15946 matches found
GAO Shipping Port Cybersecurity Report
The U.S. Department of Homeland Security, Coast Guard and Federal Emergency Management Agency FEMA have been taken to the woodshed in a General Accounting Office GAO report on maritime cybersecurity. The GAO said the response to mandates to improve computer security efforts to protect the network...
Google Constrains India CCA Root Cert in Wake of Bad Google and Yahoo Certificates
The Indian Controller of Certifying Authorities said that the certificate-issuance process for the National Informatics Centre of India, which issued several fraudulent certificates recently, which were blocked by Google, has been compromised and Google has decided to constrain India CCA’s root...
International Authorities Take Down Shylock Banking Malware
Like most profitable criminal enterprises, the Shylock banking malware thrived because it was supported by a nimble infrastructure that allowed it to stay one step ahead of network and security monitoring capabilities, and the authorities. That race ended this week. Europol announced today that i...
Microsoft Settles With No-IP Over Malware Takedown
It’s been a weird couple of weeks for Microsoft. On June 30 the company announced its latest malware takedown operation, which included a civil law suit against Vitalwerks, a small Nevada hosting provider, and the seizure of nearly two dozen domains the company owned. Now, 10 days later, Microsof...
Android Exploited to Make, End Phone Calls; Send USSD Codes
A pair of vulnerabilities in all but the newest KitKat iteration of Google’s Android operating system could let a malicious or rogue application exceed its permission level in order to make phone calls, hang up phone calls, or send USSD or MMI codes. Marco Lux and Pedro Umbelino of Curesec claim...
Yokogawa Patches Buffer Overflow Bugs in ICS Gear
Vulnerabilities in production control system software used in manufacturing, energy and other critical industries worldwide have been patched by the vendor, an advisory from the Industrial Control System Cyber Emergency Response Team said. Yokogawa Electric Corp., of Japan patched critical buffer...
DHS Releases Hundreds of Documents on Wrong Project Aurora
In response to a Freedom of Information Act request for information about the Operation Aurora attack on Google and other organizations in 2009 the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho...
Facebook Carries Out Lecpetex Botnet Takedown
Facebook has moved slowly and deliberately into the realm of botnet takedowns by disrupting a relatively small operation in Greece that was using the social platform to spread spam and malware. Two arrests were made in connection with the Lecpetex botnet in Greece on July 3. The alleged botmaster...
DNI, Justice Department Deny Targeting Americans for Surveillance Based on Religion, Politics
The Director of National Intelligence and the Department of Justice have denied a report based on leaked documents from Edward Snowden that United States intelligence and law enforcement agencies conduct surveillance of Americans based on their ethnicity, religious affiliation or political stance...
Yahoo Fixes Trio of Bugs in Mail, Messenger, Flickr
Yahoo recently patched three remotely exploitable vulnerabilities in its services that could have let attackers inject malicious script and led to session hijacking, phishing, among other nefarious tricks. The vulnerabilities in Yahoo Mail, Messenger and its Flickr photo-sharing site qualified fo...
Microsoft July 2014 Patch Tuesday fixes 29 IE Vulnerabilities
Microsoft today issued two critical-, three important-, and one moderate-rated security bulletins in the July edition of its monthly Patch Tuesday release. The updates address 29 security vulnerabilities in the company’s Windows operating system, Internet Explorer browser, and server software. Th...
Phony Google Digital Certificates Blocked
Google said today that it has blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre of India. The phony certificates could allow an attacker to spy on a connection thought to be secure. NIC, Google said, holds intermediate CA certs trusted...
New Verizon Transparency Report Shows Large Government Appetite for Location, Content Data
Verizon said in a new transparency report that though the number of some kinds of orders dropped–including wiretap orders and warrants–others rose, including general orders and pen register and trap and trace orders, and the company received nearly 150,000 total orders in the first half of 2014...
July 2014 Adobe Flash Player patch
Popular websites such as Instagram, eBay, Tumblr and others using JSON with Padding or JSONP remain vulnerable to an exploit tool released today as a proof of concept against a vulnerability in Adobe Flash Player. Adobe today released an updated version of Flash that patches the vulnerability...
Deep Panda China Hackers Compromise Security Think Tanks
Computers at a number of unnamed national security think tanks were compromised by hackers linked to China trying to glean intelligence on U.S. policy in Iraq as civil unrest escalates in the Middle East country. The attacks mark a shift in tactics by this particular group, which generally keeps...
