Monday, 31 August 2015

Security Company Claims Dozens Hacked Dating Sites


The US security Hold Security claims that hackers dozens of dating sites have been hacked, with particular dating-related information and login details are stolen. Hundreds of thousands of users would be at risk. However not know which dating sites it will leave the company.

The list was viewed by IDG. According to the news websites between July 4th and last week had been hacked, often via vulnerabilities such as SQL Injection. Hold Security came a year ago in the news when the attackers claimed that 1.2 million passwords were stolen. Even when the company wanted not to know where the data was captured. What the hackers with the now stolen data plan is unknown.

Sunday, 30 August 2015

Director Ashley Madison Departs After Massive Hack


The director of Ashley Madison has resigned after attackers managed to steal confidential data of 32 million users, including names, addresses, email addresses and hashed passwords. Also all kinds of confidential business information were stolen, including e-mails.

It was gigabytes of data that have been published in part last week. In a statement enables Avid Life Media, the company behind Ashley Madison CEO Noel Biderman which has resigned and no longer works for the company. Until a new director was appointed the existing management team will lead the company. The company also states that it is still working on the settlement of the attack and actively with international investigative agencies work together to identify the perpetrators.

Researchers Found 30 000 Infected Apps On Google Play


Researchers at Indiana University have developed a scanner that allows them to rapidly scan hundreds of thousands of Android apps, which ultimately resulted in 30 000 infected apps on the official Google Play store. MassVet (pdf) as the scanner is called, can determine within seconds whether an app is benign or malignant, without knowing how the malware looks or behaves.

Instead of analyzing the app MassVet compares it with apps that already exist in the relevant store. Most Android malware is in fact repackaged apps. When cybercriminals repacking apps add malicious components increasing. Therefore differs repackaged app of the original. The malicious components in applications can also be found who seem to have nothing to do with each other.

The researchers decided to test the scanner with 1.2 million apps from 33 different app markets. MassVet proved apps within 10 seconds, assess and outperformed 54 virus scanners on VirusTotal. Of the 1.2 million-controlled apps were found to be more than 127 000 malignant and 34 000 were missed by most malware scanners on VirusTotal. Some of the malware specimens were installed millions of times. It also found that 5000 malicious apps each had more than 10,000 installations.
Google Play

Also analyzed MassVet 400 000 apps on Google Play, of which 30 000 were found to be malignant. This equates to an infected rate of 7.6%. According to the researchers this different from earlier figures of Google. According to Google, was found on Android Users who only install apps from Google Play at less than 0.15% of the devices a "potentially malicious application" (PHA).

However, users of China's market places that are most likely to Android malware. In the market places of Anzhi, Yidong, yy138 and Anfen was 39%, 36%, 28% and 23% of all available apps malware. On the fifth of infected stores SlideMe comes back, 21% of the malware apps proved to be. The overview is also given to the store by Opera. This was 7.8% of the apps labeled as malicious.

Saturday, 29 August 2015

Six British Teenagers Arrested For Using DDoS Tool


In the UK, six teenagers arrested on suspicion of using a DDoS tool that the websites of a school newspaper, several gaming companies and shops were shut down. These are boys aged 15 to 18 years, let the British police know.

The teenagers would have used the "Lizard Stresser", an online tool to DDoS attacks could be carried out against payment on websites. The tool would be possible at thousands of hacked routers running. Earlier this year, already two teenagers of 17-year arrested for use of the Lizard Stresser. In addition, the British police went down about 50 addresses of people who had registered on the Lizard Stresser website, but are not suspected of carrying out attacks. One third of these people are younger than 20 years.

"One of our main priorities is the call to engage with those who are on the verge of cyber crime, to show they understand the consequences of cyber crime and how they can use their skills for productive and lucrative careers," says Tony Adams, head of research of the National Cyber ​​Crime Unit, which is part of the National Crime Angency (NCA). Via Twitter warns users of NCA Lizard Stresser that the police will soon may come along with them.

Friday, 28 August 2015

Google Chrome Will Pause Flash Ads


From September 1, Google Chrome will automatically pause most Flash ads, so has Google via Google Plus disclosed. In June, Internet giant had already announced that it wanted to pause certain plug-ins, including Adobe Flash Player, in order to reduce power consumption and load times.

Google has long been trying to make Flash redundant. As YouTube videos are automatically played through HTML5. In the case of Flash ads that are distributed via AdWords, which are since February this year automatically converted to HTML5.Google argues that advertisers with Flash ads are working have several options to ensure that their ads are still shown to Chrome users, such as automatically to HTML5 to put out or to do it yourself.

Last month, also called Alex Stamos, the new Chief Security Officer (CSO) of Facebook, which with Adobe Flash technology to stop so completely on HTML5 can be switched. HTML5 is natively supported by modern browsers and allows playback of videos and other "rich content" without installing additional plug-ins.

Infected Ads On MSN.com Spread Malware


Cyber ​​criminals have managed to infected ads on MSN.com get, the web portal of Microsoft, who then attempted to install malware on visitors. It is the same group of criminals who had previously been infected ads on the websites of Yahoo got.

Reported anti-virus company Malwarebytes. The ads redirect users to a page with the Angler-exploitkit. This exploitkit uses known vulnerabilities include Adobe Flash Player that users are not patched. What was there for malware through compromised advertisements installed is unknown, but through the Angler-exploitkit often ransomware malware and distributed for advertising fraud.

