Free Republic 3rd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $26,725
30%  
Woo hoo!! And the first 30% is in!! Thank you all very much!! God bless.

Keyword: malware

Brevity: Headers | « Text »
  • iOS, Mac vulnerabilities allow remote code execution through a single image

    07/22/2016 6:13:51 PM PDT · by Swordmaker · 6 replies
    ZDNet ^ | July 22, 2016 -- 09:59 GMT (02:59 PDT) | By Charlie Osborne
    Researchers have discovered that image files can bury malware, allowing malicious code access without detection. Security flaws which affect both Apple iOS and Mac devices permit attackers to grab your passwords and data, researchers claim. According to researchers from Cisco's Talos, a set of five vulnerabilities, if exploited, could lead to data theft and remote code execution -- which in its worst state may result in device hijacking. The set of bugs, CVE-2016-4631, CVE-2016-4629, CVE-2016-4630, CVE-2016-1850, and CVE-2016-4637, are all caused by how Apple processes image formats. Apple offers APIs as interfaces for accessing image data, and according to Talos,...
  • Dell SonicWall GMS comes with hidden backdoor

    07/20/2016 10:25:23 PM PDT · by Utilizer · 4 replies
    iTnews (AUS) ^ | Jul 21 2016 11:21AM (AUS) | Juha Saarinen
    Researchers have discovered a range of vulnerabilities in Dell's SonicWall Global Management System (GMS) console, including a hidden default account with an easily guessable password. US security vendor Digital Defense said the hidden account can be accessed through a command line interface client that can be downloaded from the console of the GMS web application. Non-administrative users can be added with the command line interface; however, they can log into the web interface and change the password for the admin user. By logging in with the admin user account, attackers using this method can get full contol of the GMS,...
  • 'Thousands' of products vulnerable to code hooking abuse

    07/19/2016 5:53:01 PM PDT · by Utilizer · 3 replies
    iTnews (AUS) ^ | Jul 20 2016 6:29AM (AUS) | Juha Saarinen
    Bad implementation of the low-level code hooking technique by Microsoft and third-party security vendors has left millions of users open to attacks that bypass mitigation measures - some for up to a decade, researchers have found. Hooking is used by different kinds of software to monitor as well as to intercept and change the behaviour of operating system functions, and if needed, to inject code. Security software uses code hooking extensively to check for malicious activity on systems. EnSilo researchers Tomer Bitton and Udi Yavo said they looked at the hooking engines and injection techniques used by more than 15...
  • New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes

    07/14/2016 9:41:43 PM PDT · by Utilizer · 20 replies
    DarkReading ^ | 7/11/2016 05:15 PM | Kelly Jackson Higgins
    ... Ransomware variants are multiplying like rabbits: while some are more sophisticated and tougher to combat, others are more about scamming than kidnapping. Take the new Ranscam malware discovered by Cisco’s Talos team, a low-tech but highly destructive attack that demands ransom from its victims but never returns them their files because it actually deleted them. Ranscam isn’t the first ransomware variant to destroy files rather than return them after victims pay up—there’s AnonPop and JIGSAW, for example—but it’s a glaring example of how the ransomware scam itself is so lucrative and easy to pull off that less sophisticated attackers...
  • Vulnerability Exploitable via Printer Protocols Affects All Windows Versions

    07/13/2016 9:34:12 PM PDT · by Utilizer · 4 replies
    Softpedia ^ | Jul 12, 2016 21:05 GMT | Catalin Cimpanu
    Microsoft has patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released. Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. Exploit executes payload under SYSTEM user By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and...
  • Microsoft blacklists Secure Boot-disabling policies in Windows

