Microsoft Revoves Trust for eDellroot Certficates

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers. In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed...

China APT Gang Targets Hong Kong Media via Dropbox

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong. An August attack against several media companies in Hong Kong was carried out shortly after a...

National Security Letter Attachment Details

While the Snowden documents have demystified the intelligence community’s hacking abilities, few specifics are known about National Security Letters, law enforcement’s most powerful tool to compel telecommunications and Internet service providers to turn over a broad scope of user data, and which...

Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates

Researchers have found that thousands of Internet gateways, routers, modems and other embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks that open the door to more extensive intrusions that jeopardize encrypted data. This type...

Data on 5 Million Users Compromised in Breach at Toy Maker VTech

UPDATE VTech, a company that manufactures electronic learning devices, baby monitors, toys, and other equipment, announced Monday that information from five million customer accounts, which include identity information belonging to children, were accessed in an attack earlier this month. The news...

Microsoft Blocking Potentially Unwanted Programs

Microsoft has taken steps to address deceptive software, otherwise known as potentially unwanted programs or applications, with new opt-in protections for Windows users in the enterprise. The new protection blocks behaviors such as ad-injection, or the bundling of nuisance programs with software...

Lenovo Patches Vulnerabilities in System Update Service

Lenovo has patched two serious vulnerabilities that hackers could abuse in targeted attacks, or at scale, to easily guess administrator passwords on a compromised device, or elevate privileges to Windows SYSTEM user. The vulnerabilities were patched last Thursday by the manufacturer and details...

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits. The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspac...

United Airlines Slow to Patch Mobile App Vulnerability

A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after...

Two More Self-Signed Certs, Private Keys Found on Dell Machines

eDellroot is not the only self-signed trusted root certificate on Dell computers. Researchers at Duo Security found two more on a Dell Inspiron 14-inch laptop purchased by Darren Kemp, one of its researchers who is based in Calgary, Canada, including one cert related to eDellroot that also ships...

Dell Shipping Superfish-Style Root Cert, Private Key

Update Just in time for Black Friday, various models of new Dell computers are shipping with a preinstalled root certificate and private key that corresponds to the cert, which as of earlier today was being accepted by all major browsers except Firefox. Given that a number of tools exist to aid i...

GlassRAT Remote Access Trojan

A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear. The RAT, dubbed GlassRAT, was signed with a certificate belonging to a popular Chinese software company with hundreds of millions of users worldwide...

54 Starwood Hotels Hit By Point of Sale Malware

Travelers who stayed at either a Westin, Sheraton, or W hotel over the last year or so are going to want to check their bank statements sooner rather than later. Starwood Hotels and Resorts, a company that owns and operates approximately 1,200 hotels across North America, including the...

VMware Patches Pesky XXE Bug in Flex BlazeDS

VMware has patched an information disclosure vulnerability affecting a number of its products that use Flex BlazeDS. The original vulnerability was discovered and disclosed in August by Matthias Kaiser of Code White GmbH. Researchers there found a XML External Entity flaw in Apache Flex BlazeDS...

German Government Audits TrueCrypt

TrueCrypt continues to fascinate even though it hasn’t been updated in more than a year and has been cleared of backdoors in more than one extensive audit. The German government’s Federal Office for Information Security BSI is the latest to inspect and analyze the security of the abandoned open...

Department of Education Lambasted Over Database Vulnerabilities

Like the Office of Personnel Management before it, the Department of Education has failed to heed repeated warnings that its systems contain multiple weaknesses. In a House Committee on Oversight and Government Reform hearing held this week, Congressman and committee chair Jason Chaffetz R-Utah...

FBI Warns Public Officials of Doxing Threat

The FBI has put law enforcement and high-profile public officials on notice that they could be targeted by hacktivists following the recent doxing of CIA director John Brennan by the hacktivism collective called Crackas With Attitude. Brennan’s AOL email account was taken over by a teen associate...

VirusTotal Mac OS X App Sandbox Support

Mac malware is a thing. It’s real. Granted it hasn’t reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it’s been legitimized. Adding further credence, Google-owned...

LinkedIn Fixes Persistent XSS Vulnerability

Developers at LinkedIn fixed a persistent cross site scripting vulnerability in the social network this week that could have been exploited to spread a worm on the service’s help forums. It was a very a quick turnaround for the company according to the researcher, who said LinkedIn fixed the issu...

