Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Data Breach
Breaking News Data Breach

Details of 400,000 users leaked as mSpy is hacked


The mobile spying software service, mSpy has been allegedly hacked and personal data of about 400,000 customers released in the Deep Web.

mSpy, a software as a service product claims to help about 2 million people by helping them track the mobile activities of their partners or kids. The hacking of their servers came to light after KrebsOnSecurity received an anonymous tip with a link to a Tor-based site.

The site contained data about Apple IDs and passwords, tracking data, payment details on some 145,000 successful transactions, pictures, calendar data, corporate email threads, and very private conversations. Also included are emails from the people who have requested services of mSpy.

Sites like these are difficult to be suspended as they are hosted in the deep web, away from the indexing and registration in the regular search engines and can be accessed only via Tor.

While the unknown hackers claim to have data about 400,000 users, the company has not responded to repeated requests for an official confirmation.

It is not clear where the company is based but it seems to be tied to a presently defunct company called MTechnology Ltd. The founders are self-styled programmers Aleksey Fedorchuk and Pavel Daletski. The brand is involved in a trademark dispute with an US based company called Retina X studios that makes a similar product called MobileSpy.

The US courts are generally strict with companies like these, as has been indicated by past incidents and maintain that “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners”

While law takes a firm stand on such techniques, what is paradoxical is how the interested users of mSpy, who are mostly concerned parents of kids, have in a bid to keep their children secure ended up exposing their personal details to a world full of predators and bullies.
Read more »
Vulnerability
Vulnerability

Security Explorations reveals several vulnerabilities in Google App Engine


Security Explorations, a Poland-based security firm, on May 15 disclosed technical details and Proof of Concept (PoC) codes for unconfirmed and unpatched vulnerabilities presence in Google App Engine for Java.

In October 2012, the company started its research on Google App Engine for Java however it could not continue it. Then, in October 2014, it resumed the project.

The company confirmed more than 30 vulnerabilities in December.

According to a report published on SecurityWeek, it had identified and reported a total of 41 issues to the authority concerned, but the Google said it internally fixed those flaws.

“That does not speak well about Google GAE engineers and their Java security skills in particular,” Adam Gowdiak, founder and CEO of Security Explorations, told SecurityWeek.

Till the date, Google has confirmed a total of 36 vulnerabilities. However, the Security Explorations confirmed that a few of them were still left unpatched.

Although, in Mid-March Security Exploration revealed 31 flaws which were later fixed by Google, Gowdiak, wrote in a mail that there are seven different vulnerabilities still exist in the Google service which he briefly discussed in his mail.

He said that the flaws have been reported to Google three weeks ago. However, he has not received confirmation from the Google officials. Nor, the authority concerned has not fixed any of them.

"It has been three weeks and we haven't heard any official confirmation or denial from Google with respect to Issues 37-41," Gowdiak wrote. "It should not take more than 1-2 business days for a major software vendor to run the received POC, read our report and / or consult the source code.”

He added that it is easy to exploit the flaws by attackers. They could use the freely available cloud platform to run a malicious Java application. The app would then break out of the first sandboxing layer and execute code in the highly restricted native environment.

The hackers could use the restricted environment to attack lower-level assets and to retrieve sensitive information from Google servers.

Google had decided to award Security Explorations with $70,000 for disclosing the vulnerabilities. The total amount of $50,000 was already paid to the company on March 20.

Gowdiak said that now, Google might not give them remaining $20,000 as they have disclosed the unpatched and unconfirmed vulnerabilities. However, the company believes that rewards cannot influence the way a vulnerability handling/disclosure of a security research is made.


“We need to treat all vendors equal. In the past, unconfirmed, denied or silently fixed issues were the subject to an immediate release by us,” he said.
Read more »
Vulnerability
Featured Vulnerability

Venom Vulnerability allows hackers to escape from VM and hack Host Machine

 
CrowdStrike’s senior security researcher Jason Geffner disclosed the vulnerability in the virtual Floppy Drive Code used by many computer virtualization platforms.

Vulnerability VENOM, CVE-2015-3456, attacker can easily escape from the confines of virtual machine guest and exploit the code-execution access to the host. This may result in  elevated access to the host’s local network and adjacent systems.

By exploiting  the VENOM vulnerability one can get access to corporate intellectual property (IP), sensitive and personally identifiable information (PII), which will potentially affect thousands of organizations and millions of end user’s connectivity, storage, security, and privacy.

According to the researcher, the bug is in QEMU’s virtual Floppy Disk Controller (FDC), notably used in  Xen, KVM, and the native QEMU client. Whereas VMware, Microsoft Hyper-V, and Bochs hypervisors are not impacted by this vulnerability.

“The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase“ wrote Jason Geffner in his blog post.
Read more »
Vulnerability
IT Security News Vulnerability

Cisco releases software updates to address serious flaws in TelePresence products

Cisco has released software updates to address several vulnerabilities that have been identified in its TelePresence products, which can be exploited by hackers to compromise a vulnerable system.

