Microsoft is taking a hard stance against advertisements that trick users into visiting malicious websites or downloading potentially harmful applications.The effects will be seen in Internet Explorer, whose SmartScreen Filter feature will enforce new rules against misleading ads beginning June 1. The filter will display warnings to users when they encounter such ads.“There has been a recent increase in the number of online advertisements that are intentionally misleading in nature,” Microsoft said in a blog post Tuesday. “Weve found that these types of advertisements often try to convince a user to do something, the consequences of which they may not fully understand, such as visiting an infected website or downloading a program that can negatively impact their browsing experience.”To read this article in full or to leave a comment, please click here
The software that controls wireless networking chipsets made by Realtek Semiconductor contains a critical vulnerability that could allow attackers to compromise home routers.The flaw exists in a firmware component called miniigd that’s present in router models based on Realtek chipsets. The component is part of the software development kit (SDK) for RTL81xxx chipsets that Realtek provides to router manufacturers.The vulnerability was discovered by Ricky Lawshae, a researcher with Hewlett-Packard’s TippingPoint Digital Vaccine Labs (DVLabs) which runs the well-known Zero-Day Initiative (ZDI) bug bounty program.“An attacker could leverage this vulnerability to execute code with root privileges,” the ZDI team said in an advisory published Friday. Exploitation does not require authentication, it said.To read this article in full or to leave a comment, please click here
Romania and Panama, two of the world’s notable sources of spam, now have fewer computers producing it, according to security vendor Cloudmark.The U.S. remains first in having the most systems blocked by IP address for sending junk mail, though by the percentage of its total IP addresses, it ranks fairly low.Cloudmark, which specializes in providing antispam products to ISPs, said it is blocking 13 percent fewer IP addresses worldwide for sending spam, with notable improvements in a few small countries, according to its first quarterly report for this year. The report covered IPv4 addresses, which are used for the vast majority of Internet traffic.To read this article in full or to leave a comment, please click here
A bipartisan group of U.S. lawmakers has reintroduced legislation aimed at ending the National Security Agency’s bulk collection of telephone records across the country.Four senior members of the House of Representatives Judiciary Committee planned to reintroduce the USA Freedom Act late Tuesday. The House passed a watered-down version of similar legislation in last May, but the Senate failed to act on it before November’s elections.To read this article in full or to leave a comment, please click here
Some users whose computers have been infected with a ransomware program called TeslaCrypt might be in luck: security researchers from Cisco Systems have developed a tool to recover their encrypted files.TeslaCrypt appeared earlier this year and masquerades as a variant of the notorious CryptoLocker ransomware. However, its authors seemed intent on targeting gamers in particular.Once installed on a system, the program encrypts files with 185 different extensions, over 50 of which are associated with computer games and related software, including user-generated content like game saves, maps, profiles, replays and mods.To read this article in full or to leave a comment, please click here
SendGrid is resetting the passwords for all of its customers after an investigation showed a cyberattack it sustained earlier this month was more extensive than first realized.The company, which provides a service for companies to mass email their customers without getting blocked, said earlier this month an account of a Bitcoin-related customer was compromised and used to send phishing emails.Further investigation by FireEye’s Mandiant division had showed the attackers also compromised a SendGrid employee’s account and accessed internal systems on three days in February and March, wrote David Campbell, the company’s chief security officer.To read this article in full or to leave a comment, please click here
WordPress patched a second critical vulnerability in its Web publishing platform on Monday, less than a week after fixing a similar problem.Administrators are advised to upgrade to WordPress version 4.2.1. Some WordPress sites that are compatible with and use a plugin called Background Update Tester will update automatically.WordPress is one of the most-used Web publishing platforms. By the company’s own estimation, it runs 23 percent of the sites on the Internet, including major publishers such as Time and CNN.To read this article in full or to leave a comment, please click here
Attackers can potentially snoop on the encrypted traffic of over 25,000 iOS applications due to a vulnerability in a popular open-source networking library.The vulnerability stems from a failure to validate the domain names of digital certificates in AFNetworking, a library used by a large number of iOS and Mac OS X app developers to implement Web communications—including those over HTTPS (HTTP with SSL/TLS encryption).The flaw allows attackers in a position to intercept HTTPS traffic between a vulnerable application and a Web service to decrypt it by presenting the application with a digital certificate for a different domain name. Such man-in-the-middle attacks can be launched over insecure wireless networks, by hacking into routers or through other methods.To read this article in full or to leave a comment, please click here
Romanian authorities have detained 25 people who are suspected of being members of an international gang of cyberthieves who hacked into banks, cloned payment cards and used them to steal over US$15 million.The group is believed to have over 52 members of Romanian and other nationalities, and broke into computer systems belonging to banks from Puerto Rico, a U.S. territory, and Muscat, Oman, according to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT).The hackers used the unauthorized access to steal payment card data associated with the accounts of large corporations and then used the data to create fraudulent copies of those cards. The cloned cards were distributed to members of the group who used them to withdraw money from ATMs in different countries, DIICOT said Sunday.To read this article in full or to leave a comment, please click here
