Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Google and Firefox have upgraded their flagship browsers, crushing bugs and cracking down on bad certificates along the way. The Choc Factory's Chrome 41 swats 51 bugs of which at least 13 are classified as high severity and six considered medium risks. Google engineer Penny MacNeil thanked security researchers for the effort to identify the bugs. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," MacNeil says. Here's this month's ameliorated messes: [$7500][456516] High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. [$5000][448423] High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. [$5000][445810] High CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer. [$5000][445809] High CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer. [$4000][454954] High CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous. [$3000][456192] High CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous. [$3000][456059] High CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer. [$3000][446164] High CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang (demi6od) of NSFOCUS Security Team. [$3000][437651] High CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin of OUSPG. [$2500][455368] High CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne. [$2500][448082] High CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne. [$2000][454231] High CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl. [449610] High CVE-2015-1230: Type confusion in v8. Credit to Skylined working with HP’s Zero Day Initiative. [$2000][449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin of OUSPG. [$1000][446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer. [$1000][456841] Medium CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu. [$1000][450389] Medium CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl. [$1000][444707] Medium CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz. [$500][431504] Medium CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy. Mozilla's updates Firefox version 37 include a revocation feature to bolster the killing of bad intermediate certificates. The OneCRL replaces the Online Certificate Status Protocol which is less effective because it relies on third parties to keep updated registries of their valid and revoked certificates. Certificates were often accepted as soft-fails when the status could not be determined due to some technical or connectivity failure. Mozilla's new list operates in the browser and is populated by issuers who push certificate status instead of the browser having to do the fetching. This block-list, already used for blacklisting bad plugins and drivers, will now speed up checking times because it avoids the need for Mozilla to push out updates that require browser restarts, Mozilla security boffin Mark Goodwin says. "OneCRL helps speed up revocation checking by maintaining a centralised list of revoked certificates and pushing it out to browsers. Currently, if a serious incident occurs that requires certificates to be revoked, we release an update to Firefox to address the problem. "This is slow because it takes some time for users to get the security update and restart their browsers. There’s also cost involved in producing an update and in users downloading it." Goodwin points to a blog by Google guy Adam Langley who said last year that the old revocation checking did little to improve security. OneCRL for now covers intermediate certificates to reduce the size of Mozilla's blocklist and will be later sped up by automating the collection of revoked certificates. Source
  2. Feature "It is far more common to find routers with critical flaws than without" - Craig Young "It's sad that end-user education about strong passwords, password safes, and phishing can be undone by something as innocuous as the blinking box in the corner of your room. - Peter Adkins Introduction Home and small business router security is terrible. Exploits emerge with depressing regularity, exposing millions of users to criminal activities. Many of the holes are so simple as to be embarrassing. Hard-coded credentials are so common in small home and office routers, comparatively to other tech kit, that only those with tin-foil hats bother to suggest the flaws are deliberate. Hacker gang Lizard Squad crystallised the dangers – and opportunities – presented by router vulnerabilities when over the Christmas break they crafted a slick paid denial of service stresser service that operated on hacked boxes. Customers were found paying to flood targets of choice with gigabits of bandwidth stolen from what the black hats claimed were a fleet of half a million vulnerable and subsequently hacked routers. A year earlier, security boffins at Team Cymru warned that an unknown ganghad popped 300,000 routers in a week, altering the DNS settings to point to malicious web entities. Those routers were hacked through a self-propagating worm (PDF) that researchers had already warned about, but not yet seen. It used a mix of brute force password guessing of web admin consoles, cross-site request forgery, and known un-patched vulnerabilities. Arguably the most infamous hack in recent months was Check Point's so-called Misfortune Cookie discovered in December 2014. This vulnerability was thought to impact a staggering 12 million routers across 200 models from big names such as Linksys, D-Link, TP-Link, ZTE, and Huawei. Affected routers could be hijacked with a crafted cookie that allows attackers to meddle with just about everything on the units, from password theft, to alterations to DNS, and infection of connected devices. In October Rapid7 had chipped in with its own research, warning that Network Address Translation Port Mapping Protocol configurations