15946 matches found
Dave Aitel on the Sony Hack
Dennis Fisher talks with Dave Aitel of Immunity about the Sony hack, who he believes is responsible for it, what the consequences are and what the attack could mean for the way the U.S. government and private companies think about security in the future. Download: digitalunderground175.mp3 Music ...
Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and...
USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that...
Misfortune Cookie Home Router Vulnerability Discovered
More than 12 million devices running an embedded webserver called RomPager are vulnerable to a simple attack that could give a hacker man-in-the-middle position on traffic going to and from home routers from just about every leading manufacturer. Mostly ISP-owned residential gateways manufactured...
Critical Remotely Exploitable Bugs Found in Schneider Electric ProClima Software
There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities. The ProClima application is a utility that customers use to design control panel enclosures in industrial...
Ryan Olson on the CoolReaper Backdoor
Dennis Fisher talks with Ryan Olson of Palo Alto Networks about their discovery and analysis of the CoolReaper backdoor on some Coolpad Android devices sold in China. Download: digitalunderground174.mp3 Music by Chris Gonsalves...
US Government: North Korea Behind Sony Hack
The United States government is expected to attribute the damaging and embarrassing hack of Sony Pictures Entertainment to the government of North Korea. Various mainstream media outlets quoting anonymous government sources said North Korea is “centrally involved” in the attack, which NBC News sa...
Attackers Compromise ICANN, Zone Files System
Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN...
Google Releases End-To-End Chrome Extension to Open Source
Google yesterday announced that it has released the source code for its End-to-End extension for Chrome to open source via GitHub. End-to-End enables Gmail users to encrypt, sign and verify email messages within the Chrome browser, using OpenPGP. “We’ve always believed strongly that End-To-End mu...
CoolReaper Backdoor Found On CoolPad Android Mobile Devices
A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent. The Coolpad devices, however, are ripe for much more malicious abuse,...
Google Adds Content Security Policy Support to Gmail
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s bee...
Sony Warns Employees Health Information May Have Been Compromised
Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November. The letter, which...
Prices Rising at Illegal Underground Hacking Markets
Underground hacker markets are peddling complete kits to create new identities, elevating in-person fraud scams a tier closer to credit card theft and fraud. Researchers at Dell SecureWorks released an update to 2013 research on black hat markets, noticing a number of noteworthy trends beyond the...
Two Cisco Products Vulnerable to POODLE Attack on TLS
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who...
Google Blacklists Sites Peddling SoakSoak Malware
UPDATE Google blacklisted more than 10,000 different websites over the weekend that it spotted doling out SoakSoak malware, but experts claim the number of impacted sites may ultimately be ten times that figure. Up to 100,000 sites hosted on WordPress may be vulnerable to a campaign known as...
Mike Mimoso and Dennis FIsher Discuss the Sony Breach
Dennis Fisher and Mike Mimoso talk about the details of the Sony breach, including the question of attribution, Sony’s response to the attack, media outlets publishing the stolen data and the rise of destructive malware attacks. Download: digitalunderground174.mp3 Music by Chris Gonsalves...
Google Proposes Marking 'HTTP' as Insecure in 2015
The Chromium security team is devising a plan to explicitly and actively inform users that ‘HTTP’ connections provide no data security protections. Google’s grand vision is that some day, HTTPS will become so widespread and commonplace that secure connections can be unmarked in the way that HTTP...
Shellshock Worm Exploits Bash in QNAP NAS Devices
A worm exploiting network attached storage devices vulnerable to the Bash flaw is scanning the Internet for more victims. The worm opens a backdoor on QNAP devices, but to date it appears the attackers are using the exploit to run a click-fraud scam, in addition to maintaining persistence on owne...
Honeywell PoS Software Vulnerable to Stack Buffer Overflows
There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale packag...
Android Malware Installs Pirated Assassin's Creed App
A pirated version of the Assassin’s Creed application for Android is bundled with malware according to the security-as-as-service from Zscaler. Assassin’s Creed is a popular, open-world series of adventure games available in various iterations on the XBOX, PlayStation, PC and other gaming...
