Dennis Fisher and Mike Mimoso Discuss the Anthem Breach, Flash Zero Days and More

Dennis Fisher and Mike Mimoso discuss the Anthem data breach, the continuing Flash 0-day happy fun times, the expansion of exploit kits and the crowd funding support for GnuPG. Music by Chris Gonsalves Download: digitalunderground183.mp3...

Cheezburgers, Warrant Canaries and Cat Memes

Surveillance, privacy and security are serious subjects. So too, for some people, are cat memes and GIFs of screaming goats. And Cheezburger Inc., the premier purveyor of said memes and GIFs, wants its users to know that the company is standing up for their rights. The folks at Cheezburger have...

Security, Tech Communities Rally to Support GnuPG

The last year has seen a big swing in the support from the technology community for open-source security tools, many of which are maintained by tiny staffs or volunteers. OpenSSL last year received a large chunk of funding from the Core Infrastructure Initiative, and now it’s GnuPG’s turn. After ...

Zero Day in WordPress Plugin FancyBox Patched

Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added via an iFrame to infected sites. Despite not having been updated in over two years, Jose Pardilla, the author of FancyBox, insisted early Thursday that he had fixed the flaw wi...

IE Memory Attacks Net ZDI $125,000 Microsoft Bounty

When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser. A team of experts from HP’s Zero Day Initiative were among those w...

Hanjuan Exploit Kit, Malvertising Dangers in Flash Zero Days

The recent trio of Flash zero days has not only caused a lot of scrambling at Adobe—which yesterday released a patch for the last in that line of vulnerabilities—but also shined light on a fairly unknown exploit kit, exposed the evolving danger associated with malvertising, and made clear the pai...

Anthem Data Breach Could Affect Millions of Consumers

Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers. The company says it is not sure yet...

Adobe Begins Patching Third Flash Player Zero Day

Adobe announced today that it will begin distributing a patch for the third and most recent zero-day vulnerability in Flash Player. Version 16.0.0.305 will be distributed to users who have enabled auto-update. Adobe said it expects to have a manual update available tomorrow. “We are working with...

U.S. Officials Say Chinese Cyberespionage 'Needs to Stop'

The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country’s continued cyberespionage operations are damaging the two countries’ relationship. In a piece co-authored ...

XSS Vulnerability in IE Could Lead to Phishing Attacks

Microsoft is aware of a recently disclosed bug in its latest browser, Internet Explorer 11, and is developing a patch for the issue. The vulnerability, a universal cross-site scripting XSS bug, could be exploited to steal information or inject code into domains on the browser on Windows 7 and 8.1...

Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs

There are a number of serious vulnerabilities in the Siemens Ruggedcom WIN switches, including a remotely exploitable buffer overflow and a flaw that could allow an attacker to take actions on the device without authentication. The vulnerabilities affect several models of the Ruggedcom WIN...

Third Adobe Flash 0Day Under Attack in HanJuan Exploit Kit

The little-known HanJuan exploit kit is delivering attacks targeting the most recent Adobe Flash Player zero-day vulnerability. Adobe has yet to produce a patch for the flaw, which researchers at Trustwave said is a use-after-free vulnerability. The flaw is the third to hit Flash in the last two...

Google Trades Technicality for Brevity with New SSL Warning

Many users do not understand, let-alone listen to, browser-based SSL warnings. Google wants to change that and its newest browser warnings are based on years of interdisciplinary research about how human beings respond to warning signs. “Dissidents, drug dealers, and diplomats have one thing in...

1,800 Domains Overtaken by Flash Zero Day

When the Blackhole exploit kit went away after the arrest of its alleged creator and maintainer Paunch, there were questions about which kit would rise up as its successor. It seems that the Angler exploit kit has ascended to the throne. The most definitive evidence seems to be the constant...

White House Creates Cyber Governance Unit Within OMB

With the framework explained for a number of government cybersecurity-related initiatives, now it’s time to talk money. The White House anted up strong in 2015 with proposals for a new data breach notification standard, as well as plans to facilitate information-sharing between the public and...