    07/12/2016 8:08:46 PM PDT · by Utilizer · 8 replies
    iTnews (AUS) ^ | Jul 13 2016 9:00AM (AUS) | Juha Saarinen
    Microsoft's July round of patches fixes a vulnerability that could be used to bypass the Secure Boot protection feature if an attacker simply adds a policy to the target Windows systems. Microsoft mandates Secure Boot on newer PCs designed to run Windows. The feature is implemented in the unified extensible firmware interface (UEFI) code that checks the Windows boot loader before it starts up the operating system, to ensure it is digitally signed by Microsoft. Secure Boot can, however, be bypassed completely by applying a Windows group policy, providing attackers with full access to systems thought to be locked down....
  • Russian Hackers Targeting iOS Device Users with Ransom Attacks

    07/08/2016 4:47:00 PM PDT · by Swordmaker · 7 replies
    AppAdvice ^ | July 8, 2016 | by Brent Dirks
    Protect yourself with two-factor authentication Salted Hash, a security blog from CSO, recently provided more details about the scam. Hackers first need to acquire a compromised an Apple ID by phishing, social engineering, data breach, or other method: From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email...
  • Another Mac-specific malware pops up, but Apple's Gatekeeper still prevents infection

    07/08/2016 4:35:02 PM PDT · by Swordmaker · 5 replies
    AppleInsider ^ | Thursday, July 07, 2016, 12:50 pm PT | By Mike Wuerthele
    A second piece of Mac-specific malware has been discovered this week, one that could expose the passwords stored in the macOS Keychain. But once again, Apple's Gatekeeper security — when properly configured — will block the attack from succeeding. Researchers at security firm ESET have been examining a new strain of OS X malware from an unknown source, and have published a breakdown of the so-called "OSX/Keydnap" package. The malware is distributed as a .zip compressed archive, containing the package disguised as a text file or JPG graphic with accompanying icon. However, the file name has a trailing space, which...
  • What You Need to Know About Mac Malware 'Backdoor.MAC.Eleanor'

    07/06/2016 1:42:36 PM PDT · by Swordmaker · 8 replies
    MacRumors ^ | July 6, 2016 | by Joe Rossignol
    What is Backdoor.MAC.Eleanor? Backdoor.MAC.Eleanor is new macOS malware arising from a malicious third-party app called EasyDoc Converter, which poses as a drag-and-drop file converter. What is EasyDoc Converter? "EasyDoc Converter.app" is a third-party Mac app that poses as a drag-and-drop file converter. The app has the following fake description:EasyDoc Converter is a fast and simple file converter for OS X. Instantly convert your FreeOffice (.fof) and SimpleStats (.sst) docs to Microsoft Office (.docx) by dropping your file onto the app. EasyDoc Converter is great for employees and students looking for a simple tool for quickly convert files to the popular...
  • Lenovo hunts BIOS backdoor bandits

    07/05/2016 7:32:33 PM PDT · by Utilizer · 12 replies
    iTnews (AUS) ^ | Jul 6 2016 6:06AM (AUS) | Juha Saarinen
    PC giant Lenvo has launched an investigation with Intel to find out which of its suppliers introduced the recently-disclosed BIOS level "ThinkPwn" vulnerability that allows attackers to bypass hardware protections on the company's ThinkPad laptops and other computers. Researcher Dmytro Oleksiuk discovered a flaw that allowed arbitrary code execution using the Intel system management mode (SMM) feature in processors. The exploit is able to bypass the write protection in PCs' flash memory, and in turn disable the Unified Extensible Firmware Interface (UEFI) Secure Boot, and the Windows 10 Enterprise Credentials Guard security feature. Oleksiuk also found suspicious SMM code in...
  • Need advice or comments on PCKeeper - is this a scam.

    07/05/2016 4:58:51 AM PDT · by sodpoodle · 28 replies
    self | self
    I am very old and very stressed - so any advice or comments are welcome.
  • Lenovo scrambling to get a fix for BIOS vuln

    07/04/2016 7:04:05 PM PDT · by Utilizer · 19 replies
    The Register ^ | 4 Jul 2016 at 02:04 | Richard Chirgwin
    Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.” The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.
  • Lenovo ThinkPad zero-day bypasses Windows security

