Language Selection

English French German Italian Portuguese Spanish

Security

Security News, Notably Microsoft/NSA Catastrophe

Filed under
Microsoft
Security
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

Security Leftovers

Filed under
Security
  • Intel's Management Engine is a security hazard, and users need a way to disable it

    Since 2008, most of Intel’s CPUs have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.

    This post will describe the nature of the vulnerabilities (thanks to Matthew Garrett for documenting them well), and the potential for similar bugs in the future. EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our CPUs, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

  • 'Accidental hero' halts ransomware attack and warns: this is not over

    Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

  • Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability

    Popular open source forum software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

  • Vanilla Forums has a plain-flavoured zero-day

    The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016.

    Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host Header injection vulnerability CVE-2016-10073.”

    The problem arises because Vanilla Forums inherits a bug in PHPMailer. The mailer uses PHP's mail() function as its default transport, as discussed by Legal Hackers here.

  • Google Fuzzing Service Uncovers 1K Bugs in Open-Source Projects

    Today’s topics include Google’s fuzzing service uncovering more than 1,000 bugs in open-source projects in five months, VMware helping Google make Chromebooks better for business; Edward Snowden advocating the need for open source and OpenStack; and Dell EMC aiming servers at data center modernization efforts.

Security Leftovers

Filed under
Security
  • Six things you need to know about IoT security
  • OpenStack Cloud Security Moves Forward

    When it comes to understanding security in the cloud and specifically security in OpenStack clouds, there are many factors to consider. In a panel session moderated by eWEEK at the OpenStack Summit in Boston, leaders from across different elements of the OpenStack security spectrum provided insight and recommendations on cloud security.

    Security is a broad term in the OpenStack context and isn't just one single item. There is the OpenStack Security Project, which has a mission to help build tools and processes that help to secure OpenStack and its various projects. There is also the Vulnerability Management Team (VMT) that handles vulnerabilities for OpenStack project. Security in OpenStack is also reflected in various OpenStack projects, including notably Project Barbican for security key management. Finally there is just general security for cloud deployment by operators, which includes secure configuration and monitoring.

  • We Wuz Warned

    The tools that are infecting computers worldwide were indeed developed by, and then leaked from, the NSA. (Thanks for nothing, spooks.) The bitcoin.com article contains tips about how to protect yourself, and links to Windows patches, if you haven't yet been hit. Fortunately for us, the attacks seem to be focused on Windows systems; our Linux desktops are so far unscathed.

  • NSA-created cyber tool spawns global attacks — and victims include Russia

    Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia, with Russia among the hardest-hit countries.

    But the Department of Homeland Security told POLITICO it had not confirmed any attacks in the U.S. on government targets or vital industries, such as hospitals and banks.

  • GCHQ tweeted about keeping Britain cyber-safe and it majorly backfired
  • Leaked NSA Hacking Tool On Global Ransomware Rampage [Ed: No, the problem isn't "patching" or "upgrade", the problem is Windows itself, irrespective of which version (back doors)]

    Thus, there's some debate online about whether the "problem" here is organizations who don't upgrade/patch or the NSA. Of course, these things are not mutually exclusive: you can reasonably blame both. Failing to update and patch your computers is a bad idea these days -- especially for large organizations with IT staff who should know better.

  • An NSA-derived ransomware worm is shutting down computers worldwide
  • WCry is so mean Microsoft issues patch for 3 unsupported Windows versions [Ed: Back doors in old versions of Windows belatedly closed because Microsoft risks losing millions of useds [sic] for good]

NHS Cautionary Tale About Windows

Filed under
Microsoft
Security

Windows Chaos

Filed under
Microsoft
Security
  • ‘CIA malware plants Gremlins’ on Microsoft machines – WikiLeaks

    WikiLeaks has released the latest instalment in the #Vault7 series, detailing two apparent CIA malware frameworks dubbed ‘AfterMidnight’ and ‘Assassin’ which it says target the Microsoft Windows platform.

  • WannaCry ransomware used in widespread attacks all over the world

    Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.

    Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.

  • NHS left reeling by cyber-attack: ‘We are literally unable to do any x-rays’

    Thousands of patients across England and Scotland have been in limbo after an international cyber-attack hit the NHS, with many having operations cancelled at the last minute.

    Senior medics sought to reassure patients that they could be seen in the normal way in emergencies, but others were asked to stay away if possible.

    According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. “However much they pretend patient safety is unaffected, it’s not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” the doctor told the Guardian.

  • "Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

    Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries.

Microsoft Windows and Ransom

Filed under
Microsoft
Security
  • Massive ransomware attack hits UK hospitals, Spanish banks [Ed: Microsoft shows its real cost]

    A large number of hospitals, GPs, and walk-in clinics across England have been locked down by a ransomware attack, reports suggest. There are also some reports of a ransomware attack hitting institutions in Portugal and Spain, with telecoms provider Telefonica apparently hit hard. Further attacks have been reported in Russia, Ukraine, and Taiwan. Batten down the hatches: we might be in the middle of a global ransomware attack.

    Multiple sources point to this ransomware attack being based on the EternalBlue vulnerability, which was discovered by the NSA but was leaked by a group calling itself Shadow Brokers last month.

    NHS Digital has confirmed the attack and issued a brief statement, stating that there's no evidence that patient data had been accessed and that the attack was not specifically targeted at the NHS. At this point it isn't clear whether a central NHS network has been knocked offline by the ransomware or whether individual computers connected to the network are being locked out. In any case, a number of hospitals and clinics are reporting that their computer systems are inaccessible, and some telephone services are down too.

