Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices

By: sikur

Capturar

Swati Khandelwal

16/10/2017

If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on…

…we have got another one for you which is even worse.

Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies.

It’s noteworthy that this crypto-related vulnerability (CVE-2017-15361) doesn’t affect elliptic-curve cryptography and the encryption standard itself, rather it resides in the implementation of RSA key pair generation by Infineon’s Trusted Platform Module (TPM).

Infineon’s Trusted Platform Module (TPM) is a widely-used, dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes.

MORE: https://thehackernews.com/2017/10/rsa-encryption-keys.html?m=1

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Bill legalizing hacking back introduced in the House

By: sikur

Resultado de imagem para Bill legalizing hacking back introduced in the House

by Doug Olenick, Online Editor

October 13, 2017

Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Az., today introduced the Active Cyber Defense Bill which if passed would give individuals and companies hit with a cyberattack the legal authority to hack back against their assailant.

The bill alters the Computer Fraud and Abuse Act (CFAA) of 1986 and would allow those victimized by a cyberattack to take certain countermeasures. This includes leaving their network to establish who attacked, disrupt cyberattacks without damaging others’ computers, retrieve and destroy stolen files, monitor the behavior of an attacker and utilize beaconing technology, the bill reads.

“While it doesn’t solve every problem, ACDC brings some light into the dark places where cybercriminals operate,” said Rep. Tom Graves. “The certainty the bill provides will empower individuals and companies use new defenses against cybercriminals,” Graves said.

However, not everyone believes it is in the best interest of a company to counterattack.

In November 2016 the United Kingdom announced it would hack back against nation-state attackers, said Israel Barak, CISO at Cybereason, adding that such a maneuver might not be in the victim’s best interest. In particular he noted any retaliatory moves could incur collateral damage and the line between legal and illegal activities could be crossed.

MORE: https://www.scmagazine.com/bill-legalizing-hacking-back-introduced-in-the-house/article/700220/?DCMP=EMC-SCUS_Newswire_20171016&&email_hash=D9FF62BDFA62CCFC5AA58A7AE5C772B7&&spMailingID=18290913&&spUserID=MTg0NjY4Njc4NTkxS0&&spJobID=1121025754&&spReportId=MTEyMTAyNTc1NAS2

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Iran to blame for cyber-attack on MPs’ emails – British intelligence

By: sikur

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

The houses of parliament
Dozens of MPs’ emails were hacked, partly as the result of weak passwords, a spokesman said. Photograph: Xinhua/Barcroft Images

Iran to blame for cyber-attack on MPs’ emails – British intelligence

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

Iran is being blamed for a cyber-attack in June on the email accounts of dozens of MPs, according to an unpublished assessment by British intelligence. Disclosure of the report, first revealed by the Times but independently verified by the Guardian, comes at an awkward juncture. Donald Trump made it clear on Friday that he wants to abandon the Iran nuclear deal. But European leaders, including Theresa May, want to retain it.

Initial suspicion for the attack fell on Russia, but this has now been discounted. The evidence amassed is pinpointing Iran, according to the assessment. A spokesperson for the National Cyber Security Centre, the government body responsible for helping to counter attacks, said: “It would be inappropriate to comment further while inquiries are ongoing.”

More: https://www.theguardian.com/world/2017/oct/14/iran-to-blame-for-cyber-attack-on-mps-emails-british-intelligence

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

US Intelligence Unit Accused Of Illegally Spying On Americans’ Financial Records

By: sikur

 

The Treasury Department’s Office of Intelligence and Analysis has been illegally rifling through and filing away the private financial records of US citizens, Treasury employees alleged. “This is such an invasion of privacy,” said one official.

The intelligence division at the Treasury Department has repeatedly and systematically violated domestic surveillance laws by snooping on the private financial records of US citizens and companies, according to government sources.

Over the past year, at least a dozen employees in another branch of the Treasury Department, the Financial Crimes Enforcement Network, have warned officials and Congress that US citizens’ and residents’ banking and financial data has been illegally searched and stored. And the breach, some sources said, extended to other intelligence agencies, such as the National Security Agency, whose officers used the Treasury’s intelligence division as an illegal back door to gain access to American citizens’ financial records. The NSA said that any allegations that it “is operating outside of its authorities and knowingly violating U.S. persons’ privacy and civil liberties is categorically false.”

More: https://www.buzzfeed.com/jasonleopold/us-intelligence-unit-accused-of-illegally-spying-on?utm_term=.kboKPKzQR#.trj8Q8mBK

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

New Ransomware Not Just Encrypts Your Android But Also Changes PIN Lock

By: sikur

Capturar2

by Swati Khandelwal

13/10/2017

DoubleLocker—as the name suggests, it locks device twice.

Security researchers from cybersecurity firm ESET have discovered a new Android ransomware that not just encrypts users’ data, but also locks them out of their devices by changing lock screen PIN.

