Share your knowledge & discuss all aspects of Computer & Internet Security via a worldwide community.
mardi 20 juin 2017
jeudi 25 mai 2017
This Free Tool Scans Your Windows PC For NSA Vulnerabilities
Security firm Qihoo (360 Total Security) has developed a tool which will let users scan their computer to find out if they are vulnerable to any known vulnerabilities that were used by the NSA.
This Free Tool Scans Your Windows PC For NSA Vulnerabilities
We must admit that we the world had just witnessed a huge ransomware attack. Wannacry Ransomware attack already hit giant companies across the world.
Well, researchers are busy developing fixes for the Wannacry ransomware. Researchers are now coming up with tools that have the potential to unlock the locked computers.
Well, previously we have also seen researchers identifies another malware which is known as EternalRocks. The researcher also claimed that ‘EternalRocks’ ransomware is more dangerous than WannaCry and it is potentially difficult to fight.
Recently, security firm Qihoo (360 Total Security) has developed a tool which will let users scan their computer to find out if they are vulnerable to any known vulnerabilities that were used by the NSA.
The report came from Softpedia. The new tool can scan for the EternalBlue exploit which was used in WannaCry. It can even scan for other malware like EternalChampion, EternalSynergy, EternalRomance etc.
The security firm explained “Attackers with these NSA cyber weapons can break into more than 70% of the Windows systems in the world. An unpatched PC may be infected as soon as it connects to the Internet even without any click on a link or a file”
The tool does a simple job, it scans your computer to see whether it is fully patched to block all known vulnerabilities. It will also let users know about existing security flaws on their computer.
The tool also suggests the required updates secure your computer. Well, users who want to try out the tool should try at their own risk. To download the tool, visit this link.
So, what do you think about this? Share your views in the comment box below.
Subtitles Can Hack Your PC! Download Fix For VLC, Kodi, Etc.
Hackers have found a new way to spread the malware. Hackers are now hiding malware in subtitle files. According to the reports from Check Point Security, hackers can modify a subtitle file to create a new attack vector which can endanger devices like computers, smartphones, TVs, and other devices running unprotected media players.
Subtitles Can Hack Your PC! Download Fix For VLC, Kodi, Etc.
We must admit that we the world had just witnessed a huge ransomware attack. Wannacry Ransomware attack already hit giant companies across the world. Well, researchers are busy developing fixes for the Wannacry ransomware. Researchers are now coming up with tools that have the potential to unlock the locked computers.
It looks like Hackers have found a new way to spread the malware. Hackers are now hiding malware in subtitle files. According to the reports from Check Point Security, hackers can modify a subtitle file to create a new attack vector which can endanger devices like computers, smartphones, TVs, and other devices running unprotected media players.
Well, hackers can conduct remote code execution and can steal data or can utilize the victim’s device in a DDoS attack after compromising. Well, researchers claimed that this type of attack is “completely overlooked technique”
The majority of users downloads subtitles files from the internet. Hackers can upload a malicious subtitle on a repository and modify the ranking to put the subtitles files on the top. Which could increase the download counts and automatic downloads (by media players)
The malicious subtitle files can even pass through filters deployed by antivirus software because subtitles files aren’t recognized as a threat in comparison to conventional attack vectors.
Checkpoint on a blog post stated “The attack vector relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats. To begin with, there are over 25 subtitle formats in use, each with unique features and capabilities.”
“Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities.”
These are the affected media players: VLC, XBMC Kodi, Popcorn Time, Stremio. Well, these all affected media players have millions of users. VLC is the most popular one, everyone haves VLC media player installed on their computer. Researchers claimed that approximately 200 million devices running the affected media players are exposed to the attack.
If you are running VLC media player then you need to get the latest version 2.2.5.1 which you can download it from here. If you are using Stremio, get the fix from here.
You can download the fix of Popcorn time by visiting this link. Visit this link to get the fix forXBMC Kodi.
So, what do you think about this? Share your views in the comment box below.
samedi 4 février 2017
Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!
The nasty bug resides in Wordpress REST API that would lead to the creation of two new vulnerabilities: Remote privilege escalation and Content injection bugs.
