POS Malware Nitlove Seen Dropped in Spam Campaign

Toss another strain of point-of-sale POS malware onto the growing heap discovered this year. The latest variant, a variant dubbed NitlovePOS, was spotted being dropped on victims who were compromised by a spam operation. Researchers with the firm FireEye were in the middle of tracking a campaign ...

Researchers Exploit Windows Group Policy Bug Patched in February

Researchers from Core Security were able to exploit a security vulnerability in Windows Group Policy — MS15-011 — that was patched in February by Microsoft. Nicolas Economou, a senior exploit writer at Core Security, explained in a blog entry last week that Microsoft had in fact fixed the bug,...

Exploit Kit Delivers Pharming Attacks Against SOHO Routers

Attacks targeting small office and home router DNS settings, long a target for network intruders seeking to redirect web traffic to malicious sites, have for the first time been included in an exploit kit—one that specializes in cross-site request forgery attacks. An exploit kit has been spotted ...

Synology Fixes File-Takeover Flaw in Cloud Station OS X Client

There is a vulnerability in some versions of Synology’s Cloud Station client for OS X that can enable any user to take over system files and gain complete control of the machine. Cloud Station is a system that allows users to sync files across a number of devices. The system saves changes to file...

Podcast Discussing the Week's Security, Crypto News

Dennis Fisher and Mike Mimoso talk about the Logjam attack, the proposed Wassenaar export rules on exploits, and the letter to the president decrying crypto back doors. They do not talk about the Mad Men finale. Nor will they ever. Download: digitalunderground204.mp3 Music by Chris Gonsalves...

Sendio Email Security Platform Vulnerability Patch

Email security vendor Sendio has patched a pair of remotely exploitable security bypass vulnerabilities in its Sendio ESP, or Email Security Platform, product. Researchers at Core Security Technologies reported the vulnerabilities March 26 to Sendio, along with a proof of concept that triggers th...

eBay Fixes Reflected File Download Flaw

For many years, eBay has been one of the bigger targets for phishers and many other kinds of attackers and they have been honing their tactics and improving them along the way. Much of their effectiveness depends on convincing users that they’re on the real eBay site and the site recently fixed a...

Android Factory Reset Improper Sanitization Exposes Data

The churn of Android devices, whether older smartphones being traded in or sold online, makes device sanitization imperative. The native feature in the OS, however, may not be doing as thorough a job as advertised. A paper, “Security Analysis of Android Factory Resets” pdf, published by Ross...

Ersatz Scheme Deceives Hackers, Protects Stored Passwords

Researchers at Purdue University have developed a scheme that protects stolen passwords from offline cracking. The project is explained in a paper called “ErsatzPasswords – Ending Password Cracking” pdf written by Purdue University researchers Mohammed H. Almeshekah, Christopher N. Gutierrez,...

Charter Communications Fixes Data Leaking Vulnerability

Internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of customers. Customers’ payment details, modem serial numbers, device names, account numbers, home addresses, were being spilled...

Proposed U.S. Wassenaar Rules on Intrusion Software

Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...

1.1 Million Affected by CareFirst BlueCross BlueShield Breach

CareFirst BlueCross BlueShield announced yesterday that attackers gained access to a single company database containing the sensitive and personal information of more than a million of its current and former health insurance customers. BlueCross BlueShield BCBS is a federation of health insurance...

Security Questions Not So Secure

The Internet knows a lot about you, including your mother’s maiden name, your favorite food, and what street your first pet grew up on. And, according to some new research from Google, attackers have a good chance of figuring those things out pretty easily, too. The security questions that Google...

Researchers Wary of Wassenaar Arrangement Proposed Rules

Professional security researchers concerned about proposed changes to the Computer Fraud and Abuse Act CFAA that include stiff penalties for what today is considered legitimate offensive research, are worried about another impending punch to the gut. The Commerce Department’s Bureau of Industry a...

Justice Department Charges Six Chinese Nationals with Insider Theft

The Justice Department has issued a 32-count indictment including charges of economic espionage and theft of trade secrets against a pair of Chinese professors along with four other citizens of the People’s Republic of China. Authorities last Sunday arrested one of the alleged, Professor Hao Zhan...

SQL Attack Results in Breach of Telstra Telecom Pacnet

Telstra’s Pacnet, a telecom service provider primarily based in China and Singapore, suffered a breach early last month that may wind up affecting thousands of customers, including Australia’s Federal Police, the continent’s Department of Foreign Affairs and Trade, and other entities. Telstra, an...