New Strain of Banking Trojan Targets Android, Steals SMS

A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds. Researchers at zScaler spotted the as yet unnamed Trojan circulating as 888.apk. Like many types of malware that came before it, at least for the moment, the...

New Wave of CTB-Locker/Critroni Ransomware Hitting Victims

There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ransomware family, a kind of malware that encrypts victims’ hard...

Canary Watch Site Launches to Track Warrant Canaries

In the years since Edward Snowden began putting much of the NSA‘s business in the street, including its reliance on the secret FISA court and National security Letters, warrant canaries have emerged as a key method for ISPs, telecoms and other technology providers to let the public know whether...

WebRTC Found Leaking Local IP Addresses

A recently publicized hole in WebRTC, a protocol for web communication, is revealing the local IP addresses of users, even those who go to extra lengths to hide theirs by using a virtual private network. Daniel Roesler, a San Francisco-based researcher who’s dabbled in encryption, posted a...

Google Offers Bug Bounty Vulnerability Research Grants

Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting. Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said. “Researchers’...

DNS Hijack Flaw Found in D-Link Router

D-Link’s popular DSL2740R wireless router is vulnerable to domain name system DNS hijacking exploits that requiring no authentication to access its administrative interface. According to Todor Donev of the Bulgarian security firm Ethical Hacker, a number of other D-Link routers are affected by th...

Pro-Syria Cyberespionage Campaign Uses Social Engineering

It’s a tried-and-true plotline for many a corny movie: the lonely soldier on the front lines falling for a girl who turns out to be the enemy. If you apply a 2015 reality to that scenario, you have the lonely soldier Skyping with an alluring woman who turns out to be an enemy hacker dropping cust...

Another Flash Zero Day Emerges

For the third time in the last couple of weeks, Adobe is dealing with a zero day vulnerability in Flash. The company is working on a patch for another Flash bug that is being exploited in drive-by download attacks. Adobe officials released an advisory Monday warning users that attackers are...

Facebook Malware infects 110k Users with Pornographic Bait

UPDATE: This story has been updated to include commentary from Facebook. A Trojan is making its way around the world’s most populous social network, infecting some 110,000 Facebook users in just two days. The malware spreads itself by posting links to a pornographic video from the account of...

Dennis Fisher and Mike Mimoso Discuss the Ghost Vulnerability, the Regin/NSA Correlation and More

Dennis Fisher and Mike Mimoso discuss the Ghost glibc vulnerability and its repercussions, the Apple iOS and OSX patches, the link between the Regin APT platform and the NSA. Plus Super Bowl predictions! Music by Chris Gonsalves Download: digitalunderground182.mp3...

Army Research Lab Releases Dshell Forensics Framework

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The...

Reddit Publishes its First Transparency Report

Reddit on Thursday published its first transparency report, joining the litany of technology and online service providers who have already shed light on their privacy practices, and the extent to which governments makes requests for user information. Reddit thrives on user-submitted content...

PHP Applications, WordPress Vulnerable to Ghost glibc Bug

Less than 48 hours after the disclosure of the Ghost vulnerability in the GNU C library glibc, researchers have uncovered that PHP applications, including the WordPress content management system, could be another weak spot and eventually in the crosshairs of attackers. Ghost is a vulnerability in...

ZeroAccess Returns, Resumes Click-Fraud Activity

Long thought dead, the peer-to-peer P2P ZeroAccess botnet has resurfaced, and as of just a few weeks ago, has returned to propagating click-fraud scams. Researchers with Dell’s SecureWorks revealed Wednesday that they witnessed the botnet restart itself from March 21 to July 2, 2014 and that...

Microsoft Publishes Information Sharing Framework

Microsoft earlier this week published a 25-page framework offering guidance on how to effectively share information and what kinds of information need to be shared in order to reduce overall risk. Information sharing has been an oft-repeated refrain in security and policy-making circles for the...

Schneider Electric Patches Buffer Overflow in ICS Products

There is a remotely exploitable buffer overflow in a handful of software products from Schneider Electric that could allow an attacker to execute arbitrary code on vulnerable machines. The vulnerability lies in a DLL that’s installed with a Device Type Manager that is part of several Schneider...

