Google, Mozilla End RC4 Support

Google, Microsoft and Mozilla today announced they’ve settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day. The browser makers plan to sever support for RC4...

Filet-o-Firewall UPnP Security Vulnerability in Home Routers

Security vulnerabilities in UPnP continue to crop up and continue to put millions of home networking devices at risk for compromise. The latest was revealed in early August, but prompted an advisory yesterday from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon...

U.S. Prepping Sanctions Against China Over Cyberattacks

The U.S. government is purportedly readying economic sanctions against China and is prepared to call out several Chinese companies and individuals for committing cyber espionage. It’s not exactly clear when the Obama administration will levy the sanctions, but according to an article from Sunday’...

CERT Warns of Slew of Bugs in Belkin N600 Home Routers

The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affec...

National Science Foundation Internet of Things Security Grants

The National Science Foundation announced on Friday that it has awarded $6 million in grants to fund projects working toward securing networked things. The grants are part of a partnership with Intel Corp., and were awarded to separate projects at Stanford University and the University of...

CoreBot Credential-Stealing Malware

A new piece of data-stealing malware has a real thirst for credentials—and the potential for worse trouble down the line. IBM today published a report on CoreBot, generic information-stealing malware designed with enough flexibility to soon ramp up its capabilities to exfiltrate data in real time...

KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones

Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims. The KeyRaid...

Appeals Court Vacates Lower Court's Decision on National Security Letters

A federal appeals court has sent back to a lower court an appeal in a lawsuit about the way companies are allowed to publicize information about National Security Letters they receive. The appeal consolidates three separate actions against the Attorney General that question whether the government...

Fake EFF Site Used in Spear Phishing Campaign

Attackers, possibly associated with the Russian government, registered a phony Electronic Frontier Foundation domain earlier this month in an attempt to dupe users into thinking correspondence from the site was coming from the well-known privacy watchdog. The scheme, largely carried out via spear...

Dennis Fisher and Mike Mimoso on the Ashley Madison Breach and the Wyndham Data Breach Decision

Dennis Fisher and Mike Mimoso discuss the quasi-interesting fallout from the Ashley Madison hack, the appeals court decision about the Wyndham data breaches, and Charlie Miller leaving Twitter. Download: digitalunderground217.mp3 Music by Chris Gonsalves...

FBI Warns Businesses of Email Scams, Wire Fraud

U.S. businesses are losing millions in fraudulent wire transfers that have their root in email compromises of accounts belonging to top executives. An FBI advisory issued Thursday warns businesses that regularly conduct wire transfer payments to be vigilant about potential email account...

Google to Pause Flash Ads in Chrome Starting Next Week

Google on Tuesday will begin pausing Flash ads by default in Chrome, a move that is designed mainly to help improve browser speed, but that will also be a security upgrade for users. The company announced the plan back in June and said this week that it will make the behavior the default setting...

BitTorrent Patches DDoS Vulnerability

BitTorrent today announced that a patch has been rolled out in the libuTP protocol used by many of its clients, fixing a vulnerability that allows attackers to carry out distributed reflective denial of service attacks. The issue was revealed in a paper and presentation at the recent USENIX...

Adobe ColdFusion Hotfix

Adobe today pushed out a hotfix to ColdFusion implementations, patching a vulnerability it had already patched nine days ago on the LiveCycle Data Services application framework. Today’s hotfix affects ColdFusion 11, update 5 and earlier, and ColdFusion 10, update 16 and earlier. Hotfixes, unlike...

MassVet Android Malicious App Scanner

Most Android malware samples can be found clinging to some sort of knockoff to a legitimate application. Hiding in plain sight like that, sometimes they find their way into Google Play or any one of the dozens of less-patrolled Android markets. Researchers at Indiana University believe they’ve co...

Target Says SEC Won't Pursue Enforcement Action as a Result of Data Breach

Target officials say that the Securities and Exchange Commission, one of several U.S. agencies investigating the massive data breach at the company in 2013, has decided not to punish Target as a result of the breach. The Target data breach is one of the larger such incidents ever. The breach...

Endress+Hauser Patches Buffer Overflow In Dozens of ICS Products

There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by Swiss firm Endress+Hauser that can cause affected products to hang indefinitely. The vulnerability affects dozens of...

Apple Patches iOS Ins0mnia Vulnerability

Apple’s monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a particular task has been shut off by the user. A mobile app exploiting this vulnerability could also look benign enough ...

