Security Affairs
- Critical unfixed flaws affect ABB Safety PLC Gateways 18 décembre 2018
Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB. Security experts at Applied Risk are affected by potentially serious flaws and the bad news is that the vendor will not release firmware updates because the impacted products have reached the end of life. The security firm published a security advisory that provides … - Malware controlled through commands hidden in memes posted on Twitter 18 décembre 2018
New Malware Takes Commands From Memes Posted On Twitter Security researchers at Trend Micro have spotted a new strain of malware that retrieved commands from memes posted on a Twitter account controlled by the attackers. In this way, attackers make it hard to detect traffic associated with the malware that is this case appears as legitimate Twitter traffic. The use of legitimate web services to co … - Twitter uncovered a possible nation-state attack 18 décembre 2018
Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state … - Czech cyber-security agency warns over Huawei, ZTE security threat 18 décembre 2018
A Czech cyber-security agency is warning against using Huawei and ZTE technologies because they pose a threat to state security. The Chinese nightmare is rapidly spreading among European countries, now a Czech cyber-security agency is warning against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. “The main issue is a legal and p … - A second sample of the Shamoon V3 wiper analyzed by the experts 17 décembre 2018
A second sample of the Shamoon wiper was uploaded to Virus total on December 13, from the Netherlands, experts analyzed it. Last week security experts at Chronicle announced the discovery of a new variant of the infamous Shamoon malware, the sample was uploaded to Virus Total from Italy at around the time Italian oil services company Saipem announced to have suffered a cyber attack. Over … - Decrypting HiddenTear Ransomware for free with HT Brute Forcer 17 décembre 2018
Good news for the victims of the dreaded HiddenTear Ransomware, the popular cybersecurity expert Michael Gillespie has devised a tool dubbed HT Brute Forcer that could allow decrypting files for free. In 2015, the Turkish security researchers Utku Sen published the HiddenTear ransomware, the first open source ransomware, for educational purposes. The original code was decryptable, for this reason, … - Siemens addresses multiple critical flaws in SINUMERIK Controllers 17 décembre 2018
Siemens addressed several vulnerabilities in SINUMERIK controllers, including denial-of-service (DoS), privilege escalation and code execution issues. Siemens has fixed several flaws in SINUMERIK controllers, some of them have been classified as “critical.” The list of vulnerabilities includes DoS, privilege escalation and code execution flaws. Security experts at Kaspersky Lab disc … - US ballistic missile defense systems (BMDS) open to cyber attacks 16 décembre 2018
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate cybersecurity for the protection of the United States’ ba … - Security Affairs newsletter Round 192 – News of the week 16 décembre 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! STOLEN PENCIL campaign, hackers target academic institutions. WordPress botnet composed of +20k installs targets other sites … - Twitter fixed bug could have exposed Direct Messages to third-party apps 16 décembre 2018
Researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The flaw is triggered when apps that require a PIN to complete the authorization process instead of the using the OAuth protocol. The expert discovered that some permissions such as that to access direct messages, remained hidden to the Twitter us …
The Hackers News
- Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach 18 décembre 2018
Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack. In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information. The impacted … - New Malware Takes Commands From Memes Posted On Twitter 18 décembre 2018
Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their … - Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers 15 décembre 2018
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as ‘Magellan’ by Tencent’s Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications. SQLite is a … - New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps 14 décembre 2018
Facebook’s latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users’ private photos which they never shared on their timeline, including images uploaded … - New Shamoon Malware Variant Targets Italian Oil and Gas Company 14 décembre 2018
Shamoon is back… one of the most destructive malware families that caused damage to Saudi Arabia’s largest oil producer in 2012 and this time it has targeted energy sector organizations primarily operating in the Middle East. Earlier this week, Italian oil drilling company Saipem was attacked and sensitive files on about 10 percent of its servers were destroyed, mainly in the Middle East, … - Fake Bomb Threat Emails Demanding Bitcoins Sparked Chaos Across US, Canada 14 décembre 2018
« Pay $20,000 worth of bitcoin, or a bomb will detonate in your building » A massive number of businesses, schools, government offices and individuals across the US, New Zealand and Canada on Thursday received bomb threats via emails that caused nationwide chaos, forcing widespread evacuations and police response. The bomb threat emails were apparently sent by spammers, threatening people that … - Adobe's Year-End Update Patches 87 Flaws in Acrobat Software 12 décembre 2018
Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of … - Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack 12 décembre 2018
Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity. One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being … - phpMyAdmin Releases Critical Software Update — Patch Your Sites Now! 11 décembre 2018
Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The phpMyAdmin project last Sunday gave an early heads-up about the latest security update through its … - Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users 10 décembre 2018
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security vulnerability in one of Google+’s People APIs that could have allowed developers to steal private … - Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know 7 décembre 2018
Australia’s House of Representatives has finally passed the « Telecommunications Assistance and Access Bill 2018, » also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The Australian government argues the new legislation is important for national … - Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command 6 décembre 2018
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines … - New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs 6 décembre 2018
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute … - WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers 5 décembre 2018
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations who … - SNDBOX: AI-Powered Online Automated Malware Analysis Platform 6 décembre 2018
Looking for an automated malware analysis software? Something like a 1-click solution that doesn’t require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and … - New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs 6 décembre 2018
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour. What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin. Instead, the attacker is … - Microsoft building Chrome-based browser to replace Edge on Windows 10 4 décembre 2018
It is no secret how miserably Microsoft’s 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements. According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based web browser, dubbed project codename « Anaheim » internally, that will replace Edge on Windows 10 … - Quora Gets Hacked – 100 Million Users Data Stolen 4 décembre 2018
The World’s most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its … - Become a Certified Hacker With This Hands-On Training Course 18 décembre 2018
It seems as though not a day goes by without news spreading over another major cyber attack. Hackers are becoming increasingly efficient at targeting everything from small startups to Fortune 500 companies and even entire government agencies, and as the world moves further away from traditional types of warfare and more toward engaging in all-out cyber warfare, these attacks are only going to … - Someone Hacked 50,000 Printers to Promote PewDiePie YouTube Channel 1 décembre 2018
This may sound crazy, but it’s true! The war for « most-subscribed Youtube channel » crown between T-Series and PewDiePie just took an interesting turn after a hacker yesterday hijacked more than 50,000 internet-connected printers worldwide to print out flyers asking everyone to subscribe to PewDiePie YouTube channel. PewDiePie, whose real name is Felix Kjellberg, is a famous YouTuber from …
Dark Reading
- When Cryptocurrency Falls, What Happens to Cryptominers? 18 décembre 2018
The fall of cryptocurrency’s value doesn’t signify an end to cryptomining, but attackers may be more particular about when they use it. - Memes on Twitter Used to Communicate With Malware 18 décembre 2018
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say. - Twitter Hack May Have State-Sponsored Ties 18 décembre 2018
A data leak was disclosed after attackers targeted a support form, which had « unusual activity. » - Trend Micro Finds Major Flaws in HolaVPN 18 décembre 2018
A popular free VPN is found to have a very high cost for users. - Cryptographic Erasure: Moving Beyond Hard Drive Destruction 18 décembre 2018
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge. - How to Engage Your Cyber Enemies 18 décembre 2018
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization. - 8 Security Tips to Gift Your Loved Ones For the Holidays 18 décembre 2018
Before the wrapping paper starts flying, here’s some welcome cybersecurity advice to share with friends and family. - Cyber Readiness Institute Launches New Program for SMBs 17 décembre 2018
Program seeks to raise employee cyber awareness at small and midsize businesses and give their owners the tools to make a difference. - Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow 17 décembre 2018
As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says. - 53 Bugs in 50 Days: Researchers Fuzz Adobe Reader 17 décembre 2018
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
gHacks
- A first look at Windows Sandbox 19 décembre 2018
Windows Sandbox is a new virtualization feature that Microsoft will integrate in Windows 10. Windows Sandbox allows users and administrators to run software in a sandbox so that it cannot harm the underlying system. Sandboxing is not a new concept but users had to resort to installing third-party solutions like Sandboxie or virtual machines such as VMWare or VirtualBox in the past to run software … - Ghacks Deals: The Complete Robotics eBook Bundle (90% off) 18 décembre 2018
The Complete Robotics eBook Bundle gives you lifetime access to five eBooks about robotics. The books focus on ROS Robotics, a popular open source operating system for robots. The books are designed for users of all experience levels and available for just $19 for a limited period on Ghacks Deals. The bundle includes the following ebooks: ROS Robotics Projects –Master the Robot Operation System B … - Google will take action against website history manipulation 18 décembre 2018
Chromium developers plan to integrate functionality in Chromium that protects against history manipulation by websites. History manipulation refers to sites adding pages to the browsing history, e.g. in the form of a number of redirects, when a user accesses a page on a site to make it more difficult to go back to the previous page or forward to the next. Usually, what happens is that activating b … - Windows 10 version 1809 available for "advanced users" 18 décembre 2018
The latest feature update for Windows 10, Windows 10 version 1809 — The October 2018 Update — is now available for « advanced users » according to Microsoft. Microsoft started the rollout of the feature update in early October 2018 but pulled it from Windows Update and other updating tools shortly thereafter because of a data loss bug. A large number of other issues came to light in the weeks that … - Video Speed Controller for Google Chrome 18 décembre 2018
