Man-in-the-middle flaw left smartphone banking apps vulnerable

By: sikur

Capturar.JPG

By Danny Palmer

A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices

A vulnerability in the mobile apps of major banks could have allowed attackers to steal customers’ credentials including usernames, passwords, and pin codes, according to researchers.

The flaw was found in apps by HSBC, NatWest, Co-op, Santander, and Allied Irish bank. The banks in question have now all updated their apps to protect against the flaw.

Uncovered by researchers in the Security and Privacy Group at the University of Birmingham, the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information.

The vulnerability lay in the certificate pinning technology, a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate.

While certificate pinning usually improves security, a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim’s online banking. As a result, certificate pinning can hide the lack of proper hostname verification, enabling man-in-the-middle attacks.

MORE: https://www-zdnet-com.cdn.ampproject.org/c/www.zdnet.com/google-amp/article/man-in-the-middle-flaw-left-smartphone-banking-apps-vulnerable/

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

By: sikur

Capturar

by Mohit Kumar

December 07, 2017

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools.

Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader.

Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London.

Process Doppelgänging Works on All Windows Versions

Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.

Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the mitigation capabilities of security products.

In Process Hollowing attack, hackers replace the memory of a legitimate process with a malicious code so that the second code runs instead of the original, tricking process monitoring tools and antivirus into believing that the original process is running.

Since all modern antivirus and security products have been upgraded to detect Process Hollowing attacks, use of this technique is not a great idea anymore.

On the other hand, Process Doppelgänging is an entirely different approach to achieve the same, by abusing Windows NTFS Transactions and an outdated implementation of Windows process loader, which was originally designed for Windows XP, but carried throughout all later versions of Windows.

MORE: https://thehackernews.com/2017/12/malware-process-doppelganging.html?m=1

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

31 million Android users’ personal data exposed thanks to an insecure keyboard app

By: sikur

Capturar

by Vaughn Highfield

6 Dec 2017

Users of an incredibly popular Android keyboard app have been left exposed in a new data leak

Other than the worry that a dodgy keyboard app could be logging your every keystroke and sending it off to some suspect third-party, you’d hope something as straightforward as typing was worry free. Unfortunately not, as an incredibly popular keyboard app has just suffered at the hands of a mammoth data breach all because it wasn’t storing personal user information on a secure server.

The app, AI.type, stored its data on a server owned by company co-founder Eitan Fitusi. The server held user information, including personal records, totalling over 577 gigabytes of sensitive data including names, emails and how long the app had been installed. The data also contained information around user’s precise location, including city and country.

Bizarrely, only Android users are affected by the breach, presumably because iOS user information is stored on a separate server database.

The data breach was discovered by security researchers Kromtech Security Centre and then corroborated by ZDNet. Interestingly, Fitusi has repaired the security lapse but hasn’t issued a statement around the information breach beyond acknowledging that it had happened.

Users on the free version have more data farmed from their usage than that of the paid version – a statement made clear in its privacy policy. This data is then monetised through advertising, but it was also stored on the insecure server, linked to individual users. It also contained seemingly useless information such as each user’s IMSI and IMEI device number – which are unique numbers to identify a phone on the global network and one to identify it on a particular network – alongside make and model information, screen resolution and even the version of Android it’s running.

MORE: http://www.alphr.com/security/1007893/31-million-android-users-personal-data-exposed-thanks-to-an-insecure-keyboard-app

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

By: sikur

Capturar

by Mohit Kumar

December 06, 2017

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users.

Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to steal files and execute malicious code on vulnerable systems remotely.

The issue was discovered by security researchers at the Check Point Research Team, who also released a proof of concept (PoC) attack, which they called ParseDroid.

The vulnerability resides in a popular XML parsing library “DocumentBuilderFactory,” used by the most common Android Integrated Development Environments (IDEs) like Google’s Android Studio, JetBrains’ IntelliJ IDEA and Eclipse as well as the major reverse engineering tools for Android apps such as APKTool, Cuckoo-Droid and more.

android-development

The ParseDroid flaw, technically known as XML External Entity (XXE) vulnerability, is triggered when a vulnerable Android development or reverse engineering tool decodes an application and tries to parse maliciously crafted “AndroidManifest.xml” file inside it.

MORE: https://thehackernews.com/2017/12/android-development-tools.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

New TeamViewer Hack Could Allow Clients to Hijack Viewers’ Computer

By: sikur

Capturar

by 

December 05, 2017

Do you have remote support software TeamViewer installed on your desktop?

If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission.

TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other’s PC over the Internet from anywhere in the world.

For a remote session to work both computers—the client (presenter) and the server (viewer)—must have the software installed, and the client has to share a secret authentication code with the person he wants to share his desktop.

However, a GitHub user named “Gellin” has disclosed a vulnerability in TeamViewer that could allow the client (sharing its desktop session) to gain control of the viewer’s computer without permission.

