Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security flaw in automatic doors

Automatic doors could also be hacked. I am sure you are pretty amazed by my first line but it is true. Doors used in secure areas likes airports, hospitals, government facilities and other organizations can easily be hacked due to a vulnerability in networked door controllers.

According to Ricky Lawshae, a researcher with Trend Micro's newly acquired DVLabs division, the security flaw exists in the VertX and Edge lines of door controllers from HID Global, manufacturers of smartcards, card readers and access control systems.

The problem lies in the HID's VertX and Edge controller which can be remotely controlled   over the network and have a service called discoveryd (discovery daemon) that listens to UDP probe packets on port 4070.

When it receives a packet, the door controller automatically responds with its physical MAC address, device type, firmware version and other identifying information, like the human readable name that was assigned to it.

"Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality," Lawshae said in a blog post. "This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller."

HID have been informed about the flaws, and they are working to release the patch as soon as possible, but probably it will take a long to reach all customers or it might reach everyone ever.

Read more »

Microsoft's AI chat bot a major failure

Negative influence of human beings can have dangerously adverse effect on digital world. One of the recent examples for the same is chat-bot experiment by Microsoft where artificial digital teen turned into a foul- mouthed, anti -Semitic Trump supporter just after 24 hours of her creation . 

 According to the Telegraph, which traced the brief online life of "Tay "(@TayAndYou on twitter ), an AI chat bot designed to replicate speech pattern of teenage girls. It was using Artificial intelligence in its programming and was programmed to be self conscious and shy like Taylor swift and Kanye West. Microsoft confirmed that the purpose of experiment was to improve voice recognition software. 

As inquisitive and dangerous can be human crowd , people on twitter started doing negative experiments with the bot and within 24 hours of its creation Tay started supporting  Donald Trump and started tweeting shits like " Hitler was right , I hate jews, "Bush did 9/11 and Hitler would have done a better job than the monkey we have got now. Donald trump is the only hope we’ve got."

Then there were pornographic tweets as well, and her status showed currently "sleeping ".So for digital nirvana , its very important to keep off negative human influence at bay. 

Read more »

Zero-day exploit affects Apple's SIP



(pc-google images)

A zero-day exploit, in all current Mac OS X versions, has been detected by a researcher of SentinelOne which will enable hackers to circumvent Apple’s newest protection feature, System Integrity Protection (SIP).

“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” said SentinelOne in a blog post. 

The researcher, Pedro Vilaca, has described the vulnerability as a non-memory corruption issue which allows attackers to execute arbitrary code on any binary. It can bypass a key security feature of the latest version of OS X, El Capitan, the System Integrity Protection (SIP) without kernel exploits.

(pc-google images)
SIP was introduced with OS X 10.11, El Capitan. Apple designed SIP to prevent any users, even root ones, from modifying key system files. Once the hacker bypasses SIP, they have near total control of any device running OS X. The exploit could use SIP as a shield to prevent the system from repairing itself, which Vilaca calls a “protection racket.”

"It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes," SentinelOne explains. "This kind of exploit could typically be used in highly targeted or state sponsored attacks."

The flaw has been reported to Apple and a patch is on the way.











Read more »

Cyber Security Fail at Water Treatment Systems

Recently in March 2016 , Verizon investigated  several  cyber attacks according to their data breach digest, including one aimed at the systems of an unnamed water utility referred as Kemuri Water Company.

The water district had  consulted Verizon to be vigilant of the system as a precautionary measure, but later Verizon confirmed that the system is already faulty and had already suffered malicious attacks. 

According to them , the organisation has a poor system defence architecture which is very vulnerable to internet threats and was operating on very outdated operation technology(OT) which is assumed to be more than ten years old. 

The water utility's SCADA platform was operated by an IBM AS/400 system, which was introduced by the vendor in 1988, the system was used to connect both OT functions  such as water district's valve and flow control applications and IT functions, and IT functions such as financial systems and billing information.

Experts believed that the hackers exploited vulnerability in payment application as the server contained credentials for AS/400 systems and  estimated that 2.5 million records containing customer and payment information has been stolen. 

