to leave a comment, please click here

Attackers use email spam to infect point-of-sale terminals with new malware

Cybercriminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice.Researchers from security firm FireEye recently came across a spam campaign that used rogue email messages masquerading as job inquiries.The emails had fake resumes attached that were actually Word documents with an embedded malicious macro. If allowed to run, the macro installed a program that downloaded additional malware from a remote server.Among those additional programs, the FireEye researchers identified a new memory-scraping malware threat that steals payment card data from PoS terminals. They’ve dubbed the new threat NitlovePOS.To read this article in full or to leave a comment, please click here

Large scale attack hijacks routers through users’ browsers

Cybercriminals have developed a Web-based attack tool to hijack routers on a large scale when users visit compromised websites or view malicious advertisements in their browsers.The goal of these attacks is to replace the DNS (Domain Name System) servers configured on routers with rogue ones controlled by attackers. This allows hackers to intercept traffic, spoof websites, hijack search queries, inject rogue ads on Web pages and more.The DNS is like the Internet’s phonebook and plays a critical role. It translates domain names, which are easy for people to remember, into numerical IP (Internet Protocol) addresses that computers need to know to communicate with each other.To read this article in full or to leave a comment, please click here

Factory reset in Android phones leaves sensitive user data behind

It’s common sense to reset an Android phone to its factory state before selling or disposing of it. But beware, researchers recently found that this often fails to properly wipe all sensitive user data from the device.A test on 21 second-hand smartphones running Android versions between 2.3.x (Gingerbread) and 4.3 (Jelly Bean) revealed that it’s possible to recover emails, text messages, Google access tokens and other sensitive data after the factory reset function had been used.The study was done by researchers Laurent Simon and Ross Anderson from the University of Cambridge in the U.K. on used devices bought from eBay between January and May 2014. The devices included models from Samsung Electronics, HTC, LG Electronics, Motorola and three from Google’s Nexus line of phones.To read this article in full or to leave a comment, please click here

Netgear and ZyXEL confirm NetUSB flaw, are working on fixes

Networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB.ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year.The vulnerability, tracked as CVE-2015-3036, is located in a Linux kernel module called NetUSB that’s commonly used in routers and other embedded devices. The module is developed by a Taiwan-based company called KCodes Technology and allows routers to share USB devices with other computers via the Internet Protocol (IP).To read this article in full or to leave a comment, please click here

Android stock browser vulnerable to URL spoofing

A vulnerability in Android’s default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.Google released patches for the flaw in April, but many phones are likely still affected, because manufacturers and carriers typically are slow to develop and distribute Android patches.The vulnerability was discovered by a researcher named Rafay Baloch and was privately reported to Google with the help of security firm Rapid7.Baloch discovered the flaw on Android 5.0 Lollipop, which uses Chrome as its default browser, but then also confirmed it in the stock browser in older Android versions.To read this article in full or to leave a comment, please click here

First software update for Apple Watch includes security fixes

You might not be used to the idea of a watch endangering your digital life, but you should: Apple’s first update for Watch OS includes 14 security patches, and they’re not trivial.Watch OS 1.0.1, released Tuesday, brings several performance improvements and support for additional languages, but it also fixes 13 vulnerabilities that could enable arbitrary code execution, information disclosure, denial of service, traffic hijacking, privilege escalation and other attacks, and also updates the list of root CA certificates trusted by default on the device.To read this article in full or to leave a comment, please click here

1 51 52 53 54 55 58