The Official Internet/Computer Security News Discussion Thread
#361
#363
My sisterinlaw had the File Recovery nasty malware.
These directions were great. Recovered the files and shortcuts
http://malwaretips.com/blogs/file-re...removal-guide/
These directions were great. Recovered the files and shortcuts
http://malwaretips.com/blogs/file-re...removal-guide/
#368
New zero-day exploit circumvents Adobe Reader's Protected Mode
By Justin Rubio 24 Hours Ago
Cybercrime investigation company Group-IB has discovered a zero-day Adobe Reader X and XI exploit that is immune to the program's new Protected Mode. Announced in July, Reader's sandboxing capabilities add an extra layer of defense by securing malicious code found in PDFs and restricting what kinds of actions these files can execute. As explained by IDG, the exploit is not affected by the program's Protected Mode and can be launched even if Javascript support is disabled — many Reader exploits rely on Javascript code embedded into PDF files. Firefox and Internet Explorer users are potential victims, while Chrome's added built-in security causes the code to fail. Group-IB has identified the vulnerability as being part of the "Blackhole Exploit-Kit," a tool that is utilized to deploy banking Trojans.
The exploit — which is currently being sold on the black market for $30,000 to $50,000 — has been submitted to Adobe's Product Security Incident Response Team, although the company has yet to deliver a response or issue a fix. The mere existence of the vulnerability questions the effectiveness of the app's highly-touted preventative measure — but should the exploit be verified, Adobe will likely issue a prompt emergency update to Reader.
By Justin Rubio 24 Hours Ago
Cybercrime investigation company Group-IB has discovered a zero-day Adobe Reader X and XI exploit that is immune to the program's new Protected Mode. Announced in July, Reader's sandboxing capabilities add an extra layer of defense by securing malicious code found in PDFs and restricting what kinds of actions these files can execute. As explained by IDG, the exploit is not affected by the program's Protected Mode and can be launched even if Javascript support is disabled — many Reader exploits rely on Javascript code embedded into PDF files. Firefox and Internet Explorer users are potential victims, while Chrome's added built-in security causes the code to fail. Group-IB has identified the vulnerability as being part of the "Blackhole Exploit-Kit," a tool that is utilized to deploy banking Trojans.
The exploit — which is currently being sold on the black market for $30,000 to $50,000 — has been submitted to Adobe's Product Security Incident Response Team, although the company has yet to deliver a response or issue a fix. The mere existence of the vulnerability questions the effectiveness of the app's highly-touted preventative measure — but should the exploit be verified, Adobe will likely issue a prompt emergency update to Reader.
#369
Java Exploit Added to Crimeware Kits Soon After Discovery
A security researcher finds that seven exploit kits have added an attack for a previously unreported flaw in the latest version of the Java Runtime Environment.
Security experts are again calling for users to disable the Java browser plug-in and uninstall the software on their systems, following the discovery of a zero-day vulnerability in the latest version of the Java Runtime Environment.
Information about the vulnerability emerged on Dec. 10, after a security professional discovered an exploit using the security hole to compromise systems. The vulnerability, which appears to only affect JRE (Java Runtime Environment) 1.7 and not prior versions, had not previously been known but appears to be similar to other Java security issues found in August 2012, said Jaime Blasco, labs manager at security-monitoring provider AlienVault.
The vulnerability allows a piece of Java code to break out, or escape, from the protected software container, or sandbox, that is a critical part of Java's security model, said Blasco, who had verified that the exploit worked.
"The most important thing about this is that it is a sandbox escape, not a memory exploitation or something similar, so most of the mitigations are not effective," he said.
The security professional who published details about the exploit, France-based security manager Charlie Hurel, worried that remaining quiet about the issue could lead to a large number of compromises.
"Hundreds of thousands of hits daily where I found it," he wrote in the alert. "This could be ... mayhem."
Last year, an academic paper by security researchers at Symantec found that stealthy attacks using unreported vulnerabilities can remain undiscovered for 10 months. Soon after such exploits are discovered, use of the attacks skyrocket as cybercriminals add the exploits to their tool boxes.
That's exactly what happened with the latest Java vulnerability. By the end of day, security researchers confirmed that at least seven exploit kits--the underground software that allows cybercriminals to quickly create illicit campaigns to steal money—had incorporated attacks that prey on the vulnerability.