The hackers were also able to manipulate programmable logic controllers, as they had AS/400 admin credentials and therefore manipulated settings related to water flow and the amount of chemicals used for the treatment of water. 

Verizon in its data breach report said “In at least two instances, they managed to manipulate the system and thus handicap water treatment and production capabilities so that the recovery time to replenish water supplies increased,Fortunately, based on alert functionality, KWC was able to quickly identify and reverse the chemical and flow changes, largely minimizing the impact on customers.”

Verizon made clear that the hackers had less time and knowledge of the water system to exploit and thus were not able to do much damage which could have been more dangerous otherwise if they had more time and were more skilled. 

In the reports it was said that the attackers were not so geek and they required very less skill to get into the system and do the damage. 

Wylie from verizon said "When company budgets are tight and production can’t stop, when perceived risks are misjudged and networked systems evolve uncontrollably over the span years and decades, the associated cybersecurity risks to these connected systems naturally increase.”
Read more »

Amex warns card holders of third-party data breach




American Express has notified its customers of a data breach at a third party provider. The company has warned its card members that their account information has been compromised by a data breach.

In a notification letter, the card firm said it has become aware that a third party service provider engaged by several merchants had experienced unauthorized access to its system. According to the letter, the card holders can expect their account number, name and other details to have been compromised.

American Express said that it is “vigilantly monitoring” the accounts for fraudulent activity and asked customers to do the same and report any suspicious transaction. The letter said that customers could receive more than one letter about the incident if more than one account was affected.

"Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident and we are providing this notice to you as a precautionary measure," said the letter.
Read more »

Android Devices on risk,warns Google

Google has issued an emergency patch for Nexus devices to fix critical kernel bug.

The officials have already uncovered one unidentified Google Play app that attempted to exploit the vulnerability, although they said they didn't consider the app to be doing so for malicious purposes.

Google can't patch all the android devices but it has judged a number of rooting apps are dangerous enough.

The unnamed rooting apps, which are available in Google Play and outside its app store, could lead to a "local permanent device.

Google has also confirmed that a publicly available rooting app could also compromise the Nexus 6.

The company has also updated the Android Verify Apps security feature to detect the rooting app. Though the company has not noticed any exploitation but it said that the user would need to install the rooting app manually for a device to be compromised.

This makes it exceedingly hard to develop applications that depend on features in the Linux kernel. This may be part of the reason Netflix supports HD on so few Android devices if it depends on kernel-level security features.Even Nexus devices don't get major updates to the kernel version. A Nexus device that shipped with 3.8.x is very likely to stay on 3.8.x, even as newer Nexus devices come with more recent versions. This is the super weird fragmentation of Android. Linux kernel versions (and thus, features and security) used in Android are completely unrelated to the version of Android on the device.

This makes it exceedingly hard to develop applications that depend on features in the Linux kernel. This may be part of the reason Netflix supports HD on so few Android devices if it depends on kernel-level security features.Note that even Nexus devices don't get major updates to the kernel version. A Nexus device that shipped with 3.8.x is very likely to stay on 3.8.x, even as newer Nexus devices come with more recent versions.ns.
Read more »

Google Chrome, Adobe Flash, Apple Safari exploited on first day of Pwn2Own

On the first day of the Pwn2Own 2016 hacking contest $282,500 was awarded to the researchers for finding new security flaws in Adobe Flash, Google Chrome, and Apple Safari, which is taking place in Vancouver, Canada.

Hewlett Packard Enterprise and Trend Micro are jointly sponsoring this year's Pwn2own event.

 The 360Vulcan Team recieved $132,500 prize money for exploiting Adobe Flash and Google Chrome.

"The [Windows] kernel vulnerability was a use-after-free vulnerability," Christopher Budd,  global threat communications manager at Trend Micro, told eWEEK. "They successfully chained both of these to compromise the target at the system level."

The first exploit was Flash and Windows that earned $80,000 for the 360Vulcan team.
While the second hack was against Google Chrome that earned them $52,500.

JungHoon Lee, an Independent security researcher earned $60,000 for exploiting Apple's Safari browser. He found four vulnerabilities which includes issues in Safari as well as Apple's OS X desktop operating system.

"One of the vulnerabilities was in Safari, the other three were vulnerabilities within Mac OS X," Budd said.

Tencent Security Team Shield is the other team which won  $40,000 for an exploit against Apple Safari. They also earned $50,000 after attacking Flash with an out-of-bounds vulnerability, and for an infoleak vulnerability and a use-after-free vulnerability in the Windows Kernel to get SYSTEM access on the machine.

There is an award for reseacher who is able to execute a hypervisor escape from the VMware Workstation virtual machine on which the Windows-based browsers will be running, but unfortunately no security researchers even dared to attempt.

It's a new vector for attack, and one that can be particularly challenging," Budd said. "Given the amount of time required for adequate research, it's not surprising that no one has signed up this year. However, we do expect to see people sign up for this next year."
Read more »

Samas Ransomware approaches its target differently


Microsoft researchers have warned that a new ransomware ‘Samas’ has been found leveraging pen-testing/attack tools for a more targeted approach of getting installed on compromised systems.
Saman ransomware or also known as MSIL started its malicious activities in the past quarter. It searches for potentially vulnerable networks to exploit. This is how Samas ransomware infection chain operates, but the result is the same as with other ransomware: user’s files end up encrypted.
Microsoft Malware Protection Center (MMPC) researcher, Marianne Mallen explained that a publicly-available tool called reGeorg is used for tunneling, and the actors behind this ransomware also use Java-based vulnerabilities such as direct use of unsafe Java Native Interface (JNI) with outdated JBOSS server applications.
The ransomware can use other information-stealing malware (Derusbi/Bladabindi) to gather login credentials as well.  All the stolen credentials are listed in a text file and used to deploy the malware and its components through a third party tool named psexec.exe through batch files that are detected as Trojan: BAT/Samas. B and Trojan: BAT/Samas. C, which lets users execute programs on remote systems.
Trojan:Bat/Samas.B also deletes the shadow files through the vssadmin.exe tool. Trojan:MSIL/Samas.A usually takes  the name of delfiletype.exe or sqlsrvtmg1.exe and looks for certain file extensions that are related to backup files in the system, it also makes sure they are not being locked up by other processes, otherwise, the trojan terminates such processes and finally it deletes the backup files.
Once all of the initial operations are performed, the ransomware starts encrypting files in the system using the AES algorithm. It also renames the encrypted files with extension encrypted.RSA and displays a ransom note to inform users what happened to their files, after which the ransomware also deletes itself from the system.
Researchers noticed that, while the ransomware initially used WordPress as its decryption service site, it then moved to Tor site in an attempt to remain anonymous.
Majority of the Samas ransomware infections were detected in North America, and there were a few instances in Europe. However, some other regions in Asia like India have also been affected by this ransomware.
To prevent this infection, Microsoft has suggested users and administrators to use Windows Defender for Windows 10 as antimalware scanner, to ensure that MAPS has been enabled, to put strong password policies, disable Office macros, and always up-to-date software.
Ransomware has emerged as one of the biggest threats because it has the ability to provide cybercriminals with potentially high gains with minimal effort.

Read more »

Google doubled the Chrome Bug bounty reward

It has been six years now since Google has started  its bug bounty program and they have paid over over $6 million (over $2 million last year alone) to the security researchers. The company has announced two changes in the Chrome Reward Program, first they increased the reward for Chromebooks and second they added a new Bug bounty.

The Bug bounty programs is seen as appreciations for the individuals and groups of hackers to find out the  flaws and to disclose them to the company instead of selling them to someone else who can exploit the flaw.

According to the company’s security team they have not received any single successful submission in compromise of a Chromebook in guest mode which has reward of a $50,000.

Now, Google has doubled the bounty for the top Chrome reward, to $100,000. “That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool,” Google declared.

