Lucian Constantin

Author Archives: Lucian Constantin

Critical vulnerability in NetUSB driver exposes millions of routers to hacking

Millions of routers and other embedded devices are affected by a serious vulnerability that could allow hackers to compromise them.The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more.NetUSB is implemented in Linux-based embedded systems, such as routers, as a kernel driver. The driver is developed by Taiwan-based KCodes Technology. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients.To read this article in full or to leave a comment, please click here

URL-spoofing bug in Safari could enable phishing attacks

The latest versions of Safari for Mac OS X and iOS are vulnerable to a URL-spoofing exploit that could allow hackers to launch credible phishing attacks.The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit for it. Leo’s demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar.The ability to control the URL shown by the browser can, for example, be used to easily convince users that they are on a bank’s website when they are actually on a phishing page designed to steal their financial information.To read this article in full or to leave a comment, please click here

In desperation, many ransomware victims plead with attackers

The shamelessness of ransomware pushers knows no bounds. After encrypting people’s files and then holding them to ransom, they portray themselves as service providers offering technical support and discounts to their “customers.”Researchers from FireEye recently collected messages from a Web site set up by the creators of a ransomware program called TeslaCrypt to interact with their victims. The messages offer a rare glimpse into the mindset of these cybercriminals and the distress they cause.To read this article in full or to leave a comment, please click here

Sally Beauty confirms second payment card breach

Sally Beauty Holdings has confirmed that hackers broke into its payment systems and stole customer card data. About a year ago the retail chain suffered a similar intrusion.The company launched an investigation in early May after receiving reports of unusual activity involving payment cards used at some of its stores. While it now has sufficient evidence to confirm an illegal intrusion, the company declined to comment on the breach’s scope until the forensics investigation is complete.To read this article in full or to leave a comment, please click here

Asian nations increasingly hit by espionage groups

Multiple cyberespionage groups are specifically targeting government and military organizations from countries in Asia and the Pacific region with the goal of gathering geo-political intelligence, according to new security research.Some of the groups have been active for years, but the extent of their operations are only now coming to light.One Chinese-speaking group, dubbed Naikon, has been operating for five years and has had a “high volume, high profile, geo-political attack activity,” researchers from Kaspersky Lab said Thursday in a report.The group has targeted top-level government, military and civilian organizations from the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar (Burma), Singapore, Nepal, Thailand, Laos and China.To read this article in full or to leave a comment, please click here

Critical VM escape vulnerability impacts business systems, data centers

A critical vulnerability in code used by several virtualization platforms can put business information stored in data centers at risk of compromise.The flaw, dubbed Venom but tracked as CVE-2015-3456, can allow an attacker to break out from the confines of a virtual machine (VM) and execute code on the host system.This security boundary is critical in protecting the confidentiality of data in data centers, where virtualization is extensively used to allow different tenants to run servers on the same physical hardware.The flaw is located in the virtual Floppy Disk Controller (FDC) code from the QEMU open source machine emulator and virtualizer. The code is also used by the Xen, KVM and other virtualization platforms.To read this article in full or to leave a comment, please click here

Microsoft fixes 46 flaws in Windows, IE, Office, other products

Fourteen critical vulnerabilities in Internet Explorer were among the targets of Microsoft’s monthly batch of security patches released Tuesday. In all, it fixed 46 vulnerabilities across products including Windows, Internet Explorer and Office.The patches were organized in 13 security bulletins, three flagged as critical and ten as important. The critical bulletins, MS15-043, MS15-044 and MS15-045, cover remote code execution vulnerabilities in Windows, IE, Office, Microsoft .NET Framework, Microsoft Lync and Silverlight.To read this article in full or to leave a comment, please click here

Russian cyber group seen preparing to attack banks

A security firm is warning that a group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the U.S. and elsewhere.The group’s preparations, which have included writing new malware, registering domain names similar to those of intended targets, and setting up command-and-control servers, were discovered by analysts from security firm Root9B.The group has been active since at least 2007 and is known by various names including APT28 and Pawn Storm. Several security vendors believe it operates out of Russia and has possible ties to that country’s intelligence agencies.To read this article in full or to leave a comment, please click here

Anonymous-tied DDoS botnet shows insecure routers are legion

Tens of thousands of home routers have been infected with malware, and are being used by hackers to launch distributed denial-of-service (DDoS) attacks, including by the hacktivist group Anonymous.The router-based botnet was discovered by Web security firm Incapsula while investigating a series of DDoS attacks against dozens of its customers that have been going on since late December.Incapsula’s researchers traced the malicious traffic back to routers made by Ubiquiti Networks and distributed by ISPs around the world to their customers.The devices had DDoS malware programs installed on them—usually more than one—including some that reported back to an IRC (Internet Relay Chat) network and channel called AnonOps, the researchers said in a report published Tuesday.To read this article in full or to leave a comment, please click here

Controversial MacKeeper security program opens critical hole on Mac computers

A critical vulnerability in MacKeeper, a controversial security program for Mac computers, could let attackers execute malicious commands on Macs when their owners visit specially crafted Web pages.MacKeeper’s developers acknowledged the recently discovered problem and released a fix for it Friday, saying in a blog post that users should run MacKeeper Update Tracker and install version 3.4.1 or later.MacKeeper registers itself as the handler for a custom URL scheme, allowing websites to automatically call the application through the browser.Researcher Braden Thomas found an issue in the program’s validation of such URLs that makes it possible for attackers to execute arbitrary commands with root privilege when MacKeeper users visit a specially crafted website in Safari. As a proof of concept, he posted a link on Twitter that automatically executes a command to remove MacKeeper when clicked.To read this article in full or to leave a comment, please click here

GPU malware can also affect Windows PCs, possibly Macs

A team of anonymous developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. A Mac OS X implementation is also in the works.The developers are trying to raise awareness that malware can infect GPUs and that the security industry is not ready for it. Their goal isn’t to tip off malicious hackers, but the source code they released, while incomplete and buggy by design, could potentially be built upon and used for illegal purposes.The problem the developers are trying to highlight lies not with the operating systems, such as Windows or Linux, nor with the GPU (graphics processor unit) vendors, but rather with existing security tools, which aren’t designed to scan the random access memory (RAM) used by GPUs for malware code.To read this article in full or to leave a comment, please click here

Visitors to top porn sites hit by malvertising attack

In the latest attack involving malicious advertisements, hackers managed to launch Flash Player exploits against the visitors of several popular porn websites.It’s not clear how many users were impacted, but the affected websites have over 250 million monthly visits combined, according to researchers from Malwarebytes who spotted and analyzed the attack.The malicious ads were posted through an advertising network called AdXpansion that was abused in similar incidents in the past.The attackers managed to distribute through the network a Flash-based ad that attempted to exploit a vulnerability in Flash Player.The flaw affects Flash Player through version 17.0.0.134, which was released within the last two months, the Malwarebytes researchers said in a blog post Thursday. Affected sites listed in the blog post include Drtuber.com, Nuvid.com, Hardsextube.com and Justporno.tv.To read this article in full or to leave a comment, please click here

New Linux rootkit leverages GPUs for stealth

A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden.The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs (graphics processing units) is a viable option. This is possible because dedicated graphics cards have their own processors and RAM.Such threats could be more sinister than traditional malware programs, according to the Jellyfish developers. For one, there are no tools to analyze GPU malware, they said.Also, such rootkits can snoop on the host’s primary memory, which is used by most other programs, via DMA (direct memory access). This feature allows hardware components to read the main system memory without going through the CPU, making such operations harder to detect.To read this article in full or to leave a comment, please click here

