Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Vulnerability
Featured Vulnerability

Venom Vulnerability allows hackers to escape from VM and hack Host Machine

 
CrowdStrike’s senior security researcher Jason Geffner disclosed the vulnerability in the virtual Floppy Drive Code used by many computer virtualization platforms.

Vulnerability VENOM, CVE-2015-3456, attacker can easily escape from the confines of virtual machine guest and exploit the code-execution access to the host. This may result in  elevated access to the host’s local network and adjacent systems.

By exploiting  the VENOM vulnerability one can get access to corporate intellectual property (IP), sensitive and personally identifiable information (PII), which will potentially affect thousands of organizations and millions of end user’s connectivity, storage, security, and privacy.

According to the researcher, the bug is in QEMU’s virtual Floppy Disk Controller (FDC), notably used in  Xen, KVM, and the native QEMU client. Whereas VMware, Microsoft Hyper-V, and Bochs hypervisors are not impacted by this vulnerability.

“The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase“ wrote Jason Geffner in his blog post.
Read more »
Vulnerability
IT Security News Vulnerability

Cisco releases software updates to address serious flaws in TelePresence products

Cisco has released software updates to address several vulnerabilities that have been identified in its TelePresence products, which can be exploited by hackers to compromise a vulnerable system.

It has also urged its customers to update their TelePresence software. Similarly, they are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Cisco said in an advisory published on May 13 that the workarounds that mitigate the vulnerabilities, which have been identified by during its internal tests and product security reviews, are not available.

“The vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated or remote attacker to inject arbitrary commands that are executed with the privileges of the root user,” Cisco said in its advisory.

“The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page."

"Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user,” the advisory added.

Cisco said that although, this is a serious vulnerability with a CVSS score of 9.0, it hasn’t found evidence that shows flaw has been leveraged for malicious purposes.
Read more »
Security and Privacy
Bleep Private Messaging App Breaking News Security and Privacy

BitTorrent releases Bleep for iOS, introduces new feature 'Whisper'

In the era of communication, instant messaging apps are what making news every day. A new entrant in this world of apps is “Bleep”. It is a fun and easy to use mobile messaging app for iOS released by BitTorrent, in order to keep the user information private.

BitTorrent, that bought an alpha version of Bleep last September, enables the first non-alpha release to sign up without an account and allowing all the messages to be encrypted with local keys, so that no one has access to the other’s data.

With Bleep, one can chat via text, make free voice calls, or use the newly admitted feature, Whisper. 

A message or photo can be sent to any of your contacts as a Whisper, and it will disappear 25 seconds after it's viewed. 

Whisper messages also have additional screenshot protection that blurs out the important stuff.

To register, all that is required is a nickname. The email addresses and mobile numbers with Bleep can be verified optionally, which means more anonymity on the app.

Bleep offers a peer-to-peer connection in which one’s data isn't stored in the cloud where it could be hacked into remotely. Data sent via Bleep is stored on the device until it is delivered, through an encrypted connection, to the recipient’s device.

Adding friends is easy via the device’s address book, their email, mobile number or Bleep key. Voice calls can be connected directly (no cloud) to your contacts with end-to-end encryption.

In addition to its availability on iOS, it has significant updates on Android and is also available for Mac and Windows desktop. 
Read more »
MrBlack malware
Botnets Breaking News Information Security MrBlack malware

Upgrade your SOHO routers firmware to the latest version


A recent study has uncovered that a huge number of Small Office / Home Office (SOHO) routers, who neglect basic security practices, were recently targeted by attackers.


The study conducted by Incapsula security team was published on its blog by researchers Ofer Gayer, Ronen Atias, Igal Zeifman.  

It has urged router owners to disable all remote access to their router management interfaces. In order to verify that their own router is not open to remote access, they can use YouGetSignal to scan for the following ports: SSH (22), Telnet (23) and HTTP/HTTPS (80/443).

Along with that, it has recommended all router owners to change the default login credentials, if they haven’t done so already.

And those whose routers are already compromised, they can upgrade their routers’ firmware to the latest version provided by the manufacturer.

It is said that the flaw was the result of negligent, with ISPs, vendors, and users sharing a long tradition of disregarding basic security practices. As a result hundreds of thousands routers likely to be controlled by hacker which are used to attack the Internet ecosystem and interconnected networks.

The study revealed that major companies involved in the issue.

The study’s main target is to share attack details in an attempt to raise awareness about the dangers posed by under-secured, connected devices.

Although the study has been published, many botnet devices are still attacking the users and other websites.

According to the study, the researchers first identified these attacks on December 30, 2014 and have been mitigating them ever since. In the last 30 days, they saw that the number of attacking IPs had been increasing.

The rapid growth compelled the Incapsula security team to further investigate the case. The team revealed that this wave of attacks is a part of a much larger DDoS assault targeting hundreds of other domains outside of the Incapsula network, and includes other attack vectors and  network layer barrages.

After the research, Incapsula contacted the vendor of the routers and the ISPs whose routers and networks, it found to be most open to abuse.

After inspecting a sample of 13,000 malware files, they found out that on average, each compromised router held four variants of MrBlack malware, as well as additional malware files, including Dofloo and Mayday, which are also used for DDoS attacks.
Read more »

Jamie Oliver's website still facing malware issues

Visitors to British chef Jamie Oliver's website have became the latest victims to a malware attack. The website, www.JamieOliver.com has been infecting users who search the website for recipes,reports MalwareBytes.

Browsing any page on the website redirects the user to a Fiesta exploit kit that compromises a users PC. Essentially, a short bit.ly URL has been inserted in the code of each page that redirects the user to a potentially harmful website and exposes informatin such as passwords to hackers.

This is the third time an attack on the British chef's website has been reported and it looks like hackers have taken a sheen to him.

Jamie's people who are incharge of the website have acknowledged the issue and have said that they are looking for a permanent solution, to get rid of the malware once and for all.
Read more »
Application Vulnerability
Apple Security Application Vulnerability

How the Mackeeper failed to secure Mac


Mackeeper, the program designed to keep Mac computers secure suffers from a critical remote code execution vulnerability.

This flaw lies in the lack of input validation during the handling of custom URLs by the program. It allows hackers to execute arbitrary commands with root privilege with little to no user interaction. It can happen when users visited specially crafted webpages in the Safari browser.

If the user had already provided their password to MacKeeper during normal course of operation of the program, the user will not be alerted for their password prior to the execution of the arbitrary command.

If the user did not previously authenticate, they will be prompted to enter their authentication details, however, the text that appears for the authentication dialogue can be manipulated to appear as anything, so the user might not realize the true consequences of the action.

The vulnerability, quite possibly a zero-day one was discovered by security researcher Braden Thomas who released a demonstration link as proof-of-concept (POC) through which the Mackeeper program was automatically un-installed upon simply clicking the external link. 

Mackeeper is a controversial program amongst the Mac users owing to its pop-up and advertisements, but apparently has 20 million downloads worldwide.

The vulnerability existed even in  the latest version 3.4. The company has advised users to run Mackeeper update tracker and install 3.4.1 or later. For users who have not updated, they can use a browser other than Safari or remove the custom URL scheme handler from Mackeeper's info.plist file.
Read more »
Vulnerability
Vulnerability

PHP Object Injection Vulnerability in Bomgar Remote Support Portal

A security vulnerability has been found in the Bomgar Remote Support Portal version 14.3.1 and earlier versions, which is the part of Bomgar's appliance-based remote support software,  deserialize untrusted data without verifying the validity of the resulting data.

The data can be exploited by both authenticated as well as unauthenticated attackers.

An unauthenticated attacker can inject arbitrary input at one point in vulnerable PHP file, while authenticated attacker can inject at multiple points.

To exploit this vulnerability, the attacker has to find the appropriate classes with beneficial  effects,  if there is no classes with beneficial effects, it is not exploitable.

"One way to exploit this vulnerability is by utilizing the Tracer class. It is used to write stack trace information to a log using a Logger instance, which wraps an instance of PEAR's Log class. By using a Log_file instance as an instance of Log, it is possible to write the arbitrary data to the arbitrary file." The researcher wrote in his blog post.
Read more »
IT Security
IT Security

CSPF comes up with modsecurity rules to protect servers from hacker


Cyber Security and Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has developed a set of rules to protect servers from malicious hackers.


It has come up with modsecurity rules for public, wrote Manish Tanwar and Suriya Prakash of CSPF.

Although, OWASP Core Rule Set (CRS), a project which aims to provide an easily pluggable set of generic attack detection rules that provide a base level of protection for any web application, has been solving several kind of vulnerabilities, it has failed to protect backdoor’s attacks and latest bypasses.

So, CSPF's rules are aimed to protect against the latest bypasses and back doors. It is all set to release the rules for the public.

According to the organization, these can be easily expanded.

Here are the functions of the rules:

-          The rules can block sensitive files and folders from being accessed.
-          The rules can block b374k shell variants along with some other popular shells.
-          The rules also disable directory listing and phpinfo.
-          The rules block SQL Injection.
1.       Normal SQL Injection
2.       Blind and Time Based SQL Injection
3.       All types of SQLI

You can get the rules and procedure to use them from here:
http://securityresearch.cysecurity.org/?p=568

Read more »
Spam Report
Spam Report

Celine Dion's website becomes unusual spam launchpad, astonishes fans

Singer Celine Dion recently had her website showing something unusual. The Canadian vocalist’s website viewed a hockey related spam, surprising her fans all over the world.
(pc- malwarebytes.org)


Partial text below:
///Fox Tv//Czech Republic vs Austria Live Stream Hockey World Championship Online
 
Watch Czech Republic vs Austria Wild live lead series 2015, TODAY Watch Canadiens vs. Senators Live Online Video Streaming, NHL playoffs 2015: Time, TV schedule and how to watch Game 3 online, Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live Free Sports Live Streaming - Channel 1.Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live - Free Sports Live Streaming - Channel 1.You can follow Game 2 with CBC Ottawa as Dan Séguin and Stu Mills live-tweet from inside and outside the Bell Centre in Montreal.Ottawa Senators Curtis Lazar gets hilt by Montreal Canadiens Alexi Emelin during first period action at the Bell .... LIVE: Ottawa Senator

Official sites of celebrities as spam launchpads are somewhat unthinkable.  Posts of “online free video streaming” are usually posted on sites which offer free registration and nonexclusive posts. Dion, therefore, is definitely an exception.
(pc- malwarebytes.org)

The spam was seen on the celebrity’s photo gallery in her website. It is similar to the posts on the website ‘malwarebytes unpacked’ as it resembles the spam posts on steam (blogging domain like slideshare, twitter, soundcloud etc.).

The issue is however with a plugin allowing registered users in the site to upload fan photographs. The admins might have foreseen the spam images appearing with the clickable text. The visitors are then asked for personal information and payment details after clicking on the spam link.
Read more »
IT Security News
IT Security News

One click scammers targeting people in Hong Kong

People running one click scams on the internet have seem to taken it one step further by creating new malware in Chinese.

Recently, one click scammers have begun targeting people in Hong Kong by using pop-up windows and registration pages that have been written in Chinese and ask for payment in Hong Kong dollars. In the last month alone, Symantec has blocked more than 8,000 such attempts.

Such scams have been primarily running on adult websites and download malicious software to a users computer.

Such scams primarily were run in Japan but hackers have come into new territory by learning Chinese.
Read more »
Malware Report
Malware Report

'Rombertik' malware which destroys the system if detected

Researchers have discovered a new malware ‘Rombertik’ which destroys the system if it realizes that it is being analyzed.

"Security researchers are constantly looking for ways to better detect and evade each other. As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples,” Ben Baker and Alex Chiu from Cisco Systems' Talos Group wrote in a blog post.

“Better static, dynamic, and automated analysis tools have made it more difficult for attackers to remain undetected. As a result, attackers have been forced to find methods to evade these tools and complicate both static and dynamic analysis,” the blog post added.

Similar to Dyre, Romberik, which has multiple layers of obfuscation and anti-analysis functions, is a complex malware which can be hooked into the user’s browser to read credentials and other sensitive information for ex-filtration.

However, Dyre targets banking information unlike Rombertik which collects information from all websites in an indiscriminate manner.

Researchers said Romberik arrives on any computer through a phishing campaign or through an email attachment. It tries to check to see if it is running within a sandbox. After that, it decrypts itself and launches on the user’s computer. Once this process gets completed, a second copy of itself launches and is overwritten with the spying functionality.

Before Rombertik begins spying on the system, it does a final check to see if it is running in the system’s memory.

It destroys the computer’s master boot record, leaving the system inoperable. If it cannot destroy then it targets all files in the user’s home folder, by encrypting each one with random RC4 keys. It contains plenty of dummy code, which include 75 images and 8,000 functions which is to hide the malware’s functionality.

If the malware is not detected, it checks the browser activities, reading credentials and private information, before sending its findings back to the attacker’s server.


The researchers said that in order to prevent ones’ computer from Rombertik, people have to follow security basics like up-to-date security software, ignore attachments from unknown senders and solid security policies for businesses will all help avoid the malware.
Read more »
Subscribe to: Comments (Atom)