MORE: https://thehackernews.com/2017/12/teamviewer-hacking-tool.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

By: sikur

Capturar

December 05, 2017

If you receive an email that looks like it’s from one of your friends, just beware! It’s possible that the email has been sent by someone else in an attempt to compromise your system.

A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms.

Discovered by security researcher Sabri Haddouche, the set of vulnerabilities, dubbed MailSploit, affects Apple Mail (macOS, iOS, and watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, and others.

Although most of these affected email client applications have implemented anti-spoofing mechanisms, such as DKIM and DMARC, MailSploit takes advantage of the way email clients and web interfaces parse “From” header.

Email spoofing is an old-school technique, but it works well, allowing someone to modify email headers and send an email with the forged sender address to trick recipients into believing they are receiving that email from a specific person.

MORE: https://thehackernews.com/2017/12/email-spoofing-client.html

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Here’s the NSA Employee Who Kept Top Secret Documents at Home

By: sikur

nghia-hoang-pho-nsa-employee

A former employee—who worked for an elite hacking group operated by the U.S. National Security Agency—pleaded guilty on Friday to illegally taking classified documents home, which were later stolen by Russian hackers.

In a press release published Friday, the US Justice Department announced that Nghia Hoang Pho, a 67-year-old of Ellicott City, Maryland, took documents that contained top-secret national information from the agency between 2010 and 2015.

Pho, who worked as a developer for the Tailored Access Operations (TAO) hacking group at the NSA, reportedly moved the stolen classified documents and tools to his personal Windows computer at home, which was running Kaspersky Lab software.

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

By: sikur

Capturar

By Shaun Nichols

2nd December 2017

An NSA hacker has admitted taking home copies of classified software exploits – understood to be the cyber-weapons slurped from an agency worker’s home Windows PC by Kaspersky Labs’ antivirus.

Nghia Hoang Pho, 67, pleaded guilty in a US district court in Baltimore on Friday to one count of willful retention of national defense information. The Vietnam-born American citizen, who lives in Ellicott City, Maryland, faces roughly six to eight years in the clink, with sentencing set for April next year.

Pho is understood to be the Tailored Access Operations (TAO) programmer whose home computer was running Kaspersky Lab software that was allegedly used, one way or another, by Russian authorities to steal top-secret NSA documents and tools in 2015.

According to Kaspersky, its security package running on the PC detected Pho’s copies of the NSA exploits as new malicious software, and uploaded the powerful spyware to its cloud for further analysis by its researchers. The biz deleted its copy of the archive as soon as it realized what it had discovered, it is claimed. It is further alleged by US government sources that Russian spies were able to get their hands on the top-secret code via the antivirus package, although Kaspersky denies any direct involvement.

Judging from his plea deal with prosectors, Pho broke federal law when, as a developer on the NSA’s TAO hacking team, he took his work home with him multiple times and, in the process, exposed the classified information. Pho admitted that, over a five-year period starting in 2010, he copied information from NSA machines and took it all home with him.

MORE: https://www-theregister-co-uk.cdn.ampproject.org/c/s/www.theregister.co.uk/AMP/2017/12/02/nsa_tao_exploit_leak_guilty/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

British Spies Warn About Russian Antivirus

By: sikur

Maxim Shemetov

For weeks, U.S. media has reported on the threat posed by Russian antivirus company Kaspersky, whose software was allegedly tied to the lifting of government malware from an NSA contractor’s computer. Now, the UK’s National Cyber Security Centre (NCSC), part of the country’s signals intelligence agency GCHQ, has warned against Russia-based antivirus companies. The organization published new guidance on such software, which states that in “government departments… where it is assessed that access to the information by the Russian state would be a risk to national security, a Russian-based AV company should not be chosen,” according to an NCSC email sent to The Daily Beast.

Joseph Cox

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

UK Shipper Clarksons Suffers Data Breach

By: sikur

Capturar.JPG

Phil Muncaster

30 NOV 2017

UK shipping giant Clarksons admitted on Wednesday that it has suffered a data breach and warned that the hacker may soon start leaking the stolen information.

The 165-year-old shipping services organization employs nearly 2000 staff worldwide, with operations in 21 countries.

In a notice yesterday it said it had been the subject of a cyber-break-in:

“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled. We have also put in place additional security measures to best prevent a similar incident happening in the future. Clarksons would like to reassure clients and shareholders that this incident has not, and does not, affect its ability to do business.”

It claimed that the hacker may release some of the data, but gave no indication of the kind of information that was stolen, or how many records, saying only that it is “confidential” and that “lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.”

This lack of transparency may be harder to get away with when the GDPR comes into force, with firms required to give a detailed account to regulators within 72 hours of discovery of a breach.

Clarksons said it is working with police and data security experts to get to the bottom of the incident and has notified the regulators. It has also accelerated roll-out of IT security measures as part of a program that began earlier in the year.

MORE: https://www.infosecurity-magazine.com/news/uk-shipper-clarksons-suffers-data/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist