Thursday, 30 April 2015

Malware Infects Thousands Of Linux And BSD Servers


Researchers from the Slovak anti-virus company ESET have discovered thousands of Linux and BSD servers that are infected with malware and used to send large numbers of spam messages. Hard mumble, as the malware is called, would have been active since 2009.

It mainly involves Web servers that most likely through leaks in the popular content management systems Joomla and WordPress were hacked. Then the attackers Mumble Hard installed on the systems. In addition, the malware could also have spread via pirated versions of a program called Direct Mailer. The software normally costs $ 240, but on the Internet pirated versions were found with Mumble Hard backdoor.

Yell Soft

Direct Mailer is developed by the software company Yell Soft. Yell Soft sells software like Hard Mumble is written in the Perl programming language and is used to send bulk mail. Researchers from ESET suspect Yell Soft may be involved in the malware. It appears that the IP address of the C & C server that the infected Linux and BSD machines controls is in the same range as the Web server yellsoft.net .

The second link which the researchers point to the existence of the illegal versions of Direct Mailer where Mumble Hard backdoor hidden in. The first version of Mumble Hard dates from 2009. Yell Soft exists since 2004. "It is unclear whether they were involved between 2004 and 2009 in malicious activity," as the researchers in their report ( pdf ) about the malware.

Infections

Hard mumble was discovered after an administrator had complained that his server was ended because of a spam blacklist.During the research conducted ESET researchers knew to "sink holes" botnet server, where the movement of infected machines ran to a server of the anti-virus company. In this way, the researchers saw a period of seven months, nearly 8900 unique IP addresses passing by who were infected. Administrators who want to know if their server is compromised are advised to search for unsolicited cron jobs for all users.

Joint Research To Test Fraud Anti-Virus Companies


Three major laboratories engaged in testing of virus scanners have announced a joint investigation into fraud by anti-virus companies to test anti-virus software. This weekend the Austrian test laboratory AV-Comparatives came with the news that it had discovered a product of a yet unnamed anti-virus vendor which was specially adapted for the big test laboratories.

In addition, a second anti-virus company of similar practices is suspected. Adjusting virus scanners to perform better during anti-virus testing is contrary to contract rules. AV-Comparatives shows via Facebook know that with Virus Bulletin and AV-Test, two other large testing laboratories, has consulted and has begun a joint investigation into the fraud. Further details on the two suspect anti-virus companies have not been given yet.

Website Tesla "Hacked" Via Social Engineering



This weekend, both the website and the Twitter account of Tesla Motors hijacked , something that was possible, according to the carmaker through social engineering. At the Tesla website showed a message with a picture and there were several messages on Twitter spread by the attackers.

According to a spokesman of Tesla began the attack by someone who has the support department of AT & T called and posing as a Tesla employee. Then the scammer made ​​calls to divert an illegal number. After this, the scammer contacted Network Solutions, the company that teslamotors.com host. Through the diverted telephone crook left to add an e-mail to the Administrator account of the Tesla domain.

This crook could reset the password of the domain account and then the website continue to another site and temporary access to the Twitter accounts of Tesla and Tesla founder Elon Musk, the spokesman opposite Forbes . Meanwhile, Tesla was with AT & T and Network Solutions are in consultation to prevent recurrence.

From examination of OpenDNS shows that the IP address of teslamotors.com indeed was adjusted at the time of the attack. According to OpenDNS was therefore not a "hack", but a DNS adjustment whereby the website Teslamotors.com pointed to a different IP address.

Microsoft Provides Alarm About Macro-Malware


To perform asking Internet users if they macros in Office documents so that their computer is infected with malware is a very successful method for cyber criminals, as the past few months more than half a million computers were infected in this way.

The malware is distributed via e-mails with subjects about bills, taxes, delivery confirmations, CVs and donation confirmations. Topics according to Microsoft, users can easily mislead to open the email and attachment without piggybacked hereby thinking. Once the macro is executed will download a file which then downloads a Trojan downloader. This downloader installs additional malware on the system. The software giant sets raises the question of how this form of social engineering can be combated.

In the case of enterprises, system administrators can take various measures. Most macro malware namely located in the .doc format used in Office 2007 and earlier. Administrators can set up via the Trust Center of Office that documents from earlier Office versions are not loaded. In addition, the operation of macros in Office can be configured , for example, to allow only digitally signed macros or block all macros.

Microsoft Is Addressing Misleading Advertising


According to Microsoft, there is an increase in the number of misleading advertisements on the Internet, allowing users with malware or unwanted software come into contact. Reason for the software giant to tackle this kind of advertising. The deliberately misleading ads trick users usually have to do something whose consequences are not immediately obvious, such as visiting an infected website or downloading a program that has a "negative impact" on the Internet.

Therefore, Microsoft has a number of requirements established where ads from June 1, 2015 must meet. So ads can not be fooled, they should be distinguished from the website, they may not contain malicious code and may not lead to downloading files. In the event ads do not meet these requirements, Internet Explorer will soon give a warning and the website which can be seen blocking the ads.

Wednesday, 29 April 2015

Google Reveals Password Alert Against Phishing Attacks



To prevent Internet users enter the password for their Google Account phishing sites, Google has released a new security measure unveiled . " Password Alert "is a Chrome extension that alerts users when they enter their Google password on a phishing site.

The extension, which is open source, should protect users from phishing attacks as well as encourage the use of different passwords for different websites. Once the Chrome extension is installed that will store an encrypted version of the password.Google describes this as a " salted reduced-bit thumbnail ". The extension only stores this information for security purposes and which will not share with others. Google notes that no Password Alert keylogger is no keystrokes and stores or transmits.

Chrome already offers "Safe Browsing" to warn users of phishing attacks, but it may be that phishing sites will be missed.Password will alert every time a user's Google password on a Web site that does not fill accounts.google.com is sound the alarm and tell the user to change his password. Something can be done directly through the warning. At this time, Password Alert only available for Chrome users.

Lenovo Provides Free Recovery Media Without Superfish


Owners of a Lenovo laptop can now apply for recovery media to install Windows and additional software without even the Super Fish-adware is installed together, so has let the computer manufacturer on the private forum know. Super Fish is a program that intercepted SSL connections to inject ads. The adware used for this purpose its own root certificate. Researchers managed to crack the password using the private key of the Superfish certificate.

This makes it possible in certain cases to Man-in-the-middle attacks against systems that perform Superfish and the certificate installed. In total Superfish appeared on more than 40 different types of laptops to be installed. Because of the Superfish debacle Lenovo announced several measures. For example, published a removal tool and put the manufacturer's promise that it will provide cleaner machines with less pre-installed software in the future. Also followed a free subscription of six months on the McAfee virus scanner.

Current owners of a laptop sit with the problem on their recovery media, such as a special recovery partition, Superfish is still present. If the computer is reinstalled using the recovery media is also Superfish replaced. Last month, Lenovo's own forum know that they worked to restore clean media without Superfish which can be requested via the support department. An employee of Lenovo claims that the recovery media will not be sent in bulk. "But if you need due to specific circumstances recovery media, please contact the service desk." Whether the media via CD or USB stick will be offered the employee does not know. We have asked for clarification about Lenovo.

Great Email Service SendGrid Hacked Account Via Employee



The major e-mail service SendGrid, which include e-mails sent to Pinterest, Uber, Foursquare, Hootsuite and Spotify, has warned customers that their data may be stolen. On 8 April, the SendGrid account of Coinbase hacked , a large Bitcoin exchange, and used to send phishing emails. At first thought SendGrid that it was an isolated incident.

Further investigation revealed that the account was hacked by a SenGrid employee and was used by a cyber criminal to approach various internal systems. These systems contained user names, email addresses and customize stretched and saved passwords. The cyber criminal could access servers with e-mail lists and addresses received from customers of the customers SendGrid. In theory, it could go to millions of users.

According SendGrid there is no evidence that this data is also captured. However, as a precaution decided to reset the passwords of all customers. In addition to resetting the passwords SendGrid customers will also generate their DKIM keys again. DKIM is a digital signature that verifies the domain where the emails were sent from. Because of the new DKIM keys will also be the DNS of the domain name must be modified. How not know the account of the employee could be hacked SendGrid late. However, the e-mail service will tighten security.

Free Virus Scanners Convince On Mac OS X


Mac OS X has to do with much less malware than Windows, most recently in a report revealed by the Finnish anti-virus firm F-Secure. Yet there are also threats to Apple's operating system, which mainly via pirated software and downloading software from the wrong source managed to spread. The reason for the German testing body AV-Test to test ten paid and free virus for OS X.

"Criminals are always looking for groups that are worthy to steal. The now become big group of Mac users is a good target," said Maik Morgenstern of AV-Test. For the test, we looked at various components such as malware detection, false positives, tax system and features. The detection test worked with an "on-demand" scan and an "on-access" scanning. For these two tests were used in a total of 244 malware instances.

Average know the scanners to detect 91% of malware. This percentage is mainly due ClamXav brought down, which scored 36.6% and 54.7% respectively. The other virus scanners are above 88%, with Avira and Symantec both tests score even 100%. However, Avira is a free product. The free virus scanner Avast convinces with a score of 100% and 98.8%.

When it comes to system load Symantec puts the best score down. Copying files to 26,6GB took no scanner 66.1 seconds.The virus took an average of 75.4 seconds. Symantec sitting there with 66.2 seconds, well below while Intego with 97.9 seconds is the greatest strain on the system. Regarding "false positives," the unjustified considering clean files as malware, no single scanner was in the wrong. On ClamXav after all were virus by AV-Test certification. Below the results of the on-demand scan.

Free Tool Provides Ransomware Victims Files Back


In March this year, there ransomware which focused specifically at gamers and files from popular computer games and gaming platforms like Steam encrypted and iTunes. Initially it was thought that it was a variant of the Crypto Locker ransomware, but the ransomware was eventually named "Tesla Crypt."

Like other ransomware victims must pay a fee to recover their files. Researchers from network giant Cisco, however, have discovered a vulnerability in the applied encryption, which makes it possible for the victims to decrypt without paying their files. The ransomware pretends to use asymmetric RSA-2048 encryption to encrypt files, but actually makes use of symmetric AES encryption.

