Category Archives: Security & Privacy

Internet Explorer New Zero Day Critical Vulnerability

Internet Explorer new Zero Day critical vulnerability ( CVE-2014-1776 ) allow remote code execution. Microsoft release Security Advisory ( 2963983 ) and confirmed:

“Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Follow us on Google+Twitter or Facebook

Payroll details of 100000 Morrisons staff including bank account numbers leaked by insider

Payroll details of 100000 Morrisons staff including bank account numbers leaked by insider and published on the internet, the company has confirmed. Morrisons, which is Britain’s fourth biggest supermarket group, said it had called in police and cyber crime experts. A spokesman for West Yorkshire Police said: “We are aware of the situation and are supporting Morrisons in their investigation into these matters.”

Cisco Small Business Router Password Disclosure Vulnerability

A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device.

The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device.

Cisco has released free software updates that address this vulnerability.

The following products are affected by the vulnerability that is described in this advisory:

  • Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9 and prior
  • Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and prior
  • Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19 and prior

Belkin WeMo smart home networks in danger of hacks

Belkin WeMo smart home networks in danger of hacks. Security firm IOActive announced that it has uncovered multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over half a million users. Belkin’s WeMo uses Wi-Fi and the mobile Internet to control home electronics anywhere in the world directly from the user’s smartphone.
Mike Davis, IOActive’s principal research scientist, uncovered multiple vulnerabilities in the WeMo product set that gives attackers the ability to Remotely control WeMo Home Automation attached devices over the Internet, Perform malicious firmware updates, Remotely monitor the devices and Access an internal home network.
Davis said, “As we connect our homes to the Internet, it is increasingly important for Internet-of-Things device vendors to ensure that reasonable security methodologies are adopted early in product development cycles. This mitigates their customer’s exposure and reduces risk. Another concern is that the WeMo devices use motion sensors, which can be used by an attacker to remotely monitor occupancy within the home.”

ZeuS Banking Trojan Targets Salesforce accounts

The Zeus malware family is known as a cause of identity theft of financial and banking details. A new variation of the Zeus Banking Trojan Targets Salesforce accounts and SaaS Applications. Zeus comes in many different forms and flavors, is capable to steal users online banking credentials once installed.
The Adallom Labs team recently discovered an unusual variant of the Zeus trojan that targets Salesforce users. In a blog post, the Adallom Labs team said:

We’ve been internally referring to this type of attack as “landmining”, since the attackers laid “landmines” on unmanaged devices used by employees to access company resources. The attackers, now bypassing traditional security measures, wait for the user to connect to *.my.salesforce.com in order to exfiltrate company data from the user’s Salesforce instance.

Hackers spread credentials for thousands of FTP sites, New York Times among those

Hackers spread credentials for thousands of FTP sites, New York Times among those. Hackers get credentials for more than 7,000 FTP sites and circulated a list in underground forums, according to a security expert Alex Holden, chief information security officer for Hold Security, a Wisconsin-based company that monitors cyberattacks.

Hackers used the credentials for access to the some FTP servers and upload malicious files, including scripts in the programming language PHP. In other cases , they put the files on FTP servers , which include malicious links directing people to malicious web sites.

Kaspersky Unvalidated Redirection Vulnerability

Unvalidated Redirection Vulnerability in Kaspersky website has found by security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT.

According to Ebrahim blog post, the “Unvalidated Redirection Vulnerability” in the website of the well known Antivirus and Internet Security software developer Kaspersky could be used by attackers to trick Kaspersky.com users into visitng Malicious web-sites!

After the researcher reported the vulnerability to Kaspersky team, it took about 2 months to fix the vulnerability. The vulnerability was reported to Kaspersky web team and now it is fixed.
The video bellow demonstrates how to simulate a black-hat method to use this vulnerability to spread a Malware.

Originally posted at Internet Security Magazine

Credit and debit card information of more than 110 million Target customers was stolen

The credit and debit card information of more than 110 million Target customers was stolen by hackers

The malware at the center of Target’s recent data breach affecting millions of customers was partly written in Russian, according to a report issued Thursday by US government authorities and cyber security researchers. The data was quietly moved around on Target’s network before it was sent to a US server, then to Russia.

The report, which was only distributed to organisations that are involved or may have been attacked, describes a sophisticated cyber attack operation authorities are calling Kaptoxa, a Russian word that comes from a piece of code in the malware.

Target said the breach occurred between November 27 and December 15 and resulted in the theft of names, mailing addresses, phone numbers, e-mail addresses, and debit and credit card data of people who shopped at the retailer during those dates.

Tens of thousands of people received an e-mail from Target. In an effort to temper the repercussions of its massive data breach, Target offered to give affected customers one year of free credit monitoring from Experian – valued at $191.

Malicious advertisements served via Yahoo!

Malicious advertisements served via Yahoo!

Malicious advertisements served via Yahoo, reports the Fox-IT.

Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Upon visiting the malicious advertisements users get redirected to a “Magnitude” exploit kit via a HTTP redirect to seemingly random sub-domains. This exploit kit exploits vulnerabilities in Java and installs a host of different malware.  The countries most affected by the exploit kit are Romania, Great Brittain and France.

It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors. The exploit kit bears similarities to the one used in the brief infection of php.net in October 2013.

Update January 3, 1815 (GMT+1): It appears the traffic to the exploit kit has significantly decreased. It looks like Yahoo is taking steps to fix the problem.

NSA developing code cracking quantum computer

The US National Security Agency is building a quantum computer to break the encryption that keeps messages secure, reports the Washington Post.

The NSA project came to light in documents passed to the newspaper by whistle-blower Edward Snowden.

The spying agency hopes to harness the special qualities of quantum computers to speed up its code-cracking efforts.

In room-size metal boxes ­secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world.

According to documents provided by former NSA contractor Edward Snowden, the effort to build “a cryptologically useful quantum computer” — a machine exponentially faster than classical computers — is part of a $79.7 million research program titled “Penetrating Hard Targets.” Much of the work is hosted under classified contracts at a laboratory in College Park, Md.