Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Mobile Security
Android Vulnerability Mobile Security

Tapjacking in Android devices can lead to malware download

The functionality of overlaying multiple activities in Android API can be combined with handling of events to trick users into downloading malicious applications without the user's knowledge.

The authorization  « android.permission.SYSTEM_ALERT_WINDOW » existing since the first version of the developer API and affecting even the last version of the application « Google Play Store »  can be used to create alerts which always stays on the top e.g. low battery levels which are used in the systems. Now, this alert window can be not touchable.

This not touchable window can be programmed so that touch events are never transmitted to this window or touch events can be automatically transmitted to underlying activity. So, utilizing the android API functionality a different event window can be placed underneath this not touchable window.

Since the alert window can be utilized to communicate touch events to an underlying window, the attacker can place buttons and images at right locations for the victims to touch it. It would then be relayed to the window beneath which would cause a application to be downloaded without any intent of the user.

Increasingly as the users have become alert towards downloading apps which ask for control to contacts, texts or images, the challenge to the attackers lie in tricking the users to  download without even showing the app terms and policies. 

So,this "tapjacking" can be applied by attackers to lead users to download malicious apps. It can be conducted in games or any other kinds of applications. Though a theoretical security issue till now, technically, this method can be exploited to infect all kinds of Android devices, irrespective of the version. It has been tested on Nexus 4 under Android 4.3,Android 4.4 and Nexus 5 under Android 4.4 by NES security lab and a notification has been sent to the Android security team for its resolution.
Read more »
Defaced Website
Breaking News Defaced Website

Hackers hijack Tesla automaker's website, Twitter account

(PC- Google images)
The website and Twitter account of high-tech automaker Tesla were hacked over the weekend as part of a prank by angry rival hackers. Tesla CEO Elon Musk’s personal twitter account was also hacked around Saturday night (US Standard Time).

The first sign of hijacking was noticed around 1:52 p.m., when the company’s Twitter account had a tweet that declared it being under the control of attackers and the name changed from “Tesla Motors” to  “#RIPPRGANG”. The tweet posted on the carmaker’s account said, “This Twitter is now run [sic] by Henry Blair Strater [sic] from Oswego Illinois, call me at [number redacted]”. 


A few minutes later, the account began promising free Teslas to those who followed certain accounts or to those who called a certain phone number. The number belonged to a repair shop in Illinois which was flooded with calls.

Nearly at that time, Tesla’s website was hacked by the same attackers. Visitors were redirected to a website with ISIS in the URL, a Laden-ranting video and a picture of a man resembling Osama Bin Laden.
(PC-google images)

The Twitter account war restored around 2:45 p.m., an hour after it was uncompromised and the website was back to its usual state at around 6:30 p.m.

Elon Musk’s Twitter account was hijacked by miscreants who claimed to be from the infamous Lizard Squad Hacking crew, known as Autismsquad.
Read more »
Hacking News
Hacking News

After hack, Costa Coffee temporarily disabled its online Club Card accounts

 
Photo Courtesy: Costa Coffee website.

Costa Coffee, which runs a chain of coffee shop, has removed the ability to access Coffee Club Card accounts online after an unusual activity detected on its Coffee Club card’s members accounts.

Costa Coffee informed its Coffee Club Card members via E-mail that its loyalty scheme, under which people get 5 p of credit for spending every pound in the store and unlimited free Wi-Fi, got hacked.

It said that unusual activity was noticed on about 1 in every 5000 accounts (0.02%).

According to the E-mail, Costa Coffee had conducted a full security review and temporarily disabled its online Club Card account. As a result, people cannot change their password as of now.

The E-mail said that the company has already contacted those customers whose accounts have been affected. Along with that, the officials are resetting account passwords of every Coffee Club member as an additional precaution.

The account password will be reset in the next few days. They will confirm via email once the procedure gets completed.

Moreover, Costa Coffee is all set to introduce a new format for password to further optimise security and protect public Coffee Club points.

The E-mail said, “We apologise for any inconvenience this causes but it’s very important to us that your points and registration details remain safe. We thank you for your patience.”

While opening an account on Costa Coffee Club, it will ask for name, email, birthday, phone number, physical address and password.

The officials suggested that the password must be between 8 and 15 characters and include at least 1 uppercase letter, 1 lowercase letter, and 1 number. They suggested that people should avoid common words while choosing passwords.
Read more »
Software Vulnerability
Cyber Security Software Vulnerability

Certification problems from NetNanny exposes users to attack

NetNanny, the popular content control software has been found to be using a shared private key and root certificate authority which leaves it open to HTTPS spoofing and intercept.

“The certificate used by NetNanny is shared among all installations of NetNanny,” said Garret Wassermann, a vulnerability analyst at CERT. He added that " the private key used to generate the certificate is also shared and may be obtained in plain text directly from the software.”

An attacker can easily exploit this limitation to generate new certificates just by accessing the software. The spoofed certificate signed by NetNanny would appear to be trustworthy and might lead the user to a malicious site which is faking as a secure HTTPS site. Moreover, the attacker could intercept HTTPS traffic o carry out man in the middle attacks in the affected system without browser certificate warnings being triggered by the system.

The software, launched in 1995 is widely used by parents to filter internet services for their children. Presently the version 7.2.4.2 has been found to be vulnerable, as warned by CERT but other builds might be affected as well.Questions regarding a fix on the issue remains unanswered by ContentWatch, the dedeveloping company.

The users are strongly advised to remove NetNanny or at least remove the bogus certificates created by the service or to disable SSL filtering and manually remove certificates from there.
Read more »
Vulnerability
Vulnerability

"No iOS Zone" - DoS vulnerability in iOS Devices

Skycure, a mobile threat defense solutions, witnessed  sudden crash of an iOS app while setting the router in a specific configuration and connecting the devices to it.

Elisha and Roy members of research team started to analyze the crashes further, and identified the source of the problem.  They found that by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. Then they created a script that exploits the bug over a network interface.

Parsing SSL certificate vulnerability affects the underlying iOS operating system, and with heavy use of devices exposed to the vulnerability, the operating system crashes. Under certain conditions, the  devices can be put  into a repeatable reboot cycle, rendering them useless.

For most of the people iOS app crash is simply a quality issue. They just install a different firmware and move on.

 But the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.

The issues have been reported  to the Apple. To avoid this vulnerability exploit the users may take following steps.

1)Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
2)The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
3)In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.

Read more »
Information Security
Information Security

Taipei City govt plans to install more monitoring equipment

The Taipei city government is planning to install more monitoring equipment and protect the messaging application line after a huge amount of information was leaked in a hacking breach of city computers, according to Taipei Times report.

a bid to avoid further breaches, the officials have decided to install additional monitoring equipment to identify unusual activities on city systems.

Taipei Mayor Ko Wen-je said that secretariat computers were breached last week, which had revealed a “troublesome” information.

Taipei Department of Information Technology (TDoIT) Commissioner Lee Wei-bin said that in the information breach, numbers of city department heads along with their confidential information had been compromised.

He said that the hacks could allow the hackers to predict the names of secretaries to “friend” commissioners and their staffs. In order to identify all of the members, the management would take a special caution. However, any new member would join the group.

He added that the existing antivirus software on the city secretariat’s computer, which got infected, could not detect the unauthorised access. The management would review the existing divisions between computer systems among the city’s departments, secretariat and the mayoral office.

Although, Taipei city councilors criticised the maximum usage of Line groups for messaging, which creates risk, by the city government, Lee said there was an implicit tradeoff between perfect security and administrative efficiency.

He said that they could not switch to any other messaging software, which is domestically designed and hosted, because it would be more costly and time consuming.

Moreover, Mayor Wen-je, who is used to Line software, has already introduced it extensively within every department.

He added that the department however, was imposing clearer standards for Line usage. The Line groups must have designated members who could take responsibility for policing membership lists.

He said that the city government’s decision would be recorded in official documents which would be to councilors. However, Line conversations would be confidential as telephone calls or private discussions within the city government.
Read more »
Spam Report
Spam Report

Beware of emails with resume attachments as Phishers still use JavaScript attachments


Beware of emails with an attached resume from a job applicant because some of the hackers are still using old JavaScript attachments to deliver the CryptoWall which could leave people in great trouble.

In an article by Brian Bebeau posted on SpiderLabs Blog (Trustwave SEG Cloud), mentioned that recently, it was noticed that a spam run of emails which contained an attached resume from a job applicant. The attachment, with a file extension ‘.js’, was in plain-text and consisted of JavaScript.

