Lucian Constantin

Author Archives: Lucian Constantin

Hackers threaten to wipe millions of Apple devices, demand ransom

A group of hackers is threatening to wipe data from millions of Apple devices in two weeks if the company doesn’t pay them US$150,000. The group, which calls itself Turkish Crime Family, claims to have login credentials for more than 627 million icloud.com, me.com and mac.com email addresses. These are email domains that Apple has allowed for users creating iCloud accounts over the years. Even though the Turkish Crime Family hasn't been in the media spotlight before, its members claim that they've been involved in selling stolen online databases in private circles for the past few years. The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now. The interest for such accounts on the black market has been low due to security measures Apple has put in place in recent years, it said.To read this article in full or to leave a comment, please click here

Hackers threaten to wipe millions of Apple devices, demand ransom

A group of hackers is threatening to wipe data from millions of Apple devices in two weeks if the company doesn’t pay them US$150,000. The group, which calls itself Turkish Crime Family, claims to have login credentials for more than 627 million icloud.com, me.com and mac.com email addresses. These are email domains that Apple has allowed for users creating iCloud accounts over the years. Even though the Turkish Crime Family hasn't been in the media spotlight before, its members claim that they've been involved in selling stolen online databases in private circles for the past few years. The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now. The interest for such accounts on the black market has been low due to security measures Apple has put in place in recent years, it said.To read this article in full or to leave a comment, please click here

Flaws in Moodle CMS put thousands of e-learning websites at risk

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.Moodle is an open source platform used by schools, universities, and other organizations to set up websites with interactive online courses. It's used by more than 78,000 e-learning websites from 234 countries that together have more than 100 million users.A week ago the Moodle developers released updates for the still supported branches of the platform: 3.2.2, 3.1.5, 3.0.9 and 2.7.19. The release notes mentioned that "a number of security related issues were resolved," but didn't provide any additional details about their nature or impact.To read this article in full or to leave a comment, please click here

Flaws in Moodle CMS put thousands of e-learning websites at risk

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.Moodle is an open source platform used by schools, universities, and other organizations to set up websites with interactive online courses. It's used by more than 78,000 e-learning websites from 234 countries that together have more than 100 million users.A week ago the Moodle developers released updates for the still supported branches of the platform: 3.2.2, 3.1.5, 3.0.9 and 2.7.19. The release notes mentioned that "a number of security related issues were resolved," but didn't provide any additional details about their nature or impact.To read this article in full or to leave a comment, please click here

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized, more so than browser or OS exploits.To read this article in full or to leave a comment, please click here

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized, more so than browser or OS exploits.To read this article in full or to leave a comment, please click here

Some HTTPS inspection tools might weaken security

Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don't mirror the security attributes of the original connections between clients and servers.HTTPS inspection checks the encrypted traffic coming from an HTTPS site to make sure it doesn't contain threats or malware. It's performed by intercepting a client's connection to an HTTPS server, establishing the connection on the client's behalf and then re-encrypting the traffic sent to the client with a different, locally generated certificate. Products that do this essentially act as man-in-the-middle proxies.To read this article in full or to leave a comment, please click here

Some HTTPS inspection tools might weaken security

Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don't mirror the security attributes of the original connections between clients and servers.HTTPS inspection checks the encrypted traffic coming from an HTTPS site to make sure it doesn't contain threats or malware. It's performed by intercepting a client's connection to an HTTPS server, establishing the connection on the client's behalf and then re-encrypting the traffic sent to the client with a different, locally generated certificate. Products that do this essentially act as man-in-the-middle proxies.To read this article in full or to leave a comment, please click here

String of fileless malware attacks possibly tied to single hacker group

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers.An investigation started by security researchers from Morphisec into a recent email phishing attack against high-profile enterprises pointed to a group that uses techniques documented by several security companies in seemingly unconnected reports over the past two months."During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much-discussed attack campaigns," Michael Gorelik, Morphisec's vice president of research and development, said in a blog post. "Based on our findings, a single group of threat actors is responsible for many of the most sophisticated attacks on financial institutions, government organizations, and enterprises over the past few months."To read this article in full or to leave a comment, please click here

String of fileless malware attacks possibly tied to single hacker group

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers.An investigation started by security researchers from Morphisec into a recent email phishing attack against high-profile enterprises pointed to a group that uses techniques documented by several security companies in seemingly unconnected reports over the past two months."During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much-discussed attack campaigns," Michael Gorelik, Morphisec's vice president of research and development, said in a blog post. "Based on our findings, a single group of threat actors is responsible for many of the most sophisticated attacks on financial institutions, government organizations, and enterprises over the past few months."To read this article in full or to leave a comment, please click here