The major exploit kits that had a variant of the attack included the Blackhole, Cool TK, Nuclear Pack, and Sakura exploit kits. In addition, the Metasploit project, which develops a free penetration tool with frequent updates for the latest exploits, published its own module last night to exploit the flaw as well.
"This is just as bad as the last five (vulnerabilities in Java)," said HD Moore, chief security officer at vulnerability-management firm Rapid7 and the founder of the Metasploit project. "Within an hour, we had working code."
About 13 percent of users are currently using Java 1.7 and so are vulnerable to the latest attack. Users of older versions--including Mac OS X users—are not necessarily safe, however, as a bevy of older attacks will likely work against their systems.
Unlike last year's Flashback Trojan attack that used a flaw in Java to infect victims' systems, the latest attack is being used to spread a different form of malware: Ransom ware. The scheme typically uses malware to lock a user's machine until they pay a fee and quickly spread across Europe to North America last year.
"We are talking about huge amounts of money here," said Bogdan Botezatu, senior threat analyst for security firm BitDefender. "And as long as they can make easy money, they will keep this up."
Security experts are again calling for users to disable the Java browser plug-in and uninstall the software on their systems, following the discovery of a zero-day vulnerability in the latest version of the Java Runtime Environment.
Information about the vulnerability emerged on Dec. 10, after a security professional discovered an exploit using the security hole to compromise systems. The vulnerability, which appears to only affect JRE (Java Runtime Environment) 1.7 and not prior versions, had not previously been known but appears to be similar to other Java security issues found in August 2012, said Jaime Blasco, labs manager at security-monitoring provider AlienVault.
The vulnerability allows a piece of Java code to break out, or escape, from the protected software container, or sandbox, that is a critical part of Java's security model, said Blasco, who had verified that the exploit worked.
"The most important thing about this is that it is a sandbox escape, not a memory exploitation or something similar, so most of the mitigations are not effective," he said.
The security professional who published details about the exploit, France-based security manager Charlie Hurel, worried that remaining quiet about the issue could lead to a large number of compromises.
"Hundreds of thousands of hits daily where I found it," he wrote in the alert. "This could be ... mayhem."
Last year, an academic paper by security researchers at Symantec found that stealthy attacks using unreported vulnerabilities can remain undiscovered for 10 months. Soon after such exploits are discovered, use of the attacks skyrocket as cybercriminals add the exploits to their tool boxes.
That's exactly what happened with the latest Java vulnerability. By the end of day, security researchers confirmed that at least seven exploit kits--the underground software that allows cybercriminals to quickly create illicit campaigns to steal money—had incorporated attacks that prey on the vulnerability.
The major exploit kits that had a variant of the attack included the Blackhole, Cool TK, Nuclear Pack, and Sakura exploit kits. In addition, the Metasploit project, which develops a free penetration tool with frequent updates for the latest exploits, published its own module last night to exploit the flaw as well.
"This is just as bad as the last five (vulnerabilities in Java)," said HD Moore, chief security officer at vulnerability-management firm Rapid7 and the founder of the Metasploit project. "Within an hour, we had working code."
About 13 percent of users are currently using Java 1.7 and so are vulnerable to the latest attack. Users of older versions--including Mac OS X users—are not necessarily safe, however, as a bevy of older attacks will likely work against their systems.
Unlike last year's Flashback Trojan attack that used a flaw in Java to infect victims' systems, the latest attack is being used to spread a different form of malware: Ransom ware. The scheme typically uses malware to lock a user's machine until they pay a fee and quickly spread across Europe to North America last year.
"We are talking about huge amounts of money here," said Bogdan Botezatu, senior threat analyst for security firm BitDefender. "And as long as they can make easy money, they will keep this up."
#370
Homeland Security says everyone should uninstall/disable java.
http://www.zdnet.com/homeland-securi...aw-7000009713/
Must be serious, even Apple stepped up.
http://www.macrumors.com/2013/01/11/...curity-threat/
http://www.zdnet.com/homeland-securi...aw-7000009713/
Must be serious, even Apple stepped up.
http://www.macrumors.com/2013/01/11/...curity-threat/
#371
Been sayin that shit for a long time!
Oracle hasn't done shit to make it secure, they keep patching exploits instead of adding mitigation features to make it more difficult to exploit.
Oracle hasn't done shit to make it secure, they keep patching exploits instead of adding mitigation features to make it more difficult to exploit.
Last edited by #1 STUNNA; 01-11-2013 at 08:13 PM.
#372
http://www.nbcnews.com/technology/te...java-1B8000547
Homeland Security still says no to Java
Homeland Security still says no to Java
The Department of Homeland Security says despite some fixes to Java, it continues to recommend users disable the program in their Web browsers, because it remains vulnerable to attacks that could result in identity theft and other cyber crimes.
#373
Good thing I didn't have java installed...
ZNWFy4r.png
I mistyped a web address and it took me to the wrong page and bam immediately Windows Defender (MSE built-in to Windows 8) kicked in and caught it. Though it was never a threat to me since I don't have java...
ZNWFy4r.png
I mistyped a web address and it took me to the wrong page and bam immediately Windows Defender (MSE built-in to Windows 8) kicked in and caught it. Though it was never a threat to me since I don't have java...
#375
Apple blocks Java on Macs due to vulnerabilities
http://www.nbcnews.com/technology/te...ties-1B8186534
Funny how Apple was slow to react to this stuff when they were busy providing old insecure versions of Java. Now that Oracle supplies the builds, they are all over it.
http://www.nbcnews.com/technology/te...ties-1B8186534
Mac computers have stopped running programs written using the Java programming language in their browsers, as Apple blocked it because of security problems.
Apple has previously blocked, then unblocked, the latest version of Java on the most recent versions of its Mac operating system. On Thursday, Apple also started blocking an older version of the Mac system, called Snow Leopard, from running Java 6, also an older version.
The U.S. Department of Homeland Security recommends disabling Java in Web browsers because it has provided pathways for hackers to take control of computers that visit a website rigged with malicious software. Oracle Corp., which owns Java, has issued updates that fix known vulnerabilities, but the DHS expects that there are more.
Oracle had no immediate comment on Apple's action.
Apple has previously blocked, then unblocked, the latest version of Java on the most recent versions of its Mac operating system. On Thursday, Apple also started blocking an older version of the Mac system, called Snow Leopard, from running Java 6, also an older version.
The U.S. Department of Homeland Security recommends disabling Java in Web browsers because it has provided pathways for hackers to take control of computers that visit a website rigged with malicious software. Oracle Corp., which owns Java, has issued updates that fix known vulnerabilities, but the DHS expects that there are more.
Oracle had no immediate comment on Apple's action.
Last edited by doopstr; 01-31-2013 at 04:07 PM.
#376
Dude, that's a JavaScript trojan, not Java. Two entirely different things....
#377
Exclusive: Apple hit by hackers who targeted Facebook last week
http://www.reuters.com/article/2013/...91I10920130219
(Reuters) - Apple Inc computers were attacked by the same hackers who targeted Facebook Inc, but no data appeared to have been stolen, the company said on Tuesday in an unprecedented admission of a widespread cyber-security breach.
Facebook revealed on Friday that unidentified hackers traced to China had staged a sophisticated attack by infiltrating its employees' laptops, but no user information was compromised.
Apple, which is working with law enforcement to track down the hackers, told Reuters that only a small number of its employees' Macintosh computers were breached, but "there was no evidence that any data left Apple."
The iPhone and iPad maker said it would release a software tool later on Tuesday to protect customers against the malicious software used in the attacks.
Cyber-security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks.
Facebook revealed on Friday that unidentified hackers traced to China had staged a sophisticated attack by infiltrating its employees' laptops, but no user information was compromised.
Apple, which is working with law enforcement to track down the hackers, told Reuters that only a small number of its employees' Macintosh computers were breached, but "there was no evidence that any data left Apple."
The iPhone and iPad maker said it would release a software tool later on Tuesday to protect customers against the malicious software used in the attacks.
Cyber-security attacks have been on the rise. In last week's State of the Union address, U.S. President Barack Obama issued an executive order seeking better protection of the country's critical infrastructure from cyber attacks.
#378
Yes, let's continue to buy all of our electronics from China while they wage cyberwarfare against us. Am I the only one that thinks this is stupid?
Last edited by doopstr; 02-19-2013 at 12:52 PM.
#381
Where is the outrage?
http://usnews.nbcnews.com/_news/2013...perts-say?lite
Successful hacker attack could cripple U.S. infrastructure, experts say
http://usnews.nbcnews.com/_news/2013...perts-say?lite
Successful hacker attack could cripple U.S. infrastructure, experts say
A report tying the Chinese military to computer attacks against American interests has sent a chill through cyber-security experts, who worry that the very lifelines of the United States — its energy pipelines, its water supply, its banks — are increasingly at risk.