Upatre Downloader Spreading Dyreza Banking Trojan
The Upatre downloader is the vehicle that has driven numerous banking Trojan and ransomware attacks to the front door of countless victims at great cost. Microsoft on Thursday warned of a wire-transfer spam campaign that it’s spotted that is spreading Upatre and eventually loading the dangerous...
Custom Websites Running HD FLV Player Plugin Vulnerable
Content management system providers Joomla and WordPress have patched a critical vulnerability in the HD FLV Player, but custom websites running the Flash video player are still vulnerable. Researchers at Sucuri disclosed this week that a separate security issue can be abused to send spam and has...
Lax Crossdomain Policy Puts Yahoo Mail At Risk
Yahoo has made strides in battening down its security in the last 12 months, most publicly with its decision to enable end-to-end encryption for its email service, turn on SSL by default, and encrypt links between its data centers. There are still some darkened corners of its infrastructure,...
Microsoft Recalls Patch Tuesday Exchange Update
Microsoft today announced the recall of a security patch for Exchange Server published on Tuesday that was originally slated for release in the November edition of its monthly Patch Tuesday releases. This is the second straight month that Microsoft has had to pull a security bulletin after...
Black Energy Malware May Be Exploiting Patched WinCC Flaw
Experts at ICS-CERT say that the BlackEnergy malware that has been seen infecting human-machine interface systems may be exploiting a recently patched vulnerability in the Siemens SIMATIC WinCC software in order to compromise some systems. The ICS-CERT originally issued an alert about the attacks...
Mozilla to Support Certificate Transparency in Firefox
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first. Certificate Transparency is a proposal from engineers at Google that would help resolve some of the issues with...
IE Removes SSL 3.0 Fallback Used in POODLE Attacks
Yesterday’s Internet Explorer security bulletin, in addition to patching 14 vulnerabilities, also affords Windows admins the ability to disable SSL 3.0 in IE 11 for Protected Mode sites. Doing so eliminates exposure to POODLE SSL attacks. Microsoft said the change is off by default for now, but...
Potential Security Concerns in Comcast Hotspot Class-Action
Cable and Internet service conglomerate Comcast is facing a class-action lawsuit stemming from its use of customer routers as personal home Wi-Fi networks as well as public-facing wireless hotspots available for other Comcast-Xfinity customers. Toyer Grear and Jocelyn Harris, themselves and on...
Some Recursive DNS Implementations Patch DoS Vulnerability
UPDATE: Some domain name system DNS server implementations are at risk for denial-of-service attacks after a vulnerability was disclosed and patched in a few popular server packages, including BIND, OpenDNS, PowerDNS and NLnetLabs. According to an advisory from DHS and the CERT Coordination Cente...
Red October Attackers Return With CloudAtlas APT Campaign
The attackers behind the Red October APT campaign that was exposed nearly two years ago have resurfaced with a new campaign that is targeting some of the same victims and using similarly constructed tools and spear phishing emails. Red October emerged in January 2013 and researchers found that th...
CHARGE Anywhere Breached, Plain Text Data Accessed
CHARGE Anywhere, a New Jersey-based developer of payment gateway and mobile payment applications, on Tuesday disclosed that it had been breached and that hackers had access to transactions leaving its network, perhaps going back as far as 2009. Most of the traffic was encrypted, the company said ...
Yahoo Plans to Disclose All New Bugs It Finds Within 90 Days
Yahoo officials say that the company will disclose any new vulnerabilities that the company’s security team finds within 90 days of discovery. The new policy is the same one used by Google’s Project Zero, a team of researchers that looks for vulnerabilities in a variety of commonly used software...
New Version of Destover Malware Signed by Stolen Sony Certificate
Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover...
December 2014 Microsoft Patch Tuesday Security Bulletins
Microsoft exits 2014 the way it came in to the year, with a relatively quiet set of Patch Tuesday security bulletins. As promised last week, Microsoft released seven bulletins today, three of them rated critical, meaning the chance of exploit and remote code execution is high. Microsoft also...
Yik Yak Patches Privacy Flaw in iOS App
Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone’s account. Yik Yak’s security team was apparently...