Wordpress is the world's most popular content management system (CMS) used on millions of websites. The CMS recently added and enabled REST API by default on WordPress 4.7.0.
Flaw lets Unauthorised Hacker Redirect Visitors to Malicious Exploits
The vulnerability is easy to exploit and affects versions 4.7 and 4.7.1 of the Wordpress content management system (CMS), allowing an unauthenticated attacker to modify all pages on unpatched sites and redirect visitors to malicious exploits and a large number of attacks.
The vulnerability was discovered and reported by Marc-Alexandre Montpas from Sucuri to the WordPress security team who handled the matter very well by releasing a patch, but not disclosing details about the flaw in an effort to keep hackers away from exploiting the bug before millions of websites implement the patch.
"This privilege escalation vulnerability affects the WordPress REST API," Montpas writes in a blog post. "One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site."
Why WordPress Delayed the Vulnerability Disclosure
The issue was discovered on January 22nd, patched on January 26th and the fix was made available inrelease 4.7.2 to websites using the popular CMS.
Sucuri security providers and hosts worked closely with Wordpress security team for over a week to install the patch, ensuring that the issue was dealt with in short order before it became public.
The company also tipped off security companies including SiteLock, Cloudflare, and Incapsula over 9 days between disclosure and patch.
Here's what the Wordpress core contributor Aaron Campbell says about the delay in the vulnerability disclosure:
"We believe transparency is in the public's best interest...[and]... in this case, we intentionally delayed disclosing the issue by one week to ensure the safety of millions of additional WordPress sites."
"Data from all four WAFs and WordPress hosts showed no indication that the vulnerability had been exploited in the wild. As a result, we made the decision to delay disclosure of this particular issue to give time for automatic updates to run and ensure as many users as possible were protected before the issue was made public."
Patch your CMS Now!
The flaw has been rated critical, although the fix has automatically been deployed on millions of WordPress installations in the few hours after the patch was issued.
For a more technical explanation about the vulnerability, you can head on the Sucuri's official blog post.
WordPress admins who have not yet implemented the patch against the nasty vulnerability are strongly advised to update their CMS to Wordpress version 4.7.2.
dimanche 22 janvier 2017
BEWARE! This Android Trojan Buys And Installs Apps From Play Store
A security firm known as Dr. Web has just discovered a new threat to Android which is able to get the necessary permits or permissions in infected devices to buy and install apps from the Google Play Store.
BEWARE! This Android Trojan Buys And Installs Apps From Play Store
The presence of malware on Android is an increasingly frequent problem that Google, unfortunately, can not seem to control. For more measures, it continues to infect mobile devices, often by the carelessness of users.
A new threat seems to have come to Android, wreaking havoc discreetly and installing applications on the devices. Of course, it does not stop there and also steals user data.
Skyfin, named for this new malware, arrives at Android by the most frequent infection entry point, the out-of-the-way application stores. Once infected, and using a well-known component, Android.Download, your smartphone starts a process of installing applications from the Play Store to give a higher ranking to certain applications.
By committing the Play Store process, this malware can steal Android’s control and is only dedicated to doing these installations, increasing their ranking and bringing them up against Google’s lists.
What’s more curious is that Skyfin does not even install applications on smartphones. It performs the normal purchase and download process of the application, placing only the application in the download folder, but indicating to the Play Store that it has been installed. This behavior allows the user not to give the infection and therefore does not detect Skyfin.
This is not an abnormal behavior in this type of malware. The idea is that periodically new applications are sent to the compromised device, making this part of a network of devices that are dedicated to grow applications in the ranking of Google. It was further discovered that Skyfin can click on advertising banners, again reverting to the attacker.
In addition to this, which is already negative for the smartphone, Skyfin is still stealing user data and sending it to the attacker.
This is one more problem that Google can hardly solve or eliminate. The source of the problem comes from users and applications installing from external stores or APKs they find on the Internet.
Lineage OS Official Builds Coming To 80+ Devices
Recently, we all read the news articles that “It’s official, CyanogenMod Is Dead”. But, don’t worry, the new Lineage OS arrived, the CyanogenMod project replacement and its official build coming to 80+ devices.