    07/03/2016 4:15:43 PM PDT · by Utilizer · 31 replies
    iTnews (AUS) ^ | Jul 4 2016 6:41AM (AUS) | Juha Saarinen
    A researcher has discovered a new low-level zero-day exploit that overrides the protection for the firmware code in Lenovo ThinkPads and other laptops, bypassing hardware and Windows security features. Last week, Dmytro Oleksiuk, also known as cr4sh, released the code for his ThnkPwn proof of concept on Github, showing how it can be used to exploit a flaw in the unified extensible firmware interface (UEFI) driver for privilege escalation. This lets attackers remove the write protection for system flash memory, and allows them to run arbitrary code with full access to the entire victim system. Lenovo had not received advance...
  • This malware pretends to be WhatsApp, Uber and Google Play

    06/29/2016 10:38:17 PM PDT · by Utilizer · 6 replies
    CSO ^ | Jun 29, 2016 4:56 AM PT | Michael Kan
    Hackers are stealing credit card information in Europe with malware that can spoof the user interfaces of Uber, WhatsApp and Google Play. The malware, which has struck Android users in Denmark, Italy and Germany, has been spreading through a phishing campaign over SMS (short message service), security vendor FireEye said on Tuesday. Once downloaded, the malware will create fake user interfaces on the phone as an “overlay” on top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.
  • Godless Apps Seem in Google Play, 90% of Android Phones at Risk

    06/24/2016 9:26:33 PM PDT · by Utilizer · 4 replies
    OppTrends ^ | June 24, 2016 | Ali Raza
    A new family of malicious apps, most of which were available on the Google Play Store, all containing malicious codes have been detected by a group of security researchers. The Godless apps are believed to be able secretly to root 90 percent of all Android phones. AntiVirus provider, Trend Micro wrote in a recent blog post that they had discovered a new family of malicious apps. The apps called, Godless, contains a collection of the rooting exploits that can work on any device which is running the Android version 5.1 and below. This means that close to 90 percent of...
  • Blasphemy! Godless malware preys on nearly 90 percent of Android devices

    06/23/2016 7:54:15 PM PDT · by TigerLikesRooster · 15 replies
    SC Magazine ^ | June 22, 2016 | Bradley Barth
    Blasphemy! Godless malware preys on nearly 90 percent of Android devices Godless, an emerging mobile malware threat capable of rooting Android phones, has started to adopt the traits of an exploit kit, in that it searches for multiple vulnerabilities through which it can automatically infect a victim. Once it successfully executes, the malware gains root access to the device, granting it full control. Christopher Budd, global threats communications manager at Trend Micro, told SCMagazine.com in an interview that Godless is ostensibly an “encyclopedia of known, good attacks against various vulnerabilities… It's loading up on attacks and using whatever will work,...
  • Online backup firm Carbonite tells users to change their passwords now

    06/21/2016 7:15:50 PM PDT · by Utilizer · 24 replies
    grahamcluley website ^ | June 21, 2016 8:32 pm | Graham Cluley
    Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result. An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches. ... Nobody is keen for a hacker to break into their online accounts, but it's especially important when what's being protected by your account is your computer backup. If a hacker were able to gain access to your online backup they could...
  • Operators of Tech Support Scam Settle FTC Charges

    06/21/2016 11:48:28 AM PDT · by KeyLargo · 7 replies
    Imperial Valley News ^ | June 20, 2016
    Operators of Tech Support Scam Settle FTC Charges Details Written by IVN Category: National News Published: 20 June 2016 Washington, DC - The defendants behind Vast Tech Support have agreed to settle Federal Trade Commission and State of Florida charges that they scammed thousands of consumers out of millions of dollars by selling them bogus technical support services. Under the settlement, Vast Tech Support, LLC and OMG Tech Help, LLC and their chief operating officer, Mark Donohue are prohibited from misleading consumers about the nature of the products they sell or market, as well as from deceptive telemarketing. In addition,...
  • Citrix issues password reset after GoToMyPC hack

