Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Drones new target for drug trafficker in US

Unmanned air vehicles (UAV’s) are new instruments for surveillance and are widely used by military and other sensitive agencies, but what will happen if they are being  hacked by the attackers.

According to the reports of the US Department of Homeland Security (DHS) and the US Customs and Border Protection (CBP) agency drug traffickers have hacked unmanned air vehicles (UAVs, drones) in order to illegally and secretly cross the US-Mexican border.

Drones used by US military cost millions of dollars, but drones used by other law enforcement agencies are much more cheaper and are prone to GPS spoofing attacks.

UAV’s have GPS receivers, which is used to receive  data from off-orbit satellites and navigate. However drug traffickers  used GPS spoofing technique to illegally send UAV’s wrong coordinates.

After receiving wrong coordinates, drones corrects themselves and leave their normal patrol area. Once they leave their normal area of the GPS jammer & spoofing device, it then tries to correct again, going back to its proper patrol area. It keeps on going back and forward until it remains out of fuel and returns to base, or the traffickers safely crossed the border and turn off their jammers.

The only way to prevent GPS spoofing is to use in built high cost of anti-spoofing  hardware.

 Michael Buscher, CEO of Vanguard Defense Industries said, “this is a very costly module, and also very bulky. Adding such equipment to a drone is not only very expensive but also affects the drone's flight time, something which both the DHS and CBP are not willing to accept.”

The only solution to this security holes is to wait for technology to advance and cut down on its manufacturing prices.
Read more »
Information Security News
Information Security News

Irked train hackers talk derailment flaws, drop SCADA password list

A report published in The Register says that Russian hackers claimed to have found out flaws in rail networks which allow crooks to hijack and derailment.

The flaws reportedly affect various systems including mobile communication and interlocking platforms that control braking and help prevent collisions.

“Industrial control specialist hackers Sergey Gordeychik, Aleksandr Timorin, and Gleb Gritsai did not describe the bugs in detail, since that would allow others to replicate the attacks nor reveal the names of the affected rail operators,” the report reads.

According to the report, "If somebody can attack the modem, the modem can attack the automatic train control system, and they can control the train," Gordeychik says

So, there is a danger as the flaws expose physical systems like power grids, dams, and trains to unauthorized external modification in ways largely unknown to those outside of the security industry.

It is said that human programming errors were responsible for various remote code execution holes which could affect interlocking systems.

“We are releasing the list to force vendors to not use hardcoded and default passwords," an irritated Gordeychik says.
 
The Register report says that the attack vectors against computer-based interlocking include attacks against workstation, attacks against networking gateways that connect interlocking to the rest of the world, and communications between CPU and object controllers and wayside devices.
Read more »

Bahamian accused of hacking celebrities e-mail accounts


A man from Bahamas has been accused by Federal prosecutors of hacking around 130 accounts of celebrities.

Twenty three years-old, Alonzo Knowles from Freeport was arrested on Monday (December 21) after he allegedly boasted to undercover agents of possessing dossiers on at least 130 accounts of stars in entertainment, sport and the media. He also claimed to own a sex tape too.

After the arrest, he offered to sell the undercover agent about 15 TV and movie scripts for $80,000.
He was held without bail on criminal copyright infringement and identity theft charges after appearing in New York’s court.

Prosecutors told the court that Knowles owned an actor's passport and the social security numbers for three professional athletes while gaining simultaneous access to unreleased tracks from a singer-songwriters upcoming album and an explicit video from a radio host’s email account.

Though the victims were not identified but prosecutor Kristy Greenberg told the judge that several people were traumatized by the theft of their personal information. 

The investigation began earlier this month Department of Homeland Security investigators was contacted by a popular radio show’s executive producer when the host informed him of an offer received by someone selling scripts for the next season of a popular TV drama.

Authorities followed that offer to Knowles who called himself Jeff Moxey and claimed to have exclusive content worth hundreds of thousands of dollars.

Knowles claimed to hack into celebrity accounts by sending either a computer virus or a false warning that the target’s account had been compromised and using that information he changed the account’s email settings so that he could maintain ongoing access.

The case comes at a time when security is a sensitive subject in Hollywood.

Hackers broke into Sony Pictures Entertainment computers last year and released a number of emails, documents, Social Security numbers and other personal information.

Last year, hackers also broke into female celebrities' personal Apple accounts, stole nude photos and posted them on the web.


Actresses Jennifer Lawrence and Mary Elizabeth Winstead were among the victims. 
Read more »

Mainland China behind targeting Taiwanese politicians ahead of election

FireEye security researchers have found a new threat that is being called Advanced Persistent Threat  that is being linked to mainland china , targeting Taiwanese politicians and members of the media,  weeks before elections in Taiwan  . 