The researchers also created a decryption utility to decrypt files free of charge. For this the "master key" must still be on the system. This file, called key.dat is in the user's application data directory stores. Users must copy this file to the directory of the decryption tool, and then run the tool, after all files are automatically decrypted. Using the tool is at your own risk, warns Cisco. Users also are advised to first back up their data.

Weather Infected Ads On Porn xHamster


On the popular porn xHamster again infected ads have appeared that attempt to infect visitors with malware. In late January it was even hit on the porn site, which according to Alexa is on the 68th place of most visited sites on the Internet and gets 514 million visitors monthly.

The ads direct visitors unnoticed to another page where the Angler Exploitkit runs. This page checks to see if the visitor uses the virus from Kaspersky Lab or Norton. If this is not the case, then it is decided to attack the user further. The Angler Exploitkit makes abuse of vulnerabilities in Internet Explorer, Java, Silverlight and Adobe Flash Player. Anti-virus firm Malwarebytes suggests that only an old vulnerability in Internet Explorer is used in the attack.

Is the attack successful, is the Bedep malware installed. The same malware that also the end of January on the website was spread via infected ads. Bedep making computers part of a botnet and can then install additional malware. Once active Bedep used infected computers to commit fraud advertisement. Additionally silently loads the Magnitude Exploitkit, which also makes abuse of vulnerabilities, provide users with additional malware can become infected.

Tuesday, 28 April 2015

FBI Warns Of Web Cams After Earthquake Nepal


The FBI has warned Internet scams who abuse people who want to donate money after the earthquake in Nepal or trying to spread malware. The death toll from the earthquake has now passed the 4,300 and the population is in need of all kinds of aid.

"After a natural disaster like a lot of people contribute to utilities and organizations. The FBI is warning the public to watch out for before it is donated," said the intelligence. This involves donation requests coming in via e-mail or websites that ask for. In the past it has often happened that after a natural disaster is fraudulent Web sites or e-mails appear that ask for donations, but the money does not allow to enter the victims of such disasters.

The FBI advises people choosing not to respond to unsolicited e-mails, including clicking on links or open attachments because they may contain malware. People are warned also for individuals occurring on social media sites or via e-mail as victims or officials and ask for a donation. Furthermore, the legitimacy of non-profit organizations should be checked on the Internet. According to the FBI, most legitimate charities websites ending in .com or .org.

VirusTotal: "Knock Knock Searching With Google For Mac Malware"


A program for Mac OS X that shows what programs and scripts are automatically started is now able to quickly malware via VirusTotal tracks, the online anti-virus service from Google. Knock Knock for OS X is similar to Microsoft's Autoruns for Windows and provides a detailed overview of what all is happening on the operating system.


VirusTotal is a website where users can upload files in order to submit it by 50 different virus scanning. Early this year, Microsoft decided to VirusTotal with Autoruns integrate , allowing Windows users now easily able to detect malware. Patrick Wardle, developer of Knock Knock, has now followed that example and VirusTotal added to his application.

"This tool is very useful for quickly finding malware on Mac OS X systems, and integration with VirusTotal give further momentum to our efforts to protect Mac OS X users," says Emiliano Martinez VirusTotal, which since 2012 part of Google.Last year VirusTotal decided already to the analysis of OS X and iOS malware improve and the corresponding upload tool .

Weather Patched Critical Vulnerability In WordPress



Administrators of WordPress sites are warned again for a critical vulnerability in the popular content management system (CMS) allowing attackers vulnerable websites and blogs can take over completely.Like the critical vulnerability of last week , it is a cross-site scripting issue could allow an attacker JavaScript can put in comments.


As a logged-in administrator to see this code gets the attacker can execute arbitrary code on the server and thus compromise the website. It is also possible to change the administrator password, create new administrative accounts or perform other actions that normally only reserved to the administrator. The problem was Sunday a Finnish security researcher Jouko pynnönen revealed.

WordPress responded to the zero day flaw with an emergency patch is available for download since yesterday. Because of the severity of the vulnerability provides administrators advised as soon as possible to version 4.2.1 upgrade. When websites that the automatic update feature of WordPress have enabled the roll-out has already started. Security firm Sucuri has an analysis of the vulnerability put online.

Branding Biggest Challenge DuckDuckGo


Various studies have shown that people on Internet privacy is important, yet awareness is the biggest challenge for privacy search engine DuckDuckGo. The search engine focuses entirely on online privacy and says that the IP addresses of users or other personal information store and does not create user profiles.

Late last year decided both Apple and Mozilla DuckDuckGo optional respectively Safari and Firefox add . Meanwhile, the search engine privacy will be affected more than 9 million searches per day. This number is not proportionate to the 3.5 billion searches Google processes daily.

Yet DuckDuckGo founder Gabriel Weinberg is positive. He points to a recent survey by the Pew Research Institute, which shows that people are looking for privacy-friendly alternatives. "While it is difficult to predict future growth, it looks good. Our biggest problem is to know that we exist," says Weinberg opposite Network World . He noted that DuckDuckGo has no plans to also start offering other services and will focus only on the search engine.