    06/20/2016 7:55:43 PM PDT · by Utilizer · 21 replies
    iTnews (.com.au) ^ | Jun 21 2016 9:00AM (AUS) | uha Saarinen
    Software vendor Citrix is asking all customers to reset their passwords for the GoToMyPC remote access service after it suffered what appears to be a full credentials compromise. In its advisory, Citrix said the GoToMyPC service had "unfortunately" been targeted by "a very sophisticated password attack". Citrix provided no further details of the hack, but apologised "for the frustration this is causing".
  • New (Windows) ransomware strain coded entirely in Javascript

    06/20/2016 7:31:04 PM PDT · by Swordmaker · 46 replies
    BBC ^ | June 20, 2016
    The script is disguised as a document Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated. Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run. Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened. One security expert said the approach was likely to fool many victims. "It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners. "Using Javascript as an attachment to an email...
  • Kill Flash now. Or patch these 36 vulnerabilities. Your choice

    06/18/2016 10:08:56 AM PDT · by Utilizer · 26 replies
    The Register ^ | 16 Jun 2016 at 18:50 | Shaun Nichols
    Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities. The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers. Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe, "being targeted, or which have a higher risk of being targeted." Adobe credited security researchers at Cisco Talos, Google Project Zero, FireEye, Microsoft...
  • 'BadTunnel' Bugs Left Every Microsoft Windows PC Vulnerable For 20 Years

    06/15/2016 6:01:38 PM PDT · by Utilizer · 45 replies
    Forbes ^ | Jun 14, 2016 @ 01:00 PM | Thomas Fox-Brewster
    Microsoft is today closing off a vulnerability that one Chinese researcher claims has “probably the widest impact in the history of Windows.” Every version of the Microsoft operating system going back to Windows 95 is affected, leaving anyone still running unsupported operating systems, such as XP, in danger of being surreptitiously surveilled. According to Yang Yu, founder of Tencent’s Xuanwu Lab, the bug can be exploited silently with a “near-perfect success rate”, as the problems lie in the design of Windows. The ultimate impact? An attacker can hijack all a target’s web use, granting the hacker ”Big Brother power”, as...
  • Big DDoS attacks reach record levels: Akamai

    06/07/2016 9:14:33 PM PDT · by Utilizer
    iTnews (.com.au) ^ | Jun 8 2016 8:45AM (AUS) | Juha Saarinen
    Nineteen distributed denial-of-service (DDoS) attacks exceeded 100 Gbps during the first three months of the year, hitting a new record, according to researchers from Akamai. The year prior, just eight attacks were over 100 gigabit per second, the firm said. In its latest state of the internet report [pdf], the content delivery network provider analysed more than two petabytes of threat intelligence data and found the total number of DDoS attacks increased by over 125 per cent year on year in the first quarter of 2016. Most of the attacks were achieved through abusing vulnerable network time protcol (NTP) servers,...
  • Lenovo tells users to remove its unsafe bloatware

    06/02/2016 11:52:22 PM PDT · by Utilizer · 9 replies
    iTnews ^ | Jun 2 2016 8:50AM (AUS) | Juha Saarinen
    PC maker Lenovo is advising its customers to remove bundled software from its laptops and desktops due to its potential to be used for remote code execution. The software is the Lenovo Accelerator Application. The company warned that an attacker with man in the middle position on a network could exploit the vulnerable update mechanism, and run arbitrary code on users' systems. The vulnerability is rated as high risk by Lenovo. To protect against the vulnerability, Lenovo said users should uninstall the Accelerator Application, which is bundled on a large number of the company's retail notebooks and desktop computers.
  • Mysterious Stuxnet copycat discovered

    06/02/2016 10:29:27 PM PDT · by Utilizer · 12 replies
    iTnews (AUS) ^ | Jun 3 2016 9:43AM (AUS) | Allie Coyne
    Security researchers have uncovered new malware targeting industrial control systems that uses similar techniques to those employed by the infamous Stuxnet worm. Infosec firm FireEye today published a report on the 'Irongate' malware it discovered at the end of last year. The researchers found the malware within the database of the Google-owned VirusTotal website, which allows users and security researchers to submit suspicious files for scanning by antivirus software. Two samples of Irongate had been uploaded in 2014 by different sources, the researchers said, but had not been flagged as malicious by any antivirus vendors' scanners. FireEye only discovered the...
  • Justice for Harambe !