December 2014 Adobe Flash, Reader, Acrobat, ColdFusion Patch
As expected, Adobe today patched a vulnerability in Adobe Reader disclosed last week by Google’s Project Zero. What was unexpected was a Flash Player update that includes a patch for a vulnerability being exploited in the wild, Adobe said. Adobe had announced last Thursday in its pre-notification...
Linux Modules Connected to Turla APT Attacks Discovered
The Turla APT campaigns have a broader reach than initially anticipated after the recent discovery of two modules built to infect servers running Linux. Until now, every Turla sample in captivity was designed for either 32- or 64-bit Windows systems, but researchers at Kaspersky Lab have discover...
Researchers Say POODLE Attack Affects Some TLS Implementations
The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looki...
VMware Releases Patches for XSS, Cert. Validation Issue
VMware released a handful of patches late last week to fix several vulnerabilities, including a nasty cross-site scripting issue in one of its server virtualization platforms. The vulnerabilities lie in VMware’s vCenter Server Appliance vCSA – a module for VMware’s vCenter Server. The main bug, a...
FISC Approves 90-Day Extension of Section 215 Surveillance Authority
The secret Foreign Intelligence Surveillance Court has authorized a 90-day extension to the Section 215 bulk telephone collection program used by the National Security Agency, giving the agency through the end of February to run the program in the absence of legislation establishing a new...
Several Vulnerabilities Found in Google App Engine
A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox. The researchers at Security Explorations say that they have found more than 30 vulnerabilities in the App Engine...
Court Rules Banks May Proceed with Target Lawsuits
A Minnesota District Court ruling this week related to the 2013 Target data breach has opened the door for banks to pursue damages from retailers victimized by a data breach. Judge Paul A. Magnuson ruled that Target was negligent in ignoring and, in some cases, turning off security features that...
EC3 Head Paints Bleak Cybercrime Picture
WASHINGTON D.C. – Everyone has the right to privacy, said Troels Oerting, head of the Europol’s European Cybercrime Center EC3, at Georgetown Law’s Cybercrime2020 conference yesterday. However, he went on, if you break your contract with society, that right can be taken away. Oerting noted that i...
December 2014 Adobe Reader, Acrobat Security Patches
Adobe is expected to update its Reader and Acrobat software next Tuesday as part of its scheduled security updates, and the updates will, according to an Adobe spokesperson, include patches for a Reader vulnerability disclosed this week by Google’s Project Zero. Researcher James Forshaw, a...
DOJ Launches Cyber Unit, Claims Privacy is Mission Critical
WASHINGTON D.C. – Leslie Caldwell, assistant attorney general in the criminal division of the Department of Justice announced on Thursday the creation of a new team within its Computer Crime and Intellectual Property Section CCIPS during a talk at a Georgetown Law conference titled, “Cybercrime...
Destover Wiper Malware Analysis
Researchers are starting to stitch together clues about the wiper malware that has landed a body blow to Sony Pictures Entertainment. Not only were thousands of files and documents leaked that included unreleased movies, confidential company presentations and financial records, employee records,...
Ransomware is the Future of Internet of Things Malware
WASHINGTON D.C. — It’s 2020, bitter cold outside, you’re running late for work, and the Linux box that controls your car isn’t going to start unless you wire $20 worth of Bitcoin to an increasingly business-like criminal enterprise operating out of Eastern Europe. Of course it’s not 2020. And to...
December 2014 Microsoft Patch Tuesday Advance Notification
Microsoft made patch news on two fronts last month with an unusual emergency patch for a critical vulnerability in Kerberos, and for a missing fix for an Exchange bug that was promised in its November advanced notification. In the December advance notification, released today, an elevation...
Critical Remote Code Execution Flaw Found in WordPress Plugin
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site. The vulnerability is in the WP Download Manager,...
Apple Pulls Back Safari Patches
Apple has pulled a batch of security updates for Safari that it initially released yesterday. The updates were set to address several usability and security issues in the browser including some that could have led to code execution and data exfiltration. While notes for the patches are still...