New Utility Decrypts Files Lost to TeslaCrypt Ransomware

Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key. Some technology companies are...

Wordpress Stored Cross-Site Scripting Zero Day Vulnerability

WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of...

Second Crypto Bug in Networking Library Could Affect 25,000 Apps

A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles...

Siemens Patches Ghost Flaw Simatic Product

Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The...

Google Provides Detailed Analysis of GitHub Attack Traffic

The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the...

PODCAST: News from RSA 2015

Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news of the week from the RSA Conference. Download: digitalunderground198.mp3 Music by Chris Gonsalves Flickr photo via @jf10...

Active Defense Can Give Pause to Threats

SAN FRANCISCO – Disrupting hackers on your own network has become sort of a parlor trick for enterprises with enough resources and desire to dive into those waters. Today at RSA Conference, one expert explained how most organizations can leverage networking tools they’ve already invested in to pu...

Bypassing OSX Security Tools is Trivial, Researcher Says

SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple...

iOS Vulnerability Could Force Devices Into Endless Reboot Loop

Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop. The issue stems from what researchers are calling an SSL certificate parsing vulnerability in iOS 8.0, something Apple is apparently aware of and in the process of fixing. Yair Amit,...

RSA Conference Chris Hoff Reuben Paul Keynote

SAN FRANCISCO – When it comes to the future development of secure software, there’s really only one “next generation” that matters. That’s why today when the covers were pulled back on a seven-foot-tall server rack wheeled out on stage during Chris Hoff’s RSA Conference keynote, those in the...

Microsoft Project Spartan bug bounty launched

Microsoft today kicked off a two-month bug hunt for vulnerabilities in Project Spartan, the company’s new browser set to launch alongside Windows 10 later this year, one of several announced additions to its various bounty programs. “Microsoft’s new browser will be the onramp to the Internet for...

Privacy Goal: More Controls in Users' Hands

SAN FRANCISCO – The same companies that brought, among other things, facial recognition into your living rooms and the ability to record video to your eyewear, swear the next big thing in privacy is putting more controls in your hand. The privacy officers of Microsoft, Google and Facebook said...

White House, State Department Counted Among CozyDuke APT Victims

A data-mining advanced persistent threat hit a handful of high profile targets last year, including the White House’s computer network. Dubbed CozyDuke, the APT’s toolset shares several similarities with fellow APTs MiniDuke, CosmicDuke and OnionDuke. Kurt Baumgartner and Costin Raiu, researchers...

Threat Intelligence Sharing Still Seen as a Challenge

SAN FRANCISCO–The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat o...

'Fully Secure Systems Don't Exist'

SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the year...

Renewed Attention on Android Apps Failing SSL Validation

SAN FRANCISCO – Android developers whose apps fail to validate SSL certificates are on notice; not only are researchers scanning apps making insecure connections, but so is Google. And the hammer may fall soon. Will Dormann, a researcher with CERT at the Software Engineering Institute at Carnegie...

RSA Conference Panel on Threat Information Sharing Bill

SAN FRANCISCO – The House of Representatives is considering a pair of information sharing bills this week. Also up for consideration is a data breach notification bill that is not likely to make it into law any time in the near future. According to a panel of experts at the RSA Conference, the...

Microsoft Data Shows Drop in Remote Code Execution Bugs Being Exploited

SAN FRANCISCO–One of the downsides to being a software company with a huge customer base is that your products are going to be prime targets for attackers. But the flip side to that coin is that you’re going to gather a lot of data about vulnerabilities and attacks. Microsoft has been collecting...

DHS Secretary on Recruiting Trip at RSA Conference

SAN FRANCISCO – Homeland Security secretary Jeh C. Johnson was apparently on a recruiting trip today at RSA Conference. During his 30-minute keynote, amid dozens of “cyber” references, the 57-year-old Johnson put out the help-wanted sign for able-bodied security professionals who a may want to jo...

NetNanny Found Using Shared Private Key, Root CA

An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle MiTM attacks, HTTPS spoofing and intercept, researchers warned Monday. First released in 1995, the internet filtering service is primarily used by parents to control their children’s online...

Crypto 'Front Door' Debate Likely to Go On For Years

SAN FRANCISCO–Encryption is the hot new topic in security at the moment, as it has been any number of times in the last few decades. And, as in the past, the notions of key escrow, mandated legal access to encrypted systems and other ideas for helping governments defeat cryptosystems have followe...

Naval Academy Cadets Win NSA Hacking Contest

Midshipmen from the United States Naval Academy in have won the National Security Agency’s Cyber Defense Exercise CDX for the third time. Between April 13 and 17, the CDX pits the U.S. Naval, Air Force, Coast Guard, Merchant Marine and Military Academy and the Royal Military College of Canada...

Jeremiah Grossman on Adapting to a Changing Market

Dennis Fisher talks with Jeremiah Grossman of WhiteHat Security about his RSA Conference talk on the coming change in the security industry regarding guarantees, security insurance and how it will all affect customers. Download: digitalunderground197.mp3 Music by Chris Gonsalves...

Magento Patched Remote Execution Hole in eCommerce Platform

A nasty remote code execution vulnerability was recently patched in eBay’s eCommerce platform Magento. The hole, disclosed Monday, could put upwards to 200,000 company’s web stores, and their customers’ information at risk of being compromised. If exploited, researchers claim the vulnerability...