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here

Unpatched vulnerability puts Ubiquiti networking products at risk

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.To read this article in full or to leave a comment, please click here

Adobe Reader, Edge, Safari, and Ubuntu fall during first day at Pwn2Own

Bug hunters have gathered again to test their skills against some of the most popular and mature software programs during the Pwn2Own hacking contest. During the first day, they successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.The Pwn2Own contest runs every year during the CanSecWest security conference in Vancouver, Canada. It's organized and sponsored by the Zero Day Initiative (ZDI), an exploit acquisition program operated by Trend Micro after its acquisition of TippingPoint.This year the contest has a prize pool of US$1 million for exploits in five categories: virtual machines (VMware Workstation and Microsoft Hyper-V); web browser and plugins (Microsoft Edge, Google Chrome, Mozilla Firefox, Apple Safari, and Flash Player running in Edge); local escalation of privilege (Windows, macOS, and Ubuntu Desktop); enterprise applications (Adobe Reader, Word, Excel, and PowerPoint) and server side (Apache Web Server on Ubuntu Server).To read this article in full or to leave a comment, please click here

Adobe Reader, Edge, Safari, and Ubuntu fall during first day at Pwn2Own

Bug hunters have gathered again to test their skills against some of the most popular and mature software programs during the Pwn2Own hacking contest. During the first day, they successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.The Pwn2Own contest runs every year during the CanSecWest security conference in Vancouver, Canada. It's organized and sponsored by the Zero Day Initiative (ZDI), an exploit acquisition program operated by Trend Micro after its acquisition of TippingPoint.This year the contest has a prize pool of US$1 million for exploits in five categories: virtual machines (VMware Workstation and Microsoft Hyper-V); web browser and plugins (Microsoft Edge, Google Chrome, Mozilla Firefox, Apple Safari, and Flash Player running in Edge); local escalation of privilege (Windows, macOS, and Ubuntu Desktop); enterprise applications (Adobe Reader, Word, Excel, and PowerPoint) and server side (Apache Web Server on Ubuntu Server).To read this article in full or to leave a comment, please click here

Microsoft fixes record number of flaws, some publicly known

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.The company published 17 security bulletins covering 135 vulnerabilities in its own products and one separate bulletin for Flash Player, which has its security patches distributed through Windows Update. Nine bulletins are rated critical and nine are rated as important.The affected products include Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Exchange, Skype for Business, Microsoft Lync, and Silverlight.To read this article in full or to leave a comment, please click here

Microsoft fixes record number of flaws, some publicly known

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.The company published 17 security bulletins covering 135 vulnerabilities in its own products and one separate bulletin for Flash Player, which has its security patches distributed through Windows Update. Nine bulletins are rated critical and nine are rated as important.The affected products include Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Exchange, Skype for Business, Microsoft Lync, and Silverlight.To read this article in full or to leave a comment, please click here

Malicious uploads allowed hijacking of WhatsApp and Telegram accounts

A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos.The vulnerability was discovered last week by researchers from Check Point Software Technologies and was patched by the WhatsApp and Telegram developers after the company privately shared the flaw's details with them.The web-based versions of WhatsApp and Telegram synchronize automatically with the apps installed on users' phones. At least in the case of WhatsApp, once paired using a QR code, the phone needs to have an active internet connection for WhatsApp messages to be relayed to the browser on the computer.To read this article in full or to leave a comment, please click here

Malicious uploads allowed hijacking of WhatsApp and Telegram accounts

A vulnerability patched in the web-based versions of encrypted communications services WhatsApp and Telegram would have allowed attackers to take over accounts by sending users malicious files masquerading as images or videos.The vulnerability was discovered last week by researchers from Check Point Software Technologies and was patched by the WhatsApp and Telegram developers after the company privately shared the flaw's details with them.The web-based versions of WhatsApp and Telegram synchronize automatically with the apps installed on users' phones. At least in the case of WhatsApp, once paired using a QR code, the phone needs to have an active internet connection for WhatsApp messages to be relayed to the browser on the computer.To read this article in full or to leave a comment, please click here

Hackers use dangerous Petya ransomware in targeted attacks

In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators' knowledge.A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.To read this article in full or to leave a comment, please click here

1 5 6 7 8 9 58