The infected ads came from the ad network AdSpirit.de, already described for the display of advertisements was infected on many popular websites responsible, including Yahoo. Picked up in the case of MSN advertising was via AppNexus at AdSpirit. AppNexus in June was also involved in infectious ads on the website of The Telegraph. Meanwhile the infected ads MSN.com removed.

Large Illegal Marketplace Offline For Tor-Vulnerability


A large illegal market on the Tor network has decided to temporarily offline due to vulnerabilities in the Tor network, so have the managers through Pastebin announced. It is Agora, the largest illegal market on the Tor network.

Through the website is handled in narcotics. The Agora administrators point to recent studies showing that web servers can be identified on the Tor network. These so-called "Tor hidden services" are only accessible via the Tor network and should not be localized. Recently, researchers showed that they were able to identify 88% of the hidden services in a test set-up.

According to the Tor Project, the developers of the Tor software and the Tor network, the impact of the attack revealed that bad. Yet the reason for the administrators of the Agora marketplace to temporarily pull the plug on the website. In a statement they say that it is unsafe to allow visitors to the website, since they are at risk. It is now working on a solution, but it is unknown when they will appear.

Thursday, 27 August 2015

Trainee Security Company FireEye Developed Malware


A trainee of the American security company FireEye has developed malware that cyber criminals Android phones infected and could control completely. It is a 20-year-old American who was arrested in July as part of an operation against the Darkode forum.

This was a great forum for cyber criminals. The American was active in this forum and sold here, along with a Dutch accomplice, his Dendroid malware. Facing a US judge the man known to be guilty and made his apologies to the victims of his malware. He also said that he would use his skills in the future to protect computer users. FireEye security company had already announced in July that the trainee was sued by the authorities.

The Dendroid malware was offered at a cost of $ 300. Once active on a machine could steal the malware files and text messages, take pictures, surf the history readout and record conversations without casualties this had passed. The American was in his own words over a year working on the development of the malware. If convicted, the men could be imprisoned up to 10 years and a fine of $ 250,000, so inform the AP and the Pittsburgh Post-Gazette. The judge will rule on December 2.

AT & T Hotspots Inject Ads Into Wi-Fi Traffic



Hotspots of US telco AT & T inject ads into the Wi-Fi traffic from users, so has researcher Jonathan Mayer discovered. Mayer was recently at Dulles airport and made ​​to connect to a hotspot free of AT & T.

The websites he had visited suddenly all sorts of ads in locations where they do not belong. It was not long before Mayer discovered that the wifi hotspot AT & T HTTP traffic manipulated. The telecom provider uses an ad-injection platform developed by a startup called RaGaPa. When an HTML page is loaded over HTTP are made three changes.

If the ad is inserted, and a second advertisement as a backup in case the browser does not support JavaScript. Finally scripts are added for loading and displaying the ads. By injecting advertisements users of the browsing behavior will be exposed to unknown and unreliable companies, writes the researcher.

In addition, also affected the names and content of enterprises, because the ads appear on various websites that normally show ads. It is also not clear that the ads come from the hotspot. Furthermore, it introduces security risks, says Mayer. He calls AT & T also to stop. Furthermore it shows, according to the researcher that it is important that websites are accessible only over HTTPS, since no ads will be injected into the circulation.

Infected Advertisements In Major Australian ISP


On the media website of Telstra, the largest ISP and telecommunications company in Australia with 27 million customers, are infected ads appeared that visitors with malware trying to infect. The ads on media.telstra.com.au let visitors unnoticed a page with the Nuclear-exploitkit charge. This exploitkit is using known vulnerabilities in Adobe Flash Player and Internet Explorer.

What kind of malware was spread via the attack is unknown, but anti-virus company Malwarebytes think it's going to Tinba banking Trojan. This is a Trojan specifically designed to steal money from online bank accounts. The attack on the infected ads is very similar to the attack that was recently on dating site PlentyOfFish observed. The infected ads on the Telstra website were several days running.

Asus DSL Modem Router Vulnerable By Fixed Password


In several ADSL modem routers, including those of the Taiwanese manufacturer Asus, is called a "hard-coded" password is used, which allows remote attackers as an administrator can log onto the devices. Before that warns the CERT Coordination Center (CERT / CC) at Carnegie Mellon University.

The problem is present in the Asus DSL-N12E, DIGICOM DG-5524T, Observa RTA01N Telecom, Philippine Long Distance Telephone (PLDT) Speed ​​Surf 504AN and ZTE ZXV10 W300. The Asus model is also sold in the Netherlands. The permanent password allows an attacker to connect through telnet to the device. The password is partly based on the MAC address of the device, but it can be traced via SNMP (Simple Network Management Protocol (SNMP). Since there is no update is available, users are advised to ensure that telnet is not for " unreliable sources "is accessible and that SNMP is disabled on the routers.

Wednesday, 26 August 2015

Certifi-Gate Leak Used By Android App On Google Play



Researchers have discovered an app on Google Play that the "Certifi gate leakage" used at the beginning of this month it was revealed. It involves installing a vulnerability in the cell Remote Support Tools (mRSTs) that many Android manufacturers and network providers and devices.