Phishers Use Luis Suarez Bite as Bait
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been...
Motives Behind Havex ICS Malware Campaign Remain a Mystery
Since Stuxnet there have been few confirmed reports of malware targeting particular industrial control system software. But now we have a campaign using the Havex remote access Trojan that has three European energy sector vendors in its crosshairs—or does it? The outbreak, reported by security...
Hardcoded Password Flaw Plagues Some Netgear Switches
A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware, including the ability to log into the device and execute arbitrary code. Netgear’s GS108PE Prosafe Plus switches running version 1.2.0.5 are at risk, according to an analyst at CERT/CC’s...
July 2014 Microsoft Patch Tuesday Security Bulletins Updates
Tomorrow’s regularly scheduled patch update from Microsoft includes – go figure – another cumulative rollup for Internet Explorer and a critical fix for a Windows remote code execution bug. More of the same for sure, but there’s another bug being patched that may merit moving up a rung on your li...
All Seized Domains Returned to No-IP
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP. When Microsoft announced the takedown on June 30, officials said that the company h...
Dennis Fisher and Mike Mimoso Discuss This Week's Microsoft Takedown
Dennis Fisher and Mike Mimoso discuss the Microsoft malware takedown, its legal and security implications and the revelation of a massive financial fraud campaign in Brazil. Download: digitalunderground157.mp3 Music by Chris Gonsalves...
Remote Access Hack Compromises POS Vendor
A popular point of sale vendor may have suffered a data breach earlier this year that could affect customers of a handful of Pacific Northwest restaurants. Vancouver, Wash.-based Information Systems & Supplies, a supplier of POS systems to restaurants such as Dairy Queen, Buffalo Wild Wings and...
Miniduke APT Campaigh Returns with New Targets, Hacking Tools
The Miniduke advanced persistent threat APT campaign uncovered by researchers at Kaspersky Lab and CrySys Lab in February 2013 is back after a year-long hiatus in which attacks abated almost entirely. While the initial Miniduke operations primarily targeted government organizations in Europe, thi...
Brazilian Payment Fraud Campaign Steals Billions
UPDATE–Hackers are targeting Brazil’s Boleto payment system, the second most popular payment method in the country, and have conducted hundreds of thousands of fraudulent transactions, though researchers differ over how much money has been stolen. Formally known as Boleto Bancario, Boletos are...
Cisco Patches Hardcoded SSH Key Vulnerability in UCM
The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a ro...
FireEye Uncovers Android Remote Access Malware
UPDATE: A previous version of this story incorrectly stated that the malware disables any antivirus application. In reality, the malware only uninstalls a particular antivirus application,“com.ahnlab.v3mobileplus,” that is often bundled with certain banking applications. A new remote access tool...
Critical Vulnerability in Wordpress Plugin Could Allow Site Takeover
WordPress users that have a popular plugin installed are being cautioned to upgrade immediately. A vulnerability in the plugin, MailPoet, could essentially allow an attacker to take over any site running it without authentication. MailPoet, formerly Wysija, allows developers running WordPress to...
Microsoft Says 'Technical Error' Led to Legitimate No-IP Customers Losing Service
In the course of its actions to take down a major malware operation, Microsoft seized more than 20 domains from No-IP.com, a hosting provider in Nevada. Microsoft now admits that the company made a technical mistake as part of that takedown, an errors that resulted in legitimate No-IP.com custome...
EFF Sues NSA, ODNI Over Zero-Day Disclosure Processes
The Electronic Frontier Foundation wants a peek behind the curtain of the government’s Vulnerabilities Equities Process. The advocacy group on Tuesday filed a Freedom of Information Act FOIA lawsuit against the National Security Agency and the Office of the Director of National Intelligence hopin...
Microsoft Expands TLS, Forward Secrecy Support
Microsoft is no exception when it comes to large technology providers committing to encrypting the services its users depend on. Today, the company announced an update on the progress it has made in engineering those changes, including the news that Outlook.com, its web-based email service,...
NSA Searched Section 702 Data for U.S. Identifiers 198 Times in 2013
The U.S. intelligence community historically has been loathe to release virtually any information about the way that its agencies operates, to the point that the existence of some of those agencies themselves was secret for decades. But in the wake of the Snowden leaks, more and more information ...
PayPal Unfreezes Secure Email Startup ProtonMail's Account
PayPal unfroze the account of Swiss secure email upstart ProtonMail late this morning, freeing at least $300,000 the service raised, that for a day, had seemingly been left in limbo. A blog post by ProtonMail CEO Andy Yen Monday claimed that his company’s account had been “restricted pending...