It has also urged its customers to update their TelePresence software. Similarly, they are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Cisco said in an advisory published on May 13 that the workarounds that mitigate the vulnerabilities, which have been identified by during its internal tests and product security reviews, are not available.

“The vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated or remote attacker to inject arbitrary commands that are executed with the privileges of the root user,” Cisco said in its advisory.

“The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page."

"Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user,” the advisory added.

Cisco said that although, this is a serious vulnerability with a CVSS score of 9.0, it hasn’t found evidence that shows flaw has been leveraged for malicious purposes.
Read more »
Security and Privacy
Bleep Private Messaging App Breaking News Security and Privacy

BitTorrent releases Bleep for iOS, introduces new feature 'Whisper'

In the era of communication, instant messaging apps are what making news every day. A new entrant in this world of apps is “Bleep”. It is a fun and easy to use mobile messaging app for iOS released by BitTorrent, in order to keep the user information private.

BitTorrent, that bought an alpha version of Bleep last September, enables the first non-alpha release to sign up without an account and allowing all the messages to be encrypted with local keys, so that no one has access to the other’s data.

With Bleep, one can chat via text, make free voice calls, or use the newly admitted feature, Whisper. 

A message or photo can be sent to any of your contacts as a Whisper, and it will disappear 25 seconds after it's viewed. 

Whisper messages also have additional screenshot protection that blurs out the important stuff.

To register, all that is required is a nickname. The email addresses and mobile numbers with Bleep can be verified optionally, which means more anonymity on the app.

Bleep offers a peer-to-peer connection in which one’s data isn't stored in the cloud where it could be hacked into remotely. Data sent via Bleep is stored on the device until it is delivered, through an encrypted connection, to the recipient’s device.

Adding friends is easy via the device’s address book, their email, mobile number or Bleep key. Voice calls can be connected directly (no cloud) to your contacts with end-to-end encryption.

In addition to its availability on iOS, it has significant updates on Android and is also available for Mac and Windows desktop. 
Read more »
MrBlack malware
Botnets Breaking News Information Security MrBlack malware

Upgrade your SOHO routers firmware to the latest version


A recent study has uncovered that a huge number of Small Office / Home Office (SOHO) routers, who neglect basic security practices, were recently targeted by attackers.


The study conducted by Incapsula security team was published on its blog by researchers Ofer Gayer, Ronen Atias, Igal Zeifman.  

It has urged router owners to disable all remote access to their router management interfaces. In order to verify that their own router is not open to remote access, they can use YouGetSignal to scan for the following ports: SSH (22), Telnet (23) and HTTP/HTTPS (80/443).

Along with that, it has recommended all router owners to change the default login credentials, if they haven’t done so already.

And those whose routers are already compromised, they can upgrade their routers’ firmware to the latest version provided by the manufacturer.

It is said that the flaw was the result of negligent, with ISPs, vendors, and users sharing a long tradition of disregarding basic security practices. As a result hundreds of thousands routers likely to be controlled by hacker which are used to attack the Internet ecosystem and interconnected networks.

The study revealed that major companies involved in the issue.

The study’s main target is to share attack details in an attempt to raise awareness about the dangers posed by under-secured, connected devices.

Although the study has been published, many botnet devices are still attacking the users and other websites.

According to the study, the researchers first identified these attacks on December 30, 2014 and have been mitigating them ever since. In the last 30 days, they saw that the number of attacking IPs had been increasing.

The rapid growth compelled the Incapsula security team to further investigate the case. The team revealed that this wave of attacks is a part of a much larger DDoS assault targeting hundreds of other domains outside of the Incapsula network, and includes other attack vectors and  network layer barrages.

After the research, Incapsula contacted the vendor of the routers and the ISPs whose routers and networks, it found to be most open to abuse.

After inspecting a sample of 13,000 malware files, they found out that on average, each compromised router held four variants of MrBlack malware, as well as additional malware files, including Dofloo and Mayday, which are also used for DDoS attacks.
Read more »

Jamie Oliver's website still facing malware issues

Visitors to British chef Jamie Oliver's website have became the latest victims to a malware attack. The website, www.JamieOliver.com has been infecting users who search the website for recipes,reports MalwareBytes.

Browsing any page on the website redirects the user to a Fiesta exploit kit that compromises a users PC. Essentially, a short bit.ly URL has been inserted in the code of each page that redirects the user to a potentially harmful website and exposes informatin such as passwords to hackers.

This is the third time an attack on the British chef's website has been reported and it looks like hackers have taken a sheen to him.

Jamie's people who are incharge of the website have acknowledged the issue and have said that they are looking for a permanent solution, to get rid of the malware once and for all.
Read more »
Application Vulnerability
Apple Security Application Vulnerability

How the Mackeeper failed to secure Mac


Mackeeper, the program designed to keep Mac computers secure suffers from a critical remote code execution vulnerability.

This flaw lies in the lack of input validation during the handling of custom URLs by the program. It allows hackers to execute arbitrary commands with root privilege with little to no user interaction. It can happen when users visited specially crafted webpages in the Safari browser.

If the user had already provided their password to MacKeeper during normal course of operation of the program, the user will not be alerted for their password prior to the execution of the arbitrary command.

If the user did not previously authenticate, they will be prompted to enter their authentication details, however, the text that appears for the authentication dialogue can be manipulated to appear as anything, so the user might not realize the true consequences of the action.

The vulnerability, quite possibly a zero-day one was discovered by security researcher Braden Thomas who released a demonstration link as proof-of-concept (POC) through which the Mackeeper program was automatically un-installed upon simply clicking the external link. 

Mackeeper is a controversial program amongst the Mac users owing to its pop-up and advertisements, but apparently has 20 million downloads worldwide.

The vulnerability existed even in  the latest version 3.4. The company has advised users to run Mackeeper update tracker and install 3.4.1 or later. For users who have not updated, they can use a browser other than Safari or remove the custom URL scheme handler from Mackeeper's info.plist file.
Read more »
Vulnerability
Vulnerability

PHP Object Injection Vulnerability in Bomgar Remote Support Portal

A security vulnerability has been found in the Bomgar Remote Support Portal version 14.3.1 and earlier versions, which is the part of Bomgar's appliance-based remote support software,  deserialize untrusted data without verifying the validity of the resulting data.

The data can be exploited by both authenticated as well as unauthenticated attackers.

An unauthenticated attacker can inject arbitrary input at one point in vulnerable PHP file, while authenticated attacker can inject at multiple points.

To exploit this vulnerability, the attacker has to find the appropriate classes with beneficial  effects,  if there is no classes with beneficial effects, it is not exploitable.

"One way to exploit this vulnerability is by utilizing the Tracer class. It is used to write stack trace information to a log using a Logger instance, which wraps an instance of PEAR's Log class. By using a Log_file instance as an instance of Log, it is possible to write the arbitrary data to the arbitrary file." The researcher wrote in his blog post.
Read more »
IT Security
IT Security

CSPF comes up with modsecurity rules to protect servers from hacker


Cyber Security and Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has developed a set of rules to protect servers from malicious hackers.


It has come up with modsecurity rules for public, wrote Manish Tanwar and Suriya Prakash of CSPF.

Although, OWASP Core Rule Set (CRS), a project which aims to provide an easily pluggable set of generic attack detection rules that provide a base level of protection for any web application, has been solving several kind of vulnerabilities, it has failed to protect backdoor’s attacks and latest bypasses.

So, CSPF's rules are aimed to protect against the latest bypasses and back doors. It is all set to release the rules for the public.

According to the organization, these can be easily expanded.

Here are the functions of the rules:

-          The rules can block sensitive files and folders from being accessed.
-          The rules can block b374k shell variants along with some other popular shells.
-          The rules also disable directory listing and phpinfo.
-          The rules block SQL Injection.
1.       Normal SQL Injection
2.       Blind and Time Based SQL Injection
3.       All types of SQLI

You can get the rules and procedure to use them from here:
http://securityresearch.cysecurity.org/?p=568

Read more »
Spam Report
Spam Report

Celine Dion's website becomes unusual spam launchpad, astonishes fans

Singer Celine Dion recently had her website showing something unusual. The Canadian vocalist’s website viewed a hockey related spam, surprising her fans all over the world.
(pc- malwarebytes.org)


Partial text below:
///Fox Tv//Czech Republic vs Austria Live Stream Hockey World Championship Online
 
Watch Czech Republic vs Austria Wild live lead series 2015, TODAY Watch Canadiens vs. Senators Live Online Video Streaming, NHL playoffs 2015: Time, TV schedule and how to watch Game 3 online, Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live Free Sports Live Streaming - Channel 1.Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live - Free Sports Live Streaming - Channel 1.You can follow Game 2 with CBC Ottawa as Dan Séguin and Stu Mills live-tweet from inside and outside the Bell Centre in Montreal.Ottawa Senators Curtis Lazar gets hilt by Montreal Canadiens Alexi Emelin during first period action at the Bell .... LIVE: Ottawa Senator

Official sites of celebrities as spam launchpads are somewhat unthinkable.  Posts of “online free video streaming” are usually posted on sites which offer free registration and nonexclusive posts. Dion, therefore, is definitely an exception.
(pc- malwarebytes.org)

The spam was seen on the celebrity’s photo gallery in her website. It is similar to the posts on the website ‘malwarebytes unpacked’ as it resembles the spam posts on steam (blogging domain like slideshare, twitter, soundcloud etc.).

The issue is however with a plugin allowing registered users in the site to upload fan photographs. The admins might have foreseen the spam images appearing with the clickable text. The visitors are then asked for personal information and payment details after clicking on the spam link.
Read more »
Subscribe to: Comments (Atom)