Carnegie Mellon Says It Was Subpoenaed-And Not Paid-For Research On Breaking Tor

Carnegie Mellon University today implied in a statement that it was served with a subpoena to hand over research related to unmasking the identity of users on the Tor network, and that it was not paid $1 million by the FBI for doing so, as alleged by the Tor Project. The statement, released short...

Microsoft Blocks Unsigned DLLs in Edge with Update

The security community rejoiced when Microsoft announced earlier this year that it would strip maligned extensions such as ActiveX and VB Script – often bullied in attacks – from its new Edge browser. Now the company claims a recent update to the browser prevents the loading of unsigned DLLs...

Inside the Conficker-Infected Police Body Cameras

Rarely does one story run such a gamut of security threats, encapsulating in this case, Internet of Things risks, supply chain infiltration and some circa-2008 malware for good measure. But that’s what we have with this week’s saga of the body cameras, marketed for police use, that were shipped...

Attackers Embracing Steganography to Hide Communication

Encouraged by patterns carried out on a larger scale recently, researchers believe digital steganography has arrived as a legitimate method for attackers to use when it comes to obscuring communication between command and control servers. In a presentation last week at Black Hat Europe researcher...

Chimera Ransomware Operation Shut Down

It seems that as quickly as the Chimera ransomware surfaced, the operation has been shut down. Researchers at Bleeping Computer said Tuesday that the malware was no longer active. A number of security companies were publishing alerts about this latest strain of crypto-ransomware, which was...

Adobe Issues HotFix For ColdFusion

Adobe this afternoon released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusi...

Libpng PNG Reference Library Patches Memory Corruption Vulnerabilities

Two memory corruption vulnerabilities in the PNG reference library, libpng, have been patched, but the scope of software affected by the bug isn’t as wide as initially reported. The vulnerabilities, addressed in libpng 1.0.64, 1.2.54, 1.4.17, 1.5.24, and 1.6.19, allow for an attacker to write...

Google to Warn Recipients of Unencrypted Gmail Messages

Google always seems to be busy fortifying Gmail–the latest steps by the company resolve to bolster message encryption and deter attackers from censoring or altering messages before they’re delivered to users. The company announced last week it would begin rolling out warnings in the coming months...

Hackers Can Abuse SAP Apps Connected to SCADA

Much in the same way the Target hackers used a HVAC management system to catapult onto the corporate network, attackers focused on oil and gas and other critical industries may be finding similar openings via enterprise applications such as SAP. Researchers from ERPScan, during last week’s Black...

Spring Social Java Library Social Authentication Vulnerability

A nasty cross-site request forgery vulnerability was patched Thursday in the Spring Social core library, one of the most pervasive Java application libraries. Spring Social facilitates social authentication between applications and online services, and the vulnerability allowed attackers to bypas...

Two New Strains of POS Malware, Cherry Picker, Abaddon, Surface

Point of sale malware has gotten more sophisticated as we inch closer to the two-year anniversary of the Target data breach. Now, two weeks from the biggest shopping day of the year, two new and different strains of point of sale malware have come to light, including one that’s gone largely...

BadBarcode Internet Of Things Hack PacSec 2015

Barcodes’ pervasiveness in retail, health care and other service industries notwithstanding, hackers really haven’t paid much attention to these tiny lines of data. But like other technologies supporting the so-called Internet of Things, there are bound to be vulnerabilities and there are bound t...

Tor: FBI Paid CMU $1 Million to De-Anonymize Users

More than a year ago, the Tor Project patched its software against a vulnerability being exploited by researchers at Carnegie Mellon University, it said, for the purpose of de-anonymizing users of Tor hidden services. Yesterday, Tor Project director Roger Dingledine accused the prominent Pittsbur...

Exploit Writing and Exploit Mitigation

More and more white hats who practice offensive security and exploit writing are simultaneously talking about exploit mitigation. Granted, some are incentivized to do so by their employers or six-figure rewards programs, but the trend nonetheless is moving away from finding and fixing individual...

Microsoft Fixes Hyper-V Denial of Service Issue

In addition to the usual slew of patches Microsoft dropped this week, the company on Tuesday also addressed an issue in its hypervisor, Hyper-V, that could lead to a denial of service condition. Microsoft warned about the issue in an advisory separate from its usual Patch Tuesday bulletins. The...