  • New ransomware Jaff demands $3,700 payments
  • Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

    This is a Wordfence public service security announcement for all users of computers running any version of Windows.

    We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.

More Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Keylogger Discovered in HP Audio Driver
  • [EN] Keylogger in Hewlett-Packard Audio Driver

    Security reviews of modern Windows Active Domain infrastructures are – from our point of view – quite sobering. Therefore, we often look left and right, when, for example, examining the hardening of protection mechanisms of a workstation. Here, we often find all sorts of dangerous and ill-conceived stuff. We want to present one of these casually identified cases now, as it's quite an interesting one: We have discovered a keylogger in an audio driver package by Hewlett-Packard.

    A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as 'well-intended'. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen.

  • Microsoft rushes emergency fix for critical antivirus bug

    The critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012.

  • Google Offers $20000 Rewards to Drive OSS-Fuzz Initiative
  • Call the fuzz, says Google, get the reward
  • How Google’s OSS-Fuzz is securing open-source software

    Google released OSS-Fuzz five months ago with a mission to make open-source projects stable, secure and reliable. Since then, the continuous fuzzing solution has found more than 1,000 bugs with 264 of them flagged as potential security bugs.

  • Google Fuzzing Service for OS Finds 1K Bugs in Five Months

    A Google-led initiative to find security vulnerabilities in popular open source projects has unearthed more than 1,000 bugs in various open source software in the five months since the effort was launched.

  • The IoT's Scramble to Combat Botnets

    With shadowy botnet armies lurking around the globe and vigilante gray-hat actors inoculating susceptible devices, the appetite for Internet of Things security is stronger than ever.

  • Exploiting the Linux kernel via packet sockets

    Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packet sockets. This post describes how the bug was discovered and how we can exploit it to escalate privileges.

Security Leftovers

Filed under
Security
  • To mitigate major Edge printing bug, use a Xerox copier, baffled user advises

    Beyond being breathtakingly bizarre, the bug could potentially have serious consequences for architects, engineers, lawyers, and other professionals who rely on Edge to print drawings, blueprints, legal briefs, and similarly sensitive documents. Edge is the default application for viewing PDFs on Windows 10 computers. While the errors demonstrated above happened using the "Microsoft Print to PDF" option, multiple users report similar alterations when using regular printing settings. (And besides, the print-to-PDF option is the default printing method for the Microsoft browser.) The alterations depend on several variables, including the printer selected, the settings used, and computer being used. It's not clear how long this flaw has been active or whether it has already affected legal cases or other sensitive proceedings that use documents printed from the Internet.

  • Keylogger Found in Audio Driver of HP Laptops
  • Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems
  • A Vicious Microsoft Bug Left a Billion PCs Exposed [iophk: "people are gullible: Windows was never secure in the 22 years since it added TCP/IP; for those that remember, it was not secure even before that and was plagued with malware spread by disk and NAS (then called file servers)."
  • Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge [Ed: Quit pretending that Microsoft cares about security in browsers that have a baked-in back door]

    The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure. The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.

    Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.

Syndicate content

More in Tux Machines

today's howtos

Google Chrome 60 Released

DRM-Carrying Flash's Death in the News

  • Google: HTML is Faster, Safer, and More Power Efficient Than Adobe's Flash
    After Adobe's big announcement this morning that they plan to end support for Flash in late 2020, Google Chrome's Anthony Laforge published a blog article asking Flash developers to start transitioning to HTML. For a long time, Google shipped its Chrome web browser built-in with Flash support, but it now looks like Chrome will slowly start blocking Flash content, require explicit permission from users, until upstream support is terminated three years from now, at the end of 2020. Google, like anyone else on this planet, believe HTML is faster, safer, and more power efficient than Flash, without a doubt.
  • Adobe Flash will die by 2020, Adobe and browser makers say
     

    For many, though, Flash was simply seen at least as a nuisance, and at worst a serious security risk.   

     

    Flash-based exploits have circulated for years, in a game of cat-and-mouse between hackers and Adobe itself. Apple's Steve Jobs famously banned Flash from the iPhone, claiming that Flash hurt battery life and also was a security risk. [...]

  • Adobe Flash is dead (well, nearly)
     

    Tech firms have long been hammering nail's into its coffin, too, and back in 2010, Steve Jobs famously penned a letter that called for the demise of Adobe Flash in favour of a shift to open web standards.

  • The end of Flash

FreeBSD 11.1 Released

  • FreeBSD 11.1 Operating System Debuts to Support 2nd Generation Microsoft Hyper-V
    The FreeBSD Project announced today the release and immediate availability of the first incremental update to the FreeBSD 11 operating system series, FreeBSD 11.1. It's been more than nine months since FreeBSD 11 was released as the latest and most advanced version of the widely-used and most popular BSD operating system on the market, and now, FreeBSD 11.1 is here with a bunch of new features across multiple components, as well as all the latest security and bug fixes.
  • FreeBSD 11.1 Debuts With LLVM/Clang 4, ZFS Improvements
    FreeBSD 11.1 is now available as the first point release to FreeBSD 11.
  • FreeBSD 11.1-RELEASE Announcement
    The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 11.1-RELEASE. This is the second release of the stable/11 branch.