Microsoft is taking a hard stance against advertisements that trick users into visiting malicious websites or downloading potentially harmful applications.The effects will be seen in Internet Explorer, whose SmartScreen Filter feature will enforce new rules against misleading ads beginning June 1. The filter will display warnings to users when they encounter such ads.“There has been a recent increase in the number of online advertisements that are intentionally misleading in nature,” Microsoft said in a blog post Tuesday. “Weve found that these types of advertisements often try to convince a user to do something, the consequences of which they may not fully understand, such as visiting an infected website or downloading a program that can negatively impact their browsing experience.”To read this article in full or to leave a comment, please click here
The software that controls wireless networking chipsets made by Realtek Semiconductor contains a critical vulnerability that could allow attackers to compromise home routers.The flaw exists in a firmware component called miniigd that’s present in router models based on Realtek chipsets. The component is part of the software development kit (SDK) for RTL81xxx chipsets that Realtek provides to router manufacturers.The vulnerability was discovered by Ricky Lawshae, a researcher with Hewlett-Packard’s TippingPoint Digital Vaccine Labs (DVLabs) which runs the well-known Zero-Day Initiative (ZDI) bug bounty program.“An attacker could leverage this vulnerability to execute code with root privileges,” the ZDI team said in an advisory published Friday. Exploitation does not require authentication, it said.To read this article in full or to leave a comment, please click here
Some users whose computers have been infected with a ransomware program called TeslaCrypt might be in luck: security researchers from Cisco Systems have developed a tool to recover their encrypted files.TeslaCrypt appeared earlier this year and masquerades as a variant of the notorious CryptoLocker ransomware. However, its authors seemed intent on targeting gamers in particular.Once installed on a system, the program encrypts files with 185 different extensions, over 50 of which are associated with computer games and related software, including user-generated content like game saves, maps, profiles, replays and mods.To read this article in full or to leave a comment, please click here
Attackers can potentially snoop on the encrypted traffic of over 25,000 iOS applications due to a vulnerability in a popular open-source networking library.The vulnerability stems from a failure to validate the domain names of digital certificates in AFNetworking, a library used by a large number of iOS and Mac OS X app developers to implement Web communications—including those over HTTPS (HTTP with SSL/TLS encryption).The flaw allows attackers in a position to intercept HTTPS traffic between a vulnerable application and a Web service to decrypt it by presenting the application with a digital certificate for a different domain name. Such man-in-the-middle attacks can be launched over insecure wireless networks, by hacking into routers or through other methods.To read this article in full or to leave a comment, please click here
Romanian authorities have detained 25 people who are suspected of being members of an international gang of cyberthieves who hacked into banks, cloned payment cards and used them to steal over US$15 million.The group is believed to have over 52 members of Romanian and other nationalities, and broke into computer systems belonging to banks from Puerto Rico, a U.S. territory, and Muscat, Oman, according to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT).The hackers used the unauthorized access to steal payment card data associated with the accounts of large corporations and then used the data to create fraudulent copies of those cards. The cloned cards were distributed to members of the group who used them to withdraw money from ATMs in different countries, DIICOT said Sunday.To read this article in full or to leave a comment, please click here
Some of the world’s leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed.Despite law enforcement efforts to disrupt ransomware operations, the prevalence of such programs continued to grow last year, according to a report published Thursday by antivirus vendor F-Secure.A family of ransomware programs known as Browlock, which impersonates police agencies and asks users to pay fictitious fines in order to regain control of their computers, was one of the top 10 PC threats during the second half of 2014, according to F-Secure’s statistics. An increase was also observed among the ransomware threats for Android phones.To read this article in full or to leave a comment, please click here
A serious flaw in a component that’s used to authenticate clients on Wi-Fi networks could expose Android, Linux, BSD, and possibly Windows and Mac OS X systems to attacks.The vulnerability is in wpa_supplicant, an open-source software implementation of the IEEE 802.11i specifications for wireless clients.The component is cross-platform and is used to control WPA and WPA2 wireless connections on Android, Linux and BSD systems. It can also be used by some third-party wireless software on Mac OS X and Windows, but these operating systems have their own built-in supplicant implementations that are used by default.The vulnerability stems from how wpa_supplicant parses SSID (Service Set Identifier) information from wireless network frames when the CONFIG_P2P option is enabled. If exploited, the flaw can allow attackers to crash the client (denial of service), read contents from the process’s memory or inject arbitrary data into its memory, which could result in arbitrary code execution.To read this article in full or to leave a comment, please click here
The group of attackers behind cyberintrusions at the White House and the Department of State last year used malware that bears strong similarities to cyberespionage tools suspected to be of Russian origin.Security researchers from Kaspersky Lab have dubbed the cyberespionage group CozyDuke and said that it has blatantly targeted high-profile victims since the second half of last year. Its toolset includes malware droppers, information-stealing programs and backdoors that have antivirus evasion capabilities and make use of cryptography, the researchers said Tuesday a blog post.To read this article in full or to leave a comment, please click here
Cryptography experts at the RSA security conference on Tuesday picked holes in U.S. plans to require that law enforcers be given a way to break encryption to exercise lawful intercept rights.U.S. government officials have been increasingly hostile over the past year to the widespread use of encryption on mobile phones and online communications, arguing that a way needs to be found to provide law enforcement and intelligence agencies with lawful interception capabilities.In response, security experts warned that building “back doors” into cryptographic systems in order to provide governments with access to data would be dangerous because it would create vulnerabilities that could later be exploited by hackers too.To read this article in full or to leave a comment, please click here
Microsoft is working on new features for its Office 365 cloud service designed to give customers more control over their data and more visibility into how it’s being accessed.The company will expand Office 365’s logging capabilities to include user, administrator and policy related actions for Exchange Online and SharePoint Online. This will give cloud companies better insight into how their employees interact with content hosted on those services and whether those actions pose security or regulatory compliance concerns.The logs will be available through a new Office 365 Management Activity API (application programming interface) that can be tapped by monitoring, analysis and data visualization products. The API has been available to a select number of Microsoft partners already—security vendor Rapid7 announced today that its UserInsight intruder analytics product integrates with the new feature—and will be made available more broadly this summer as part of a private preview program.To read this article in full or to leave a comment, please click here
Ambiguous WordPress documentation led many plug-in and theme developers to make an error that exposed websites to cross-site scripting (XSS) attacks.Such attacks involve tricking a site’s users into clicking on specially crafted URLs that execute rogue JavaScript code in their browsers in the context of that website.The impact depends on the user’s role on the website. For example, if victims have administrative privileges, attackers could trigger rogue administrative actions. If victims are regular users, attackers could steal their authentication cookies and hijack their accounts.The vulnerability stems from insecure use of two WordPress functions called add_query_arg and remove_query_arg and was discovered recently by researchers from code auditing company Scrutinizer.To read this article in full or to leave a comment, please click here
Apps used by millions of iPhone and iPad owners became vulnerable to snooping when a flaw was introduced into third-party code they used to establish HTTPS connections.The flaw was located in an open-source library called AFNetworking that’s used by hundreds of thousands of iOS and Mac OS X applications for communicating with Web services. The bug disabled the validation of digital certificates presented by servers when establishing secure HTTPS (HTTP over SSL/TLS) connections.This means that attackers in a position to intercept encrypted traffic between affected applications and HTTPS servers could decrypt and modify the data by presenting the app with a fake certificate. This is known as a man-in-the-middle attack and can be launched over insecure wireless networks, by hacking into routers and through other methods.To read this article in full or to leave a comment, please click here
Google plans to serve most of its ads over encrypted HTTPS connections by the end of June, a move that will protect against some ad hijacking attacks and will encourage website owners to enable encryption on their Web properties.However, malicious advertising attacks that direct users to Web-based exploits will still be possible and, because of the new encryption, it will be harder for security researchers to pinpoint their source.Last year, Google announced that it will give more weight to HTTPS-enabled websites in search rankings in order to encourage the adoption of encryption across the Web. HTTPS (HTTP Secure) allows Web communication over a channel encrypted with the TLS (Transport Layer Security) protocol.To read this article in full or to leave a comment, please click here