Using the tools to provide remote technical support helpdesk staff by replicating the screen of the user and made "clicks" on a remote console. The authentication method that is used to validate remote support-tools turns out to contain different vulnerabilities. An attacker can therefore occur when the helpdesk and system privileges given to the unit. Then an attacker could install malicious applications and access data. On one or more devices from LG, Samsung, HTC and ZTE are the support tools installed.

Recordable Activator



The vulnerability was discovered by security company Check Point. The security guard let know now that it has found an app on Google Play using the leak. It is the Recordable Activator app that between 100,000 and 500,000 downloads. The Recordable Activator app bypasses the permission model of Android to use a plug-in TeamViewer. With this plug-in app access to system resources and can record the screen.

TeamViewer is an application that allows remote access to computers can be obtained. It is separate from the Recordable Activator app. Commenting TeamViewer argues that the way the creators of the Recordable Activator app to use the Team Viewer plug-in is in conflict with the use of the code and third-party code TeamViewer not allowed to use.

The Recordable Activator app installs a vulnerable version of TeamViewer plugin extensions. Because the plug-in by different manufacturers is signed, it is trusted by Android and gets the system permissions. After this, the app makes use of the gate-leak-Gift Certificate and connects to the plug-in to receive the screen. After being informed, Google removed the app from Google Play.

Samsung Smart Refrigerator Vulnerable To MITM Attack


Researchers have discovered a vulnerability in a smart refrigerator from Samsung could allow an attacker located between the user and the Internet, also known as a Man-in-the-Middle (MITM) attack, Google can intercept passwords.

The Samsung RF28HMELBSR is a smart refrigerator with screen and internet connection. The refrigerator will connect to a Google Calendar account to the calendar data on the display and can be operated via an app. The connection to Google's servers is SSL, but the refrigerator check the validity of the SSL certificate does not offer.

This allows an attacker to steal located between the user and the Internet is via a fraudulent SSL certificate to decrypt the encrypted traffic and so the user's credentials. That allowed the researchers of the British Pen Test Partners recently shown at the Def Con conference in Las Vegas. As far as is known, Samsung still no patch for the fridge.

Ads On UK Railway Station To Scan Passengers


Advertising Screens on passengers now scan a British train station so she can show you personalized ads. The three giant ad screens look like a big eye and consist of hundreds of small television screens, reports the Birmingham Mail.

The scanning software is not linked to a central database, and would also not be able to identify specific people. It is only of general characteristics of people near the screen, says Richard Malton, marketing director of Ocean Outdoor, the advertising company which will manage the scenes. The screens will appear at Birmingham New Street train station. The station is currently being reconstructed, and on September 20 will open the doors again. Apart from displaying personalized ads screens are also used to display information about rail services.

Tuesday, 25 August 2015

Researcher Cracks 4000 Passwords Ashley Madison


A researcher has managed to crack 4000 passwords of users of Ashley Madison, which demonstrates how important it is to choose a strong password. Attackers managed last month to steal a large amount of data from Ashley Madison, the site for cheaters.

The data were published last week in part. Among the stolen data there were also 36 million password hashes. Ashley Madison had the passwords are not stored in plain text, but in hashed form. This makes them not directly readable, but they can be cracked. Dean Pierce, Linux security engineer at chip giant Intel, password hashes ended with his special "squat machine" to crack.

Computer Pierce consists of four R9 290 ATI video cards. For hashing the password had Ashley Madison the bcrypt algorithm used, and there was also a "salt-made 'use. This makes it much more difficult to crack password hashes. In a weaker algorithm, such as MD5, it is possible to try millions of password combinations per second. In the case of the make bcrypt hashes came Pierce with his computer not go beyond 156 hashes per second.

The experiments also revealed the extent of the number of password hashes problematic, so he could load 6 million of the 36 million password hashes. For cracking the hashes he used the RockYou dictionary. RockYou is a company developing widgets for social media. In 2009 it was hacked, giving attackers more than 32 million managed to steal passwords. These passwords were stored in plain text, and finally appeared on the Internet. Since then the passwords of RockYou be used by many researchers as the default password cracking.

Crack Time

Pierce had his machine power for five days, during which he finally managed to crack 4000 passwords. That equates to 32.6 cracked passwords per hour. It also showed that there were 1191 unique passwords between. The most common password is "123456", which occurred 202 times. It also showed that 105 users had chosen the password "password". Pierce made ​​a Top 20 of the most common passwords. The list is very similar to other password lists that are regularly published.

According to the researcher, it is probably impossible to crack each bcrypt password, but will in the case of Ashley Madison eventually many passwords are outdated anyway. It is in this case especially for weak passwords which are found in many dictionaries, or simply through brute force to retrieve his. Thus, on the list of passwords of the short Pierce especially less than eight characters.

Cyber ​​Criminal Focuses On Internet Explorer



For the second time in a short time is a critical vulnerability in Internet Explorer, just after it is patched by Microsoft, actively attacked by cyber criminals. In addition, Microsoft came out last week, also with an emergency patch for a zero-day vulnerability in IE that has already been attacked before the update was available. The IE vulnerability that is now attacked was on August 11 Microsoft patched.

Visiting a hacked or malicious Web site or see getting an infected ad is enough to get infected with malware. Anti-virus company Symantec warned that the exploit of the flaw Explorer uses the Sundown-exploitkit added. On hacked websites post the attackers code that visitors unnoticed to the exploitkit forward. A Trojan horse is then placed on the computer from which the attackers have access to the computer and can steal all kinds of information. The currently observed attacks were primarily aimed at Japan.