After some days, the next spam was noticed which looked more serious and zipped the attachment. The hackers tried to give the attachment a MIME type of "image/png" in order to appear it as an image among the people.

If anyone retrieves the picture, it will turn out to be a Windows executable.

Bebeau wrote that after analysing the file, they came to know that this is a Cryptowall ransomware variant. So, if anyone opens the attachment to look a resume or picture, he/she could end up with his/her entire system in trouble.

He added that some group of spammers also uses JavaScript to hide their phishing attachments. Instead of a resume, they used that old standby, the common account phish.

Bebeau wrote that people can verify an email by looking at the header addresses, before opening the attachments.

Subject lines include:

- Un-authorized User
- Verification Required
- Must verify your account
- Validate account

He said that it is said that people’s account has been limited or disabled, and that to restore their account, they must follow some steps in the attachment.

Now, the attachment is an HTML file with a JavaScript section which instructs people to turn on JavaScript. If they view the attachment in a JavaScript-enabled browser, it creates a form which asks for their personal information.

The form asks for peoples’ social security number and their credit card number along with their name and address. And if anyone fills it and clicks submit button, his/her all data goes to a server in Russia.

According to Bebeau, if people can examine an attachment carefully, it can be a useful to pull JavaScript code for content blocking.

He wrote that, Trustwave SEG Cloud, blocked around 200 of these phishing messages within three days. People should not turn on JavaScript even if some email asks them to do so.
Read more »
Hacking News
Hacking News

SendGrid urges its customers to change their password

SendGrid, an email service used by billions of companies, including Bitcoin exchange Coinbase, has urged its customers to change their passwords after attackers compromised one of its employee’s account in order to steal the usernames, email addresses and (hashed) passwords of customer and employee accounts.

Moreover, it has asked people to take advantage of multi-factor authentication offering, provided by the company, to ensure safety.

SendGrid said it is adding more authentication methods for its two-factor security. It is working to expedite the release of API keys, which will allow the customers to use keys instead of passwords while sending emails.

The company announced about the hacking case several weeks after it made sure that only one account was hacked.

According to a report of The New York Times on April 9, Coinbase had its Sendgrid credentials compromised. The hackers were using the access to launch phishing attacks against Bitcoin’s businesses.

“The story has now been updated in order to show that a single SendGrid customer account was compromised,” SendGrid wrote on a blog post.

According to David Campbell, SendGrid’s chief security officer, the company carried out investigation collaborating with law enforcement and FireEye’s (Mandiant) Incident Response Team. They got to know about a SendGrid employee whose account had been compromised by a cyber criminal and was used to access several of the company’s internal systems on three separate dates in February and March 2015.

He added that these systems contained usernames, email addresses, and passwords for SendGrid customer and employee accounts. The investigation suggested that the cyber criminal accessed servers that contained some of their customers’ recipient email lists/addresses and customer contact information.

“We have not found any forensic evidence that customer lists or customer contact information was stolen. However, we are implementing a system-wide password reset as a precaution. Because SendGrid does not store customer payment cards and we know that payment card information was not involved,” he wrote on the blog post.

As SendGrid manages emails of thousands of companies, including some big brand names, like Pinterest, Spotify and Uber, it has become a major target of spammers.
Read more »
IT Security News
IT Security News

Hacker's tweet led FBI to issue warning for airlines in US

In response to the claims and reports of the recent United Airlines incident, The US Federal Bureau of Investigation has issued a warning to all the airlines to be on the lookout for hackers. It follows an onboard tweet from Chris Roberts, pro hacker and the founder of One World Labs.

Roberts, a researcher specializing in the security of commercial airplanes, was detained by FBI (Federal Bureau of Investigation) agents while deplaning his United Airlines flight from Denver to Syracuse, New York. This action was taken after he tweeted a joke about taking control of the plane’s engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft’s functions, including temperatures of various equipment, fuel flow and quantity, and oil-pressure.

The computer expert tweeted: “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone ? :)”. This apparently caught the attention of Federal authorities who confiscated Robert’s iPad, MacBook Pro, and storage devices after questioning him for four hours.