Lineage OS Official Builds Coming To 80+ Devices
The company Cyanogen Inc. (cyng), responsible for Cyanogen OS, announced that it would shut down all its services and development for Android ROMs (both nightlies versions marked as stable), as from the 31st December 2016.
Wasting no time, a group of programmers and developers have created a fork of CyanogenMod, which they named Lineage OS (Lineage Android OS Distribution). In recent days, some images have been made available.
As a successor appeared Lineage OS which, according to the project managers, will be available for 80 different devices.
Lineage OS is the successor project of CyanogenMod, which is already present in more than 50 thousand devices. For now, the equipment still has unofficial versions but, according to those responsible for the project, the official versions will soon arrive, and the most fantastic thing is that there will be ROMs for more than 80 different Android devices.
Another of the novelties is that these ROMs can have weekly updates. Those responsible for the Lineage OS project also suggest that a clean installation of this system should be done, which means that the device should be formatted.
According to the information, as of this weekend, some official ROMs are already available. Be attend to Downloads portal that is available here.
This Teenager Hacked His Way to Free, Unlimited 4G Data
Need revives the ingenuity of people, and a US operator has found it in all its glory with a teenager who got them out for free and unlimited 4G data. A 17-year-old teenager from the Virginia, United States managed to bypass the 4G LTE network of T-Mobile.
This Teenager Hacked His Way to Free, Unlimited 4G Data
It is very clear that the need revives the ingenuity of people, and a US operator has found it in all its glory with a teenager who got them out for free and unlimited data. Yes, a 17-year-old teenager from the United States was able to discover something curious, as this happened when he found his mobile data getting exhausted.
Yes, now you all might be thinking that what’s interesting in this?
So, what if I say you all that now you all can consume unlimited 4G data for free. Hold on actually this is not the real point, though it may sound really interesting. The real point is that the 17-year-old teenager from the United States, known as Jacob Ajit who actually managed to hack the 4G LTE network of a leading telecom company known as T-Mobile and used unlimited data without paying a cent.
So, what if I say you all that now you all can consume unlimited 4G data for free. Hold on actually this is not the real point, though it may sound really interesting. The real point is that the 17-year-old teenager from the United States, known as Jacob Ajit who actually managed to hack the 4G LTE network of a leading telecom company known as T-Mobile and used unlimited data without paying a cent.
However, T-Mobile allowed Jacob Ajit to connect to its captive portal, where he was asked if he wanted to renew their prepaid plan. “I played around with this portal for a while, clicking on links and trying to escape. Some links failed, and some worked, somewhat randomly” said 17-year-old Jacob Ajit.
While Jacob Ajit checking whether the random apps would connect to the internet or not interestingly he realized that the Speedtest application (An app to evaluate the speed of your connection) is still working without any active data plan and that gave him an idea with which he managed to keep surfing on his mobile and use the data connection without paying hard earned money.
The 17-year-old teenager from the United States, Jacob Ajit stated that “I was onto something, or was I? I assumed they must be whitelisting Speedtest-affiliated servers in some way, perhaps using the official list?”.
In this test with the known tool Ookla SpeedTest Jacob told how the mobile was able to download data at 20 Mbps, demonstrating that somehow it was possible to continue to access the Internet. After connecting the phone to his Mac and use the program MITM proxy from which he managed to discover how it was actually happening.
Hence, Jacob Ajit came to know that T-Mobile was simply allowing the folders named /speedtest. So, Jacob hosted some files on his page with a folder named /speedtest and he was able to watch all the videos that he uploaded without any active data plan.
Jacob Ajit creates a proxy server on Heroku using a tool known as Glype proxy script. The idea was very simple: as he used that proxy as a homepage, through which he could enter any URL to use that configuration fault of T-Mobile and continue browsing even without data.
However, the young boy showed the problem that existed and contacted with T-Mobile to solve the problem. The solution, he says, is simple, and simply review their whitelist to disable this type of URLs. Currently there has been no response from the operator, but of course, the discovery again shows the ingenuity of some developers as well as the honesty.
Inscription à :
Articles (Atom)