Previewing RSA 2015 with Brian Donohue

Dennis Fisher talks with Brian Donohue in advance of Brian’s first visit to the RSA Conference this week. They discuss what to expect in terms of the content, the chaos and the suit-to-civilian ratio at the show. Download: digitalunderground196.mp3 Music by Chris Gonsalves...

Google Moving Toward Encrypted Ad Services

Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well...

Dennis Fisher and Mike Mimoso Discuss the Windows HTTP.sys Vulnerability and More

Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google’s decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia. Download: digitalunderground195.mp3 Music by Chris Gonsalves...

Active DoS Exploits for MS15-034 Under Way

UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop. In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack,...

Ransomware Teslacrypt Still Targeting Gamers

Teslacrypt, the fairly new strain of ransomware that’s been targeting gamers, is continuing to make the rounds online. Researchers have spotted exploit kits like Sweet Orange and Angler dropping the malware on machines over the past few months. This week, Brad Duncan, a handler over at the SANS...

Virginia Voting Machines Exposed to Low-Level, Election Altering Hacks Since 2004

The Virginia Information Technologies Agency VITA is calling on the board of elections in that commonwealth to immediately discontinue use of its electronic voting devices after an examination revealed the systems lack strong credentials and encryption and are utterly vulnerable to vote...

Google Shuts Off NPAPI in Chrome

With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default. The decision didn’t come out of...

Dropbox Launches Bounty Program on HackerOne

Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including th...

Oracle Patch Update Delivers 98 Fixes

Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few. One of the most pressing issues the update resolves is...

Report Recommends Series of Cybersecurity Changes at FAA

The Federal Aviation Administration needs to upgrade and update its information security capabilities–including building a threat-modeling capability and implementing federal security guidelines–in order to ensure the safety of the nation’s aviation infrastructure, according to a new report by th...

SearchBlox Fixes XSS, File Upload Flaws

SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of t...

AirDroid Web Application Hijacking Vulnerability Patched

AirDroid has patched an authentication flaw in its web application that could allow an attacker to remotely control and manipulate a victim’s Android device. AirDroid, which is similar to Apple’s native iMessage app, allows a user to send SMS messages, make calls, add contacts and more via a...

Apple Fixes Cookie Access Vulnerability in Safari on Billions of Devices

When Apple pushed out its most recent round of patches last week it fixed a cookie vulnerability that existed in all versions of Safari, including those that run on iOS, OS X, and Windows. According to researchers who dug it up, the number of affected devices may total one billion. The issue –...

April 2015 Microsoft Patch Tuesday Security Bulletins

Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it’s inevitably publicly exploited. The bulletin, MS15-034, is one of four critical bulletins issued today by Microsoft. Experts warn that exploitin...

Dell Threat Report Claims 100 Percent Increase in SCADA Attacks

In 2014, there were increases in malware designed to target retail point-of-sale systems and attack supervisory control and data acquisition SCADA systems, according to Dell’s annual threat report. The report pdf was released, interestingly enough, just one day before Verizon’s industry standard...

Google Fixes Dozens of Bugs in Chrome 42

Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous...

2015 Verizon Data Breach Investigations Report DBIR

The 2015 Verizon Data Breach Investigations Report DBIR did some mythbusting on two fronts: the estimated cost per record lost in a breach is much lower than reported elsewhere; and mobile malware is a no-go. The DBIR is Verizon’s annual data dump collected from breaches it has investigated, alon...

DigiCert Offers Continuous Monitoring of Digital Certificates to Defeat Fraud

It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and...

US-CERT Warns of Issues With DNS Zone Transfer Requests

The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers...

Zero-Day Market Economics Favor Incentives for Defensive Tools

There’s a security truism that goes something like this: Defenders must protect all machines against all vulnerabilities, while attackers need only to find one way on to a system or network. It’s a nearly unwinnable game for those in charge of defending corporate networks and securing web-based...

As Ransomware Attacks Evolve, More Potential Victims Are at Risk

In early December, as most people were dealing with the stress of looking for the perfect holiday gifts and planning out their upcoming celebrations, police officers in a small New England town were under a different sort of pressure. The vital files and data the Tewksbury Police Department neede...

Cybersecurity Vulnerabilities Identified in Banking Vendors

In hopes of bolstering security, banks in New York over the next several weeks want to enact new regulations for any third party vendors they do business with. A report released last week pointed out that one in three N.Y. banks don’t require their vendors to notify them in the event they...

New SMB Flaw Affects All Versions of Windows

There is a serious vulnerability in all supported versions of Windows that can allow an attacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. The bug is related to the way that Windows and other software handles some HTTP request...

Darwin Nuke Vulnerability Details in OS X, iOS Disclosed

Since Apple released a monster batch of patches for OS X and iOS last week, details on a number of the vulnerabilities that were addressed have been made public. The latest concerns a kernel vulnerability in the Darwin operating system, an open-source OS developed and used by Apple in its desktop...

Coordinated Takedown Puts End to Simda Botnet

The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies. Fourteen command and...

Podcast: Apple Patches, John Olver, Ed Snowden and More

Dennis Fisher and Mike Mimoso discuss the big Apple news from the week, Cisco and L3 crushing some SSH attacks, the great John Oliver interview of Edward Snowden and the dwindling days before RSA. Download: digitalunderground194.mp3 Music by Chris Gonsalves...