Monday, 27 April 2015

Malicious Word Document Hidden In A PDF File


Frequently happens that attackers use DOC and PDF files to infect internet users with malware, but recently a researcher found a PDF file called "Sales Invoice" that contained a malicious Word document.When opening the PDF file is via Javascript tried to open an embedded Word document. Standard warns Adobe Reader to open these embedded files.

If users ignore the warning and still choose to open the DOC file in Microsoft Word, then get them whether they want to run the macro in the document. In recent months, regular Word documents with macros used , which once carried download malware. Also in this case, it is after the execution of the macro malware downloaded. It is a variant of the Dridex banking Trojan, a Trojan horse that steals money from online bank accounts.

According to researcher Steve Basford the malicious Office documents at the time only against Windows users. "Apple and Android software to open these attachments and might even run the macros embedded in the annex," he tells his own blog.Belgian researcher and ISC handler Didier Stevens made ​​this demonstration video in which he analyzes the PDF file.

Hackers May Have Stolen Emails Obama


Hackers would have received last year in an attack on an unclassified system from the White House to access e-mails of US President Barack Obama. That allow government officials across the New York Times to know. The classified systems of the White House, including the servers that Obama used to communicate via his BlackBerry, would not be cracked.

Knew the attackers to gain access to an email archive of people inside the White House, with whom Obama communicates regularly. From these accounts, reports were taken by the US president had sent and received, according to the officials who were familiar with the investigation into the burglary.

How many emails were captured would not tell them, and the sensitivity of the content. The email account of Obama himself would not have been hacked. According to the New York Times, the severity of the break for months are known to officials.Who exactly is behind the attack is unknown, but the US government looks at Russia.

Employees IT Company Target Of Malware After Acquisition


Employees of the US IT security company Websense have become the target of malware after the company earlier this week was taken over by the US defense company Raytheon. The workers received an email with the subject "Welcome to join Raytheon" and attach a zip file. The zip file contains the installer of Kaspersky Anti-Virus, plus a DLL.

Once the installation was carried out, was the DLL loaded from the zip file. However, this was the malware. According to Websense it comes to "dll sideloading", also known as "DLL hijacking". A well-known problem that is caused by some of the programs first search in the opened directory to .dll files that are necessary for the execution of the software. An attacker could execute malicious DLL files in this way.

According to Websense, the attack failed because the attackers in their haste had prepared a very sloppy email, without preamble, introduction or explanation. The message consisted of only two sentences, including the password to open the enclosed zip file. "Always use caution with attachments and links in an email and make sure everyone is alert during a takeover. Attackers leave no chance and one click is enough to get infected," said analyst Wang Ulysses.

Still 88,000 Shops Vulnerable Magento Leak



A critical vulnerability in the popular shopping cart software Magento allow an attacker to completely take over the shop is still in 88,000 merchants present, even though the update since early February. The vulnerability is now being used to attack shops.

In addition, security company Check Point has released details about the leak. Researchers from the company warned Magento on 14 January this year about the problem they had found. A few weeks later, a security Magento. Still, many merchants decided not to install it. The Dutch hosting company Byte warned a week ago that still 140,000 merchants risked because they were not patched. Meanwhile, a significant portion of the vulnerable Magento shops install the update, but are still vulnerable 88,000 shops, according to the last census of Byte.

That census took place last Friday, the same day that the Magento developers a warning afgaven for the leak. Security firm Sucuri reported Friday that it had now perceived attacks that made ​​abuse of the leak. In addition, the company claimed that merchants who had rolled the patch not yet been hacked or that would be only a matter of time. Below is a video demonstration of Check Point which shows how online stores can be robbed by setting the price of goods at zero through the leak.

Sunday, 26 April 2015

Tesla Motors Website And Twitter Account Hacked


Attackers there last night managed to hack the Twitter account and website of Tesla Motors. The Twitter account of Tesla CEO Elon Musk had to believe it. On the hacked site the attackers left a message.Through the hacked Twitter account were the 564,000 followers are messages sent that they were given a free Tesla as they called a certain number or followed different accounts.

TechCrunch reports that it was a phone number of a computer store in Illinois. About an hour after the hack the Twitter account was restored to its original state and the tweets of the attackers removed. The website, after the hack was offline for some time, has also been restored. How the attackers access to both the Twitter account as the site managed to get is unknown. Tesla Motors has no comments yet.

Free Online Service Scans Inbox Passwords


Many Internet users would save passwords in the inbox of their email account, so that risk once the account is hacked. Security Dash Lane has developed an online service that checks the contents of the inbox on passwords and then displays.

In this way, users can see which online accounts they have all signed up and how many passwords and login data are yet to be found in their inbox. Even if the accounts are no longer used this forms according Dash Lane a risk because they can help logging in to other accounts, especially if the same password is used for multiple accounts.

Dash Lane forgets to mention that an attacker access to the email account has in many cases other accounts registered to take over at the e-mail account by resetting the password, assuming a different password for these accounts than that of the email account is used. Scan Inbox , such as the online service is called, is free to use. Found personal information according Dash Lane only visible to users and not for the company.

Saturday, 25 April 2015

ESET: Ransomware Victims Should Not Pay



Computer users who are victims of ransomware and therefore no longer have access to their data should the ransom demand the criminals do not pay. This enables Raphael Labaca Castro of Slovak anti-virus company ESET. In recent months, several experts spoke out about paying ransomware and it was revealed that dozens of Dutch companies had the ransom paid after they were infected.

