Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Goodbye Drupal 6!

The Drupal team on Wednesday (February 24) released new versions of their content management system (CMS) which has addressed ten security vulnerabilities discovered in all three major branches; i.e. 6.x, 7.x, and 8.x.

Launched in 2008, it was the backbone behind many projects that made the company famous. At a time, there were over 300,000 Drupal 6 sites that were reporting to Drupal.org. However, the version reached its end-of-life (EOL) mark and is now officially unsupported. No further security updates or patches will be supplied for the version 6 core or its modules as of Feb. 24, 2016.

Among the vulnerabilities it consisted, one was a critical one, six were moderate and three were less critical. The critical issue included uploading of file that locally denied a service and openly redirected on the issue on 404 error page which rerouted users to malicious links.

The team also patched an issue which also affected Wordpress sites.

The moderate bugs included an HTTP header injection using line breaks while less critical included a bug which granted some user accounts extra privileges.

Drupal 6 reached its peak at the beginning of 2011, just before Drupal 7 was released. Though, for the last 5 years, the number of active Drupal 6 sites was slowly declining.
Drupal 7 peaked at over 1.3 million sites: it was far more popular than Drupal 6 ever was. The question now is whether Drupal 8 can continue the momentum that started back in 2008 with the release of Drupal 6.
While WordPress is still the most popular CMS for websites, Drupal ranks second. One in every 10 sites have been using version 6 but now as its support has ended, it may become a target for criminals. Like Windows XP, it will be unpatched and unsupported by the developers, becoming vulnerable to any exploits found in the future.

If you have a Drupal 6 website then you won’t be receiving any more official security advisories or patches. So, you should plan updating your site before it becomes a prey to criminal minds.


Read more »

Cylance revealed details of Operation Dust Storm

Finally after six years security researchers revealed details about the cyber-espionage campaign, Operation Dust Storm, that targeted organizations in almost every continent.

Security researchers from Cylance reported that the group  recently targeted  Japanese critical infrastructure, before them they attacked many Japanese private and public organizations, among which there are a reputable automaker, the local Japanese subsidiary of a well-known South Korean electric utility firm, and a company from the oil and gas industry.

Before shifting their focus to Japanese companies the group targeted many companies in  the US, South Korea, China, and many European countries.

First incidence of attack was observed in 2010 when they launched a series of attack on Adobe Flash Player (CVE-2011-0611) and Internet Explorer (CVE-2011-1255) to distribute the Misdat malware.

A year later the attackers attacked US agencies and the Uyghurs Chinese minority for the Libyan crisis and Muammar Gaddafi's death.

Attacks continued in 2012 but stopped towards the end of 2013, after Mandiant published a report on the activities of a Chinese-linked APT group codenamed APT1.

Operation Dust Storm came after a series of simple watering hole attacks via an Internet Explorer zero-day in 2014, it started shifting all its efforts on Japanese targets starting February 15.

"The campaign has made use of malware that is customized for particular target organizations," Cylance researchers explain. "Attacks have employed spear phishing, waterholes, unique back doors and unique zero-day variants, among others, to breach corporate networks and Android-based mobile devices."
Read more »

Linux Mint site hacked to trick users into downloading malicious version

Users of Linux Mint, one of the best and popular Linux Distros, witnessed a possible hacking on Saturday, after downloading and installing a copy of its operating system.

An unknown group of hackers managed to hack the Linux Mint website and affected the Linux Mint 17.3 Cinnamon edition. 

Project leader of Linux Mint, Clement Lefebvre, confirmed the news of the hacking in a surprise announcement. He said, "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it."

The issue will only impact the people who had downloaded the Cinnamon edition on February 20 as the situation happened that night. If you have downloaded the edition before 20th February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

On Sunday, Linux Mint also confirmed that its forums database had also been targeted in the hack of its systems. In the announcement, Clement said that the hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com.

Meanwhile, anyone who downloaded the 17.3 Cinnamon edition can find out if their computer has been compromised by checking the MD5 signature on the ISO file to see if it matches with the valid versions.

If found infected, users are advised to follow these steps:
  • Put the computer offline.
  • Backup your personal data, if any.
  • Reinstall the OS or format the partition.
  • Change your passwords for sensitive websites (for your email in particular).


Read more »

Horry County school paying for computer virus ransom

Several servers system of the Horry County school remains locked after a ransom computer virus invaded the system.

Charles Hucks, executive director of technology for Horry County Schools, is trying hard to restore locked data by working non-stop 20 hour day. Once the virus was discovered last Monday, the servers were immediately shut down  to  further stop the malware from spreading, that affected with online services.

According to the Hucks, the server systems were not targeted to gain access to data, but the hackers used a high-level encryption to unlock the schools’ servers.  However, nothing was stolen or removed, and staff and student information is safe.

They have been able to retrieve most of the lost data, but  25 elementary school servers are still encrypted with no solution to solve it.

“And the only way we’ll get it back is to pay,” said Hucks.

Till now the administrators approved an $8,500 ransom to unlock the servers as the ransom is to be paid in bitcoins so they’ve had trouble making the payment.

“In the next few days we should know. We’re going server by server, back up by back up, to see exactly what we have and the time that it takes to back up, so that will be a business decision,” said Hucks.

Hucks says viruses and malware are more and more common, so they are stepping up their security.

“That’s most technology management folks worst nightmare is, for there to be something in the network and you don’t know it’s there. External visibility of servers and access and account level changes,” he said.

Read more »

Bug in Linux's open source leaves number of apps and software under attack

Catastrophic flaw has been discovered in Linux operating hardware and software's by a group of researchers. The flaw has affected hundreds or thousands of apps and hardware devices.

The vulnerability was first introduced in 2008 in GNU C Library, which is a open source code that powers thousands of standalone applications and most distributions of Linux, including those distributed with routers and other types of hardware.

A function getaddrinfo() performs domain-name lookup which contains a buffer overflow bug that allows attackers to remotely execute malicious code.  It could be exploited when the device make queries to attacker-controlled domain names or domain name servers.

All versions of glibc after 2.9 are vulnerable. Every Linux-based software or hardware that performs domain name lookup should install it as soon as possible.

"It's a big deal," Washington, DC-based security researcher Kenn White told Ars, referring to the vulnerability. "This is a core bedrock function across Linux. Things that do domain name lookup have a real vulnerability if the attacker can answer."

One of the Linux-based package that's not vulnerable is Google's Android mobile operating system. It uses a glibc substitute known as Bionic.

"This was an amazing coincidence, and thanks to their hard work and cooperation, we were able to translate both teams’ knowledge into a comprehensive patch and regression test to protect glibc users," the Google researchers wrote.

Read more »
Security News
Security News

Twitter's bug could expose contact numbers of users

Micro-blogging website, Twitter had squashed its password recovery bug on Wednesday (February 17) which had affected its password recovery systems last week.

The bug which had affected the systems for about 24 hours had the intensity to extract a user’s personal information including the e-mail address and contact number.  

The company has notified affected users, though it’s believed to have impacted fewer than 10,000 of Twitter’s more than 320 million monthly active users.

If a user has no received a mail, then it implies that there account is safe.

The company would also call on law enforcement officials to investigate any users who they find exploited the security bug to access someone else’s account information.

The issue reminds of the practice what the company refers to as “good security hygiene,” including double authentication.

While the issue did not impact user security, it illustrates the trouble users face with protecting their own data. 

While users could have strong passwords, use two-factor authentication, and employ other security techniques but if a company’s network is hacked, there’s little customers can do but watch their information fall into the hands of malicious parties.

Read more »
Hacking News
Hacking News

Hackers hold a Hollywood hospital for Ransom

A hacker who has attacked the computers of Hollywood Presbyterian Medical Center is demanding a ransom of 9,000 bitcoins to remove the ransomware which is holding the hospital’s computers hostage, since a week and is preventing the staff from accessing essential data like patient files and test results.

The issue came to forefront when the hospital’s President and CEO, Allen Stefanek told NBC Los Angeles that the hospital’s computer network was suffering from IT issues since February 05 which is posing a big problem in day to day activities and the hospital is forced to turn away new patients.

The staff is using fax machines and telephones to communicate between different departments as they do not have access to email. Doctors also are unable to access patient’s information, including past medical records, newly admitted record and medical test results.

Registrations and medical records are being logged on paper and staff has been instructed to leave their systems offline until told otherwise.

The malware has resulted in a typical chaos within the hospital as some outpatients are missing on their treatments while new patients are being transferred to other hospitals.

Though no patient information has been compromised but the hospital has given the charge to Los Angeles Police department (LAPD) and law enforcement agency, Federal Bureau of Investigation (FBI) to trace the identity of the attackers so that hospital does not lose out more.

In earlier hospital e -attacks, the hackers generally focused on stealing personal data but in this case nothing as such happened and the attack looks more to extract a big payout.

A bitcoin presently costs about $397.07 USD, making the ransom demand worth about $3,573,630 USD.
It is not been made clear if the hospital plans to pay the ransom or not if the solution to attack isn’t found.

The critical data needs to be stored in a tape backup as these sorts of attacks are becoming common with every increasing day.



Read more »

Bug: Not beyond January 1, 1970 for Apple users

Its truly said you cannot go back in time, but you can  definitely change the date on your mobile phones. However, with iPhone you cannot go back to January 1, 1970.

An Apple user  recently was playing with his iPhone's Date & Time settings, "Hello, I was playing around with my Date & Time settings and I changed the time to January 1st 1970. I shutdown my phone and restarted it, the result is a bricked iPhone. I've tried restoring, updating, but nothing seems to be working."