July 2014 Apple security patches
Apple has issued a slew of security updates addressing a wide swath of vulnerabilities in its Safari Web browser, Mavericks desktop operating system, iOS mobile platform and content streaming AppleTV product. Apple doesn’t rate the severity of the vulnerabilities it fixes nor does it advise on...
Cridex Variant Geodo Part Trojan, Part Email Worm
A knockoff of the Cridex banking Trojan has surfaced with an appetite for more than online banking credentials. Seculert has called this one Geodo—a take on another of Cridex’s many aliases Feodo—and has confirmed that the malware comes with an efficient self-replicating feature borne of stolen...
Latest Microsoft Malware Takedown Causes Waves in Security Community
Microsoft’s latest takedown of a malware operation, announced Monday and involving the infrastructure of several malware families, has, like many of the company’s actions, elicited strong opinions on both sides of the issue from security researchers, activists and others with a stake in the game...
Targeted String of Paerls Campaign Includes Word Macro Attack
A targeted malware campaign has been uncovered that combines an old-school Microsoft Word Macro malware attack with a decidedly new school approach of redirecting victims to exploits stored on Dropbox. The String of Paerls attacks, which Cisco’s VRT team reported today, targets industries such as...
Google Patches Shared Links Vulnerability in Drive
Google has fixed a vulnerability in its Drive cloud storage service that could have exposed certain information about shared links under a particular set of circumstances. Users will need to delete and re-upload relevant files shared on Google Drive in the past in order to limit exposure. The...
Microsoft to End Email Security Notifications
Update: Microsoft today has reversed course on its decision to suspend security email notifications, and will resume doing so on Thursday. The original decision, made in response to Canada’s antispam law set to go into effect tomorrow, was announced on Friday. This afternoon, however, a Microsoft...
ICS Malware Found on Vendors' Update Installers
Malware targeting industrial control systems has infected the update installers belonging to three known industrial control vendors, according to an advisory from the Industrial Control Systems Cyber Emergency Response Team ICS-CERT. The Havex remote access Trojan RAT is targeting vendors via...
PHP Fixes OpenSSL Flaws in New Releases
The PHP Group has released new versions of the popular scripting language that fix a number of bugs, including two in OpenSSL. The flaws fixed in OpenSSL don’t rise to the level of the major bugs such as Heartbleed that have popped up in the last few months. But PHP 5.5.14 and 5.4.30 both contain...
New Oil and Natural Gas ONG-ISAC Launches
Energy utilities certainly have not been spared by hackers who for years have targeted vulnerabilities in process control systems and networks with alarming success. In a move to close the gap and keep that corner of the U.S.’ critical infrastructure secure, a new information sharing group popped...
New Data Shows FBI Issued More Than 19k National Security Letters in 2013
The United States federal government issued more than 19,000 National Security Letters–perhaps its most powerful tool for domestic intelligence collection–in 2013, and those NSLs contained more than 38,000 individual requests for information. The new data was released by the Office of the Directo...
20-Year Old Vulnerability Patched in Compression Algorithm
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...
Zero-Day Patched in TimThumb WordPress Script
A patch for a zero-day vulnerability in TimThumb has been released by its developer who is none too pleased about this week’s disclosure on a popular security mailing list. “Unfortunately nobody told me about this before the exploit was announced – in fact I found out about the bug through...
PayPal 2FA Bypass Shows Difficulty of Getting Authentication Right
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor...
Patched Code-Execution Bug Affects Most Android Users
A serious code-execution vulnerability in Android 4.3 and earlier was patched in KitKat, the latest version of the operating system. Researchers at IBM this week disclosed the nature of the vulnerability, which was privately disclosed to the Android Security Team in September and patched last...
Massachusetts Supreme Court Rules Defendant Must Decrypt Data
Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA’s seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but...
Cloned Android Banking App Hides Phishing Scheme
Cloned mobile applications, such as the legions of Flappy Bird knock-offs that surfaced once the popular game was removed from Google Play and the Apple App Store, are an increasingly popular malware vehicle for attackers. The risks range from loading programs that dial premium numbers at the...
VMware Patches Apache Struts Flaws in vCOPS
VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines. All of the vulnerabilities that the company patched lie in the Apache Struts Java application framework, and the...
Flaw Lets Attackers Bypass PayPal Two-Factor Authentication
There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses. The flaw lies in the way that the PayPal...