The qualifying reward rules are as follows:

•  Safe Browsing must be enabled on Chrome and have an up-to-date database (this may take up to a few hours after a new Chrome install).
•  Safe Browsing servers must be reachable on the network.
•  Binary must land in a location a user is likely to execute it (e.g. Downloads folder).
•   The user can’t be asked to change the file extension or recover it from the blocked download list.
•   Any gestures required must be likely and reasonable for most users. As a guide, execution with more than three reasonable user gestures (eg: click to download, open .zip, launch .exe) is unlikely to qualify, but it’ll be judged on a case-by-case basis. The user can’t be expected to bypass warnings.
•   The download should not send a Download Protection Ping back to Safe Browsing. Download Protection Pings can be measured by checking increments to counters at chrome://histograms/SBClientDownload.CheckDownloadStats. If a counter increments, a check was successfully sent (with exception to counter #7, which counts checks that were not sent).

•  The binary’s hosting domain and any signature cannot be on a whitelist. You can measure this by checking chrome://histograms/SBClientDownload.SignedOrWhitelistedDownload does not increment.
Read more »

VMware patches XSS flaws in vRealize

VMware's Linux version of two vRealize products received the first maintenance release for version 7 and also became the subject of a security alert on Tuesday (March 16).

If exploited, the products could lead to the compromise of a user’s client workstation.

The issue in the Automation version was dug up by independent researcher, Lukasz Plonka while the issue in the Business and Enterprise version was discovered by Alvaro Trigo Martin de Vidales, a senior IT security consultant with Deloitte Spain in vRealize Business, a product designed to automate the core financial processes needed to plan and optimize the cost and value of IT in an organization.

The bugs, stored cross-site scripting (XSS) vulnerabilities and rated important, exist in the company’s vRealize Automation and vRealize Business Advanced and Enterprise platforms.

The vulnerability has been patched with the release of VMware vRealize Automation 6.2.4. vRealize Automation 7.x for Linux and vRealize Automation 5.x for Windows are not affected.

The new bits include a management agent to automate the installation of Windows components and to collect logs, and an installation Wizard that automates a Minimal or Enterprise installation.

Though the fix has been generated but there are many things in the new version which can be problem posers. For example, Virtual machine is deleted during reprovisioning when a datastore is moved from one SDRS cluster to another and after upgrading to vRealize Automation 7.0, duplicate catalog items for the same business group appear in the catalog. But nevertheless, the fix will at least fix on compromising the workstations of clients.

It’s the third issue that VMware has patched its products this year. The updates follow a set of patches the company released to address last month’s critical glibc vulnerability and a series of updates it pushed in January to address a privilege escalation bug in ESXi, Fusion, Player, and Workstation.

The company was forced to reissue a patch in February, from last October that it issued which failed to address serious remote code execution vulnerability in vCenter which let remote attackers connect to the vCenter Server and run code. While Windows Firewall mitigated the issue, officials with VMware still encouraged users to reapply the tweaked patch.
Read more »

Cancer-care giant notifies 2.2 M patients of data breach

A US-based cancer-care giant now faces a major data breach. Fort-Myers’ 21st Century Oncology warns its 2.2 million patients of their personal data being accessed by an unauthorized third party.


The Federal Bureau of Investigation (FBI) had notified the company on November 13 of the unauthorized access of its database.

According to the company, names of patients, social security numbers, physician names, diagnosis and treatment data and insurance information have been accessed. In a statement issued, 21st Century Oncology also informed of hiring a leading forensics firm to conduct an investigation. The company however denied the access of any medical records.

"We immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security," the statement said. "In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future."

Patients have been sent notification letters to advise them of the breach of their data.

The potentially affected have been offered a year of credit monitoring services without charge.

"We also recommend that patients regularly review the explanation of benefits that they receive from their health insurer," the letter to patients states. "If they see services that they did not receive, please contact the insurer immediately."

News of the breach came at the backdrop of 2 recent people relations blows for the company. The company paid a $34.6 million settlement to the federal government to settle a lawsuit that alleged the company performed and billed for a procedure that was not medically necessary.

In December, it paid $19.75 million to settle another lawsuit from a whistleblower action related to claims of inappropriate billing for bladder cancer examinations.
Read more »
Subscribe to: Comments (Atom)