After he reported this fault,  A tech website 9to5mac posted a a video demonstrating the fault. It appear that this fault only affects the Apple devices which have 64-bit processors — meaning iPhone 5S, iPad Air, iPad Mini 2 and the sixth-generation iPod Touch, or newer models of those devices.

According to the video posted when you change the date to January 1, 1970, and then restart your device, you will only see the Apple logo on the screen, where it apparently gets permanently stuck.

NBC News has conntacted Apple but they haven't responded to their queries.

Read more »

ANDROIDOS_LIBSKIN malware, a new worry for Android

Downloading apps from third-party stroes could be a risky affair as it contains a malware  ANDROIDOS_LIBSKIN, which spread through these types of unofficial app portals.

Android has documented the  dangers of installing Android apps from outside the Google Play Store, but still many users continue to download apps via third-party.

Trend Micro company's Mobile App Reputation Service discovered the new malware  targeting Android devices.

ANDROIDOS_LIBSKIN has bundle of legitimate applications. Once you download and install the app, it loads the libskin, which contains an exploit that gives the malicious app absolute power over your device.

The malware ANDROIDOS_LIBSKIN uses two other files, fp.dex and fx.dex, which download and install other apps and also show unwanted ads.

This app also collects the information like subscription IDs, device ID, language, network type, a list of active apps, network name, and many other more of all the infected users, and send it to a remote server where the attackers are building a database of infected devices.

Trend Micro says" it spotted these malicious apps in third-party stores like Aptoide, Mobogenie, mobile9, and 9apps. The company informed each one, but they claim none responded to their emails."

India has the most users with infected ANDROIDOS_LIBSKIN.

Read more »
Security News
Security News

Banks face new APT style robbery attacks

A year after Kaspersky Lab researchers warned that cyber-criminals would start to adopt sophisticated tactics and techniques from APT groups for use in bank robberies, the company has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN who attack financial organizations use covert APT-style reconnaissance and customized malware along with legitimate software and new, innovative schemes to cash out.

The Metel cyber-criminal group gains control over machines inside a bank that have access to money transactions. The gang can automate the rollback of ATM transactions which shows that the balance in debit card remains same regardless of number of ATM restrictions.

The group of these criminals steals money by driving around cities in Russia at night and emptying ATM machines belonging to a number of banks, repeatedly using the same debit cards issued by the compromised bank.

The researchers also uncovered that the Metel operators achieve their initial infection through specially crafted spear-phishing emails with malicious attachments, and through the Niteris exploit pack, targeting vulnerabilities in the victim’s browser. After they cross the network, the cybercriminals use legitimate and pentesting tools to move laterally, hijacking the local domain controller and eventually locating and gaining control over computers used by the bank’s employees responsible for payment card processing.

Investigation is on to know further details. So far no attacks outside Russia have been identified.

The three gangs identified are shifting toward the use of malware accompanied by legitimate software in their fraudulent operations.

Meanwhile, GCMAN successfully attacks an organization without the use of any malware, running legitimate and pentesting tools only. Kaspersky Lab experts have investigated, we saw GCMAN using Putty, VNC, and Meterpreter utilities to move laterally through the network till the attackers reached a machine which could be used to transfer money to e-currency services without alerting other banking systems.

In one attack observed by Kaspersky Lab, the cybercriminals stayed in the network for one-and-a-half years before activating the theft. Money was being transferred in sums of about $200, the upper limit for anonymous payments in Russia.

Founded in 1947, Kaspersky Lab products has released crucial Indicators of Compromise (IOC) and other data to help organizations search for traces of these attack groups in their corporate networks.
Read more »

Hackers expose info of DoJ & DHS employees

A group of anonymous hackers have breached the US Department of Homeland Security’s system and leaked personal details of the people who work there.

The hackers uploaded the list at hosting platform Cryptobin which included names, job titles, emails, addresses and telephone numbers of US government officials. The group also claims to have access to 200GB of data from the Department of Justice.


The data breached is that of the 9335 employees of Homeland Security System, claim the hackers’ group. They also allege to have stolen sensitive information of over 20000 supposed Federal Bureau of Investigation employees.


The reason behind the hacking could be the message attached at the top of the data dump that reads "Long Live Palestine, Long Live Gaza: This is for Palestine, Ramallah, West Bank, Gaza, This is for the child that is searching for an answer."


The hacker had accessed the email account of US Department of Justice and allegedly downloaded the information of over 20,000 FBI officers, roughly 9,000 DHS employees and an undisclosed number of DoJ staffers.


A DoJ spokesperson has, however, downplayed the impact of hacking in a statement given to The Guardian claiming that, "This unauthorized access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information.”
Read more »
Subscribe to: Comments (Atom)