CERT Warns of Hard-Coded Credentials in DSL SOHO Routers

DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them. An advisory published Tuesday by the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University said...

Researchers Outline New Italian RAT uWarrior

Details have come to light about a new remote access Trojan called uWarrior that arrives embedded in a rigged .RTF document. Researchers with Palo Alto Networks’ research division, Unit 42, described the malware and how it appears to have emanated from an “unknown actor of Italian origin,” in a...

Google Pulls App Exploiting Certifi-Gate Vulnerability

A mobile application exploiting the so-called Certifi-gate vulnerability disclosed at Black Hat has been removed from the Google Play store. Though the number of downloads of Recordable Activator, a screen recorder app for Android devices, hovers between 100,000 and a half-million, researchers at...

AutoIt Used in Targeted Attacks to Move RATs

Hackers, months ago, revived macros as an attack vector to primarily hide banking malware spread by spam campaigns. Not be left out, some targeted attacks kicked off by convincing phishing emails, have been moving a few remote access Trojans and other malware via Word docs. One particular targete...

Github Mitigates DDoS Attack

Code repository Github mitigated a distributed denial-of-service attack, restoring services this morning around 9 a.m. Eastern time. According to a Github status log, connectivity problems began today around 5:30 a.m. with Github declaring it was under a DDoS attack an hour later. A request for...

Charlie Miller to Leave Twitter Security Team

Charlie Miller, one of the more respected and accomplished security researchers in the industry, is leaving Twitter’s security team after three years. Miller said on Monday that he is leaving the company at the end of this week and that he plans to announce his new job next week. Miller joined...

Vulnerabilities Identified in Dolphin, Mercury Android Browsers

Vulnerabilities exist in two fairly popular alternative browsers for Android – Dolphin and Mercury — that depending on the browser could result in either remote code execution or arbitrary read/write access. Mobile security researcher Benjamin Watson, who blogs under the guise of Rotlogix...

Court Rules FTC Has Authority to Punish Wyndham Over Breaches

In the latest installment of a long and winding court case related to multiple data beaches at Wyndham Worldwide several years ago, an appellate court has upheld the authority of the Federal Trade Commission to punish the hotel chain for lax security practices that allegedly led to the breaches...

AlienSpy RAT Resurfaces as JSocket

Even before a stunning revelation at Black Hat 20 days ago that spyware had been found on the phone of a dead Argentine prosecutor, the handlers of the AlienSpy remote access Trojan closed up shop, revamped and renamed the spyware, and moved operations to new domains, researchers at Fidelis said...

White House Support for CISA Worries Privacy Advocates

While Congress is enjoying its annual summer recess, privacy advocates are worried that the White House’s recent endorsement of the controversial CISA bill–which has been criticized by DHS officials, among others–will push the information-sharing bill over the goal line. The Cybersecurity...

WordPress Hacks Behind Spike in Neutrino EK Traffic

Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said. In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlie...

August 2015 Apple QuickTime Security Patches

Apple on Thursday pushed out a new version of QuickTime for Windows that patched nine vulnerabilities, including a handful reported Aug. 13 by Cisco Talos and Fortinet researchers. All five flaws, if exploited, could lead to a crash of the media player or code execution in some cases, Apple said ...

Facebook ThreatExchange Information Sharing

As Facebook’s ThreatExchange information-sharing platform hits its six-month milestone, the social network today announced that its closing in on 100 participants and has streamlined the application process. ThreatExchange was launched in February as a free vehicle for sharing threat and attack...

Details Surface on Patched Sandbox Violation Vulnerability in iOS

Apple patched an issue last week in iOS that could have allowed attackers to bypass the third-party app-sandbox protection mechanism on devices and read arbitrary managed preferences via a special app. The issue, which was present in versions of iOS prior to 8.4.1, stems from a vulnerability with...

Cybercrime Group Switches from Angler Exploit Kit to Neutrino

A prominent cybercrime actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today. Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks,...

Pocket Patches Data Exfiltration Vulnerabilities

Developers with Pocket recently fixed vulnerabilities that could have allowed users to exfiltrate data from the company’s servers, including sensitive information regarding web services, internal IP addresses and more. Pocket, formerly known as Read it Later, is an online bookmarking app that...

Web.com Data Breach

Update Florida-based web hosting company Web.com on Tuesday announced that it had suffered a data breach and payment card and personal information belonging to 93,000 customers was accessed. The company did not say in a statement or press release whether the stolen data was encrypted, nor how it...