First attack were recorded on November 26, against members of Taiwan's Democratic Progressive Party (DPP) 


DDP, is  the main opposition party and was expected to easily win against the Kuomintang (KMT) party, which promotes more friendly policies with China . Members of DDP and pro media outlets were attacked .


According to the technical analysis done by FireEye, target were sent email email that were related to "DPP's Contact Information Update " as to lure them to  open the email thus leading to the download and installation of ELMER backdoor trojan. 


Vulnerabilities that have been used were : Microsoft Office (CVE - 2015-2545) and Windows (CVE-2015-2546) and third Windows local privilege escalation vulnerabilty (CVE-2015-1701).


This type of booby trapped Word documents was never encountered ."Chinese government would able to predict results , additional intelligence on polirics, activists and others who interact with journalists " confirmed Ryann Winters , of FireEye threat intelligence.
Read more »

Critical vulnerabilities patched in Juniper

Juniper has released a patch for critical vulnerabilities in devices running ScreenOS® software.

While reviewing code, Juniper  found an unauthorized code in ScreenOS that could allow hackers to have administrative access to NetScreen® devices and decrypt VPN connections.

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS”, Bob Worrall, SVP Chief Information Officer, wrote on their website.

These vulnerabilities has affected all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20,

According to website, they haven’t received any reports of exploitation of these vulnerabilities. But, they strongly recommend users to update their systems, and apply the new patched releases.

“Juniper is committed to maintaining the integrity and security of our products. Consistent with industry best practices, this means releasing patches for products in a timely manner to maintain customer security. We believed that it was in our customers’ best interest to issue these patched releases with the highest priority. We strongly recommend that all customers update their systems and apply these patched releases as soon as possible”, says  Bob.

The company has eased  its users that they are taking this matter seriously, and anyone who finds difficulty in  applying this update to systems  can e-mail them at sirt@juniper.net or visit their website http://advisory.juniper.net.

Read more »

Severe flaw detected in FireEye

Analysts working on the Google's Project Zero security team have found a severe flaw in the FireEye kit that is capable to allow the attackers to spam corporate networks by the help of a single email. 
(pc-google images)
The flaw which has been named as "666", due to its origin from the Project Zero vulnerability number, is a passive monitoring hole that is with respect to hacker Tavis Ormandy description is a "nightmare scenario". Patches have been made and launched for FireEye's NX, FX and AX boxes.

 Ormandy along with Google box popper Natalie Silvanovich discovered the hole as part of tideous vulnerability research for major security software flaws. He credits the security firm for fixing the breach in two days. The patch completely neutralises the effect of the attacks. The exploit is very severe, as all of the kit above are vulnerable in their classic, primitive state. FireEye is reportedly providing support to the customers with expired contracts as well.

 Earlier, Ormandy stated that "For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,". "This would mean an attacker would only have to send an email to a user to gain access to a persistent network tap - the recipient wouldn’t even have to read the email, just receiving it would be enough ... an attacker can send an email to a user or get them to click a link, and completely compromise one of the most privileged machines on the network."

 Corporations without the patched boxes are at higher risk of confidential data theft, traffic tampering, persistent root-kits, attackers moving lateral through networks and, Ormandy believes, "even self-propagating internet worms" will be out at large.

 More details on the vulnerability can be found here.
Read more »
Information Security News
Information Security News

UOB first in Asia Pacific to roll out Visa Token Service

United Overseas Bank has implemented the Visa Token Service, and it is the first bank to do so in Asia Pacific.

“The Visa Token Service is a new security technology that replaces sensitive payment account information found on payment cards, such as the 16-digit account number, expiration date and security code, with a unique digital identifier or “tokens” that can be used to process payments without exposing actual account details,” visa report.

All Visa cardholders can now make contactless payments through the UOB Mighty app that will be available on NFC-enabled Android smartphones. With this you can make payments in the country and overseas, for that you just have to open the app, select the “Pay” function, enter a PIN, and tap to pay at all NFC-enabled terminals.

According to the report notes that  this gateway of payment is much more secure than the other methods because it doesn’t carry the customer’s primary account number in their tokens. The tokens can be instantly re-issued if you lost your phone  or it has been stolen, without changing the primary account.


The tokens are based on existing ISO standards, they can be processed the same way as traditional card payments.
Read more »
Security News
Security News

Security bug in most popular antivirus softwares

Three most popular antivirus softwares  were  detected with the serious security flaws that could allow hackers to infiltrate the Windows computer via antivirus itself.

enSilo a security researchers have discovered  that AVG, McAfee, and Kaspersky have a common security bug.

