Entries with tag security researchers.

Security Researchers Find that Hackers Increasingly Exploit Unpatched Browser Vulnerability

An unpatched vulnerability in all versions of Microsoft’s Internet Explorer browser is raising concerns as it poses what The SANS Institute’s Internet Storm Center called a “significant new threat” to Internet users. The Internet Storm Center elevated its Internet threat rating because of the vulnerability, based on increased evidence of exploits. Attacks are reportedly being launched against Internet Explorer 8 and 9, but the vulnerability affects all versions of Microsoft’s browser. Security vendor FireEye recently released a detail analysis of an ongoing campaign of attacks—based on the vulnerability—focused on Japanese organizations since August. The attacks compromise and install malware on Windows PCs. Microsoft—whose next scheduled patch release is 8 October—has not yet indicated when it will release a fix for the browser vulnerability. (Computerworld)(Internet Storm Center)(FireEye)
 

Internet Users Raise Bounty for Palestinian Researcher

A former hacker created a crowdfunding campaign in support of a Palestinian security researcher after the man was denied a bug bounty by Facebook. Khalil Shreateh discovered a vulnerability that allows a user to post to anyone’s wall, friend or not. After his initial report was dismissed, he posted a note to Mark Zuckerberg’s wall, stating he had “no other choice.” Facebook claims there was insufficient technical detail provided by Shreateh, which did not allow them to replicate the bug and denied him the reward for finding the flaw. The campaign to remunerate Shreateh was launched by Marc Maiffret, a security researcher now with BeyondTrust, and was a teen hacker in the 1990s who infamously hacked Microsoft as well as other corporate and government websites. He says this incident highlights the importance of independent security researchers who do the right thing by contacting companies about security issues they find. To date, the GoFundMe campaign has raised US$11,000 in a single day.  Maiffret told Businessweek, “I equally hope it has reminded other researchers that while working with technology companies can sometimes be frustrating, we can never forget the greater goal; to help the internet community at large.” (AFP at The Herald Sun)(Businessweek)
 

QR Code Used to Hack Google Glass

A security flaw in Google Glass that would let hackers  gather information from the head-mounted display has been uncovered. Lookout mobile security researchers were able to use a vulnerability associated with how the device processes images and looks for QR codes in every image. If a QR code is detected, it is decoded to determine whether it specifies a Wi-Fi network to connect to and establish an Internet connection, regardless of whether the code only appears in a portion of the frame. “We created a QR code that told Glass to connect to a Wi-Fi network of my choosing and started sending data to that,”  Marc Rogers, principal security analyst at Lookout, told the Guardian. “We could become the middleman, and if we needed to, strip out the encryption on the connection. Then we could see the pictures or video that it’s uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4… which hacked Glass [as] it browsed the page.” It could be the first time an image has been used to take advantage of a vulnerability. Google has fixed the flaw. (The Guardian)(SlashGear)(PC Mag) 

Decoy Password Strategy Could Protect Users

Security researchers say mixing honeywords—decoy passwords—along with a real hashed password could prevent hackers from accessing websites and online services. Ari Juels, chief scientist at security firm RSA, and cryptographer and MIT professor Ronald Rivest say that storing multiple possible passwords on a system could not only provide security but also determine when an intrusion is occurring. Passwords are now considered a weak security strategy in part because users make poor password choices. This approach uses a honeychecker system with information about which passwords are legitimate and which are honeywords. This system stores randomly selected integers that point to the location where the password is stored to check whether a user is entering the correct password. If attackers accessed the honeychecker, they could not find the password. Their presence could be detected when they attempt to use one of the honeywords to access the system. (ZDNet)(The Honeywords Project)(MIT CSAIL)
 

WordPress Botnet Continues Growing

A recent series of attacks against WordPress blogs is creating a growing botnet, according to security researchers. The attacks—which focus on individuals whose WordPress username is “admin”—attempts to crack their password for signing into the blog using brute-force attacks. The botnet reportedly now consists of 90,000 or more computers. Security experts are concerned the botnet could continue growing and create a massive problem. The attacks reportedly started after WordPress began offering an optional two-step authentication login. Once a website is infected, it is equipped with a backdoor. This lets the hackers control the site remotely and make it part of the botnet. (BBC)(Matt Mullenweg)(Krebs on Security)
 

Researchers Discover Vulnerabilities in Plug-and-Play Systems

Security researchers have discovered that, of devices at more than 80 million unique IP addresses responding to Universal Plug and Play discovery requests, between 40 and 50 million of them are vulnerable to attack via UPnP. Although security problems with the protocol have been well known for at least a dozen years, the issues put networks at risk and the research served to quantify the extent of the issue. UPnP is a set of networking protocols that let routers, printers, network-attached storage, media players, smart TVs and other devices seamlessly communicate. The researchers from security-software vendor Rapid 7 said they discovered more serious problems than they expected when they began their study. For example, they found that the most commonly used software stack used by the Universal Plug and Play protocol to control the device is also the most vulnerable. (SlashDot)(ThreatPost)(Rapid7)

Security Researchers: Computer Virus Targets Venezuelans

Researchers from security vendor Kaspersky Lab have announced the discovery of a virus that targets Venezuelans and steals their online credentials. Victims download the virus after clicking on a link— “listas-fraude-electoral.pdf.exe” (which means “electoral fraud lists”).—that purportedly connects to information about that nation’s recent presidential election. Dmitry Bestuzhev, Kaspersky’s head of Latin America research, said the malware spreads via e-mail and affected at least 75 of the company’s customers. The virus lets criminals steal victims’ banking information and their online credentials for Comisión de Administración de Divisas, the nation’s currency agency. “Being that this malware is quite simple and also targeting only Venezuelan banks and CADIVI, we can strongly assume that the cybercriminals who produced it are from Venezuela, too," Bestuzhev wrote.
(PhysOrg)(The Associated Press @ The Washington Post)(Kaspersky Lab SecureList)

Researchers Reveal New Details about Flame’s Malicious Capabilities

Security researchers have provided new information about the innovative approaches the sophisticated Flame malware used in its attacks on computers in the Middle East earlier this year. Analysis by researchers from Kaspersky Lab, Symantec, CERT-Bund/BSI, and the International Telecommunication Union’s Impact Alliance showed that Flame’s creators disguised the malware’s command-and-control servers as content publishing platforms that ran a fake content-management application. This allowed it to run without attracting attention because it resembled an operation that a news operation or blogger might use. The researchers say the Flame campaign started as early as 2006 and included the creation of at least three other pieces of malware that have yet to be discovered. The attack was also more widespread than previously believed and infected perhaps as many as 10,000 machines. Forensics revealed the names or code names of four of Flame’s developers. In May Kaspersky Lab reported it had discovered the Flame virus—which it describes as part of an espionage toolkit—after the United Nations’ International Telecommunications Union requested help with computer infections targeting Iran’s oil ministry. Flame attacks carefully selected computers, steals data, and opens a backdoor to infected systems that the hacker can use to update the malware. Researchers say the malware is so complex, they might need a decade to analyze it. (Ars Technica)(Reuters)(Wired)(Kaspersky Lab Threatpost)(Computing Now NewsFeed – 29 May 2012)
 

Showing 8 results.