Luca Todesco OS X Zero Day Vulnerabilities

Update Luca Todesco still won’t say why he disclosed over the weekend details and proof of concept code for a pair of unpatched and previously unreported OS X vulnerabilities, instead standing firm by his pat response: “I had my reasons.” The 18-year-old Italian researcher, however, is sure his...

Emergency Out-of-Band Internet Explorer Patch

Microsoft today released an emergency patch for all supported versions of Internet Explorer, including IE 11 running on the recently released Windows 10. Microsoft said in its advisory that the zero-day is being publicly exploited. Google security engineer Clement Lecigne is credited with reporti...

Core Infrastructure Initiative Open Source Security Badge Program

The Core Infrastructure Initiative CII, a consortium of technology companies guided by The Linux Foundation, has thrown good money at solving the security woes of open source software. Since its inception last year, it has provided funding for the OpenSSL project allowing it to hire full-time hel...

IRS Hack May Implicate 334,000 Taxpayers

The Internal Revenue Service disclosed this week that following the latest review of its system, 334,000 taxpayers – more than three times the agency’s initial estimate – may be affected by the hack it announced in May. Through the compromise, hackers were able to infiltrate the agency’s Get...

Apple OS X Zero Day Remains Unpatched

A recently disclosed kernel-level zero-day vulnerability in Mac OS X Yosemite and Mavericks remains unpatched, though reports say Apple is developing and testing a patch. Luca Todesco, an 18-year-old security researcher from Italy, on Sunday dropped details and proof-of-concept code about the...

Adobe LiveCycle Data Services Hotfix

Adobe is today expected to push a hotfix through to implementations of its LiveCycle Data Services application framework. The company said the vulnerability, CVE-2015-3269, affects versions 4.7, 4.6.2, 4.5 and 3.0.x on Windows, Macintosh and UNIX systems. Adobe is not aware of public exploits of...

RPC Portmapper Reflective DDoS Attacks

A number web hosting providers and businesses in the gaming industry were last month guinea pigs for a new type of amplified DDoS attack. Attackers have figured out how to use Portmapper, or RPC Portmapper, in reflection attacks where victims are sent copious amounts of responses from Portmapper...

Uber to Quadruple Security Staff by 2016

Ride-sharing company Uber, which has already battled a database compromise and hackers selling stolen user accounts this year, announced over the weekend that it will bulk up its security division. Uber will quadruple the number of employees that currently oversee security at the San...

Schneider Electric Modicon M340 PLC Station P34 Module HMI Vulnerabilities

Update Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. The Industrial Control System Cyber Emergency Response Team ICS-CERT released an alert late last week and patches are currently being validated according to ICS-CE...

Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

Researchers warn that several protocols used by the peer-to-peer file sharing service BitTorrent, including a handful of clients that run the protocol, can be leveraged to carry out distributed reflective denial of service DRDoS attacks. Distributed reflective denial of service, or DRDoS attacks,...

AT&T Facilitated NSA Surveillance Efforts

Telecommunication giant AT&T facilitated, to a larger degree than any other provider, the National Security Agency’s surveillance reach beyond domestic telephone data collection to email and Internet traffic, companion New York Times and ProPublica articles said on Saturday. It’s probably the...

Dennis Fisher and Mike Mimoso Discuss Black Hat, Android Security, and the Oracle Debacle

Dennis Fisher and Mike Mimoso talk about the news from Black Hat, car hacking, the Mary Ann Davidson blog post, and the Android security mess. Download: digitalunderground216.mp3 Music by Chris Gonsalves...

August 2015 Apple Security Update DYLD patch

Update: Apple yesterday patched a critical privilege escalation vulnerability in OS X 10.10 that was disclosed in early July. The flaw in OS X’s dynamic linker called dyld was specific to a new feature that allowed for error logging to arbitrary files. Researcher Stefan Esser shared details of th...

OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars

The OwnStar attack that hacker Samy Kamkar revealed late last month can be used against not only GM vehicles, but cars manufactured by Mercedes-Benz, BMW, and Chrysler, as well. The attack allows Kamkar to intercept the traffic from nearby mobile phones that have specific apps open that control...

Salesforce Patches XSS on a Sub-Domain

Salesforce.com has patched a vulnerability on one of its subdomains that exposed users to account takeover, phishing attacks and the installation of malicious code. The vulnerability was disclosed yesterday by researcher Aditya K. Sood of Elastica Cloud Threat Labs. Sood said admin.salesforce.com...