Video Speed Controller is a free browser extension for the Google Chrome web browser and compatible browsers that gives you better video playback controls. The extension seems to be related to the Firefox extension Video Speed Controller which we reviewed earlier this year. Most video streaming sites offer basic playback controls only; you can stop playback, skip to the next video, change the audi … - Manage SendTo menu items in Windows 17 décembre 2018
SendTo Menu Editor is a freeware for all supported versions of Microsoft’s Windows operating system that you may use to manage SendTo menu items. Windows Explorer and File Explorer include a SendTo option by default; the menu is displayed when users right-click on files or folders in Explorer. It offers options to send the selection to another location or to process it in some way depending on its … - Remove Backgrounds from Photos automatically 17 décembre 2018
Remove.bg is a new free online service that you may use to remove the background of photos automatically that you upload to the service. Sometimes, you may want to remove background noise from an image, for instance to copy an object without the background as part of a collage. The manual approach to remove background from a photo is certainly the most accurate option but it requires a certain set … - BlackViperScript: make bulk changes to the Windows 10 Service configuration 17 décembre 2018
BlackViperScript is a PowerShell script to make bulk changes to the Service configuration of Windows 10 PCs based on Black Viper’s Services suggestions. Black Viper published service configurations for several versions of Windows; these configurations suggested certain states for services based on use cases. He stopped updating Service configurations in April 2018 but the information is still usef … - Is Microsoft deprecating the People feature in Windows 10? 17 décembre 2018
Microsoft introduced a feature that it called My People back in 2017 in Insider Builds of the then-upcoming Fall Creators Update feature update for Windows 10. Windows 10 users could pin contacts to the Windows 10 taskbar for quick access to these contacts; communication apps that support My People could be assigned to contacts to communication quickly, and it was even possible to view chats from … - Most Internet users still prefer weak passwords over secure ones 16 décembre 2018
If you are a reader of this blog you know that it is essential to use unique and strong passwords for any online or offline service that you use. Most use a password manager for that; either one that integrates in the browser and stores data in the cloud, e.g. LastPass or 1Password, a hybrid like Bitwarden, or a local password manager like KeePass that stores data locally and may also be integrate …
blackMORE Ops
- Inception Attackers Target Europe with Year-old Office Vulnerability 14 décembre 2018
The Inception attackers have been active since at least 2014 and have been documented previously by both Blue Coat and Symantec; historical attacks used custom malware for a variety of platforms, and targeting a range of industries, primarily in Russia, but also around the world. This blog describes attacks against European targets observed in October … The post Inception Attackers Target Eu … - Brute Force Attacks Conducted by Cyber Actors 13 décembre 2018
In a traditional brute-force attack, a malicious actor attempts to gain unauthorized access to a single account by guessing the password. This can quickly result in a targeted account getting locked-out, as commonly used account-lockout policies allow three to five bad attempts during a set period of time. During a password-spray attack (also known as … The post Brute Force Attacks Conducted … - Avoiding Web Application Firewall using Python 21 novembre 2018
Web application firewalls are usually placed in front of the web server to filter the malicious traffic coming towards server. If you arehired as a penetration tester for some company and they forgot to tell you that they are using web application firewall than you might get into a serious mess. The figure below depicts … The post Avoiding Web Application Firewall using Python appeared first … - Targeting websites with Password Reset Poisoning 20 novembre 2018
Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference where we specify … - Cyber Actors Target Home and Office Routers and Networked Devices Worldwide 19 novembre 2018
DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded to the latest available versions … Th … - Identify website technologies with WhatWeb 15 novembre 2018
WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addres … - Automatically crack WiFi password with besside-ng 14 novembre 2018
besside-ng is a tool like Wesside-ng but it support also WPA encryption. It will automatically crack all the WEP networks in range and log the WPA handshakes. WPA handshakes captured can be uploaded to the online cracking service at Darkircop.org (Besside-ng Companion) to attempt to get the password and where provides useful statistics based on … The post Automatically crack WiFi password wi … - Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab 13 novembre 2018
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in … The post Setting up Damn Vulnerable Web A … - CYBERFORCE Profile Series: Transforming Technical Conversations with a Best Practice Assessment 12 novembre 2018
This is the first in a series of blogs featuring a Palo Alto Networks CYBERFORCE Engineer and the business challenges they tackle. CYBERFORCE recognizes the best-of-the-best from the NextWave Partner Community; proven partner engineers who put the customer first, are trusted for their security expertise, and focus on preventing successful cyberattacks Meet Chris, CYBERFORCE Hero … The post C … - HIDDEN COBRA – FASTCash Campaign targeting banks 10 novembre 2018
Since at least late 2016, HIDDEN COBRA actors have used FASTCash tactics to target banks in Africa and Asia. At the time of this TA’s publication, the U.S. Government has not confirmed any FASTCash incidents affecting institutions within the United States. FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions. … The post HI …