    05/30/2016 2:30:30 PM PDT · by traumer · 96 replies
    I am no radical but I signed it....
  • Tech support locker scam poses as failed Microsoft Update (malware wants $250 ransom)

    05/20/2016 12:14:54 PM PDT · by dayglored · 19 replies
    The Register ^ | May 20, 2016 | John Leyden
    Cybercrooks have put together a new scam that falls halfway between ransomware and old school browser lockup ruses. The new class of “tech support lockers” rely on tricking users into installing either a fake PC optimiser or bogus Adobe Flash update. Once loaded the malware mimicks ransomware and locks users out of their computers. Unlike Locky, CryptoWall and their ilk it doesn’t actually encrypt files on compromised Windows PCs, however. Jérôme Segura, a senior security researcher at Malwarebytes, said “tech support lockers" represent a class of malware more advanced than browser locks and fake anti-virus alerts of the pre-ransomware past....
  • 'I thought my daughter clicked on ransomware – it was the d@mn Windows 10 installer' (tales of woe)

    05/06/2016 1:45:11 PM PDT · by dayglored · 66 replies
    The Register ^ | May 6, 2016 | Chris Williams
    <p>At the end of April, Microsoft's Windows 10 nagware interrupted a live TV weather broadcast to urge meteorologist Metinka Slater to upgrade her computer.</p> <p>A week later, while playing Counter Strike: Global Offensive to 130,000 spectators on Twitch.tv, Erik Flom was blasted out of his match by the Windows 10 installer. This was even after he spent a few frantic minutes trying to delay the upgrade until after his game had ended. The fun starts about nine minutes into this recording of the live stream. "F*ck you, Windows 10!" was Flom's response.</p>
  • Nuclear power plant COMPROMISED: Fears grow as power plant affected by malware

    04/27/2016 5:23:25 AM PDT · by sheikdetailfeather · 23 replies
    Express ^ | 4-27-16 | Tom Batchelor
    Gundremmingen plant in southern Germany was found to be riddled with computer viruses, including those which would allow attackers remote access to equipment for moving nuclear fuel rods. Viruses, known as W32.Ramnit and Conficker, were discovered at the plant, which is located 75 miles northwest of Munich. W32.Ramnit has the potential to give an attacker remote control over a system when it is connected to the internet and is also designed to steal files from infected computers. The virus could be used by groups such as Islamic State to obtain nuclear secrets, bringing them one step closer to building a...
  • Adobe Issues 'Emergency' Flash Player Security Update to Address Ransomware Attacks (again!)

    04/08/2016 10:01:01 AM PDT · by Swordmaker · 28 replies
    MacRumors ^ | Friday April 8, 2016 4:59 AM PDT | by Joe Rossignol
    Adobe-FlashAdobe has issued Flash Player security updates for OS X, Windows, Linux, and Chrome OS to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system" by way of ransomware. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to decrypt it. These type of threats often display images or use voice-over techniques containing instructions on how to pay the ransom. In this particular "CERBER" attack (via Reuters), affecting Flash-based advertisements, attackers have reportedly demanded between around $500 and $1,000, to retrieve the encrypted files. Adobe...
  • AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device

    03/16/2016 6:30:31 PM PDT · by Utilizer · 5 replies
    Palo Alto Networks ^ | March 16, 2016 5:00 AM | Claud Xiao
    We’ve discovered a new family of iOS malware that successfully infected non-jailbroken devices we’ve named “AceDeceiver”. What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector. AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection...
  • Millions menaced as ransomware-smuggling ads pollute top websites

    03/16/2016 7:54:20 AM PDT · by snarkpup · 42 replies
    The Register ^ | 15 Mar 2016 at 17:19 | John Leyden
    msn.com, nytimes.com, aol.com et al hit by malware-injecting banners Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs. Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via ad networks, warn infosec researchers.
  • Slew of dangerous Adobe Flash flaws patched

    03/11/2016 5:46:01 PM PST · by Utilizer · 31 replies
    iTnews (AUS) ^ | Mar 11 2016 | Juha Saarinen
    Adobe has issued patches for 21 serious flaws in its Flash Player software to address critical vulnerabilities that could potentially allow attackers to take control of victims' systems. The vulnerabilities affect versions of Flash for Microsoft Windows, Apple OS X and iOS, Linux and Google's ChromeOS operating systems, Adobe said. Of the vulnerabilities, three allow arbitrary code execution through integer overflows, and 11 involve use-after-free flaws. Researchers from Google's Project Zero, HP Enterprise Zero Day Initiative, NSFOCUS, Microsoft, Kaspersky, Tencent and Venustech also discovered a heap underflow vulnerability in Adobe Flash and eight memory corruption bugs - all of which...
  • Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials

    03/06/2016 8:51:29 PM PST · by Utilizer · 1 replies
    SOFTPEDIA ^ | Mar 5, 2016 00:46 GMT | Catalin Cimpanu
    that was installing a backdoor through which it was altering core WordPress files so it could log and steal user credentials from infected sites. First signs of something being wrong were spotted by the Sucuri team, a company that provides website security. Sucuri's researchers were alerted by one of their clients to the presence of a weirdly named file (auto-update.php) that didn't exist until a recent plugin update. The plugin in question was Custom Content Type Manager (CCTM), a popular WordPress plugin for creating custom post types that, in the three years since it was uploaded on the WordPress plugin...
  • Apple users targeted in first known Mac ransomware campaign

    03/06/2016 7:55:57 PM PST · by Swordmaker · 11 replies
    Yahoo News ^ | March 6, 2016
    By Jim Finkle BOSTON (Reuters) - Apple Inc customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc told Reuters on Sunday. Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data. Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of...
  • Mozilla Bans Firefox Add-on That Tampered with Security Settings

    03/04/2016 8:32:54 PM PST · by Utilizer · 16 replies
    SOFTPEDIA ^ | Mar 3, 2016 20:03 GMT | Catalin Cimpanu
    Mozilla developers have taken steps to ban the popular YouTube Unblocker add-on after it was caught altering browser security settings and even installing a second add-on without the user's consent. YouTube Unblocker is a Firefox add-on that allows users to view YouTube videos blocked in their country. It does so by using a collection of proxy servers to reroute YouTube content through countries in which the videos are whitelisted. This past weekend, a user complained about the add-on exhibiting sneaky behavior, saying that his Avast antivirus blocked a download coming from a third-party website as soon as he installed the...
  • Palo Alto Networks patches serious vulnerabilities

    02/25/2016 7:07:26 PM PST · by Utilizer · 2 replies
    iTnews (AUS) ^ | Feb 26 2016 5:56AM (AUS) | Juha Saarinen
    Security vendor Palo Alto Networks has issued a security advisory covering four vulnerabilities affecting its PAN-OS operating system and is advising users to patch immediately. Two vulnerabilities in particular appear to be particularly dangerous, according to Johannes Ullrich of security vendor SANS Institute. Rated as "critical" by Palo Alto Networks, a buffer overflow in the PAN-OS GlobalProtect SSL VPN web interface could be abused to bypass restrictions to limit traffic to trusted IP addresses only. "An attacker with network access to the vulnerable GlobalProtect portal may be able to perform a denial-of-service (DoS) attack on the device, and may be...
  • Linux Mint Website Hack: A Timeline of Events

    02/22/2016 7:26:56 PM PST · by Utilizer · 22 replies
    SOFTPEDIA ^ | Feb 21, 2016 12:05 GMT | Catalin Cimpanu
    Last night, the Linux Mint team announced that someone had hacked their servers and started pointing user downloads to malicious ISO images for the Linux Mint 17.3 Cinnamon edition. Our Linux editor already covered the initial details of the attack, which we recommend reading before going forward with this article. Since then, in the last ten hours, the Linux and infosec communities have been working hard to investigate what happened and how the hackers operated. Linux Mint Team: They hacked us via our WordPress site The first to provide an answer was Clement Lefebvre, leader of the Linux Mint project,...
  • Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking

    02/17/2016 8:44:52 PM PST · by Utilizer · 19 replies
    IDG News Service ^ | Feb 17, 2016 10:25 AM PT | Lucian Constantin
    Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers. According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account. Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in...
  • DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice

    02/08/2016 6:41:43 PM PST · by Utilizer · 25 replies
    SOFTPEDIA ^ | Feb 8, 2016 12:00 GMT | Catalin Cimpanu
    Oracle has released new Java installers to fix a well-known security issue (CVE-2016-0603) that also affects a plethora of other applications, from Web browsers to antivirus products, and from file compressors to home cinema software. The problem is called DLL hijacking (or DLL side-loading) and refers to the fact that malware authors can place DLLs of the same name in specific locations on the target's filesystem and have it inadvertently load the malicious DLL instead of the safe one. DLL hijacking is a very well-known issue This type of attack is very old and has been known to many software...
  • Roll up, roll up to the Malware Museum! Run classic DOS viruses in your web browser!

    02/08/2016 2:33:58 PM PST · by dayglored · 12 replies
    The Register ^ | Feb 5, 2016 | Chris Williams
    The Internet Archive has opened a new collection dubbed the Malware Museum that lets you run old DOS-era viruses in your web browser. There are 78 samples to play with, all uploaded earlier today and collated by Mikko Hypponen and Jason Scott. The cheesy old code is executed in your browser using a JavaScript version of emulator DOSbox. Much to our delight, there some classics in the museum, particularly Casino. Running these cyber-fossils will take you back to the bad old days when code could do anything it liked on machines -- security wasn't a consideration at all. As such,...
  • Scareware Signed With Apple Cert Targets OS X Machines

    02/06/2016 7:24:03 PM PST · by Utilizer · 28 replies
    Threatpost ^ | February 5, 2016 , 11:31 am | Michael Mimoso
    A unique scareware campaign targeting Mac OS X machines has been discovered, and it's likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate. "Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple." Ullrich said he happened upon the scam while investigating some...
  • Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

    01/27/2016 7:23:22 PM PST · by Utilizer
    Computerworld ^ | Jan 26, 2016 8:51 AM PT | Lucian Constantin
    Congress plans to question about two dozen federal agencies on whether they were using backdoored Juniper network security appliances. In December, Juniper Networks said it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for two years or more, could have allowed remote attackers to gain administrative access to vulnerable devices or to decrypt VPN connections. The U.S. House Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how those organizations responded to the incident. The...
  • Magento plugs 'dangerous' cross-scripting hole

    01/26/2016 7:25:54 PM PST · by Utilizer · 4 replies
    iTnews ^ | Jan 27 2016 6:51AM (AUS) | Juha Saarinen
    A new vulnerability in the eBay-owned Magento e-commerce platform could be remotely exploited to take over sites and steal client information, researchers have discovered. Security vendor Sucuri discovered a stored cross-site scripting (XSS) vulnerability in the core system libraries for Magento Community Edition version 1.9.2.3 and earlier, and the Enterprise Edition version 1.14.2.3 and older. The critical flaw could be triggered by sending an email to adminstrators. Sucuri reported the bug to Magento's security team early in November last year. Magento acknowledged the vulnerability on 1 December 2015, but did not issue a patch until 21 January 2016. The Magento...
  • Hot Potato exploit mashes old vulns into Windows System 'sploit

    01/24/2016 7:36:54 PM PST · by Utilizer · 10 replies
    The Register ^ | 20 Jan 2016 at 08:39 | Darren Pauli
    Shmoocon Foxglove Security bod Stephen Breen has strung together dusty unpatched Windows vulnerabilities to gain local system-level access on Windows versions up to 8.1. The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of p0wning Windows for attackers that have managed to pop user machines. Breen released exploit code for his attack dubbed Hot Potato following his talk at the Shmoocon conference in Washington over the weekend. "Hot Potato takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay -\- specifically HTTP-SMB relay - and...
  • Enterprise AV devices contain secret backdoor

    01/21/2016 7:20:10 PM PST · by Utilizer · 9 replies
    iTnews ^ | Jan 22 2016 10:16AM (AUS) | Juha Saarinen
    Audiovisual devices made by AMX for government, education and business users contain a secret backdoor that allows full remote access without detection, security researchers have found. European security firm SEC Consult discovered the hidden backdoor account by analysing an operating system program for user management on the AMX Netlinx NX-1200 AV controller, which is sold in Australia. The binary contains a function named "setUpSubtleUserAccount", which adds a hidden user with administrative privileges, SEC Consult said. Both the account username and password are stored persistently on the AMX NX-1200, meaning if an attacker has this information, they can potentially log on...
  • Linux Trojan captures audio and takes screenshots

    01/20/2016 8:26:27 PM PST · by Utilizer · 4 replies
    InfoWorld ^ | Jan 20, 2016 | Jim Lynch
    Security is something that is always on the minds of users these days, and that includes those who use Linux. TechWeek Europe has a disturbing article about a Linux trojan that captures audio and takes screenshots. It remains to be seen how widespread this Trojan is among Linux users and what the exact attack vector is for it. Steve McCaskill reports for TechWeek Europe: Security researchers have found a new Linux Trojan capable of taking screenshots of infected systems and even recording sound. Russian anti-virus firm Dr Web says that once the Linux.Ekoms.1 malware is launched it checks for two...
  • LastPass mitigates creds-stealing phishing attack

    01/19/2016 6:51:35 PM PST · by Utilizer · 7 replies
    iTnews ^ | Jan 20 2016 8:59AM (AUS) | Juha Saarinen
    Popular credentials manager LastPass has taken steps to counter a "very simple" phishing attack that could see users' passwords, email addresses and two-factor authentication tokens stolen. Researcher Sean Cassidy posted proof of a successful phishing attack using a faked LastPass notification in a web browser earlier this month, following a presentation at hacker conference Schmoocon. By setting up a malicious website that displays notifications telling users their LastPass sessions have expired, Cassidy was able to create a page that lured people into entering their credentials for the password manager. The researcher called the attack LostPass. A successful capture of user...
  • Fortinet denies backdoor in firewall operating system

    01/13/2016 6:18:43 PM PST · by Utilizer · 2 replies
    iTnews ^ | Jan 14 2016 10:41AM (AUS) | Juha Saarinen
    Firewall vendor FortiNet has denied that the FortiGate OS operating system that runs its devices comes with a backdoor, despite a researcher purportedly posting proof of concept code on a security mailing list. Over the weekend, a Python script was posted anonymously, which appeared to allow remote access to Fortinet devices over the Secure Shell protocol. The post disclosed a passord hard-coded into the FortiGate OS. The password is said to work on FortiOS version 4.x to 5.0.7, and a screenshot was posted on Twitter, allegedly showing that the script for the backdoor is working, providing remote access to Fortinet...
  • Researcher finds gaping holes in Trend Micro antivirus

    01/12/2016 6:43:44 PM PST · by Utilizer · 12 replies
    iTnews aus ^ | Jan 13 2016 6:40AM (AUS) | Juha Saarinen
    A Google Project Zero researcher has left security vendor Trend Micro with egg on its face, after discovering its software contains multiple, serious vulnerabilities that are easy to exploit without user interaction or notification. Tavis Ormandy of Project Zero noted that when Trend Micro antivirus is installed on Windows, the password manager component - written mostly in Javascript using the node.js framework that's included by default - allows any any website to run arbitrary code on users' machines. The flaw in password manager allegedly took Ormandy only about 30 seconds to discover. He said the vulnerability is trivial to exploit,...