Roberts stated that he was perturbed by the actions of the US law enforcement as he has been demonstrating vulnerabilities in the avionics system used on modern airplanes and telling CNN that he could connect a computer under his seat to view data from the aircraft’s engines, fuel and flight-management systems. And he is not the only one, according to an article by Forbes, Thomas Lim, head of security consultancy Cose Inc, has repeatedly been checked going through airports in recent years. On a flight from New York to Taipei, he was searched of all his belongings at the airport in Anchorage.

United Airlines has now banned Chris Roberts from all its flights.

Moreover, in a notification reported by the Wired Magazine, the FBI advised airlines to report any suspicious activity i.e. passengers connecting unknown wires and cables, or tampering or the forced removal of covers to network connection ports, along with reporting any evidence of suspicious behaviour concerning aviation wireless signals, including social media messages with threatening references to onboard network systems, automatic dependent surveillance systems (ADS-B), aircraft communications addressing and reporting systems (ACARS) and air traffic control networks.
Read more »
Vulnerability
Vulnerability

WordPress 4.1.2 version released, fixes critical security bugs


Wordpress 4.1.2 is the latest version of WordPress to be released to the public. A critical security release for all previous versions, WordPress 4.1.2 fixes as much as four other security issues.
The earlier versions of WordPress including version 4.1.1 were affected by a serious critical cross-scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams and Andrew Nacin of the WordPress security team.

Discovered by Michael Kapfer and Sebastian Kraemer of HSASec, files with invalid or unsafe names could be uploaded in version 4.1 and higher.

In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as a part of a social engineering attack. It was discovered by Jakub Zoczek.  

Some plugins were vulnerable to an SQL injection vulnerability. Four hardening changes, including better validation of post titles within the Dashboard were discovered by J.D.Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.

To download WordPress 4.1.2, the update can be updated automatically from the Dashboard and simply click “Update Now”. Sites that support automatic background updates are already updating to WordPress 4.1.2.
Read more »
Vulnerability
Android Vulnerability Information Security Vulnerability

Researchers discover fingerprint flaw on Samsung Galaxy S5


Photo Courtesy: Mobilesyrup website
Despite the various efforts made to secure biometric information on Samsung Galaxy S5 by the Android phone makers, hackers can still take copies of fingerprint which is used to unlock the phone set, said researchers.

Tao Wei and Yulong Zhang, researchers at FireEye, a security firm, said that even though there is a separate secure enclave for the information on the phone, it is possible to grab the biometric data before it reaches that safe area which allows hackers to copy people’s fingerprints for further attacks.

Wei and Zhang, who conducted research on Galaxy S5 including other unnamed Android devices, will be presenting their findings at the RSA conference on April 24.

The researchers said that in order to clone the fingerprints, the hackers don’t have to break the protected zone where the data is stored. They just have to collect data from the device’s fingerprint sensor.

According to them, any hacker can easily clone fingerprints from the phone sets. They have to get user-level access and run a program as root. They wouldn’t need to go deeper on Samsung Galaxy S5 because the malware needs only system-level access.

And once the hackers break the operating system of the phone, they can easily read the fingerprint sensor. Then, the hackers get the data from which they can generate an image of fingerprint. After that, those hackers can do whatever they want.

After finding the flaw on the phone, the researchers had contacted Samsung. However, they did not get any updates or measures to fix the vulnerability from the company.

They said that it is better to update Android version in order to get protected from this vulnerability because it is not resident on Android 5.0 or later versions.

"Samsung takes consumer privacy and data security very seriously. We are currently investigating FireEye’s claims,” said a spokesperson for Samsung via email to Forbes.

Although, there are various security concerns about biometric, it is going to be the primary form of authentication on mobile phones.

It is said that Microsoft is testing out a range of biometric options for its upcoming Windows 10 operating system. 

However, Wei and Zhang said they only tested Android devices as of now.

They said that not all of the Android phones below 5.0 with fingerprint authentication were affected but this vulnerability is likely to spread among other phone companies as well.  Like HTC One Max, Motorola Atrix, Samsung Galaxy Note 4 and Edge, Galaxy S6, and Huawei Ascend Mate 7.

“We only tested a limited number of devices. While we expect the issue is more widespread, we are not sure,” the FireEye spokesperson said in an email to Forbes
Read more »
Subscribe to: Comments (Atom)