PHISHING ATTACKS AT HIGHEST LEVEL IN THREE YEARS
2019-11-07 15:26:36       Net-Security

The number of phishing attacks continued to rise into the autumn of 2019, according to APWG. The total number of phishing sites detected in July through September 2019 was 266,387.

This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. This is the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016.

more


ANDROID BUG LETS HACKERS PLANT MALWARE VIA NFC BEAMING
2019-11-05 10:58:28       Slashdot

Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth. Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source. But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.

The CVE-2019-2114 bug resided in the fact that the Android Beam app was also whitelisted, receiving the same level of trust as the official Play Store app. Google said this wasn`t meant to happen, as the Android Beam service was never meant as a way to install applications, but merely as a way to transfer data from device to device. The October 2019 Android patches removed the Android Beam service from the OS whitelist of trusted sources. However, many millions of users remain at risk. If users have the NFC service and the Android Beam service enabled, a nearby attacker could plant malware (malicious apps) on their phones.

Since most newly-sold devices have the NFC feature enabled by default, you`ll have to disable Android Beam and NFC or update your phone to receive the October 2019 security updates if you want to protect yourself from this bug.


KEEPING PERSONAL AND BUSINESS DATA SECURE
2019-10-23 16:21:50      

People are curious. They simply cannot resist peeking at others` screens, reading unattended documents in printers, and otherwise sticking their noses anywhere and everywhere.

A recent study indicates that a large percentage of people make efforts to protect their own information, but routinely `invade` the information of others. Old-timers will recognize `Mrs. Kravitz` as the nosy neighbor lady on the `60s TV show `Bewitched` as a great example of this curiosity getting the better of people.

The take-away from the study is that you might want to alter some of your habits:

  • Don`t leave documents in the printer for longer than necessary.
  • Pay attention to who`s around you when you use your phone or computer.
  • Lock or log out of your computer or phone when you are away from it.
  • You might also be a little more conscious of other people`s privacy, and reign in your own innate curiosity. Do you really need to know private details of your co-workers` personal lives that they haven`t elected to share with you? Ask yourself how you would feel if the roles were reversed?

    Obviously, all this applies to company data as well, along with the added aspect that mishandling of information could have ramifications on the future of the company and your own personal trajectory.


    ATTACKERS EXPLOIT NEW 0-DAY VULNERABILITY GIVING FULL CONTROL OF ANDROID PHONES
    2019-10-06 13:59:58       Slashdot

    Attackers are exploiting a zero-day vulnerability in Google`s Android mobile operating system that can give them full control of at least 18 different phone models, reports Ars Technica, including four different Pixel models, a member of Google`s Project Zero research group said on Thursday night. The post also says there`s evidence the vulnerability is being actively exploited.

    An anonymous reader quotes Ars Technica:

    Exploits require little or no customization to fully root vulnerable phones. The vulnerability can be exploited two ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content. `The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device,` Stone wrote. `If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox....`

    Google representatives wrote in an email: `Pixel 3 and 3a devices are not vulnerable to this issue, and Pixel 1 and 2 devices will be protected with the October Security Release, which will be delivered in the coming days. Additionally, a patch has been made available to partners in order to ensure the Android ecosystem is protected against this issue.`

    The use-after-free vulnerability originally appeared in the Linux kernel and was patched in early 2018 in version 4.14, without the benefit of a tracking CVE. That fix was incorporated into versions 3.18, 4.4, and 4.9 of the Android kernel. For reasons that weren`t explained in the post, the patches never made their way into Android security updates.

    https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/

    HACKERS TURN TO OPENDOCUMENT FORMAT TO AVOID AV DETECTION
    2019-10-02 09:47:14       ThreatPost
    Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users. Please assign the same cautions to ODT files and other OpenOffice documents that you would to Microsoft Office documents and PDFs. More: https://threatpost.com/hackers-turn-to-opendocument/148817/

    HACK BREAKS PDF ENCRYPTION, OPENS CONTENT TO ATTACKERS
    2019-10-02 09:30:16       ThreatPost

    PDFex can bypass encryption and password protection in most PDF readers and online validation services, allowing unauthorized parties to read content and forge documents.

    Expect updates for Adobe Acrobat, Firefox, and other applications with PDF soon.

    In the meantime, be wary of apparently signed and verified PDF files and do not depend exclusively on PDF encryption to protect company information.

    More information here: https://threatpost.com/hack-breaks-pdf-encryption/148834/.


    APPLE HITS BACK AT GOOGLE OVER IPHONE HACK REPORT
    2019-09-09 06:01:51       Silicon Security
    Fight, fight. Google security researchers overstated the level of threat to iPhone users, Apple alleges

    GOOGLE SAYS HACKERS HAVE PUT `MONITORING IMPLANTS` IN IPHONES FOR YEARS
    2019-08-31 13:04:53       Slashdot

    An unprecedented iPhone hacking operation, which attacked `thousands of users a week` until it was disrupted in January, has been revealed by researchers at Google`s external security team. From a report:

    The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.

    Once hacked, the user`s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device`s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: `Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.`

    more

    INTERNET EXPLORER 11 END OF LIFE
    2019-08-22 14:19:50      

    Internet Explorer 11 is being less and less updated by Microsoft. They obviously would like to see it go away.

    We are trusting it less each day to remain safe and secure. It also is woefully short on support for modern web technologies like HTML5 and CSS3.

    Please start using Firefox as your default and primary browser. The Bookmark manager in Firefox should help you import your Favorites from Internet Explorer without much heartache.

    Most laptops should already have Firefox installed. Just allow it to be your default browser, and hold IE11 in reserve for any sites that you access that still require Java or other old technologies not supported by Firefox.


    HACKERS CAN BREAK INTO AN IPHONE JUST BY SENDING A TEXT
    2019-08-08 23:10:03      

    https://media.wired.com

    Casey Chin

    When you think about how hackers could break into your smartphone, you probably imagine it would start with clicking a malicious link in a text, downloading a fraudulent app, or some other way you accidentally let them in. It turns out that`s not necessarily sonot even on the iPhone, where simply receiving an iMessage could be enough to get yourself hacked.

    At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called `interaction-less` bugs in Apple`s iOS iMessage client that could be exploited to gain control of a user`s device. And while Apple has already patched six of them, a few have yet to be patched.


    ONLY YOU CAN PREVENT RANSOMWARE!
    2019-07-30 22:59:08      

    Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization. Sometimes all it takes is one unsuspecting user to infect an entire organization.

    The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victims computer data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since were dealing with criminals here, paying the ransom doesnt ensure access will be restored.

    Ransomware is the online form of the bullys game of keep-away. The bully could hold your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, right in front of you, but theyre encrypted now, making them unreadable. In 2017, the average ransom demand was US$522 a high price to pay for getting your own property back.

    Types of ransomware

    Ransomware can come in many shapes and sizes. Some variants may be more harmful than others, but they all have one thing in common: a ransom. The five types of ransomware are:

    • Crypto malware. This is a well-known form of ransomware and can cause a great deal of damage. One of the most familiar examples is the 2017 WannaCry ransomware attack, which targeted thousands of computers around the world and spread itself within corporate networks globally.
    • Lockers. This kind of ransomware is known for infecting your operating system to completely lock you out of your computer, making it impossible to access any of your files or applications.
    • Scareware. This is fake software that acts like an antivirus or a cleaning tool. Scareware often claims to have found issues on your computer, demanding money to resolve the issue. Some types of scareware lock your computer, while others flood your screen with annoying alerts and pop-up messages.
    • Doxware. Commonly referred to as leakware, doxware threatens to publish your stolen information online if you dont pay the ransom. As more people store sensitive files and personal photos on their computers, its understandable that many individuals panic and pay the ransom when their files have been hijacked.
    • RaaS. Otherwise known as Ransomware as a Service, RaaS is a type of malware hosted anonymously by a hacker. These criminals handle everything from distributing the ransomware and collecting payments to managing decryptors software that restores data access in exchange for their cut of the ransom.

    Ransomware remains a popular means of attack, and new ransomware families are discovered every year. Reported attacks in the U.S. dropped from 2,673 in 2016 to 1,783 in 2017. However, the threat of ransomware is still incredibly active on the internet, so you should take precautions to help avoid becoming a victim.

    Dos and donts of ransomware:

    Ransomware is a profitable market for cybercriminals and can be difficult to stop. Prevention is the single most important aspect of protecting your personal data. To deter cybercriminals and help protect yourself from a ransomware attack, keep in mind these dos and donts:

    • Do use security software. To help protect your data, install and use a trusted security suite that offers more than just antivirus features.
    • Do keep your security software up to date. New ransomware variants appear on a regular basis, so having up-to-date internet security software will help protect you against cyberattacks.
    • Do update your operating system and other software. Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
    • Dont automatically open email attachments. Email is one of the main methods for delivering ransomware. Avoid opening emails and attachments from unfamiliar or untrusted sources.
    • Do be wary of any email attachment that advises you to enable macros to view its content. Once enabled, macro malware can infect multiple files. Unless you are absolutely sure the email is genuine, from a trusted source, delete the email.
    • Do back up important data to an external hard drive. Attackers can gain leverage over their victims by encrypting valuable files and making them inaccessible. If the victim has backup copies, the hacker no longer holds the upper hand. Backup files allow victims to restore their files once the infection has been cleaned up. Ensure that backups are appropriately protected or stored offline so that attackers cant access them.
    • Do use cloud services. This can help mitigate a ransomware infection, since many cloud services retain previous versions of files, allowing you to roll back to the unencrypted form.
    • Dont pay the ransom. You could be wondering, But wont I get my files back if I pay the ransom? You might, but you might not. Sensing desperation, a cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.

    Ransomware bullies make a living by preying on the innocent. With new ransomware variants popping up frequently, you want to do what you can to minimize your exposure. By following these simple dos and donts, you can help protect your computer data and personal information from ransomware.


    YOUTUBE POLICY ON REMOVING INSTRUCTIONAL HACKING CONTENT CAUSES INFOSEC COMMUNITY OUTRAGE
    2019-07-04 05:25:25       incidents.org

    MICROSOFT PATCHES `WORMABLE` FLAW IN WINDOWS XP, 7 AND WINDOWS 2003
    2019-05-14 17:30:00       Slashdot
    Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a `wormable` flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. From a report: The vulnerability (CVE-2019-0708) resides in the `remote desktop services` component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates. Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is trying to head off a serious and imminent threat.\n \n\n \n

    INTEL CPUS RELEASED IN LAST 8 YEARS IMPACTED BY NEW ZOMBIELOAD SIDE-CHANNEL ATTACK
    2019-05-14 13:22:00       Slashdot
    Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. From a report: The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow. Just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance. For more than a year, academics have been poking holes in various components of the speculative execution process, revealing ways to leak data from various CPU buffer zones and data processing operations. Meltdown, Spectre, and Foreshadow have shown how various CPU components leak data during the speculative execution process. Today, an international team of academics -- including some of the people involved in the original Meltdown and Spectre research -- along with security researchers from Bitdefender have disclosed a new attack impacting the speculative execution process. This one is what researchers have named a Microarchitectural Data Sampling (MDS) attack, and targets a CPU`s microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. [...] In a research paper published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. Processors for desktops, laptops, and (cloud) servers are all impacted, researchers said on a special website they`ve set up with information about the Zombieload flaws.\n \n\n \n

    A GLITCH IS BREAKING ALL FIREFOX EXTENSIONS
    2019-05-04 18:56:13       Slashdot
    UPDATE: This appears to be resolved.
    Did you just open Firefox only to find all of your extensions disabled and/or otherwise not working? You`re not alone, and it`s nothing you did. From a report: Reports are pouring in of a glitch that has spontaneously disabled effectively all Firefox extensions. Each extension is now being listed as a `legacy` extension, alongside a warning that it `could not be verified for use in Firefox and has been disabled.` A ticket submitted to Mozilla`s Bugzilla bug tracker first hit at around 5:40 PM Pacific, and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM (or midnight on May 4th in UTC time). Because the glitch stems from an underlying certificate, re-installing extensions won`t work -- if you try, you`ll likely just be met with a different error message. Getting extensions back for everyone is going to require Mozilla to issue a patch.

    MICROSOFT BLOCKS WINDOWS 2019 UPDATE ON PCS THAT USE USB STORAGE OR SD CARDS
    2019-05-04 09:55:37       Slashdot
    Microsoft has published a support document today warning Windows 10 users that the impending May 2019 Update may not install on their systems if they use external USB storage devices or SD cards. From a report: The OS maker cited problems with `inappropriate drive reassignment` as the main reason for blocking the May 2019 Update. `Inappropriate drive reassignment can occur on eligible computers that have an external USB device or SD memory card attached during the installation of the May 2019 update,` the company said. `For this reason, these computers are currently blocked from receiving the May 2019 Update.`

    MOZILLA SAYS IT WILL BAN FIREFOX ADD-ONS WITH OBFUSCATED CODE
    2019-05-02 13:01:00       Slashdot
    DarkRookie2 writes: As Mozilla continues to try to make it safer than ever to use Firefox, the organization has updated its Add-on Policy so that any updates that include obfuscated code are explicitly banned. Mozilla has also set out in plain terms its blocking process for add-ons and extensions. While there is nothing surprising here, the clarification should mean that there are fewer causes for disputes when an add-on is blocklisted. The updated Add-on policy comes into force on June 10, so add-on developers have a little more than a month to take note of the changes and comply. Mozilla says that the move is designed to help it better deal with malicious extensions. Mozilla also plans to be more aggressive towards taking down extensions that break its policies, with a heavy focus on security issues. ZDNet adds: [...] Starting with June 10, Mozilla`s team will also be more aggressive in blocking and disabling Firefox add-ons in users` browsers that are found to be violating one of the company`s policies.`We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control,` Nieman said.\n \n\n \n