In early August decided cyber criminals even though a just-patched IE vulnerability to attack actively. Then it came to a vulnerability in the browser that Microsoft patched in July. Less than three weeks later there was an exploit for the vulnerability is added to the Angler-exploitkit and was used for IE users with ransomware to infect. At the time, called the security company FireEye still noteworthy that the creators of the Angler-exploitkit now suddenly focused on an IE vulnerability.

In recent months, namely, only exploits developed for Flash Player leaks. In July, however, decided to Adobe Flash Player to better guard against attacks, make it more difficult for attackers to attack vulnerabilities. Adobe patched so on August 11, the same day that Microsoft now attacked IE flaw patched, 35 vulnerabilities in Flash Player, but these vulnerabilities are not attacked.

Manual Windows Updaters Warned Patch


Microsoft has warned users and administrators to manually update computers for an important security update that was re-released and needs to be reinstalled. On August 11, Microsoft wrote poetry different vulnerabilities in Windows, .NET Framework, Office, Lync and Silverlight.

Through the vulnerabilities could take over a computer attacker completely if the user opens a specially crafted document or visit untrustworthy sites with embedded TrueType or OpenType fonts. As a solution has published Microsoft Security Bulletin  MS15-080. This update is on most Windows computers automatically installed via Windows Update. However, it is also possible to download the update from the Microsoft Download Center.

The update for Vista SP2, Windows Server 2008 (R2) SP2 and Windows 7 SP1 via the Download Center offered is updated on August 18th. Microsoft recommends that Windows users who update for August 18 have been downloaded from the Download Center to download it again and install so that they are fully protected against the vulnerabilities listed in the bulletin. This only applies to people who have downloaded the update from the Download Center. Users who update from Windows Update, Windows Update Catalog and WSUS are deployed need to take any action.

Amazon.com Is Going To Stop Flash Ads



Due to recent changes in Google Chrome, Firefox and Safari, Amazon decided to order from September 1 no more Flash ads on Amazon.com to accept. According to the Internet shop is the reason that browsers have changed when Flash content is displayed on websites the way.

Not only browser developers have restricted the operation of Flash content. Security experts regularly advise to remove Flash Player in the browser. The new policy is to ensure that ads on the website to keep working. Flash is already longer under fire, both because of the security issues with Adobe Flash Player, as well as technology for displaying video content.

Recently let Facebook CSO Alex Stamos yet know that with the support of Adobe Flash to stop, then follow the browser developers. In this way, web developers are forced to upgrade their tools and programs to HTML5, since they postpone now that due to the permanent Flash support.

Chrome Gives Thousands Of EV SSL Certificates Wrong Again



Extended Validation (EV) SSL certificates, the browser address bar green color users should provide more security when visiting an HTTPS site, but thousands of these certificates are not displayed correctly in Google Chrome. Reported Internet company Netcraft.

EV SSL Certificates serve as regular SSL certificates as well as identification of the website and encrypt the traffic between web site and visitors. Unlike normal SSL certificates they issued after a rigorous control and are more expensive. However, Google requires that contain EV SSL Certificates "Certificate Transparency 'information.

Certificate Transparency is a framework developed by Google for monitoring of SSL certificates in real time. This makes it possible to discover SSL certificates issued in error, or are secured via a burglary at a Certificate Authority. Many Certificate Authorities, however, sell EV SSL certificates without this information, making them appear in Google Chrome as a normal SSL certificate.

According to Netcraft involves more than 10,000 EV SSL certificates, or 5% of all EV SSL certificates issued. For websites a costly miss. A normal SSL certificate is already available for $ 10 per year, while an EV SSL certificate can cost $ 1,000 per year.

Monday, 24 August 2015

Zero-Day Vulnerabilities In Dolphin And Mercury Browsers For Android


In the Dolpin and Mercury Browsers for Android are vulnerabilities that an attacker could execute arbitrary code on the system or the files can read the browser and for which no update for developers is available.Reported researcher "rotlogix".

Dolphin Browser is installed between 50 million and 100 million times and claims to be the best Android browser. To attack the vulnerability, an attacker must be between the Internet and the user, for example in a wireless network. Then, the attacker must wait until the user downloads a new Dolphin Browser-theme and install. Through themes users can customize the appearance of the browser.

The download takes place over HTTP, allowing an attacker to offer a customized theme. The evil theme then let the attacker run arbitrary code in the context of the browser. The developers of the Dolphin Browser have been notified, but an update is not yet available. Pending the update, users download the advice not new themes in a network environment that they do not manage. Another possibility is to use temporarily a different browser.

Mercury Browser

Another browser for Android where the investigator found problems in the Mercury Browser. This browser has been downloaded between 50,000 and 100,000 times. Through various vulnerabilities in the browser, an attacker can read files in the data directory of the browser and customize it. To carry out the attack, the user must open a specially prepared HTML file. Also in this case, there is still no solution is available. Users also are advised to remove the browser from their device and use an alternative.

Torrent Tracker Windows Blocks 10 Users


A torrent site where users can download content illegally decided to block Windows 10 users, since the operating system "is nothing more than an espionage tool", so let the administrators know. Visitors to the torrent tracker ITS automatically to a video on YouTube redirected, which claims that all Windows 10 computer monitors.