Some of the world’s leading cryptographers are concerned about the increasing number of malicious programs that hold computers and mobile phones to ransom, in many cases by abusing the encryption algorithms they designed.Despite law enforcement efforts to disrupt ransomware operations, the prevalence of such programs continued to grow last year, according to a report published Thursday by antivirus vendor F-Secure.A family of ransomware programs known as Browlock, which impersonates police agencies and asks users to pay fictitious fines in order to regain control of their computers, was one of the top 10 PC threats during the second half of 2014, according to F-Secure’s statistics. An increase was also observed among the ransomware threats for Android phones.To read this article in full or to leave a comment, please click here
SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.To read this article in full or to leave a comment, please click here
Those using Magento’s e-commerce platform should ensure they’re using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned.The vulnerability can allow an attacker to gain complete control over a store with administrator access, potentially allowing credit card theft, wrote Netanel Rubin of Check Point’s Malware and Vulnerability Research Group. As many as 200,000 websites use Magento, which is owned by eBay.Check Point, which found the flaw, reported it to Magento, which issued a patch (SUPEE-5344) on Feb. 9. Since Check Point revealed the flaw earlier this week, it appears attackers have picked up on it and are trying to find unpatched applications.To read this article in full or to leave a comment, please click here
While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password.The vendor wasn’t named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.A Google search reveals that’s the default password for several models of credit card terminal sold by Verifone, a Silicon Valley-based vendor that says it connects 27 million payment devices and has operations in 150 countries.Verifone didn’t immediately comment on the claim.To read this article in full or to leave a comment, please click here
The U.S. Department of Defense must rebuild trust with Silicon Valley because it needs new technology partners to fight against cyberattacks, Secretary of Defense Ashton Carter said Thursday.The DOD is looking to build its defensive cybersecurity capabilities with help from technology vendors, but the military also will deploy offensive measures when its warranted, Carter said in a speech at Stanford University.The department sees its cybersecurity role as largely focused on defense, but “adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary,” he said.To read this article in full or to leave a comment, please click here
A company that tracked retail store customers through their smartphones without notifying them and without giving them a chance to turn off the tracking has settled a U.S. Federal Trade Commission complaint that it didn’t live up to its privacy promises.Retail tracking firm Nomi Technologies stated in its privacy policy from late 2012 that it would provide a customer opt-out mechanism at stores using its tracking services, thus implying that it would notify customers of the tracking efforts, the FTC said. But the company did not give customers an opt-out option and did not notify customers they were being tracked, the agency said Thursday.To read this article in full or to leave a comment, please click here
For the second time in two days, the U.S. House of Representatives has voted to pass a bill that would give legal protections to companies that share cyberattack information.The House on Thursday voted 355 to 63 to pass the National Cybersecurity Protection Advancement Act (NCPA), which would protect companies from customer lawsuits after they voluntarily share cyberthreat information with each other and with government agencies.The NCPA is similar in several ways to the Protecting Cyber Networks Act (PCNA), which passed the chamber on Wednesday, despite concerns from some lawmakers that it would allow some customer information to wind up in the hands of surveillance agency the U.S. National Security Agency.To read this article in full or to leave a comment, please click here
A serious flaw in a component that’s used to authenticate clients on Wi-Fi networks could expose Android, Linux, BSD, and possibly Windows and Mac OS X systems to attacks.The vulnerability is in wpa_supplicant, an open-source software implementation of the IEEE 802.11i specifications for wireless clients.The component is cross-platform and is used to control WPA and WPA2 wireless connections on Android, Linux and BSD systems. It can also be used by some third-party wireless software on Mac OS X and Windows, but these operating systems have their own built-in supplicant implementations that are used by default.The vulnerability stems from how wpa_supplicant parses SSID (Service Set Identifier) information from wireless network frames when the CONFIG_P2P option is enabled. If exploited, the flaw can allow attackers to crash the client (denial of service), read contents from the process’s memory or inject arbitrary data into its memory, which could result in arbitrary code execution.To read this article in full or to leave a comment, please click here
The U.S. House of Representatives has voted to approve legislation that would encourage companies to share cyberattack information with each other and with the government, despite concerns that it would put new consumer information in the hands of surveillance agencies.
The House voted 307 to 116 on Wednesday to approve the Protecting Cyber Networks Act (PCNA), which would protect companies that voluntarily share information from customer lawsuits. Several digital rights groups and cybersecurity researchers oppose the bill, saying it requires data shared with civilian agencies, including potentially personal information, to be passed on to the National Security Agency.To read this article in full or to leave a comment, please click here
To scope or not to scope - the security leader’s dilemmaImage by ThinkstockPCI is both a globally recognized standard and a lightening rod for discussion. In recent weeks, I’ve engaged in conversations exploring the scope of PCI assessments. On twitter, the discussion focused on the need to include everything in scope, as a means to force companies to improve security. Contrast that with a recent column explaining the benefit to speed, price, and quality of properly scoping your PCI assessment (read it here).To read this article in full or to leave a comment, please click here
The group of attackers behind cyberintrusions at the White House and the Department of State last year used malware that bears strong similarities to cyberespionage tools suspected to be of Russian origin.Security researchers from Kaspersky Lab have dubbed the cyberespionage group CozyDuke and said that it has blatantly targeted high-profile victims since the second half of last year. Its toolset includes malware droppers, information-stealing programs and backdoors that have antivirus evasion capabilities and make use of cryptography, the researchers said Tuesday a blog post.To read this article in full or to leave a comment, please click here