GitHub Doubles Maximum Bug Bounty Payouts

Almost a year to the day since Github announced its bug bounty program, the Git repository said yesterday that it will double its maximum payout to $10,000. Ben Toews, a GitHub staffer, said yesterday that since the launch of the GitHub Security Bug Bounty, 73 previously unknown vulnerabilities...

FCC Warns Businesses WiFi Blocking is Illegal

In the wake of a recent enforcement action against Marriott for blocking guests’ WiFi hotspots in their hotels, the FCC is warning other hotel operators and business owners that such blocking is illegal and the commission’s Enforcement Bureau is taking note. Marriott last year paid a fine of...

Ghost glibc Vulnerability Patching and Exploits

There are some silver linings in the wake of yesterday’s disclosure of the Ghost vulnerability in the Gnu C library, glibc, which affects all Linux systems and seemed to harken yet another Internet-wide vulnerability. First, the 15-year-old bug isn’t the showstopper that the Shellshock...

FBI: Business Email Compromise Scams Steal $214m in 2014

The FBI’s Internet Crime Complaint Center IC3 is sounding the alarm on a type of fraud they are calling business email compromise BEC scams. The scheme, formerly known as a man-in-the-email attack, comes in three distinct flavors, each of which is ultimately designed to dupe corporate employees o...

FreeBSD Patches Kernel Bugs

Developers behind the operating system FreeBSD patched a handful of vulnerabilities in its kernel code yesterday that could have enabled an attacker to crash the system, execute arbitrary code, or disclose sensitive kernel memory. FreeBSD patched the bugs fairly quickly. Francisco Falcon, a membe...

Memory Corruption Bug Patched in Blackphone Silent Text App

Blackphone and Silent Circle have patched a serious vulnerability in Silent Text, the messaging application bundled with the smartphone that’s marketed as secure and surveillance resistant. Mark Dowd, a prominent security researcher and founder of Azimuth Security, on Tuesday disclosed details of...

Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS

Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a...

NFL Mobile App Leaks Unencrypted Credentials

Update – As if the National Football League doesn’t have enough to worry about during Super Bowl week with deflated footballs and cheating allegations marring its most important event, a security firm has found a glaring vulnerability in its mobile application. Just in time for the big game, NFL...

House Takes First Steps on Federal Data Breach Law

The House Subcommittee on Commerce, Manufacturing and Trade today held its first hearing of the 114th Congress in order to begin work on developing federal data breach legislation. Pre-hearing memos suggested that any data breach notification law would be primarily concerned with protecting...

GHOST glibc Linux Remote Code Execution Vulnerability

A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines. The issue stems from a heap-based buffer overflow found in the nsshostnamedigitsdots...

Venafi to Launch Certificate Transparency Log

Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by...

Analysis of Flash Zero Day Shows Layers of Obfuscation

The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit,...

Connection Disclosed Between Regin, Five Eyes Malware Platform

Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by...

Thunderstrike Patch Slated for Inclusion in New OS X Build

In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue. All of the vulnerabilities have reportedly been fixed in...

Android Wi-Fi Direct Vulnerability Disclosed

Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today. The issue was reported to the Android security team on Sept. 26 and in subsequent communication between the two...

Google Engineer Explains Company's Decision Not to Patch Bug in Older Android Versions

Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company’s reasoning, saying that...

Adobe Auto-Update Flash Player Zero Day Patch

Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...

Marriott Fixes Simple Bug in Web Service That Could Explose Customer Data

Customer payment information and other data was made vulnerable by a flaw in the Marriott Web service used by the Android app as well as the Web site, a security researcher found. The vulnerability is the result of Marriott’s system failing to use any kind of authentication on requests, meaning...

Siemens Fixes Redirect Vulnerability in SIMATIC PLC

Siemens has patched a web vulnerability in its SIMATIC PLC family of products that could have led unsuspecting users to malicious sites. According to an advisory on the Industrial Control Systems Cyber Emergency Response Team‘s ICS-CERT site Thursday, the bug was an open redirect vulnerability th...