New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

By: Swati Khandelwal

Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution.

The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute arbitrary code on the targeted computer and eventually gain full control over the system.

The newly discovered Flash Player zero-day exploit was spotted last week by researchers inside malicious Microsoft Office documents, which were submitted to online multi-engine malware scanning service VirusTotal from a Ukrainian IP address.

The maliciously crafted Microsoft Office documents contain an embedded Flash Active X control in its header that renders when the targeted user opens it, causing exploitation of the reported Flash player vulnerability.

According to cybersecurity researchers, neither the Microsoft Office file (22.docx) nor the Flash exploit (inside it) itself contain the final payload to take control over the system.

Instead, the final payload is hiding inside an image file (scan042.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive which is then distributed through spear-phishing emails, as shown in the video below:

More: https://thehackernews.com/2018/12/flash-player-vulnerability.html

 

Sua opinião é realmente sua?

By: Renato Rosa

Já não é novidade o funcionamento dos algoritmos responsáveis pelos parâmetros de entrega de conteúdos e conexões das redes sociais. Teoricamente, os conteúdos sociais que temos acesso são favoráveis à nossa opinião e, de certa forma, nos poupa tempo de busca por uma melhor experiência social. Não apenas conteúdos, mas assuntos, marcas e até posicionamentos políticos são priorizados em meio a um número quase indigesto de posts e mídias entregues por um feed social.

Desconsiderando os impactos provenientes de uma eventual polarização partidária, eventuais bolhas de opinião e clusterizações de audiência desses ambientes, o problema começa a ficar mais evidente quanto essa mesma lógica atinge o mercado de consumo – saindo das redes sociais.

Aquela dúvida que acaba surgindo quando você busca uma passagem aérea e, a partir da segunda consulta pelo mesmo trecho – mesmo que em outro site – aparenta a ter um preço consideravelmente mais alto. Aquele produto que você visualizou com um clique no Instagram ganha prioridade em um e-commerce por um preço questionável. O contato que você adicionou no telefone começa a aparecer como uma sugestão de amizade em uma rede social.

Tudo isso faz parte de uma estrutura de dados interligados sobre você, seus gostos, preferências e características sociais, compartilhado por grandes players da indústria do consumo, comunicação e marketing digital.

Até agora nada é novidade, mas começa a ser quando você consegue perceber que as opções que você tem para tomar uma determinada decisão não representam efetivamente todo o espectro possível. Isto é, sua opinião é determinada pelo que você recebe de informações. Se o universo o qual você é exposto é limitado, você tecnicamente está sendo manipulado.

Baseado na teoria de que conhecimento é liberdade – e você acredita conhecer todas as opções para tomar uma determinada decisão – você possui uma liberdade restrita às camadas informação entregues à você. Logo, o maior problema não é você não ser livre, mas acreditar ser, o que garante que você nunca buscará a liberdade.

Mais: http://tiinside.com.br/tiinside/services/02/12/2018/sua-opiniao-e-realmente-sua/?noticiario=TI

Vulnerability Found in Cisco Webex Meetings

By: Kacy Zurkus

A security researcher has discovered a vulnerability in an elevation of privilege in the update service of the Cisco Webex Meeting application. The update service fails to properly validate user-supplied parameters, according to SecureAuth.

The vulnerability was discovered by Marcos Accossatto from SecureAuth exploits’ writers team, and the release of today’s vulnerability advisory was a coordinated effort between SecureAuth and Cisco. Reportedly used by millions of people each month, the video conferencing product’s flaw (CVE-2018-15442) impacts code execution in Cisco Webex Meetings v33.6.2.16 and likely affects older versions as well, though they were not checked.

With a common weakness enumeration (CWE-78) classified as OS command injection, the vulnerability could allow an unprivileged local attacker to run arbitrary commands with system user privileges by invoking the update service command with a crafted argument, according to the advisory.

In the privilege escalation proof of concept (PoC), the researcher wrote: “The vulnerability can be exploited by copying to an a local attacker controller folder, the ptUpdate.exe binary. Also, a malicious dll must be placed in the same folder, named wbxtrace.dll. To gain privileges, the attacker must start the service with the command line: sc start webexservice install software-update 1 ‘attacker-controlled-path’ (if the parameter 1 doesn’t work, then 2 should be used).”

While the video conferencing provider had fixed this vulnerability last month, Accossatto was reportedly able to bypass that fix using DLL hijacking. Cisco’s Webex Meetings has now released a new patch and updated its previous security notice.

More: https://www.infosecurity-magazine.com/news/vulnerability

Gartner Lists Top 10 Strategic IoT Technologies, Trends Through 2023

By: Chris Preimesberger

At its symposium and IT expo Nov. 7 in Barcelona, Spain, IT researcher and market analyst Gartner announced what it sees as the most important strategic internet of things (IoT) technology trends that will drive digital business innovation from now through 2023.

“The IoT will continue to deliver new opportunities for digital business innovation for the next decade, many of which will be enabled by new or improved technologies,” Nick Jones, research vice president at Gartner, said in a media advisory. “CIOs who master innovative IoT trends have the opportunity to lead digital innovation in their business.”

In addition, CIOs must obtain the necessary skills and partners to support key emerging IoT trends and technologies because by 2023 most CIO will be responsible for more than three times as many endpoints as they were this year, the researcher said.

Analysts discussed how CIOs can lead their businesses to discover IoT opportunities and make IoT projects a success during Gartner Symposium/ITxpo, which is taking place in Barcelona through Nov. 8.

Following is Gartner’s list of the 10 most strategic IoT technologies and trends that it expects will enable new revenue streams and business models during the next five years.

Trend No. 1: Trusted

Gartner forecasts that 14.2 billion connected things will be in use in 2019, and that the total will reach 25 billion by 2021, producing an immense volume of data. “Data is the fuel that powers the IoT, and the organization’s ability to derive meaning from it will define their long-term success,” said Nick Jones, research vice president at Gartner. “AI will be applied to a wide range of IoT information, including video, still images, speech, network traffic activity and sensor data.”

The technology landscape for AI is complex and will remain so through 2023, with many IT vendors investing heavily in AI, variants of AI coexisting, and new AI-based tolls and services emerging. Despite this complexity, it will be possible to achieve good results with AI in a wide range of IoT situations. As a result, CIOs must build an organization with the tools and skills to exploit AI in their IoT strategy.

More: https://www.itpro.co.uk/data-breaches/32393/attackers-steal-credit-card-details-in-vision-direct-data-breach

 

Attackers steal credit card details in Vision Direct data breach

By: Keumars Afifi-Sabet

Personal information and sensitive credit card details, including CVV codes, taken in five-day attack

Attackers have compromised Vision Direct customers’ contact information and financial details, including complete card numbers, expiry dates and the CVV security code.

The UK retailer specialising in contact lenses told a number of its customers this weekend that their details had been stolen in a data breach that lasted five days, between 3 and 8 November.

The attackers made away with personal information, such as full name, address, phone number, email address, and password, as well as customers’ financial details including the CVV security code required to complete online transactions.

 “Unfortunately this information could be used to conduct fraudulent transactions,” Vision Direct UK said in a letter to customers.

“Vision Direct has taken steps to prevent any further data theft, the website is working normally and we are working with the authorities to investigate how this theft occurred.”

Vision Direct did not say how many users may have been affected and did not offer an explanation at this early stage.

The company has asked users to review their bank statements as soon as possible and change their passwords on the website.

More: https://www.itpro.co.uk/data-breaches/32393/attackers-steal-credit-card-details-in-vision-direct-data-breach

Bank Scam Using Google Maps loophole

By: Julia Sowells

We know how easy it is to find a service on Google Maps. You need a plumber to fix your leaky tank, hit the Google Maps to get the guy who is nearby. Nevertheless, there’s a chance that you may end up finding somebody in the guise of a plumbers, who manage to list himself on Google’s online map service.

According to the English daily “The Hindu” a con artists edit bank contact details and get customers to share Personal Identification Numbers

Scamsters seem to have stumbled upon a gold mine in the form of a loophole in the Google Maps interface. Taking advantage of the fact that on Google Maps, an establishment’s contact details can be edited by anyone, a group of Thane-based con artists have been putting up their own contact numbers and getting customers who call them into revealing sensitive account details.

According to the Maharashtra cyber police, the trend began over a month ago. Police officers said that if one searches for a particular branch of a bank on Google, the results include the Google Mapspage. But the contact information on the page, such as the address and phone number, can be edited by anyone as part of Google’s User Generated Content policy.

“We have received at least three complaints from the Bank of India (BoI) over the last one month. In all three instances, we immediately notified the authorities at Google,” Superintendent of Police Balsing Rajput of the State cyber police said.

Mr. Rajput said many customers search online for their bank’s contact details, and after getting the incorrect number, call it with their queries. Unknown to them, they are actually speaking to a scamster who, under some pretext, convinces them to reveal details such as their Personal Identification Numbers (PIN) or the CVV numbers of their debit and credit cards, enabling the scamsters to withdraw money from their accounts.

More: https://hackercombat.com/bank-scam-using-google-maps-loophole/

Tullamore hospital hit by ransomware attack

By: Irish Examiner

Dublin Midlands Hospital Group has confirmed an isolated ransomware attack at the Midlands Regional Hospital in Tullamore yesterday.

There was no impact on patient care following the attack, which affected the Laboratory Information System.

There is also no evidence of other parts of the wider health service being affected by the attack, the group said.

The hospital has been assured that there is no evidence it went any further and it is working with the HSE to restore the system.

The group said business continuity plans are in operation until the full system is restored.

The HSE have informed the Data Protection Commission as a precaution.

More: https://www.irishexaminer.com/breakingnews/ireland/tullamore-hospital-hit-by-ransomware-attack-885693.html

Sistemas operacionais móveis e segurança – evolução

By: Alexandre Vasconcelos

Sistemas Operacionais são a base da computação desde seus primórdios, pois sempre foi necessário ter uma fundação e plataforma base, a partir de onde outros programas serão executados. É um tema fascinante e extenso, cadeira obrigatória nos cursos de computação.

Sistemas Operacionais de dispositivos Móveis, mais recentes, inevitavelmente são derivações (ou até mesmo adaptações) de sistemas existentes, mas nem por isso perdem em sua virtude executar tarefas nobres – e obrigatórias – como gerenciamento de recursos de hardware, por exemplo.

E a Segurança? Esta tem sido negligenciada por muitos no decorrer das últimas décadas. No entanto, na medida em que a computação em nuvem e a massificação do uso de dispositivos móveis aumenta, inevitavelmente torna-se um assunto de grande relevância.

Um dos principais pontos que definem o sucesso em maior ou menor intensidade é como um determinado produto é planejado e, consequentemente, concebido. Sem a intenção em voltar demais no tempo, os medalhões da tecnologia que iniciaram suas carreiras lá pelos anos 80 se lembrarão (saudosamente, muitas vezes) dos mainframes e dos monitores que exibiam apenas caracteres, devotados à eficiência computacional e ao máximo aproveitamento dos poucos recursos de hardware existentes na época. Não existia mobilidade e a segurança desempenhava seu papel, a conectividade era bem restrita e as ameaças limitadas.

Um pouco mais adiante, nos anos 90, o uso da Internet se intensifica, as interfaces gráficas tornam-se cada vez mais populares, mas a segurança ainda continua sendo coadjuvante nesta história. O nascimento do Google, iMac, players portáteis de MP3, além da telefonia móvel também que avançava. Os sistemas operacionais continuavam a evoluir, não apenas com o progresso da interface gráfica, mas também com o surgimento de opções como o Linux, que influenciaria decisivamente o mercado. Aqui a segurança ainda tinha um papel secundário, fraudes e roubo de identidade eram eventos de até certa forma isolados e que causavam poucos danos, apesar das falhas crescentes no flash e plugins em navegadores, por exemplo.

No início dos anos 2000 temos um cenário muito mais sólido e empolgante, muitas soluções disponíveis e um mercado de tecnologia muito mais maduro. Com a Internet cada vez mais presente, distribuída e com mais velocidade, redes sociais e YouTube abrirão caminho para que dispositivos móveis, como o iPhone, bem como as primeiras versões do Android (entre 2007 e 2009) ocupem espaço definitivo. Eis que a segurança começa a ocupar um papel de destaque, uma vez que os dados iniciam o processo de migração para estes dispositivos.

Nos últimos anos alguns eventos causaram impacto no uso da tecnologia. No campo da política, quando pairaram dúvidas a respeito da influência dos Russos nas eleições Americanas; além de inúmeros casos de vazamento de dados.

More: http://tiinside.com.br/tiinside/seguranca/

Cyber-Attacks Are Top Business Risk in North America and Europe

By: Phil Muncaster

Cyber-attacks are the number one business risk in the regions of Europe, North America and East Asia and the Pacific, according to a major new study from the World Economic Forum(WEF).

Its Regional Risks for Doing Business report highlights the opinions of 12,000 executives from across the globe.

While “unemployment or underemployment” and “failure of national governance” take first and second place respectively, cyber threats have moved from eighth in last year’s report to fifth this year.

It tended to be viewed as a greater risk in more advanced economies: 19 countries from Europe and North America plus India, Indonesia, Japan, Singapore and the United Arab Emirates ranked it as number one.

In Europe, the UK and Germany both placed cyber-attacks as the number one risk.

Bromium’s EMEA CTO, Fraser Kyne, argued that businesses are still suffering despite spending an estimated $118bn on cybersecurity globally.

“When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security,” he added.

“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilize machine learning, AI and behavioral analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate.”

More: https://www.infosecurity-magazine.com/news/cyberattacks-business-risk-north/