How I Got Here: Marcus Ranum

​Dennis Fisher talks with security pioneer Marcus Ranum about writing an early Internet firewall at DEC, the security gold-rush era of the 1990s and early 2000s, why he never patented most of the ideas he has come up with and how he found peace of mind. Download: 17ranum.mp3 Music by Chris Gonsal...

Apple Releases Patches For a Watch

What happens when you build a watch that is essentially an absurdly powerful computer that also tells time? You have to patch that watch. And that’s what Apple has done for the first time, releasing a long list of fixes for security problems with the Apple Watch OS. At least one of the...

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs

Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade...

KCodes NetUSB Vulnerability Details Surface

The Department of Homeland Security-sponsored CERT at Carnegie Mellon University today issued an alert warning of a serious vulnerability in KCode NetUSB, which is integrated into products sold by a number of networking vendors. KCodes NetUSB is a Linux kernel module that enables several users on...

St. Louis Federal Reserve Falls Victim to DNS Hijack

The St. Louis Federal Reserve Bank confirmed this week that it fell victim to a DNS hijack last month. The attack may have redirected users to bogus webpages and for a period of time exposed customers to phishing, malware and other attacks that potentially could have duped users into giving away...

Google Fixes Sandbox Escape in Chrome

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers w...

Malvertising Leads to Magnitude Exploit Kit, Ransomware Infection

Criminals are injecting malicious redirect code into advertisements in order to route user traffic toward sites hosting the Magnitude exploit kit, which, in turn, infects those users with strains of file-encrypting ransomware. Magnitude predominately relies on drive-by-download attacks in which i...

Address-Spoofing Bug Haunts Android Stock Browser

There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and develop...

President Urged to Reject Mandatory Backdoors

One-off opposition to calls on Congress from FBI Director James Comey and NSA Director Adm. Mike Rogers to draft a legal framework that would enable law enforcement to access encrypted communication has been scattered at best. Experts have taken to their own forums to voice opposition to the...

Researchers, IEEE Release Medical Device Security Guidelines

A collection of research scientists, with help from the IEEE Cybersecurity Initiative, have released a new set of guidelines for developers to take into account to ensure security figures into how medical devices are coded. The paper, “Building Code for Medical Device Software Security,” .PDF was...

APT Group Embeds C&C Data on TechNet Pages

The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources. New research published last week by Microsoft and FireEye revealed targeted attacks against organizations have been...

Penn State Offline Following Advanced Two-Year Cyberattack

Penn State University President Eric J. Barron announced Friday that the university disconnected its networks from the public Internet after sustaining an intrusion into the College of Engineering that had lasted longer than two years. It will be a matter of days before Penn State brings its...

Oracle Patches VENOM Vulnerability

Oracle, whose virtualization software VirtualBox is among those affected by the VENOM vulnerability, on Saturday joined the litany of VM providers that have patched the bug. Oracle was one of the first vendors notified by Crowdstrike, whose researcher Jason Geffner found the bug and disclosed it...

TeslaCrypt Ransomware Taking a Toll on Victims

The attackers behind the TeslaCrypt ransomware, which is one of the newer entries on the scene, may not be making as much money yet as some of their more experienced competitors, but researchers say that their malware is having a profound effect on victims. Like many other pieces of ransomware,...

Google App Engine Java Vulnerabilities Disclosed

A Polish research group claims there are still several outstanding vulnerabilities in Google App Engines for Java, including three complete Java sandbox escapes. After three weeks of radio silence from Google, it decided to disclose on Friday the vulnerabilities, along with proof of concept code...

Dennis Fisher and Mike Mimoso on VENOM, Marketing Bugs, and More

Dennis Fisher and Mike Mimoso talk about the VENOM vulnerability, the idea of marketing bugs, Microsoft’s new Edge browser security features and the awesome CSI: Cyber finale. Download: digitalunderground203.mp3 Music by Chris Gonsalves...

Google Changes Policy on Chrome Extensions

Google is rolling out a new policy that will force all Windows and Mac users to install Chrome extensions only from the Chrome Web store. The company last year began enforcing this policy for Windows users on the main, stable channel for Chrome. Google offers several different channels for Chrome...

Several Factors Mitigate VENOM's Utility for Attackers

The divisive VENOM vulnerability—marketing logo and all—has been good for three solid days of debate and angst over its severity, ease of exploitation and risks. The first public proof-of-concept exploit, however, may aid in calming some of the anxiety around the bug, which is proving difficult t...

