13 total posts
Web-based attack targeting home routers, the Brazilian way
Kaspersky Lab weblog:
We spotted an interesting attack from Brazilian bad guys aiming to change the DNS settings of home routers by using a web-based attack, some social engineering, and malicious websites. In these attacks the malicious DNS servers configured in the user's network device are pointed towards phishing pages of Brazilian Banks, programmed to steal financial credentials.
Attacks targeting home routers aren't new at all; in 2011, my colleague Marta described malware targeting network devices like these. In Brazil we documented a long and painful series of remote attacks that started in 2011-2012 that affected more than 4.5 million DSL modems, exploiting a remote vulnerability and changing DNS configurations. But this "web-based" approach was something new to Brazilian bad guys until now and we believe it will spread quickly amongst them as the number of victims increases.
The attack starts with a malicious e-mail and a bit of social engineering, inviting you to click: [Screenshot]
"I'm your friend and want to tell you you're being cheated, look at the pics"
Continued : https://securelist.com/blog/incidents/66358/web-based-attack-targeting-home-routers-the-brazilian-way/
iCloud hackers planned Flappy Bird clone to steal photos
.. from phones
"Poster on AnonIB message board detailed method for stealing photos by putting malicious app in Google Play store"
The ring of hackers who gathered naked pictures of more than 100 celebrities also planned to use a malware-ridden "clone" of Flappy Bird to steal photos from Android phones.
They aimed to exploit users' carelessness about the permissions that Android apps demand on installation to gain access to photos stored on the phone and siphon them to a remote location before Google spotted and blocked the malicious app.
The ring, which experts believe may have been stealing and trading photos for at least two and a half years, congregated on the /stol/ - short for "stolen" - forum on image board AnonIB, a spinoff of the notorious 4chan community.
Continued : http://www.theguardian.com/technology/2014/sep/05/icloud-hackers-planned-flappy-bird-clone-to-steal-photos-from-phones
List compiled of Android apps that allow MitM attacks
Researchers compile list of Android apps that allow MitM attacks
Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to Man-in-the-Middle attacks if they use them on insecure and open networks, a researcher with the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University warned.
The vulnerable apps have been discovered via automated testing using the CERT Tapioca testing appliance, and the researchers keep a list of these updated - among them are OKCupid's official app, (ironically) a number of security apps, but most worryingly, a number of e-commerce (such as an eBay app for German users) and e-banking apps.
The list is not yet complete. The setup created by the researchers tests only one application at a time, and the testing started only a few weeks ago.
Continued : http://www.net-security.org/secworld.php?id=17335
Home Depot Hit By Same Malware as Target
The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation.
On Tuesday, KrebsOnSecurity broke the news that Home Depot was working with law enforcement to investigate "unusual activity" after multiple banks said they'd traced a pattern of card fraud back to debit and credit cards that had all been used at Home Depot locations since May of this year.
A source close to the investigation told this author that an analysis revealed at least some of Home Depot's store registers had been infected with a new variant of "BlackPOS" (a.k.a. "Kaptoxa"), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows.
Continued : http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/
iPhone Payment Security
Bruce Schneier @ his "Schneier on Security" blog:
Apple is including some sort of automatic credit card payment system with the iPhone 6. It's using some security feature of the phone and system to negotiate a cheaper transaction fee.
Basically, there are two kinds of credit card transactions: card-present, and card-not-present. The former is cheaper because there's less risk of fraud. The article says that Apple has negotiated the card-present rate for its iPhone payment system, even though the card is not present. Presumably, this is because of some other security features that reduce the risk of fraud.
Not a lot of detail here, but interesting nonetheless.
Ransomware rising, even on Android
The first half 2014 saw an increase in online attacks that lock up user data and hold it for ransom - even on mobile devices, according to F-Secure. [Screenshot]
Rising numbers of attacks from malicious software known as ransomware underscore the importance of data security for home, enterprise and government users. Ransomware demands payment of a sum in exchange for unlocking a user's files.
On the mobile front, in Q2 of 2014, 295 new threat families and variants were discovered - 294 on Android and one on iOS. That's up from the first quarter, during which 277 threats were discovered, 275 targeting Android.
Continued : http://www.net-security.org/malware_news.php?id=2860
@ F-Secure: H1 2014 Threat Report
Popular Photo Sharing Website Likes.com Vulnerable To ..
... Multiple Critical Flaws
Likes.com, one of the emerging social networking site and popular image browsing platform, is found vulnerable to several critical vulnerabilities that could allow an attacker to completely delete users' account in just one click.
Likes.com is a social networking website that helps you to connect with people you like and make new friends for free. Just like any other social place, users can always follow their favorite tag or people who catch their fancy. It is much easier to use and is designed for those who want to look at pictures different people upload.
An independent security researcher Mohamed M. Fouad from Egypt has found a series of critical security vulnerabilities in the Likes website that really pose danger to its users. The vulnerabilities he found not only have capability to add any post, comment to users' account as well as delete users' account, but the vulnerabilities can be escalated to deface entire website by posting malicious URLs and delete all users accounts.
Continued : http://thehackernews.com/2014/09/popular-photo-sharing-website.html
OpenSSL to prenotify distros of severe security fixes
"The OpenSSL project has unveiled its first security policy on how the project will handle security fixes, and to whom it will disclose vulnerabilities prior to releases."
Given the blowback from the Heartbleed vulnerability revealed earlier this year, the OpenSSL project has released its first security policy that details how the project handles security issues.
The policy says that the project classifies security issues into three categories of severity: High, moderate, and low.
For an issue to gain the high rating, it must be likely to exploit common configurations of OpenSSL, examples given being the launching of a denial of service attack, a memory leak, or remote code execution. Upon reporting to the project, the policy states that the issue will be keep private amongst the OpenSSL development team, with a number of Linux and BSD distributions given details and patches in order for them to prepare packages for users and to provide feedback.
Continued : http://www.zdnet.com/openssl-to-prenotify-distros-of-severe-security-fixes-7000033409/
Related: OpenSSL Publishes its Security Policy
Salesforce Warns Customers of Dyreza Banker Trojan Attacks
Salesforce.com is warning its customers that the Dyreza banker Trojan is now believed to be targeting some of the company's users. The Trojan, which has the ability to bypass SSL, typically goes after customers of major banks, but seems to be expanding its reach.
Dyreza is relatively new among the banker Trojan crowd and it hasn't had the reach or effect of older bankers such as Carberp or Zeus. But it has some interesting capabilities that make it troublesome. The malware installs itself on a victim's machine after a user clicks on a malicious attachment in a spam message. Once on the machine, Dyreza reaches out to a C2 server and waits for the victim to visit a targeted banking site. The malware uses a technique known as browser hooking to intercept traffic before it's encrypted on the way to the bank's site.
"The traffic, when you browse the Internet, is being controlled by the attackers. They use a MiTM (Man in The Middle) approach and thus are able to read anything, even SSL traffic in clear text. This way they will also try to circumvent 2FA," an analysis by Peter Kruse at CSIS says.
Continued : http://threatpost.com/salesforce-warns-customers-of-dyreza-banker-trojan-attacks/108134