On top of that:

DoubleLocker is the first-ever ransomware to misuse Android accessibility—a feature that provides users alternative ways to interact with their smartphone devices, and mainly misused by Android banking Trojans to steal banking credentials.

“Given its banking malware roots, DoubleLocker may well be turned into what could be called ransom-bankers,” said Lukáš Štefank, the malware researcher at ESET.

 

“Two-stage malware that first tries to wipe your bank or PayPal account and subsequently locks your device and data to request a ransom.”

Researchers believe DoubleLocker ransomware could be upgraded in future to steal banking credentials as well, other than just extorting money as ransom.

More: https://thehackernews.com/2017/10/android-ransomware-pin.html?m=1

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Equifax in Trouble Again After Site Displays Malicious Content

By: sikur

equifa

by Phil Muncaster

13/10/2017

Equifax has been left red-faced again after its website began displaying malicious content stemming from third party vendor code.

Reports started to emerge over the past day or so that users clicking through on the main Equifax.com site were being presented with a scam Adobe Flash update page with a centerbluray.info URL.

The domain is detected only by Google and Malwarebytes as malicious.

Clicking on said update would infect the user’s computer with adware, currently only detected by three out of 65 AV firms on VirusTotal: Panda, Symantec and Webroot.

A statement Equifax sent to researcher Kevin Beaumont revealed the problem was down to a third-party partner:

“Despite early media reports Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.

“The issue involves a third party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”

Although this incident turned out to be a supply chain hack on a partner, it threatens to further damage the reputation of the under-fire credit reporting agency, which was breached earlier this year and the highly sensitive records of 145.5 million Americans and 700,000 Brits compromised.

MORE: https://www.infosecurity-magazine.com/news/equifax-site-displays-malicious/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

By: sikur

By Swati Khandelwal

outlook-email-encryption

Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out.

From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.

S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages.

According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached.

When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text forms, the researchers explain.

MORE: https://thehackernews.com/2017/10/outlook-email-encryption.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Accenture – Embarrassing data leak business data in a public Amazon S3 bucket

By: sikur

accenture

By Pierluigi Paganini

October 11, 2017

The leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket. Disconcerting!

Another Tech giant has fallen victim of an embarrassing data leak, this time the leading global professional services company Accenture exposed its business data in a public Amazon S3 bucket.

The incident exposed internal Accenture private keys, secret API data, and other information, a gift for attackers that want to target the firm or its clients

The unsecured Amazon S3 bucket was discovered by researchers at UpGuard that privately reported to Accenture on Sept. 17. The company solved the problem in one day.

“The UpGuard Cyber Risk Team can now reveal that Accenture, one of the world’s largest corporate consulting and management firms, left at least four cloud-based storage servers unsecured and publicly downloadable, exposing secret API data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both Accenture and its clients.” states the report published by UpGuard.

MORE: http://securityaffairs.co/wordpress/64150/data-breach/accenture-data-leak.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Brecha no WhatsApp pode revelar com quem você conversa

By: sikur

20151116141519_660_420

Autor LEONARDO PEREIRA

10/10/2017

Um engenheiro de software chamado Rob Heaton chamou atenção para a existência de uma brecha no WhatsApp pela qual é possível descobrir quando o usuário está dormindo e até com quem ele anda conversando.

Heaton tirou proveito de dois recursos polêmicos do aplicativo para teorizar sua preocupação: o que mostra a última vez em que você foi visto e o que mostra se você está online.

Com isso em mente, um hacker poderia construir uma extensão para Chrome que fica constantemente monitorando os contatos no WhatsApp para compilar informações. Individualmente, esses dados parecem inofensivos, mas a coisa toma outras proporções quando se olha para eles em massa.

Poderiam ser montados gráficos, por exemplo, que mostram a que momento o app deixou de ser usado todos os dias, o que revela a que horas a pessoa costuma dormir. Se o usuário tem sono irregular, seus dados se tornam valiosos para empresas que vendem medicamentos para dormir, o que transforma a brecha numa oportunidade de negócios, como destaca o The Next Web.

Além disso, uma pessoa desconfiada poderia descobrir se está sendo traída. Bastaria procurar alguma correlação entre os padrões de atividade das duas pessoas talvez envolvidas na traição; se ambas estiverem sempre ativas nos mesmos momentos, é possível que estejam se falando.

MAIS: https://olhardigital.com.br/noticia/brecha-no-whatsapp-pode-revelar-com-quem-voce-conversa/71565

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Deloitte hack hit server containing emails from across US government

By: sikur

4275

by Nick Hopkins

10/10/2017

The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.

Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.

Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over.

However, sources who have spoken to the Guardian, on condition of anonymity, say the company red-flagged, and has been reviewing, a cache of emails and attachments that may have been compromised from a host of other entities.

The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:

 The US departments of state, energy, homeland security and defence.

 The US Postal Service.

 The National Institutes of Health.

 “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.

MORE:https://www.theguardian.com/business/2017/oct/10/deloitte-hack-hit-server-containing-emails-from-across-us-government

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist