Subscribe to This Feed

70 percent of IoT devices vulnerable to cyberattacks: Cyber Highlights July 31st

By Kelli Tarala | July 31, 2014

EVERYTHING_FINAL HP released a report on Internet of Things (IoT) devices and found that 70 percent of devices tested contained serious vulnerabilities, while 80 percent raised privacy concerns, among other findings.

Full Story:
http://www.securityweek.com/70-iot-devices-vulnerable-cyberattacks-hp

Instagram account hijack code published
A developer released a proof-of-concept that exploits the lack of HTTPS encryption in certain functions of the Instagram app for iOS that could allow an attacker on the same network to intercept session cookies and use them to take over Instagram accounts. Instagram parent company Facebook stated that they are aware of the issue and are working to find a solution.

Full Story:
http://news.softpedia.com/news/Instagram-Account-Hijack-Code-Published-452658.shtml

Riverside announces security breach
Riverside Health System in Newport News notified over 2,000 patients after an employee was charged in connection to a security breach at the health system’s Cancer Specialists of Tidewater office. Investigators believe the former employee accessed the patients’ records without authorization.

Full Story:
http://www.dailypress.com/health/dp-nws-security-breach-riverside-20140729,0,1160235.story

Malicious Android apps can impersonate trusted ones
Researchers at Bluebox Security reported a vulnerability present in Android versions below 4.4 (KitKat) can allow malicious apps to benefit from the access permissions of legitimate apps due to signatures issued from a legitimate app not being checked.

Full Story:
http://news.softpedia.com/news/Malicious-Android-Apps-Can-Impersonate-Trusted-Ones-452659.shtml

Tor warns of attack attempting to deanonymize users
The Tor Project reported that an attack that could have broken users’ anonymity on the Tor network was detected July 4 and may have been part of a research project. The attack used a combination of a Sybil attack and a traffic confirmation attack, and the vulnerabilities exploited were closed in a patch issued July 30.

Full Story:
http://www.securityweek.com/tor-warns-attack-attempting-deanonymize-users

Zero-day flaws found in Symantec’s Endpoint Protection
Offensive Security researchers reported finding three zero day vulnerabilities in Symantec’s Endpoint Protection product that could allow a logged-in user to gain system access and perform attacks such as identifying domain administrator cache credentials or hash dumping.

Full Story:
http://www.computerworld.com/s/article/9250047/Zero_day_flaws_found_in_Symantec_s_Endpoint_Protection

Trio of flaws fixed in Facebook Android app
Facebook issued an update for its Android app that closes a vulnerability where an HTTP server used for video playback would accept requests from any client, leading to the potential for attacks to cause a denial of service (DoS) condition or transfer large amounts of data to run up charges on a victim’s mobile bill.

Full Story:
http://threatpost.com/trio-of-flaws-fixed-in-facebook-android-app

Many antivirus engines plagued by vulnerabilities:
A researcher with Coseinc presenting at the SyScan 360 conference reported that 14 of 17 antivirus products tested contained at least one vulnerability due to a variety of factors. Some vulnerabilities have since been patched, while the researcher reported that others remain exploitable.

Full Story:
http://www.securityweek.com/many-antivirus-engines-plagued-vulnerabilities-researcher

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Photo Source: http://popupcity.net

Topics: Uncategorized | No Comments »

XML-RPC abused in brute-force attacks against WordPress sites: July 29th Highlights

By Kelli Tarala | July 29, 2014

brute force Source: http://cdn-static.zdnet.com

XML-RPC abused in brute-force attacks against WordPress sites
Sucuri researchers found new brute-force attacks delivered against WordPress Web sites leverage the XML-RPC protocol and the wp.getUersBlogs function have increased since July 4 with 2 million attempts originating from 17,000 different IP addresses.

Full Story:
http://news.softpedia.com/news/XML-RPC-Abused-In-Brute-Force-Attacks-Against-WordPress-Sites-452143.shtml

XSS flaw fixed in Barracuda Spam and Virus Firewall
Vulnerability Laboratory researchers discovered a non-persistent cross-site scripting (XSS) vulnerability in the Barracuda Spam and Virus Firewall web application affecting versions 5.1.3 and earlier that allowed a potential attacker to hijack session information or execute a non-persistent code. The vulnerability was patched July 15 after researchers notified the developer.

Full Story:
http://news.softpedia.com/news/XSS-Flaw-Fixed-in-Barracuda-Spam-and-Virus-Firewall-452377.shtml

Remotely exploitable flaws fixed in Siemens SCADA system
Siemens patched 5 vulnerabilities discovered in its SIMATIC industrial automation system, four of them presenting remote exploitation risk, after an advisory by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) which explained that the flaws resided in the SIMATIC WinCC product which is a supervisory control and data acquisition (SCADA) system.

Full Story:
http://news.softpedia.com/news/Remotely-Exploitable-Flaws-Fixed-in-Siemens-SCADA-System-452219.shtml

Citigroup business unit charged with failing to protect confidential subscriber data while operating alternative trading system
New York-based LavaFlow Inc., agreed July 25 to pay $5 million to settle U.S. Securities and Exchange Commission charges that the Citigroup business unit failed to safeguard the confidential trading data of its subscribers when it allowed an affiliate to access the LavaFlow-operated alternative trading system (ATS).

Full Story:
http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542371114#.U9Zy6fldVKI

Englishman indicted for stealing thousands of U.S. government employee records
A man from England was indicted July 24 in the Eastern District of Virginia for offenses that enabled him to access sensitive information belonging to more than 100,000 federal government employees by breaching the systems of the U.S. Department of Energy, the U.S. Sentencing Commission, FBI’s Regional Computer Forensics Laboratory, and Deltek, Inc., among several others. The man was able to exploit a security vulnerability in Adobe ColdFusion gaining administrator-level access to the networks using custom file managers.

Full Story:
http://news.softpedia.com/news/Englishman-Indicted-for-Stealing-Thousands-of-US-Government-Employee-Records-452280.shtml

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Cloud botnets used for mining crypto-currency: Cyber Highlights July 28th

By Kelli Tarala | July 28, 2014

 

cloudrobot siliconangle.com

Cloud botnets used for mining crypto-currency
Researchers from Bishop Fox created a botnet capable of mining several hundred dollars in Litecoin crypto-currency on a daily basis using free services of multiple cloud-computing businesses. Conducted distributed denial of service (DDoS) attacks was determined to be another way to use the machines.

Full Story:
http://news.softpedia.com/news/Cloud-Botnets-Used-for-Mining-Crypto-Currency-452030.shtml

Self Regional announces security breach of patient info
Self Regional Healthcare in Greenwood notified at least 500 patients July 24 of a potential security breach after two thieves broke into the Support Services Center May 25 and took a hospital-owned laptop. Police arrested and charged two men June 10 in connection with the theft where one of the suspects admitted to panicking and throwing the password protected laptop into Lake Thurmond.

Full Story:
http://www.indexjournal.com/Content/Default/Homepage-Rotating-Articles/Article/Self-Regional-announces-security-breach-of-patient-info/-3/225/26721

State Department computer crash slows visa, passport applications worldwide
The U.S. State Department announced July 24 that its main computer system for processing visa and passport applications worldwide crashed during the week of July 21 after routine maintenance on the consular database. The system was brought back online but remained at limited capacity while officials worked to correct the problem.

Full Story:
http://www.networkworld.com/article/2458181/state-department-computer-crash-slows-visa-passport-applications-worldwide.html

TAILS team recommends workarounds for flaw in I2P
TAILS operating system developers claimed a vulnerability in the I2P anonymity network software affecting versions 1.1 and earlier can be mitigated with a couple of workarounds, though the vulnerability has yet to be patched.

Full Story:
http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107422 24.

Sony to shell out $15M in PSN breach settlement
Sony released a statement July 24 claiming it reached an agreement to pay $15 million in a preliminary settlement associated with the April 2011 hacking of its PlayStation Network system, its on-demand service Qriocity, and gaming portal Sony Online Entertainment, exposing the personal data of roughly 77 million users.

Full Story:
http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/

More details of Onion/Critroni crypto ransomware emerge
Kaspersky Lab and other researchers found that the Critroni or CTB-Locker dubbed Onion uses a number of features that separate it from other forms of malware including that the ransomware is spread through Andromeda using a version of the asymmetric ECDH (Elliptic Curve Diffie-Hellman) algorithm.

Full Story:
http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-encryption/107408

Popular wireless home alarms can be hacked from afar
Two security researchers found that wireless home alarm systems are vulnerable to remote hijacking which would allow for access into the protected environment without tripping the alarm due to the signals lack of encryption or authentication. The tools used to hack into systems are available for purchase, potentially allowing intruders to completely disable the alarm from 10 feet.

Full Story:
http://news.softpedia.com/news/Popular-Wireless-Home-Alarms-Are-Easy-to-Hack-452023.shtml

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Wall Street Journal acknowledges system breach: Cyber Security Updates July 25th

By Kelli Tarala | July 25, 2014

wsj

Source: http://bossetools.com/bosse-tools-featured-lmu-press-release-published-wall-street-journal/

The Wall Street Journal confirmed that its systems were compromised when an attacker gained access to news site’s graphics servers, but that an ongoing investigation did not reveal any signs of damage or tampering. An individual using the handle “w0rm” known for breaching the systems of CNET claimed responsibility and stated that they were willing to sell a database stolen in the breach for one Bitcoin.

Full Story:
http://news.softpedia.com/news/Wall-Street-Journal-Acknowledges-System-Breach-451796.shtml

50,000 sites backdoored through shoddy WordPress plugin
A researcher with Sucuri reported that around 50,000 Web sites were vulnerable to malware injection, defacement, and spam due to a vulnerability in the MailPoet plugin for WordPress. The vulnerability can affect Web sites that do not run MailPoet if the vulnerable plugin is present elsewhere on the same server.

Full Story:
http://www.theregister.co.uk/2014/07/24/

DDoS attackers turn attention to SaaS and PaaS systems, Akamai reports
Akamai released its Q2 2014 Global DDoS Attack Report, which found a 22 percent increase in distributed denial of service (DDoS) attack activity in the second quarter of 2014. The report also found that around half of DDoS attacks targeted IT infrastructure, with vendors of cloud services such as Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) being common targets.

Full Story:
http://www.v3.co.uk/v3-uk/news/2356828/ddos-attackers-turn-attention-to-saas-and-paas-systems-akamai-reports

Apple fanbois SCREAM as update BRICKS their Macbook Airs
Users of Apple’s 2011 Macbook Air reported experiencing nonresponsive systems after applying a version 2.9 EFI firmware update to their systems, while others reported difficulties installing the update.

Full Story:
http://www.theregister.co.uk/2014/07/23/apple_macbook_air_update_bricks_fanbois_machines/

Metro News website compromised to serve malware
Researchers at Websense reported July 22 that the Web site of newspaper Metro.us was compromised and used to redirect visitors to a malicious Web site hosting the RIG exploit kit. The RIG exploit kit then attempts to exploit any present vulnerabilities in users’ software to install a piece of malware identified as Win32/Simda. Source: http://www.securityweek.com/metro-news-website-compromised-serve-malware-rig-exploit-kit

Fake Googlebots used for layer 7 DDoS attacks
Incapsula issued a report that shows how malicious Web crawlers that mimic Googlebots to bypass security are being used for various malicious purposes. The majority of the fake crawlers were used for collecting marketing information while 23.5 percent were used for application layer distributed denial of service (DDoS) attacks.

Full Story:
http://news.softpedia.com/news/Fake-Googlebots-Used-for-Layer-7-DDoS-Attacks-451984.shtml

Six men charged in StubHub cyber-theft case
Six individuals were charged in the U.S. in connection with an alleged cybercrime ring that took over accounts on online ticket marketplace StubHub, used victims’ credit cards to purchase tickets to various entertainment events in New York City, sell the tickets, and then launder the proceeds through PayPal accounts and bank accounts in the U.S., U.K., Canada, Germany, and Russia. The alleged fraud totaled around $1 million and affected over 1,000 user accounts.

Full Story:
http://www.net-security.org/secworld.php?id=17164

Women & Infants Hospital to pay $150,000 to settle data breach allegations
The attorney general of Massachusetts announced July 23 that Women & Infants Hospital of Rhode Island agreed to pay $150,000 to settle allegations that it failed to protect the personal health information of 12,127 patients in Massachusetts after an April 2012 data breach. The hospital discovered that 19 unencrypted back-up tapes from two if its Prenatal Diagnostic Centers went missing in 2011 and authorities determined that they did not properly report the breach under the State’s notification statute.

Full Story:
http://www.mass.gov/ago/news-and-updates/press-releases/2014/2014-07-23-women-infants-hospital.html

50,000 sites backdoored through shoddy WordPress plugin
A researcher with Sucuri reported that around 50,000 Web sites were vulnerable to malware injection, defacement, and spam due to a vulnerability in the MailPoet plugin for WordPress. The vulnerability can affect Web sites that do not run MailPoet if the vulnerable plugin is present elsewhere on the same server.

Full Story:
http://www.theregister.co.uk/2014/07/24/

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

40% of orgs running VMware still susceptible to Heartbleed: July 24th

By Kelli Tarala | July 24, 2014

large-hero-heartbleedData collected and analyzed by CloudPhysics found that 57 percent of deployed VMware vCenter servers and 58 percent of ESXi hypervisor hosts remain vulnerable to the Heartbleed vulnerability in OpenSSL, affecting 40 percent of organizations in the CloudPhysics data set.

Full Story:
http://www.net-security.org/secworld.php?id=17159

Android ransomware demands 12x more cash, targets English-speakers
Researchers at ESET identified a new version of the Simplocker ransomware for Android that displays a fake law enforcement ransom note in English and demands a higher ransom than previous versions that were written in Russian and demanded payment in Ukrainian hryvnias. The new version of the ransomware contains additional features such as the encryption of more types of files on victims’ devices and actions that make it more difficult to remove.

Full Story:
http://www.theregister.co.uk/2014/07/23/android_ransomware_simplocker_revamp/

Mozilla fixes 11 vulnerabilities with release of Firefox 31
Mozilla released new versions of its Firefox Web browser and Thunderbird email client July 22, closing 11 vulnerabilities, including 3 rated as critical.

Full Story:
http://www.securityweek.com/mozilla-fixes-11-vulnerabilities-release-firefox-31

Internet Explorer vulnerabilities increase 100%
An analysis by Bromium Labs surveyed vulnerabilities in popular Web browsers and common software and found that vulnerabilities in Internet Explorer increased by more than 100 percent in the first quarter of 2014. Other findings included that Action Script Sprays were leveraged in zero day attacks and that zero day vulnerabilities in Java have declined greatly in the first quarter of 2014 compared to 2013.

Full Story:
http://www.net-security.org/secworld.php?id=17158

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »


« Previous Entries