    PUTIN SIGNS LAW TO CREATE AN INDEPENDENT RUSSIAN INTERNET
    2019-05-02 12:05:00       Slashdot
    Russia is one step closer to creating its own, independent internet -- at least legally speaking. Russian President Vladimir Putin has signed into law new measures that would enable the creation of a national network, able to operate separately from the rest of the world, according to documents posted on a government portal this week. From a report: For now, the network remains largely theoretical though, with few practical details disclosed. In concept, the new law aims to protect Russia from foreign online restrictions by creating what the Kremlin calls a `sustainable, secure and fully functioning` local internet. The legislation takes effect in November, state news agency RIA-Novosti reported. According to a summary from RIA-Novosti, the law calls for the creation of a monitoring and a management center supervised by Roskomnadzor, Russia`s telecoms agency. The state agency will be charged with ensuring the availability of communication services in Russia in extraordinary situations. During such situations, it would also be empowered to cut off external traffic exchange, creating a purely Russian web.\n \n\n \n

    INTERNET EXPLORER ZERO-DAY LETS HACKERS STEAL FILES FROM WINDOWS PCS
    2019-04-12 06:26:20       incidents.org

    WINDOWS 10 COULD AUTOMATICALLY UNINSTALL BUGGY WINDOWS UPDATES
    2019-03-12 18:50:00       Slashdot
    Microsoft is reportedly working on a new functionality that will automatically remove botched updates from Windows 10 to fix startup issues and other bugs preventing the PC from booting. `The support document was quietly published a couple of hours ago and for some reasons, Microsoft has also blocked the search engines from crawling or indexing the page,` reports Windows Latest. `In the document, Microsoft explains that Windows may automatically install updates in order to keep your device secure and smooth.` From the report: Due to various reasons, including software and driver compatibility issues, Windows Updates are vulnerable to mistakes and hardware errors. In some cases, Windows Update may fail to install. After installing a recent update, if your PC experience startup failures and automatic recovery attempts are unsuccessful, Windows may try to resolve the failure by uninstalling recently installed updates. In this case, users may receive a notification with the following message: `We removed some recently installed updates to recover your device from a startup failure.` Microsoft says that Windows will also automatically block the problematic updates from installing automatically for the next 30 days. During these 30 days, Microsoft and its partners will investigate the failure and attempt to fix the issues. When the issues are fixed, Windows will again try to install the updates. Users still have the freedom to reinstall the updates. If you believe that the update should not be removed, you can manually reinstall the driver or quality updates which were uninstalled earlier.\n \n\n \n

    MICROSOFT WILL NOW PESTER WINDOWS 7 USERS TO UPGRADE TO WINDOWS 10 WITH POP-UPS
    2019-03-12 13:27:00       Slashdot
    Mark Wilson writes: Anyone who is still using Windows 7 doesn`t have much longer until the operating system is no longer supported by Microsoft. Come January 14, 2020 only those enterprise customers who are willing to pay for Extended Security Updates will receive any kind of support. Microsoft has already done a lot to encourage Windows 7 diehards to make the move to Windows 10, and now it is stepping things up a gear. Throughout 2019, the company will show pop-up notifications in Windows 7 about making the switch to the latest version of Windows.\n \n\n \n

    CHECK IF YOUR ACCOUNT WAS PART OF A DATA BREACH
    2019-02-25 15:26:47       dragon
    Check if you have an account that has been compromised in a data breach at Have I Been PWNed.

    SCAN SUSPICIOUS FILES WITH MULTIPLE ANTIVIRUS SCANNERS
    2019-02-25 15:26:34       dragon
    Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.

    NEW BROWSER ATTACK LETS HACKERS RUN BAD CODE EVEN AFTER USERS LEAVE A WEB PAGE
    2019-02-25 14:03:02       incidents.org
    Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users` browsers even after users have closed or navigated away from the web page on which they got infected.

    ICANN WARNS OF `ONGOING AND SIGNIFICANT` ATTACKS AGAINST INTERNET`S DNS INFRASTRUCTURE
    2019-02-25 09:00:00       Slashdot

    The internet`s address book keeper has warned of an `ongoing and significant risk` to key parts of the domain name system infrastructure, following months of increased attacks.

    From a report: The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of `multifaceted attacks utilizing different methodologies.` It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.

    ICANN`s chief technology officer David Conrad told the AFP news agency that the hackers are `going after the Internet infrastructure itself.` The internet organization`s solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that`s more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult -- though not impossible -- to spoof.