This year in March, the security researchers at  enSilo found a security flaw in antivirus engine AVG Internet Security 2015. The security bug creates a memory space with full RWX (read-write-execute) privileges in the predictable address space that a hacker could easily force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).

enSilo informed the AVG employees about the security flaw, and they fixed the issue within two days.

With the seriousness of the bug enSilo decided to tests the other commonly used antivirus software’s. They found the same bug in Intel Security's McAfee Virusscan Enterprise version 8.8 and Kaspersky Total Security 2015 - 15.x.

enSilo notified each company about the security bug.

"Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers' claims and took action to develop and distribute a solution addressing it," an Intel Security representative told Softpedia.

Keeping the possible widespread nature of the problem in mind, enSilo has created a free checking utility called AVulnerabilityChecker, and advised every user to check that they have all the latest updates.

"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post.

"Given that this is a repetitive coding issue amongst Anti-Virus – an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."
Read more »
Malware Report
Breaking News Malware Report

Guardian's Article on Cyber Crime spreads Malware

A cybercrime article from 2011 named as “Cybercrime: is it out of control?"  on the website of Guardian has been found to be serving up the Angler Exploit Kit.

The Angler Exploit Kit is a Web-based utility toolbelt that hackers use to test the defenses of a user's computer.

The problem was discovered by FireEye Labs on December 01 which noticed that this instance of Angler infection this not come from a tainted ad but visiting the Guardian’s article about cybercrime.

Visiting the page would execute an embedded script to redirect the reader's browser to an Angler Exploit Kit landing page.

This particular vulnerability enables a "God Mode" on infected PCs, giving attackers control over every face of the user's machine.

Angler exploit kit also scans for the Flash-based CVE-2015-5122, CVE-2015-5560, and CVE-2015-7645 vulnerabilities which are less powerful intrusions, compared to the Windows OLE one, but dangerous nevertheless.

These vulnerabilities have been fixed by Microsoft and Adobe, and users who keep their systems up to date have nothing to fear while reading the article on Guardian.

Meanwhile, Guardian has assured to fix the contaminated links on its website.

This news came days after Angler was found serving malvertising to visitors of video site DailyMotion.
Read more »
Vulnerability report
Vulnerability report

Google researchers discover another security flaw in FireEye

Security Company FireEye is not new to vulnerabilities that are found in their products. This time, FireEye has rushed to Google’s Project Zero researchers Tavis Ormandy and Natalie Silvanovich to patch a remote code execution (RCE) vulnerability affecting Malware Protection System (MPS).

FireEye told that the RCE vulnerability affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.

Researchers have earlier also found vulnerabilities in FireEye’s products. In September, FireEye patched vulnerabilities reported by Kristian Erik Hermansen and Ron Perris. Hermansen claimed that he had disclosed the details of a flaw 18 months prior to its public disclosure and before FireEye could release a fix.

In September, five other vulnerabilities were reported by German security firm ERNW. The issues including command injection, code execution, privilege escalation and memory corruption vulnerabilities affected NX, EX, AX, FX, HX (Endpoint Security) and CM (Central Management) products.

FireEye spokesman Kyrksen Storer said that due to the vulnerability’s severity, the company had released an automated remediation to customers just 6 hours after its notification.

“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.
Read more »
Breaking News
APT attacks Breaking News

State-sponsored hackers spread backdoors in Middle East

Symantec's threat report revealed that two hacking groups of state-sponsored threats have been using backdoors to spy on targets in Iran and other nations in the Middle East.

The two groups are known as ‘Cadelle’ and ‘Chafer’ and each of them uses their custom-developed backdoors. While Cadelle with its five member team uses backdoor ‘Cadelle’, Chafer’s backdoors are known as ‘Remexi’ and ‘Remexi B’ developed by its ten member team.

Both backdoors are capable enough to open connections and help attackers steal data from infected systems.

Reports by Symantec are of the view that the two groups which are targeting political dissidents from Iran and airports and telecommunications companies from other Middle East countries may be doing so with the intention to keep an eye on the movements of their targets.

Chafer has been using SQL injection attack to compromise servers and drop Backdoor, Remexi  to infect its targets but the technique of Cadelle is not known yet.

After infecting targets, the backdoors can harm hugely. They can be used to gather and steal passwords, intercept document print commands, record audio via infected devices, take screengrabs, record webcam feeds, log keystrokes, log opened applications, and gather system and clipboard information.

First attackers using these backdoors were spotted in 2014 but the clues from each group’s code reveal that they might have used it in 2011.
Read more »
Subscribe to: Comments (Atom)