TorrentFreak reports that also consider two other torrent trackers to not allow users with Windows 10. "Microsoft recently released Windows 10. We want our members to know that we consider to block the operating system on FSC. This means that you no longer running Windows 10 can use the site," according to the administrators of torrent tracker FSC.

Recently, there was a fuss about a Microsoft agreement entered into force on August 1, which states that Microsoft may block pirated games. Some websites think that the agreement applies to Windows 10, but the operating system is not mentioned in the agreement. However, for example, are mentioned Xbox and Windows games from Microsoft, as well as online gaming service Xbox Live.

Android User Chooses Predictable Lock Pattern




Android users who have secured their device with a screen lock often opt for predictable patterns, according to a survey of 3400 users by researcher Marte Loge. In early August she presented her research at the bsides 2015 conference in Las Vegas (video).

The examination of Loge shows that the most commonly used pattern consists of four dots. The average number of spots was five, so that there are fewer than 9,000 combinations. It also appears that people usually start at the top left. 77% of the dot patterns begins in one of the four corners and the patterns usually run from left to right and from top to bottom. It also appears that people often choose patterns in the form of a letter, such as their initials.

According Loge people choose dot patterns in the same way as passwords, which complex patterns are difficult to remember, like complex passwords. And like a weak password is easy to guess a weak lock pattern. "Full disk encryption will not save you if your pattern of the L loser is", warns the researcher.

Sunday, 23 August 2015

Hackers: Website Ashley Madison Was Poorly Protected


The security of Ashley Madison, the hacked website for adulterers, was far below par, say the hackers who carried out the hack. Last month the site was hacked, with data of some 32 million people, as well as all kinds of business data were captured.

The data this week were put partly online. There is now 30GB published on stolen data. In an interview with Vice Magazine let the hackers know they still have 300GB of emails from employees and documents from the internal network. Nor would they have held tens of thousands of photos of subscribers of the website and some chats and messages. One third of the images were photographs of male genitalia that they will not publish, which is also true for most emails from employees of the company.

The Impact Team, as hackers call themselves, denounce especially the absent protection from Ashley Madison. "We did our best to make the attack undetectable, but when we arrived it turned out that there was no security to get around." The security of a site by the hackers as "poor" circumscribed. "There was no monitoring. No security. The only thing was a segmented network." Furthermore, it was also easy to gain root access on the servers of Ashley Madison, as they note.Regarding the future, the hackers do not exclude that they also other sites, businesses and possibly corrupt politicians will hacking.

Subscribers Ashley Madison Extorted via E-mail



Several subscribers cheaters website Ashley Madison became the target of extortionists who threaten to inform their partner unless they pay an amount in bitcoin. Both American and New Zealand subscribers have received the email.

The email warns that the cost of a divorce lawyer if the partner comes behind the cheating, or anything revealing to have the data for consequences if someone is already in a separation procedure. It also warned of the reaction of family and friends as they discover that the person in question was active on Ashley Madison, so reporting CoinDesk and Stuff.

The extortionist then demands two bitcoins, what with the current exchange rate is 410 euros. How many subscribers have received the e-mail or run from the threat is unknown. Attackers managed last month to hack the website Ashley Madison this week and made ​​a part of the data publicly available. The media has already speculated that subscribers would be extorted possible.

Thousands Of Hacked WordPress Sites Spread Ransomware


In recent weeks attackers have hacked more than 2600 unique WordPress sites and provide malicious code that attempt to infect visitors with ransomware. The hacked WordPress sites are all running version 4.2 of the software or older, says security firm Zscaler.

The attack on the WordPress sites consists of several steps. First, the site is accepted in full. So the attackers add a Webshell, and steal the credentials of the administrator. Is then added an iframe to the website that visitors to the WordPress site unnoticed a page with the Neutrino-exploitkit late charge. The iframe code only to users of Internet Explorer is shown. A cookie will prevent victims of the iframe code are offered several times.

To infect users makes the Neutrino-exploitkit using a malicious Flash file. In case Flash Player not installed on the computer, the user is offered an old Flash installation file, and the malicious file is loaded. Do not know how the installer will install exactly Zscaler allows the analysis of the attack.

In case the attack is successful, the ransomware CryptoWall-installed on the computer. This ransomware encrypts files on the computer and asks users a certain amount for decrypting. According to analyst John Mancuso WordPress remains an attractive target for cyber criminals. WordPress is a very popular free content management system used by more than 60 million websites, including about 23% of the Top 10 million websites on the internet.

Saturday, 22 August 2015

Mozilla's Chrome Extensions Support In Firefox


Mozilla has announced major changes to the operation of add-ons in Firefox, including the possibility of later extensions for Google Chrome and Opera and possibly Microsoft Edge will work in the browser. In addition, measures are being taken against spyware, adware and other malicious add-ons.

According to Mozilla developers have much of a Firefox add-on also similar extensions for Chrome, Safari, Opera or developed. "We want the development of add-ons is more like web development, that same code using a set of standards across multiple browsers running," said Mozilla's Kev Needham. That is why Mozilla is working on a new API called Firefox WebExtensions.

Extensions for Chrome, Opera and possibly in the future, Microsoft Edge will therefore run in Firefox as Webex Tension.According to Needham, the API a number of advantages, such as supporting multiple processes and reducing the risk of malicious add-ons and malware. WebExtensions will like other Firefox add-ons work with Mozilla are signed and via addons.mozilla.org to find. A test version of WebExtensions is already available in the test version of Firefox 42.

Signings

To protect users from malicious add-ons from Firefox 42 will all extensions must be checked by Mozilla and signed. Unsigned extensions will not work in Firefox. From 41 unsigned Firefox extensions will be automatically disabled, but users still have the ability to turn back.

According to Needham, the strategy of Mozilla advantages and disadvantages. Developers who already support Chrome extension will benefit from it, because they now have only one code base support instead of two. For developers who develop only Firefox add-ons adjustment will be greater. "But we think that the end result for both users and developers of Firefox it will be worth it," said Needham.

Apple Close Critical Holes In Windows Version QuickTime


For users of QuickTime there's a new version appeared which have been addressed several critical vulnerabilities. Through the nine vulnerabilities, an attacker can crash the Program, or any computer can perform, such as installing malware.

The opening of a malicious media file would be sufficient in this case. Six of the nine vulnerabilities were found by researchers from network giant Cisco, while one vulnerability on account of Apple came. Apple advises users to upgrade to QuickTime 7.7.8, which through Apple.com and Apple Software Update to download.

Friday, 21 August 2015

Phishing Springboard Hidden In PDF Documents


PDF documents are often used to infect computers with malware, cyber criminals but the format now use to lure victims to phishing sites. Researchers at Kaspersky Lab discovered a PDF document that is distributed via an e-mail scam.

According to the email, the recipient of the message received $ 53,000 in his account. However, the recipient must confirm the transaction, which can be done via the enclosed PDF document. The PDF document contains only an illustration that states that the document is protected and offers the user a button to view the contents. The button, however, points to a phishing site which looks like a PDF document with transaction data.

To view the data, the user must then enter their email address and password. These data are sent to the criminals. According to analyst Dmitry Bestuzhev, this is an interesting technique that some phishing filters can mislead.

Infected Ads On Dating Site PlentyOfFish



On the free online dating site PlentyOfFish infectious ads have appeared that tried to infect visitors with a Trojan horse. PlentyOfFish receives daily more than three million visitors. The ads on the website users imperceptibly sent to a website with the Nuclear exploitkit. This exploitkit is using known vulnerabilities in Adobe Flash Player and Internet Explorer.

In the case the attack was successful was the Tinba banking Trojan installed on the computer. This Trojan is designed to steal money from online bank accounts. The infected ads were distributed through the ad network ad.360yield.com, reports anti-virus company Malwarebytes. Visitors PlentyOfFish whose software up-to-date was ran no risk in this attack.

Customer Data 600 In Stolen Data Ashley Madison



The personal data of users can be found in the stolen and published online database of Ashley Madison. These are e-mail addresses, mailing address and IP addresses, reports Yahoo! News that the stolen data analyzed.

A group of attackers managed to hack the website for cheaters last month and thereby made ​​gigabytes of data booty. It's about user profiles, as well as credit card transactions. In this final data set the data of the Dutch have been found. The data of 32 million users were on Monday put online. Tonight the attackers have again stolen data published reports Vice Magazine. This time it comes to 20GB of data, including e-mail inbox Noel Biderman, CEO of Avid Life Media, the parent company of Ashley Madison.

Adware Changing Settings Adblock Plus For Mac OS X



Adblock Plus is the most installed browser extension the world, with tens of millions of users. All of these users will not see ads, something that adware developers now have gotten through. Security company Webroot recently discovered copies of the VSearch- and adware Genieo for Mac OS X that adjust settings Adblock Plus.

For this, the Mac user, the first adware already installed on your system. Once active monitors adware or a AdBlocker the system is present and then add an exception, so the ads from adware still be displayed. According to Webroot's most malware for Mac OS X which it encounters adware, which displays all kinds of ads. Earlier this year, Mac users were already adware warned. Users become infected mainly because software outside the site of the supplier or downloading illegal software use.

Thursday, 20 August 2015

Churchgoers Attacked Through New Explorer Leak



The zero-day vulnerability in Internet Explorer for which Microsoft Tuesday an emergency patch released is used to infect visitors of an evangelical church in Hong Kong with malware. Attackers had placed an iframe on the denomination's website, which visitors sent by unnoticed to a website with an exploit. This exploit took advantage of the vulnerability that was present in IE7 to IE11.

In the case the attack was successful Korplug the malware was installed, says Symantec. Korplug is a Trojan horse designed to steal information. Through the malware attackers full control over the computer. According to anti-virus company, there was a so-called "watering hole" attacks, where attackers hacking websites which potential targets already visit on its own. In this way, the attackers do not have phishing emails to be sent, so that the longer attack may go unnoticed. In giving the emergency patch Microsoft had already indicated that the leak was actively attacked.

Developer Encryption Software Targeted By Cyber Espionage



The director of a Russian company that develops encryption software has been attacked by a group who are more concerned with attacking NATO, the White House and the German parliament. It claims the Japanese anti-virus company Trend Micro. It would go to a group of Russian spies.