US House Votes to End NSA Phone Records Collection

The U.S. House of Representatives’ resounding vote on Wednesday to end the National Security Agency’s collection of phone metadata and business records shifts the Senate focus squarely onto the shoulders of Kentucky Republican Senator, Mitch McConnell. McConnell is a staunch defender of the...

Cisco Patches Security Vulnerabilities in TelePresence

Cisco has patched a number of vulnerabilities in its TelePresence products, the most serious of which allow a remote hacker to inject commands into a device and gain root privileges. TelePresence products link remote locations with audio, video and other collaboration tools. Cisco said none of th...

The Triumphant Finale of CSI: Cyber

It’s been a couple of months since we left our heroes on CSI: Cyber, and boy, have they been busy. They have apparently solved many crimes using cyber-sleuthing, acquired some decidedly non-cyber firearms skills, and, in the case of our man Krumitz, taken up running. We wanted to check in and see...

Dan Kaminsky on VENOM

Dennis Fisher talks with Dan Kaminsky about the VENOM bug, the value of virtual machine escapes, why everyone wants to make every bug the worst one of all time or just a bunch of hype and what the Avengers have to do with vulnerability disclosure. Download: digitalunderground202.mp3 Music by Chri...

Remotely Exploitable Vulnerabilities in SAP Compression Algorithms

The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in...

Open Smart Grid Protocol Alliance Plan to Fix its Weak Crypto

The Open Smart Grid Protocol Alliance, which recently came under fire for a weak crypto implementation in its protocol, will upgrade existing devices, likely starting in September. Harry Crijns, secretary of the OSGP Alliance in The Netherlands, said fixes have been developed and are “under a...

XSS, CSRF Vulnerabilities identitified in WSO2 Identity Server

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially expose subsequent internal servers to further attacks. The open source server software helps developers manage identities and keep track of web apps, services an...

Microsoft Brings Perfect Forward Secrecy to Windows

Microsoft yesterday added four cryptographic cipher suites to its default priority ordering list in Windows, a move that brings Perfect Forward Secrecy to the operating system. Update 3042058 is available for now only on the Microsoft Download Center, affording users the opportunity to test the...

Flaw in Virtualization Software Could Lead to VM Escapes, Data Theft

Researchers have uncovered a vulnerability in an obscure component of many virtualization platforms that they say can allow an attacker to escape from a guest virtual machine and gain code execution on the host, as well as any other VMs operating on that machine. Experts say the bug affects a wid...

Default Credentials Lead to Massive DDoS-For-Hire Botnet

Tens of thousands of home and office-based routers have been hijacked over the last several months to form a botnet used to stage a DDoS campaign. The attacks first surfaced at the tail end of last year, around Dec. 29, and after a short reprieve, spiked twofold over the last month. The web...

Firefox 38 Fixes 13 Flaws, Ships With DRM Support

Mozilla has fixed 13 security flaws in Firefox 38, including five critical vulnerabilities. The new version of the browser also includes a feature that enables the use of DRM-enabled video content in Firefox, a decision that comes with some controversy. DRM digital rights management, the generic...

May 2015 Microsoft Patch Tuesday Security Bulletins

Patch Tuesday as we know it may be on its last legs, but it’s certainly not going quietly. A little more than a week after Microsoft announced how it would revamp patch distribution and security updates starting with Windows 10, the company today released its scheduled round of bulletins—13 in al...

May 2015 Adobe Flash, Reader, Acrobat Security Updates

Adobe today released sizable updates for Flash Player, Reader and Acrobat, patching 18 and 34 vulnerabilities respectively in the software. None of the vulnerabilities in any of the three products, Adobe said, are being publicly exploited. The Flash Update for Windows, Mac OS X, and Linux patches...

New Microsoft Edge Browser Includes Range of Security Upgrades

For many years now, the browser has been the most dangerous piece of software on most users’ machines. Attackers love to target browsers and a remote code execution bug in a major browser is gold for them. The browser vendors have been making gradual changes to better protect users in recent year...

Angler Exploit Kit Pushing New, Unnamed Ransomware

Attackers are using the infamous Angler exploit kit to disseminate a new, yet unnamed variant of the TeslaCrypt and AlphaCrypt ransomware, according to Rackspace security researcher Brad Duncan. Duncan analyzed the threat on the SANS Internet Storm Center, saying that the malware presents its...

Datapp Sniffs Out Unencrypted Mobile Data

Last fall, researchers at the University of New Haven’s Cyber Forensics Research and Education Group dropped the hammer on a number of Android apps, including those from some popular social networking and dating sites, for their insistence on sending data in the clear. Pretty quickly, the UNHcFRE...