#385
Just and FYI for those of you relying on Snapchat to delete your sexts after a few minutes...
They remain on the handsets long after they "expire"...
http://www.ksl.com/?sid=25106057
They remain on the handsets long after they "expire"...
http://www.ksl.com/?sid=25106057
The following users liked this post:
#1 STUNNA (05-29-2013)
#387
#392
FYI, didn't want to upset the fappening in the other thread...
Once iBrute is used to gain credentials, EPPB is used to access the content:
EPPB: http://www.elcomsoft.com/eppb.html
According to Elcomsoft, EPPB woks EVEN IF YOU ARE USING 2FA. Whoa.
Now, that may change rapidly here based on how apple responds to this. Apparently, EPPB mimics a trusted device, therefore bypassing the 2FA.
Once iBrute is used to gain credentials, EPPB is used to access the content:
EPPB: http://www.elcomsoft.com/eppb.html
According to Elcomsoft, EPPB woks EVEN IF YOU ARE USING 2FA. Whoa.
Now, that may change rapidly here based on how apple responds to this. Apparently, EPPB mimics a trusted device, therefore bypassing the 2FA.
Last edited by stogie1020; 09-03-2014 at 11:36 AM.
#393
#396
The idea being that you can validate a trusted device ONCE with 2FA and not have to validate THAT device every time. Obviously the use of a token, mac address or similar residing on the trusted device means that a bad guy might be able to replicate the trusted token, but in reality, I don't want to have to 2FA my home desktop computer for everything I do. Now, a laptop, cell phone, tablet that is on the move? You bet...
The following users liked this post:
Mizouse (09-03-2014)
#398
Apple's two-step authentication side-steps the second step
http://windowsitpro.com/paul-thurrot...ptember-5-2014
Apple's two-step authentication side-steps the second step
Lost in Apple's description of the "hack" that resulted in nude celebrity photos "flooding" the Internet—we were so chaste before that, thanks Apple!—is the fact that the Cupertino consumer electronics giant has finally been bitten in the butt by its long-standing strategy of putting user experience before user safety. In an interview with The Wall Street Journal, Apple CEO Tim Cook confirmed my contention that those celebrities would never have been hacked if they used two-step authentication with OneDrive instead of iCloud to back up their photos. Why? Because OneDrive's two-step authentication actually works. So now Apple will implement fixes to the way iCloud security works, and one of the changes is that two-step authentication will actually kick-in more frequently, as it should. They'll figure it out.
Apple's two-step authentication side-steps the second step
Lost in Apple's description of the "hack" that resulted in nude celebrity photos "flooding" the Internet—we were so chaste before that, thanks Apple!—is the fact that the Cupertino consumer electronics giant has finally been bitten in the butt by its long-standing strategy of putting user experience before user safety. In an interview with The Wall Street Journal, Apple CEO Tim Cook confirmed my contention that those celebrities would never have been hacked if they used two-step authentication with OneDrive instead of iCloud to back up their photos. Why? Because OneDrive's two-step authentication actually works. So now Apple will implement fixes to the way iCloud security works, and one of the changes is that two-step authentication will actually kick-in more frequently, as it should. They'll figure it out.
#399
If you are a criminal it is best to lock your iPhone with a password and not your finger.
Cops can make you unlock your smartphone with fingerprint, says judge
cliffs..
Cops can make you unlock your smartphone with fingerprint, says judge
cliffs..
Virginia Beach Circuit Court Judge Steven Frucci ruled that a criminal defendant can be compelled to give up his fingerprint and unlock his cellphone in the course of a criminal investigation — because that's just like handing in a DNA sample or a physical key, which citizens can already be legally compelled to give to police.
On the other hand, police can't force a defendant to give up his passcode, because that's considered "knowledge" — not a physical object — and knowledge is protected by the Fifth Amendment. There have been cases, however, where defendants have been asked to give up their password to decrypt their computers, so there no consensus on this issue yet, as Wired's Andy Greenberg reported recently.
On the other hand, police can't force a defendant to give up his passcode, because that's considered "knowledge" — not a physical object — and knowledge is protected by the Fifth Amendment. There have been cases, however, where defendants have been asked to give up their password to decrypt their computers, so there no consensus on this issue yet, as Wired's Andy Greenberg reported recently.