Although several organizations abroad were the target group, there are attacks carried out in Russia. This involves phishing attacks whereby refined manner attempts to steal login details for email accounts. According to Trend Micro, members of the rock band Pussy Riot, politicians, journalists and software developers have been targeted. Besides the director of the company that develops encryption software was also a developer of web mail service Mail.ru attacked.

Phishing

The attacks on the Russian people were part of a larger campaign involving tens of thousands of people were targeted with phishing emails. This relates to users of well-known webmail providers such as Gmail, Yahoo, Hushmail, Outlook and other providers in the Ukraine, Iran, Norway and China. The way the attacks occur varies. Some campaigns use malware and vulnerabilities. The group of attackers have used at least six zero-day vulnerabilities in the past.

In addition, also targeted phishing attacks used to obtain login details. The phishing e-mails claim, for example that a new service is to deliver guaranteed emails. It then attempts to get through OAuth, an open authentication protocol for example, Yahoo offers to app developers to access the user's mailbox. The links in the phishing email while pointing to a legitimate website of Yahoo for OAuth. So users may think that it is a harmless link. What is the goal of the attackers know Trend Micro, but they may try to keep potential threats to Russia in the eye.

Credit Card Details 93 000 Customers Web.com Stolen


Domain registrar and hosting company Web.com has 93 000 customers warned that their credit card information, name and address details are stolen in a recent attack. On August 13, discovered the company, which has 3.3 million customers, an intrusion on one of the computer systems.

Web.com states in the announcement of the intrusion that the credit card information of 93 000 clients, "possibly" stolen. In the FAQ, however, with further explanation let the company know that the credit card data has actually been stolen.Affected customers will be notified by mail. In addition, a year of free credit monitoring are offered. Also, different credit card processors would be informed now. How the attackers could strike late Web.com not know. "Despite our efforts is not a company immune from cyber crime," said a response from the company.

Wednesday, 19 August 2015

Email Addresses Ashley Madison Added To Search Engines



On the Internet, various search engines where the email addresses of subscribers AshleyMadison.com be added. In July, attackers were able to steal a database of user information from the site for cheaters.This database is two days ago put online.

This concerns data like email addresses, names and addresses, as well as GPS coordinates. Security expert Troy Hunt has the email addresses from the database to its search engine "haveibeenpwned.com added. The search engine, which since December 2013th is online, contains 220 million accounts that are captured at different hacks and made ​​public. Most accounts, 152 million, came from a break-in at Adobe.

In second place is Ashley Madison, with 30 million accounts. Other parties keep that data from 36 million accounts were stolen, but that was verified by some 24 million accounts, e-mail address. Internet users can be alerted via the search engine as their e-mail address found in a stolen database. Meanwhile were 5,000 subscribers Ashley Madison are alerted by the search engine, so let Hunt via Twitter know.

Google Announces Its Own Wi-Fi Router To OnHub



Google has partnered with network manufacturer TP-Link announced a new Wi-Fi router called OnHub. According to the Internet giant, the new Wi-Fi router fast, safe and easy to use. The router automatically chooses the best channel for the fastest connection.

In addition, the device has a "unique antenna design" and "smart software" to ensure network performance. It is also possible to give a higher priority to certain devices. The Wi-Fi router can be operated via the Google On app for both Android and iOS is available. The app can be examined how much bandwidth connected devices consume and there may be a network check be performed. In the case of WiFi problems, the app also give advice.

The password for the Wi-Fi router is a "single tap" to ask, and then mail them to friends or to texts, says Trond Wuellner Google. One feature that is lacking in many WiFi routers, the automatic update feature. Security updates will be installed automatically in the event of OnHub. The Wi-Fi router is still only in the United States and Canada to order and costs 200 dollars.

32 Million Users Data Ashley Madison Put Online


The attackers knew who last month at the Ashley Madison website to break in and loot that made ​​the data of millions of users have now put the data online. It involves account information and login details of around 32 million users of the website for cheaters, reports Wired.

In addition also published a list of seven years credit and payment transactions. This data consists of millions of payment transactions, including names, addresses, email addresses and amounts paid. The latter have been given four digits of the credit card. The stolen data is now distributed via Tor websites and torrent files. They can be downloaded from download sites like Rapidshare and Mega. The attackers had the data already published two days ago on Reddit, but it has now been picked up by the media.

The attackers demanded that Ashley Madison hacked the website and the website Established They were taken offline, otherwise they would make the data public. In a statement, the attackers set to Avid Life Media, the company behind Ashley Madison and Established Men, created thousands of fake profiles of women. The attackers The website also called a scam."Chances are good that you signed up for one of the largest websites for affairs, but have never had one." Victims of data theft getting the attackers advice to sue the company.

The database would be some 15,000 e-mail addresses ending in .gov and .mil. It is in this case to addresses used by the US military and government. In a statement enables Avid Life Media that does not involve hacktivism, but there is a crime.Meanwhile, the FBI would be involved in the investigation. According to the company, the attackers will eventually be caught.

Update

Security expert Robert Graham analyzed the stolen data and says that it is more than 36 million accounts. 28 million accounts are men, while five million women had registered for the website. The other accounts could not be determined.When analyzing the credit Graham came only men took against. In addition, there are 250,000 possible deleted accounts, since the password of it was removed. The account information includes full name, email address and password hash, but also data such as height and weight.

Also, mailing address and GPS coordinates were found in the data dump from 9,7GB. "I suspect that many players from creating a fake profile, but with an app that passed their real GPS coordinates," Graham says. The passwords are hashed with bcrypt. A stronger algorithm than MD5. Yet Graham expects hackers will succeed especially many weak passwords to "crack". Users with a strong password, however, would be safe.

Microsoft Emergency Patch For Active Attacked IE Flaw



Microsoft has released an emergency patch released for a critical vulnerability in Internet Explorer that is actively used to infect computers with malware. Visiting a hacked or malicious Web site or see the getting infected ads is sufficient to execute the attacker to run arbitrary code on the computer.

It should be noted that the attacker could execute code with the rights of the logged in user. The impact may therefore be less if users who have an account with reduced logging rights, Microsoft said. The vulnerability was already attacked before the patch was available from Microsoft. What kind of attack it is and who the target was not reported.

The vulnerability, which was reported to Microsoft by a Google researcher, is present in IE7 on Windows Vista to IE11 on Windows 10. Because of the impact users get the advice Security Bulletin MS015-093 install immediately. On most computers, however, will automatically happen.

Microsoft Phone Scam Now Also Available In French And German


Microsoft scammers are people for years by awkward to call them up and say that there are problems with their computer at home, but lately also Web sites and pop-ups used. Which let users believe that their computers with a "virus" is infected or has some other problem.

Next, there must be a specific telephone number to be called in order to resolve the problem. This is the number of scammers posing as Microsoft employee or specialist. Then they try to make the victims pay for the removal of the "virus" or the purchase of a virus. The amounts can run into the hundreds of dollars. Thus German victims at a recent campaign for an amount of 389 euro per person scammed. The ads and pop-ups are distributed through malicious advertisements and are bundled with "potentially unwanted programs".

Multilingual

Previously, the text of the pop-ups and websites was always in English and addressed the scam only English. Now scammers target other countries. There are versions in German, found French, Spanish and Japanese. The crooks who answer the phone speak the language. According to anti-virus firm Malwarebytes organisations behind the scam have probably turned several call centers in these countries and they are given instructions on how they can light up people by phone.

"Non-English-speaking countries were previously safe, but scammers have now realised that millions of potential victims are within their reach, particularly in Europe. Since the scam mainly makes social engineering use, they had to find a way to bridge the language barrier and there they have now succeeded, "said analyst Jerome Segura.

Tuesday, 18 August 2015

Microsoft Launches Free Virtual Machines With Windows 10



Following the launch of Windows 10, Microsoft now several free virtual machines with the operating system launched. Through the virtual machine developers to their Web sites and applications with the latest version of Microsoft Edge test, the default browser in Windows 10.

With this release, Microsoft has also the process that is used to make automated virtual machines. Therefore future updates will be available earlier if the platform is updated. Furthermore, now new formats for virtual machines supported, starting with Vagrant boxes (with VirtualBox) and QEMU. As a platform, users can choose from HyperV_2012, VirtualBox, Parallels and VMware.

Android Again Hit By Leak In Media Server


Researchers have discovered a vulnerability in the media server of Android again, the same part where previously several other vulnerabilities were found, including severe Stage Fright leak . Through the latest vulnerability an attacker can execute arbitrary code on the device with the media rights server.

Thus, an attacker can take photos, create videos and previously made videos. The problem is present in Android 2.3 to 5.1.1, which represents almost all Android devices in circulation. To be attacked, the user must first install a malicious app via the vulnerability. This app does not require any permission, which can give users a false sense of security. Once activated an attacker could execute arbitrary code with the rights of media server.

The media server is involved in all kinds of media-related tasks, such as taking pictures, reading MP4 files and recording videos. "This allows the user privacy at risk", says Wish Wu of the Japanese anti-virus company Trend Micro discovered that the vulnerability. The virus fighter warned Google on June 19 that the leak as "high severity" labeled. On August 1, Google has published a patch for the Android Open Source Project (AOSP), but it is unclear if the update has already among users and suppliers is spread.

Ransomware-Maker: The Victims Have Paid More Attention


A new ransomware variant that has been in development since early this year has a real roadmap for victims to explain the situation they find themselves in, where users also clear that the infection is their own fault. The ransomware was discovered by the Dutch security researcher Yonathan Klijnsma , who works at the Delft Fox-IT.

CryptoApp, as is called ransomware encrypts files with 162 different file extensions, like .docx, .avi and .xslx. Remarkably, according Klijnsma that files from QuickBooks accounting software is encrypted. Once active on a computer, the ransomware is looking not only at local disks for files to encrypt, but also relied network drives. As with other ransomware variants must then be paid an amount to decrypt the files.


It is in this case to an amount of 1 bitcoin, what with the current exchange rate 231 euros. On the website of the ransomware is user-maker explained their situation. As the author states that victims have been infected because they have not been paying attention. Also, the computer of the user according to the ransomware maker poorly protected and the files can be recovered only by paying. Thereby paying victims are advised to turn off their virus scanner.

The tool for decrypting the files can namely be considered as malware and removed by the virus. In that case, users will lose all their files, according to the warning. According Klijnsma the ransomware is not widespread and probably still in development. The website of the ransomware-maker, which was hosted on the Tor network, early August is gone. It may be that the author, the project has stopped or a new location sought to continue its operation, with the old website was a test setup, the researcher says.