WordPress fixes actively exploited flaw

A new WordPress version released Thursday fixes two critical cross-site scripting (XSS) vulnerabilities that could allow attackers to compromise websites.One of the flaws is located in the Genericons icon font package that is used by several popular themes and plug-ins, including the default TwentyFifteen WordPress theme.Researchers from Web security firm Sucuri warned Wednesday that they’ve already seen attacks targeting this XSS vulnerability.To exploit it, attackers need to trick users to click on specifically crafted links, but once they do that, they can leverage the flaw to steal authentication cookies. If the victim is a website’s administrator, they could gain full control over that website.To read this article in full or to leave a comment, please click here

Superfish injects ads in one in 25 Google page views

Over five percent of browser visits to Google owned websites, including Google Search, are altered by computer programs that inject ads into pages. One called Superfish is responsible for a majority of those ad injections.The findings are the result of a study by Google and researchers from the University of California at Berkeley and Santa Barbara, who analyzed over 102 million page views to Google sites between June and September last year.Google added code to its websites that detected and reported back when ads were injected into pages by programs or browser extensions. This revealed that locally installed ad injectors interfered with 5,339,913 page views (5.2 percent of the total), impacting tens of millions of users around the world—or 5.5 percent of unique daily Internet Protocol addresses that accessed Google’s sites.To read this article in full or to leave a comment, please click here

Companies are falling behind on securing their SAP environments

More than 95 percent of SAP systems deployed in enterprises are exposed to vulnerabilities that could lead to a full compromise of business data, a security firm claims.Onapsis, a Boston-based company that specializes in SAP security audits, also found that the average time-to-patch for SAP vulnerabilities is more than 18 months—12 months for SAP to issue fixes and 6 months for companies to deploy them.This suggests that many companies are falling behind on SAP security, even though these systems hold some of their most critical and confidential information.To read this article in full or to leave a comment, please click here

The Internet of Things to take a beating in DefCon hacking contest

Hackers will put Internet-connected embedded devices to the test at the DefCon 23 security conference in August. Judging by the results of previous Internet-of-Things security reviews, prepare for flaws galore.This year, DefCon, the largest hacker convention in the U.S., will host a so-called IoT Village, a special place to discuss, build and break Internet-of-Things devices.“Show us how secure (or insecure) IP enabled embedded systems are,” a description of the new village reads. “Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs—If it is IP enabled, we’re interested.”To read this article in full or to leave a comment, please click here

Cybercriminals borrow from APT playbook in attack against PoS vendors

Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns.This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market.A recent example of such behavior was seen in a cybercriminal attack against vendors of point-of-sale systems that researchers from RSA documented last week.The attackers sent emails to specific vendors impersonating small businesses such as restaurants. This technique, known as spear-phishing, is typically associated with advanced persistent threats (APTs)—highly targeted, customized attacks whose goal is usually long-term cyberespionage.To read this article in full or to leave a comment, please click here

Researchers play cat and mouse with Google’s anti-phishing Chrome extension

For the past several days security researchers have raced to demonstrate that phishing protections added by a new Google Chrome extension can be bypassed with ease.The Password Alert extension, developed by Google and released Wednesday, is designed to alert Chrome users when they input their Gmail passwords on websites that don’t belong to Google and are therefore part of phishing attacks.By Thursday, an information security consultant named Paul Moore had already devised a method that attackers could use to block the extension’s alerts.To read this article in full or to leave a comment, please click here

WordPress e-commerce plug-in puts over 5,000 websites at risk

TheCartPress, an e-commerce plug-in used on thousands of WordPress-based websites, has several high-risk vulnerabilities.There are currently no fixes available for the flaws and, according to its developer, support for the plug-in will be discontinued on June 1st.The vulnerabilities could allow attackers to “execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting [XSS] attacks against users of WordPress installations with the vulnerable plug-in,” researchers from security firm High-Tech Bridge said in an advisory Wednesday.There are factors that limit the exploitation of some of the flaws, but they still pose a significant risk.To read this article in full or to leave a comment, please click here

1 52 53 54 55 56 58