Github Attack Perpetrated by China's Great Cannon Traffic Injection Tool

Chinese attackers used the Great Firewall’s offensive sister-system, named the Great Cannon, to launch a recent series of distributed denial of service attacks targeting the anti-censorship site, GreatFire.org, and the code repository, Github, which was hosting content from the former. The first...

Apple Mac OS X Rootpipe Hidden Backdoor API Patch

UPDATE: Apple patched the so-called Rootpipe backdoor in OS X, but only in current versions of Yosemite. According to the researcher who found the vulnerability, Apple told him that it would not backport the fix to 10.9.x and older. The vulnerability, located in the OS X Admin framework, was...

Beebone Botnet Takedown Carried Out

A relatively small yet troublesome botnet has been shut down in a joint operation between U.S. and European law enforcement and a number of private security companies, including Kaspersky Lab. The takedown of Beebone was carried out on Wednesday by the FBI, the Department of Homeland Security,...

Group Behind SSH Brute Force Attacks Slowed Down

A criminal group whose actions have at times been responsible for one-third of the Internet’s SSH traffic—most of it in the form of SSH brute force attacks—has been cut off from a portion of the Internet. While not a botnet takedown in the traditional sense, networking providers Level 3...

Apple Fixes Proxy Manipulation Vulnerability in iOS 8.3

If left unpatched, one of the vulnerabilities fixed in this week’s iOS update could render an iPhone near useless. If triggered, it could cause networking apps to quit, the system to grind to a halt. In some cases, the device wouldn’t even be able to be rebooted. The vulnerability, nicknamed...

Apple Yosemite 10.10.3 OS Security Patches

Apple on Wednesday released close to 80 security updates for OS X, including remote code execution vulnerabilities in a dozen components that were patched in Yosemite 10.10.3. The OS X update was released the same day as an extensive update in iOS 8.3 that patched three dozen code execution and...

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...

Apple iOS 8.3 Includes Long List of Security Fixes

Apple has released iOS 8.3, a major security upgrade for iPhone and iPad users that includes patches for more than three dozen vulnerabilities. The new version of iOS has security fixes for several vulnerabilities in the mobile operating system’s kernel, a handful of code-execution bugs and a lon...

New Coalition Launches Fight Against Patriot Act Section 215

A broad group of civil-rights, technology and political groups from across the spectrum has developed a new initiative to advocate for the repeal of Section 215 of the USA PATRIOT Act, the part that provides the authority for the bulk collection of phone metadata and other information. The new...

NTP Symmetric Key Authentication Security Vulnerabilities Patched

NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed. The Department of Homeland Security and CERT at the Software...

New Evasion Techniques Help AlienSpy RAT Spread Citadel Malware

Hackers have co-opted AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations. AlienSpy is a descendent of the Adwind, Unrecom and Frutas Java-based remote access Trojans, according to security company...

WordPress WP Super Cache Plugin Security Vulnerability Patch

A persistent cross-site scripting XSS vulnerability exists in some versions of a popular WordPress caching engine plugin. The issue – since fixed – exposes vulnerable sites to takeover. From there, attackers could inject malicious scripts, backdoors and so forth. The plugin, WP Super Cache, has...

White House Executive Order Declares Cyber National Emergency

U.S. President Barack Obama last week issued an Executive Order declaring a national emergency and deputizing the Treasury Secretary and Attorney General to apply sanctions and other consequences for international actors deemed to have engaged in “cyber-enabled activities” detrimental to U.S...

FBI Warns of Phony Sites Offering Government Services

Consumers looking for a replacement Social Security card or government-issued Employer Identification Number EIN are running into a slew of fraudulent search engine results and equally phony websites. The FBI’s Internet Crime Complaint Center today issued an advisory warning that consumer and...

Vulnerability Forces Mozilla to Disable Opportunistic Encryption in Firefox

Less than a week after introducing the new opportunistic encryption feature in Firefox, Mozilla has had to disable it because of a security vulnerability in the browser’s implementation of the HTTP Alternative Services specification. The bug puts a kink in the new feature, which was designed to...

TrueCrypt alternatives VeraCrypt CipherShed Step Up

TrueCrypt’s relative clean bill of health last week has now spawned a new focus on existing alternatives to the open source encryption software, namely VeraCrypt and CipherShed. Both open source projects sprung forth from the rubble of the original TrueCrypt developers’ decision in 2014 to abando...

Linux Australia Breached by Hackers

Linux Australia, a consortium in charge of organizing Linux conferences Down Under, acknowledged over the weekend it was breached by attackers who were able to secure access to one of its servers, and with it, potential user information. In a detailed email to users on Saturday, the group’s...

Snapchat Publishes First Transparency Report

Snapchat has released its first transparency report, covering a four-month period from November through February, and the data shows that the company didn’t receive any National Security Letters and got fewer than 400 total requests for data from the United States government. Snapchat, a Californ...

.SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites

Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites. Several hundred WordPress and Joomla websites have been swept up in the campaign, first observed by researchers at the firm Sucuri last November. “Though it’s uncertain how many...

VMware Fixes Java Information Disclosure Vulnerability

Virtual Machine maker VMware has updated a slew of its offerings in order to address a critical information disclosure vulnerability in the Oracle’s Java runtime environment JRE. The update essentially installs the latest version of JRE into VMware systems where the old version of JRE was affecte...

IBM Outs Dyre Wolf Campaign Steals $1 Million

The Dyre banking Trojan‘s ascension to the top of the financial malware food chain took a massive leap forward in the first three months of 2015. Already spreading a damaging piece of malware that targets corporate bank accounts, the Eastern European keepers of Dyre recently upped their social...

Dennis Fisher and Mike Mimoso Discuss the CNNIC Issue, Malvertising and Verizon's Supercookie News

Dennis Fisher and Mike Mimoso talk about Google’s decision to drop Chinese CA CNNIC from Chrome’s trust store, the scope of the malvertising threat and Verizon’s super cookie use. Download: digitalunderground193.mp3 Music by Chris Gonsalves...

TrueCrypt Audit Cryptanalysis Finds No Backdoors

The results are in from the cryptanalysis phase of the TrueCrypt audit, and they show—nothing. Well, maybe not “nothing,” but certainly no signs of a deliberate backdoor from the NSA or any government entity, fears of which date back to the autumn of 2013, post-Snowden, and ignited talk to have t...

Google Report Lauds Android Security Enhancements

Google has put some hard numbers behind the effectiveness of the security enhancements it has dropped into Android in the past year, and results show that things such as SE Linux SE Android, Verify Apps and Safety Net have cut down on successful attacks against the Android operating system,...

Google Awards $5k Bounty for Youtube Video Delete Bug

Student and security researcher Kamil Hismatullin recently took Google up on its vulnerability research grant offer, accepting a $1337 cash advance in exchange for a promise to seek out cross-site scripting and cross-site request forgery bugs in YouTube’s Creator Studio. While conducting that...

Google Drops Trust in Chinese CA CNNIC

UPDATE–Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused. Mozilla followed suit on Thursday, also removing CNNIC from its trust store. Google officia...

Little Change in Online Behavior Following Snowden Revelations

Some 30 percent of American adults say they have altered their digital behavior in the wake of Edward Snowden’s NSA spying revelations in order to hide information from the government. In Spring 2013, Snowden, a then NSA contractor working for Booz Allen Hamilton, remotely accessed the NSA’s Ft...

Students Built Open Source Web-Based Threat Modeling Tool

Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they’re put into production. Some software development lifecycles, however, don’t include threat modeling as part of the code-building process because they’v...

Critical Vulnerabilities Affecting JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token JWT libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Tim McLean, a Canadian security researcher who specializes in cryptography and dug up the issues, points out that attackers...

Verizon Allows Opt Out of UIDH Mobile Supercookie

Verizon Wireless has made a change that now allows customers to opt out of the ad-targeting program that relies on the so-called supercookie identifier that was inserted into Web requests users send. The use of the identifier, known as a UIDH, drew the ire of privacy advocates and users when it w...

Multicast DNS Vulnerability Could Lead to DDOS Amplification

The Department of Homeland Security sponsored CERT at Carnegie Mellon University on Tuesday released an advisory warning infrastructure providers of a vulnerability in Multicast DNS, or mDNS, that could leak device information that could be leveraged in high volume DDoS amplification attacks. “I...

Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37

Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some for...

Satellite-Based Monitoring Constitutes a Fourth Amendment Search

The Supreme Court has weighed in on a series of lower court decisions, issuing a summary opinion that satellite-based monitoring is in fact a Fourth Amendment search. What remains to be decided is whether GPS-based tracking constitutes an unreasonable search and is thus a violation of the Fourth...

Google to Publish Research on Browser Ad Injectors

Google is preparing to release new research on the prevalence of ad injectors, the often-unwanted browser extensions that inject ads onto Web pages, and the numbers will show just how widespread and problematic the software is. Ad injectors belong to that great, amorphous pile of applications tha...

MongoDB Patches Remote Denial-of-Service Vulnerability

MongoDB, a popular NoSQL database used in big data and heavy analytics environments, has patched a serious denial-of-service vulnerability that is remotely exploitable. Companies using the default installation of MongoDB, which does not require authentication to access the database, are urged to...

DDoS Attack on GitHub Linked to Earlier One Against GreatFire.org

The ongoing DDoS attack on GitHub, which has made the social coding site intermittently unresponsive since March 25, is essentially a side effect of an older operation from the Chinese government against a site run by the anti-censorship project GreatFire.org. Officials at GreatFire said that the...

Volatile Cedar APT Group First Operating Out of Lebanon

An APT group with its sights on selective targets, most of those in Israel, has been using an elusive malware implant to steal data from groups with state and political interests. The gang, called Volatile Cedar by researchers at Check Point Software Systems, has been working since 2012 and could...

British Airways Suspends Accounts Following Apparent Breach

British Airways, one of the U.K’s biggest airlines, suspended users’ frequent flier accounts this weekend after an apparent breach recently hit the company. It’s unclear exactly how many fliers were implicated by what British Airways is calling “unauthorized activity” on its Executive Club...

eBay Fixes File Upload and Patch Disclosure Bugs

eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page t...

Hackers Selling Uber Credentials on Underground Market

The alternative taxi service Uber denies insinuations that its systems were breached following reports claiming that underground forums are offering Uber user-credentials for as little as $1. First reported by Vice Magazine’s Motherboard spinoff, the information for sale also includes names, the...

DDoS Attack Against GitHub Continues After More Than Four Days

More than four days after it began, the massive DDoS attack on GitHub is still ongoing. The attack has evolved significantly since it started and GitHub officials said they believe that the goal of the operation is to force the site to remove some specific content. In the evening hours of March 2...

Malvertising Abuses Real-Time Bidding on Ad Networks

Dark corners of the Internet harbor trouble. They’re supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That’s the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some target...

iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle MiTM attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild f...

Slack Discloses Breach of its User Profile Database

Enterprise and small business collaboration provider Slack today disclosed that a database storing user profile information has been compromised. The company said in a notice posted on its site that the unauthorized access has been blocked, and that it has implemented two-factor authentication...

FBI Pleads For Crypto Subversion in Congressional Budget Hearing

In a House Appropriations subcommittee hearing this morning on the FBI budget for the upcoming fiscal year, FBI Director James Comey was again critical of new encryption features from Apple and Google that he claims would make it impossible for law enforcement to access the contents of mobile...

GitHub Hit With DDoS Attack

A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site. The attack appears to have begun around 2 AM UTC on Friday and has been going...

Dennis Fisher and Mike Mimoso on the Android App-Replacement Vulnerability, Windows Privilege Escalation and More

Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts. Download: digitalunderground192.mp3 Music by Chris Gonsalves...

Schneider Electric Patches Easily Exploitable Bugs in HMI Products

There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code. The bugs lie in Schneider’s InduSoft Web Studio and InTouch Machine Edition products, both of which are...

AntLabs InnGate security vulnerability patch

ANTLabs today is expected to roll out patches for a vulnerability in its InnGate Internet gateways that are popular in hospitality and convention locations. The gateways provide temporary Internet access to hotel guests or conference attendees using kiosks, for example. The vulnerability...

M.I.T. Researchers Debut Integer Overflow Debugger

Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems. Researchers from the school’s Computer Science and Artificial...