British anti-virus firm Sophos found that prevention is better than cure, but in the case of an infection the best " okay "is to pay the ransom. Labaca Castro has a different opinion. "If you pay your support cyber criminals by providing them with more money." In addition, according to the security expert would be no guarantee that the encrypted files are decrypted.Nevertheless, recent incidents where the ransom be paid to victims recovering their files.

Yet calls Labaca Castro paid a dangerous option. "Remember, this is not a service. The cyber criminals. Even if you pay, they do not on a" whitelist "position, so you can be infected again. So it is not a real solution for the future." Prevention according to the expert is the main weapon against ransomware. He also advises to make regular backups.

Pentagon Hacked Via Password Vulnerability


An unclassified network of the Pentagon earlier this year been hacked because administrators had forgotten to patch a vulnerability. That left the US Secretary of Defense Ashton Carter yesterday during a speech at Stanford University know.

"Earlier this year discovered the sensors that protect unclassified networks of the Ministry of Defence Russian hackers who gained access to one of our networks. They had an old leak found in one of our old networks that were not patched," said Carter. Defense Minister called it alarming that the attackers were able to gain access to an unclassified network, but they were quickly detected on the other side and removed.

"After we had learned valuable information about their tactics, we analyzed their network activities, we have linked to Russia, and then quickly kicked out of the network, in a way that reduces their chance to return," said Carter. The attack, according to Carter a step in the right direction. "My primary goal is to defend our networks, because we are a network central organization, but I'm still worried about what we do not know. Because this was only one attack that we discovered."

Cartner showed further that technologies such as the Internet, have a good and bad side. "The same Internet that Wikipedia allows, let terrorists also see how to build a bomb." According to the Defense Minister's dependence on technology also created vulnerabilities where enemies like to abuse it. As a solution to this problem Cartner pointed to a partnership between government and industry.

Tor-Mail Service Attack Suspects By Intelligence


On the Tor-based e-mail service SIGAINT has warned users that it has become a target of a suspected intelligence, which were deployed in a total of 70 malicious servers. The attacking party would also recent months several attacks carried out against the infrastructure of the service. According to the managers of SIGAINT the attacks had failed, however.

SIGAINT only through the Tor network and accessible on the Internet to protect journalists and activists against the large-scale surveillance. The website sigaint.org state the address of the Tor website where SIGAINT is found. According to the manager, the alleged intelligence tried to change this address, so that Man-in-the-middle attacks could carry on users could spy on them in real time.

Probably therefore some passwords stolen, but it would have been the attackers not to do. "We get less than one user in the three months complaining that their account has been hijacked," said the manager. SIGAINT would have a total of 42,000 users. Because the e-mail service of the Tor network uses it depends on the servers in the network.

The Tor network consists of several servers on which the traffic passes. The last server in the chain is the exit node or exit relay. Through this server, which is added by volunteers to the Tor network, the request of the Tor user is sent to the Internet.The attackers had put in this case 70 of such servers. Because of this large number of suspects administrator SIGAINT that he has been the target of an intelligence service.

He leaves the Tor-mailing list that can be used for the website sigaint.org an SSL certificate to ensure that the content, and also the address of the Tor website is adjusted. An intelligence service might work, according to him so through using the key from a certificate authority from the country. The malicious Tor servers proved to be not only against SIGAINT deployed, but also can be used for other dubious affairs. All 70 servers have been placed on a blacklist.

Critical Vulnerability In WordPress Poem


For owners of WordPress sites this week, there is an important security update released that fixes a vulnerability that could allow an attacker to take over the site completely. According to the developers of WordPress, it is a critical cross-site scripting vulnerability that allows anonymous users can compromise the website.

The leak, which was discovered by Belgian security researcher Cedric Bockhaven is present in WordPress 4.1.1 and older. In addition to these vulnerabilities are also fixed three other leaks. The impact of these leaks are less severe. The developers of WordPress report in the announcement of the update this week also for different plug-ins security updates are released."Keep everything up to date in order to stay safe," said Gary Pendergast WordPress.

Unpatched plugins and WordPress installations are in fact a major reason why attackers managed to hijack websites. As revealed in late March that thousands of WordPress websites were hacked through a leak in a popular plug-in which has long been an update is available. The hacked sites were then used to spread malware. Because of the severity of the vulnerability patched now also has the US government Readiness Team (US-CERT) issued a warning issued and advises administrators to WordPress 4.1.2 upgrade.

Friday, 24 April 2015

IOS Leak Late iPhones And iPads Crashing Within Wifi Range



A vulnerability in iOS allows attackers to iPhones and iPads to let wifi range crashing, allowing the devices in the worst case continue rebooting endlessly. The vulnerability was discovered by researchers at Skycure . For a demonstration of a network attack, the researchers bought a new router and set up in a certain way.

After the researchers had made connection with the router turned the iOS app on their device suddenly crashing. Not much later were other people in the neighborhood to do with crashes. It was found in all cases to iOS users. Further investigation revealed that the problem is caused by specially prepared SSL certificates. Attackers can use this set of apps that crash a SSL connection.

According to the researchers, almost all apps in the Apple App Store use SSL for their communications. An attacker has a lot of opportunities to strike. Not only is it possible to have used apps crash, the vulnerability also affects iOS itself. In certain cases it is possible to restart devices to engage endless, making them unusable, according to the researchers.

"Even if the victims realize that the attack comes from the Wi-Fi network, they can not turn off the WiFi interface." Since the problem is not completely solved by Apple users get the advice to not connect to Wi-Fi networks and suspicious anyway to update to iOS 8.3, as there are some of the problems found "possible" have been corrected.

AVG Launches "Anti-Surveillance" Extension For Chrome



Czech anti-virus company AVG has an extension for Google Chrome developed claiming to users without internet surveillance to be used. What the Crumbe extension actually does is block trackers and cookies especially advertisers like.

This will be done in such a way that it does not break the functionality of websites, said AVG. Unlike other extensions that protect users against trackers makes Crumble not use a blacklist, but cookies itself analyzed by an algorithm. This should ensure that new trackers can be blocked immediately as soon as they appear, without the blacklist needs to be updated first.In addition, there is no difference in the blocked trackers place.

By blocking cookies will prevent as AVG Internet advertisers and trackers follow. However, experts have regularly shown that for tracking Internet cookies are not required. Well Crumble gives users insight into the trackers that are active on a website, since the extension that displays. Crumble is still in the beta phase and via the Chrome Store download.

Thursday, 23 April 2015

Microsoft Is Going To Reward Hackers For Bugs In Project Spartan


As with the test version of Internet Explorer 11 , Microsoft also launched a reward program for the test version of the new browser, code-named "Project Spartan", which hackers and researchers are rewarded for reporting vulnerabilities.

The compensation amount varies from 500 to $ 15,000, although Microsoft claims that the reward may also increase depending on the vulnerability and found the quality of the bug message. The program runs from April 22 until June 22nd. In this way, Microsoft hopes to encourage researchers to leaks in Project Spartan to find and report before a final version this summer appears. When IE11 made the rewards program will allow more bugs were logged than with the test version of IE10 was.

Besides the reward program for Microsoft Project Spartan also has the "Online Services Bug Bounty Program" expanded.Thus vulnerabilities in Azure and Sway.com be rewarded in the maximum reward to $ 15,000 was raised. Again, the rewards can be higher depending on the submission.

The highest rewards Microsoft hands out for attacks to bypass security measures in Windows 8.1 and Server 2012 R2.Allows researchers can earn $ 100,000. Also this program is adapted, including "Hyper-V escapes" now come for a reward eligible. According to Microsoft's Jason Shirk play "bug bounties", as the rewards are called, an increasingly important role in finding vulnerabilities and safer software.

Adobe Distributes Emergency Patch Attacked Flash Leak



A comprehensive attack on users of Adobe Flash Player remained hidden for two months before it was discovered by security researchers. Before the attack, the attackers were using an unknown vulnerability in Adobe Flash Player which on February 4 this year came with an update. Anti-virus company Malwarebytes, however, that the leak since December 10, 2014 was attacked.

Unlike many zero days, vulnerabilities for which an update is missing, it was not a question of targeted attacks against specific organizations or institutions. Just ad networks were used to attack ordinary Internet users and infect with ransomware and click fraud malware. Once an infected ad was shown a Flash Player user's computer could be infected with the malware.

For the spread of infectious ads used the attackers an ad network that reaches more than 500 million users in their own words. To prevent the attack would stand each visitor got infected ad only see once and were users with a VPN or proxy not infected. According Malwarebytes attackers tried in this way to hide the attack for security researchers and security.

Furthermore discovered the virus fighter that the attackers simply paid for the ads and there was no hacked ad networks. 0.75 cents was paid for 1,000 impressions, but this figure fell to 0.06 cents at less busy times. The ads appeared on separate popular websites, Malwarebytes states that, judging by the use of a zero-day and the execution of the attack, we were dealing with a professional operation. The attacks stopped in the end on February 3, a day after Adobe an emergency patch was announced for the leak.

Microsoft Protects Windows 10 Device With Guard


During the RSA Conference in San Francisco, Microsoft announced a new security measure for Windows 10 that infection of computers and laptops by malware should avoid. With Device Guard , as the hot solution, organizations can systems from both known and unknown malware and Advanced Persistent Threats (APTS) protect, as well as zero-day attacks.

Using the security measure merely changes programs of specific suppliers, the Windows Store or organization authorized. All other software will block Windows 10. Companies can decide which providers Device Guard trust. The solution comes with software that makes it possible for applications that are not signed by the original supplier itself signings, so they can be used anyway.

To determine whether a program is executed to trust the Device Guard hardware and virtualization technology to isolate the decision of the rest of Windows 10, which is intended to protect against attackers or malware to gain system privileges have full knowledge. According to Microsoft, this is a significant advance over traditional virus scanners and whitelisting solutions such as AppLocker, which are vulnerable to manipulation by administrators or malware. Several manufacturers, including Acer, Fujitsu, HP, Lenovo and Toshiba, have pledged to support the use of Device Guard on their equipment.

Funny Monkeys Movie Success Cyber Spies



A group of cyber spies before the White House and the US State Department attacked proving very successful in organizations, companies and other targets to penetrate through more than a funny monkey movie. The group is by the Russian anti-virus firm Kaspersky Lab also "Office Monkeys" mentioned, but also get the names and CozyDuke CozyBear.

The attackers were particularly since the second half of 2014 are very active and use different methods of attack, including links to zip files. These zip files contain a self extracting rar file a blank PDF file shows as a distraction. In another successful group of attack were called Flash movies sent as e-mail attachments. A good example is the annex "Office Monkeys LOL Video.zip".

The zip file contains an .exe file that a flash video of a couple of monkeys in an office shows. In the background the exe file to install sophisticated malware. The file might have been widely opened by a victim, as the virus fighter says. Many of the malware that the group used is fake digital certificates from Intel and AMD signed, what should hinder detection. Once activated the malware steals all kinds of information and files systems.

Wednesday, 22 April 2015

NATO Organizes Major Cyber Exercise In Estonia


400 computer experts will this week in Estonia to participate in a major NATO cyber exercise, where an attack is simulated on a fictional country. A total of sixteen teams from countries for Locked Shields 2015 registered as the exercise is called.

Locked Shields is an annual simulation held since 2010 in the cyber defense center of NATO in Tallinn. The organizers announced that this year, in addition to SCADA systems including Windows 8, a test version of Windows 10, Android devices and IP cameras are part of the exercise, as well as an "element of active defense".

"Locked Shields prepares computer emergency response specialists for continuously evolving cyber security landscape. Unique about this is that we are realistic technologies, use networks and methods of attack," said Colonel Artur Suzik, director of the NATO Cooperative Cyber ​​Defense Center of Excellence. "In order to ensure that the exercise is flush with real developments will be there every year new technologies and added attack vectors."

Users Turn Off Virus Because USB Malware


Malware that spreads via USB drives is still a major problem, but some users make cyber criminals very easily by ignoring warnings from their antivirus and even disable the security software. That informs anti-virus company Avast.

The virus fighter gives every day some 140,000 people a warning because the Jenxcus worm that was found on the USB stick. The malware last year was the target of a major operation by Microsoft, but is still active, which is also explained by some users. On infected USB drives the worm makes all kinds of shortcuts with the same names as the files that were already on the USB stick. However, the shortcuts point to the malware. Jenxcus also has backdoor capabilities, allowing attackers to gain access to the infected computer.

According Avast let most people remove the malware on their USB stick, but there is also a group that keeps alive and active infection. These users namely refuse to believe that there is a threat and argue that the virus has it wrong, says analyst Antonin Hyza. Then they turn off the anti-virus software so that the malware can infect their computer. One of the most common reasons to disable the virus scanner is that they use the file continuously or that it only involves an image. In the case of Jenxcus, however, refers to shortcuts. Once the computer is infected will infect the newly connected USB sticks again and the infection cycle can repeat itself.

1500 iOS Apps Vulnerable To MITM Attacks


Some 1,500 applications for the iPhone and iPad contain a vulnerability that could allow an attacker who is between a user and the Internet is encrypted SSL traffic from the app to intercept and decrypt. The leak is present in the AFNetworking library that use these applications and ensures that SSL certificates are not checked properly.

AFNetworking the library is a popular library for app developers and adds networking capabilities to the app. The vulnerability was patched on March 26 this year, but research from SourceDNA shows that are only 1500 apps use a vulnerable version of the library. Researchers from Minded Security warned late March already the problem and say that they were able to intercept all the vulnerable SSL traffic during a test through a proxy like Burp Suite .

According SourceDNA the problem by now patched, but app developers do not know much of the problem and continue to give vulnerable updates to their apps. The company put this website online that allows users to see if there have been installed on their phone apps that are vulnerable.

Apple Update Shows Root Pipe Leak In OS X Not To Close



Apple released two weeks ago an update for a vulnerability which allows a local attacker root access on Mac OS X could get. Now it appears that the update does not solve the problem, and the latest version of Mac OS X is still vulnerable. The leak did all the necessary controversy.

The vulnerability was namely remedied only by Apple in Mac OS X Yosemite and not in older versions. The Swedish researcher Emil Kvarnhammar also spoke of a backdoor . The problem could certainly since 2011 are present in Apple's operating system. According to researcher Patrick Wardle , it is, however, not yet been resolved.

He discovered his own words a new but simple way in which a local user can use the root pipe leak. Details he shared only with Apple. Through his short message he wants to warn, however, Mac users. He also made demonstration video.

Tuesday, 21 April 2015

Hacker Tool Does Not Ask Americans To Additional Information


Due to legal obligations should users of the popular hacker tool Metasploit who are not from the United States or Canada now give more information about themselves. It involves users of Metasploit Pro or the Metasploit Community Edition and not the Metasploit Framework.

Metasploit is software to test with the security of networks and systems. It uses encryption and is therefore, like other similar products, subject to US export regulations. Additionally get Metasploit and other attack software with more and more American and international constraints make. Because of these rules is to offer Rapid7, the company that Metasploit, the way to customize how the free and trial versions of Metasploit Pro and community can be obtained.