Even though its activities were exposed last year, a cyberespionage group dubbed Pawn Storm has ramped up its efforts over the past few months, targeting NATO members and potentially the White House.The first quarter of this year “has seen a great deal of activity from the group,” researchers from antivirus firm Trend Micro said Thursday in a blog post. “Most notably this involved setting up dozens of exploit URLs and a dozen new command-and-control (C&C) servers targeting NATO members and governments in Europe, Asia and the Middle East.”To read this article in full or to leave a comment, please click here
IBM has joined an increasing number of vendors who are pushing for real-time cybersecurity information sharing among private and public organizations, researchers and other network defenders.On Thursday, the company opened up over 700 terabytes of data about vulnerabilities, attacks and other threats through a new cloud-based threat intelligence sharing platform called IBM X-Force Exchange. Other organizations can use the platform to share or confirm their own data, so they can more efficiently respond to security incidents.The information that IBM made available through the X-Force Exchange includes one of the largest catalogs of vulnerabilities in the world, according to the company. The information also includes threat information based on monitoring of more than 15 billion security events per day, malware threat intelligence from a network of 270 million endpoints, and threat information based on more than 25 billion Web pages and images.To read this article in full or to leave a comment, please click here
Point-of-Sale (PoS) terminals have become an attractive target for hackers over the past year, reflected in the increasing number of RAM-scraping programs that steal payment card information from the memory of such systems.Last month security researchers from Cisco Systems issued a warning about a new PoS threat dubbed PoSeidon and on Wednesday security blogger Brian Krebs reported that the program has already infected PoS terminals at restaurants, bars and hotels in the U.S.To read this article in full or to leave a comment, please click here
Web application attacks, point-of-sale intrusions, cyberespionage and crimeware were the leading causes of confirmed data breaches last year.The findings are based on data collected by Verizon Enterprise Solutions and 70 other organizations from almost 80,000 security incidents and over 2,000 confirmed data breaches in 61 countries.According to Verizon’s 2015 Data Breach Investigations Report, which analyzes security incidents that happened last year, the top five affected industries by number of confirmed data breaches were: public administration, financial services, manufacturing, accommodations and retail.Humans were again the weak link that led to many of the compromises. The data shows that phishing—whether used to trick users into opening infected email attachments, click on malicious links, or input their credentials on rogue websites—remains the weapon of choice for many criminals and spies.To read this article in full or to leave a comment, please click here
Europol, in collaboration with Dutch authorities, the U.S. FBI and private security companies, have seized the domain names used to control a botnet called Beebone.The police action Wednesday included a so-called botnet sinkholing operation that involved redirecting domains used by the botnet’s command-and-control servers to a server controlled by security companies.Such an action prevents attackers from controlling the botnet and also gives authorities a chance to identify victims whose computers are now connecting to the sinkhole server.Information about the botnet will be distributed to ISPs and CERTs [computer emergency response teams] from around the world so they can notify victims and help them clean their systems, Europol said Thursday in a press release.To read this article in full or to leave a comment, please click here
French-language TV network TV5Monde was hit by a crippling cyberattack Wednesday that disrupted broadcasting across its channels and also involved the hijacking of its website and social media accounts.The attack happened at around 10 p.m. Central European Time and given its scale, probably took serious planning by the attackers—a group that calls itself the Cyber Caliphate. The same group, which claims affiliation to extremist organization ISIS, also hijacked the Twitter accounts of Newsweek, the International Business Times and the U.S. Central Command earlier this year.To read this article in full or to leave a comment, please click here
A vulnerability in the popular WP Super Cache plug-in for WordPress could allow attackers to inject malicious scripts into websites. The scripts, when loaded by administrators, could trigger unauthorized actions.WordPress websites are a popular target for hackers and many of them are compromised due to plug-in vulnerabilities. Just on Tuesday, the FBI warned that attackers sympathetic to the extremist group ISIS -- also known as ISIL -- have defaced many websites by exploiting known vulnerabilities in WordPress plug-ins.The persistent cross-site scripting (XSS) flaw in WP Super Cache can be exploited by sending a specifically crafted query to a WordPress website with the plug-in installed, according to Marc-Alexandre Montpas, a senior vulnerability researcher at Web security firm Sucuri.To read this article in full or to leave a comment, please click here
Lucian Constantin