November 2015 Patch Tuesday Brings 12 Updates, Four Critical

Microsoft today pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution. The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers o...

November 2015 Adobe Flash Player Security Patches

In what’s becoming a monthly ritual, Adobe today pushed out an updated version of its Flash Player that includes patches for critical vulnerabilities. Today’s update isn’t as voluminous as a most have been since the start of summer, nonetheless, since July when a run of updates addressed zero day...

Apache Commons Collections Unserialize Java Vulnerability

For close to 10 months, a critical vulnerability in a library found in most Java rollouts has been twisting in the wind, unpatched, and until this week without proof-of-concept exploits that people paid attention to. Two researchers with NTT Com Security changed that dynamic last week when they...

88 Percent of Networks Susceptible to Privileged Account Hacks

IT professionals have long grappled with the inherent risks associated with privileged accounts. Whenever credentials that allow other employees to login to servers, routers, and so forth, are compromised, it can have a dire outcome on the rest of the network. A security firm this week is warning...

Comodo, CAs Issue Forbidden Certificates

Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses. In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to c...

ProtonMail Back Online Following Six Day DDoS Attack

Encrypted email service ProtonMail is back online today following a crippling six-day attack that saw the company’s ISPs and data centers under siege. Operators behind the service said the site may not always be reachable, as its servers are still under heavy strain and mitigating attack, and tha...

SAP HANA Security Patches

Critical business applications such as SAP and Oracle ERP products process and store the Fortune 2000’s most critical data, yet spur relatively little concern when it comes to security vulnerabilities. That trend seems to be reversing itself, given the spate of disclosures and high-profile...

Microsoft Considers Earlier SHA-1 Deprecation Deadline

Tech companies continue to back away from SHA-1 like it’s an infectious disease. Microsoft, which already had plans to deprecate the crusty cryptographic algorithm by the start of 2017, decided this week to move up that deadline six months. The company said it’s considering whether it will start...

Advantech Clears Hard-Coded SSH Keys from EKI Switches

Update Critical industrial switches used worldwide for automation contained hard-coded SSH keys that put devices and networks at risk. Advantech, a Taiwanese distributor, has developed new firmware for its EKI-122x series of products that disables HTTPS and SSH. SSH keys are a means by which...

Chimera Ransomware Promises to Publish Encrypted Data Online

Ransomware continues to elevate itself as perhaps the most worrisome crossover threat affecting consumers and businesses. Already this week, we’ve had an update to the dangerous Cryptowall family of malware that includes new encryption features making that strain of ransomware harder to decrypt...

Cryptowall 4.0 Encrypts File Names, Clears Restore Points

Cryptowall has gotten a minor, but important facelift that might make it more difficult for researchers to tear apart and for victims to recover their encrypted data without paying a ransom. Spotted two days ago, the latest update to the ransomware has begun not only encrypting data on victims’...

Mozilla 42 Brings Private Browsing with Tracking Protection Live

Mozilla has pushed a feature in Firefox live that allows users to block certain page elements while browsing privately. The feature, Private Browsing with Tracking Protection, previously available to beta users, blocks third party page elements, such as ads, social network buttons, analytics, and...

Same Rhetoric Permeates Going Dark Encryption Debate

BOSTON — The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere. This time the notable dignitary stumping for...

Tinba Variant Spotted Targeting Russian, Japanese Banks

Cybercriminals behind the Tinba banking Trojan have been homing in on some of the larger banks in Russia and Japan, experts claim. According to researchers with Dell SecureWorks, who looked at an instance of the malware last month, configuration files in one variant are targeting one of the...

Chinese Mobile Ad Library Backdoored to Spy on iOS Devices

Versions of a popular Chinese mobile ad library have been backdoored with capabilities that can be used to surreptitiously record audio and steal data stored on thousands of iOS devices. Researchers at FireEye said today they have found 17 backdoored versions of the mobiSage SDK versions 5.3.3 to...

Shuanet Adware Roots Android Devices

A new strain of adware buried in repackaged popular Android applications is able to root devices and earn its keepers a tidy $2 per installation. Shuanet behaves more like malware and shares some heritage with two other adware families—Kemoge and Shedun—that also root devices and give their...