Customers outside the US and Canada must now apply for a license and provide additional information about themselves or their organization. It must in this case to "reliable and accurate" going data. Rapid7 will then approve or reject the request. In some cases, however, provide the US Department of Commerce or users can use the software or not. According Rapid7 most users will simply receive a license key, only this can now let alone wait any longer, up to 48 hours. Users who already have a license need not be afraid that it will be withdrawn.

Net Nanny Brings SSL Connections At Risk


Users of Net Nanny, a popular product for parental control, risk attackers intercept traffic to HTTPS sites and eavesdropping, or that they are undetected to phishing sites so warns the CERT Coordination Center (CERT / CC) at Carnegie Mellon university. To the SSL traffic to monitor computers install Net Nanny a Man-in-the-Middle proxy, as well as their own root CA certificate.

Net Nanny for all installations appears to use the same certificate. In addition, the private key of the certificate directly from the software to retrieve. An attacker could use the private key to generate new certificates that Net Nanny will just trust. A user will be alerted in this case if it goes to a malicious HTTPS site as Net Nanny trust the rogue SSL certificate.

The vulnerability has been found in Net Nanny 7.2.4.2 but other versions may be vulnerable. At present, according to the CERT / CC not yet practical solution. However, users can choose to disable SSL filtering and removing the license or uninstall Net Nanny. The problem is similar to that of Super Fish. The adware that was installed on Lenovo laptops and also installed its own certificate allowing users at risk.

Flash Player Vulnerabilities Ever Attacked Quickly After Patch



Vulnerabilities in Adobe Flash Player are getting faster attacked after the release of a patch, which increases the pressure on users to install available updates as soon as possible. On April 14, patched a critical vulnerability in Adobe Flash Player that could allow attackers the underlying computer in the worst case can take over completely if a malicious or hacked website is visited or appear infected ads.

Only three days later, on April 17, there appeared an exploit that allows the vulnerability abuse. The exploit was added to the Angler-exploit kit, making all kinds of cyber criminals have access. By cyber criminals exploit kits can easily Internet attacks by placing on hacked websites iframes and JavaScript, pointing to the exploit kit. In case users do not patched malware can be installed on the computer.

There has been a trend in which leaks in Flash Player, after the release of an update, still attacked quickly. On the basis of the updates, the attackers can find out where exactly is the vulnerability and develop an exploit here. A development that reveals security experts worry, says security firm FireEye . The observed now operates first look at the user's system and then determines whether a parent or Tuesday patched vulnerability to be attacked. What kind of malware is distributed via the new exploit is unknown.

JavaScript Annex Spreads CryptoWall-Ransomware


In many email attacks are used executables and Office documents, but there are spammers that use JavaScript attachments. Before warns Trustwave. The security company recently discovered a spam campaign where emails were sent that contain supposedly a resume laity.

There was a zip file as an attachment sent with it a Javascript file, ending .js. Once the recipient opened the file the script tried to download an executable, which turned out to be a variant of the CryptoWall-ransomware. This ransomware encrypts all kinds of files on the computer and then asks hundreds of dollars for decrypting it.

On another spam campaign Trustwave discovered a phishing attack that also made ​​use of JavaScript. In this case, an HTML file was sent to JavaScript which recipients must enter their account details. "If an e-mail telling you to enable JavaScript that you should not really do," says analyst Brian Bebeau. "Despite the use of executable files and other exploits you can not ignore JavaScript attachments in your e-mail traffic. They can both your users and yourself cause problems."

Monday, 20 April 2015

Steam Launches Limited User Accounts From Abuse


The popular game distribution platform Steam has announced a new measure against abuse such as phishing and spam attacks on users, namely the obligation for Limited User Accounts to spend at least $ 5 before they can use certain features. These include the posting, use the chat function and participation in the Steam Fair.

According to Valve, developer of Steam, the measure must protect users from spam and phishing. Steam has 125 million users worldwide. Through the platform, users can buy all sorts of games and digital objects. Some research argue that sold 75% of all PC games through Steam. Steam Accounts with many games or digital goods are also a favorite target of cyber criminals, who often approach users through chat or other parts of the platform.

"Malicious users often use accounts that have spent no money, which reduces the risk of the actions they perform," said Valve. Viewing the purchase history would be one of the main ways to distinguish normal users of malicious users. Malicious users would in fact do not care about the life of their account.

That's why we decided to introduce the limit of $ 5 before accounts can use all the features. Steam Users are happy that something against the scams on the platform is being done, but there are also critical voices of people who only buy physical ex. PC games and spend nothing on Steam, as evidenced by the lively discussion on Reddit .

Sony Had Pirated Copies Of Books On Hacking Network


Sony is known for the battle that is against software piracy, but the company itself also appears to have clean hands. Last week leaked WikiLeaks documents 30,000 and 170,000 emails at Sony Pictures Entertainment were captured. Among the documents discovered security expert Jeffrey Carr a pirated copy of his book "Inside Cyber ​​Warfare", let him through Twitter know.

The Daily Dot also discovered a second pirated book, namely Hacking the Next Generation, which was a full version of the Sony servers. The presence is remarkable, since Sony in the stolen emails discusses all sorts of tactics to combat piracy and the arrest of the founder of a torrent site is The Pirate Bay described as a great victory.