in 1.2 million routers was sufficiently borked that remote attackers could spy on internal traffic. Security is 'abysmal' "Router security remains abysmal, especially among the cheapest brands,” says John Matherly, founder of the popular Shodan search engine which crawls for internet-connected devices. “Backdoors, no automated patching and default usernames and passwords are just a few of the problems that many SOHO routers continue to face.” Matherly last month dug up an estimated 250,000 routers used in Spain that were using the same SSH keys, placing those configured a for remote access at heighten risk. He also points to research published two days later by Entrust Solutions hacker Nabin Kc, who found 200,000 home routers contained a firmware backdoor, a flaw replicated across 10 different vendors who seemed to be re-branding a vanilla router. Matherly says badge-engineering seems a common practise for vendors that compete on price over form or function. “It seems that the rate of security problems discovered with routers is only limited by the number of security experts that take the time to analyse the devices,” he says. Source
  3. Amnesia strikes as hacker discloses remote code exec flaws Domestic router Daddy D-Link is patching dangerous remote access flaws in several models of its networking gear. The patches follow a round of zero-day disclosures by Canadian researcher Peter Adkins early this week, after D-Link allegedly cut communication while he quietly disclosed the flaws. The most severe flaw allowed attackers to hijack the devices including changing DNS settings by creating malicious sites which exploit cross-site request forgeries. D-Link issued an advisory in which it warns DIR models 626L; 636L; 808L; 810L; 820L; 826L; 830, and 836L are open to remote code execution. D-Link says attackers can upload and run files without authentication from the LAN-side of the device or over the internet if the "external connections" box was taken off default and ticked. "A second vulnerability reportedly relates to the device’s ping utility that might permit command injection without authentication," the company says of Adkin's work. "A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration." Adkins told El Reg ,many of the security failings in home routers could be put down to expansive feature sets. "The platforms the devices are build upon may be solid - such as OpenWRT - but then additional services are 'bolted in' to provide value-add, and that security seems to go straight out of the window," Adkin says. Other routers may be affected due to the location of ncc and ncc2 binaries Fellow router hackers Stefan Viehböck and Jeremy Richards found further flaws in five TRENDnet offerings since patched, plus another D-Link mess. Adkins reports contact between D-Link and himself ceased around February 23 when D-Link, after confirming receipt of the vulnerability reports on 11 January, said they had no knowledge of the holes and directed him to the company security reporting guide. The company recommends users run encrypted wireless to prevent the low chance that passing hackers would break into the networks. Only the DIR-820L was patched. Source
  4. Document Title: =============== Data Source: Scopus CMS - SQL Injection Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1436 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID (VL-ID): ==================================== 1436 Common Vulnerability Scoring System: ==================================== 8.9 Abstract Advisory Information: ============================== An independent security team of the vulnerability laboratory discovered a critical sql injection web vulnerability in the official Data Source Scopus Content Management System. Vulnerability Disclosure Timeline: ================================== 2015-02-25: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== Critical Technical Details & Description: ================================ A remote sql injection web vulnerability has been discovered in the official Data Source Scopus Content Management System. The vulnerability allows remote attacker to inject own sql commands to compromise the affected database management system. The vulnerability is located in the `w` value of the `countrysearch.php` file. Remote attackers are able to compromise the application & dbms by manipulation of the `w` value in the `countrysearch.php` file. The issue is a classic order by injection. The request method to inject own commands is GET and the issue is located on the applicaiton-side of the service. The security risk of the sql injection vulnerability is estimated as critical with a cvss (common vulnerability scoring system) count of 8.9. Exploitation of the remote sql injection web vulnerability requires no user interaction or privileged web-application user account. Successful exploitation of the remote sql injection results in dbms, web-server and web-application compromise. Request Method(s): [+] GET Vulnerable File(s): [+] countrysearch.php Vulnerable Parameter(s): [+] w Proof of Concept (PoC): ======================= The remote sql injection web vulnerability can be exploited by remote attackers without privileged application user account or user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC: Example http://[localhost]/[PATH]/[FILE].php?w=-[SQL INJECCTION VULNERABILITY]'-- PoC: Demonstration http://www.server.com/countrysearch.php?w=world%27-[SQL INJECCTION VULNERABILITY]'-- Dork(s): inurl:".php?w=" Solution - Fix & Patch: ======================= The vulnerability can be patched by usage of the preapred statement in connection with a secure encode/parse of the w value in the countrysearch.php file. Restrict the w value input and filter by disallowing input of special chars or negative values. Disable php script error(0);! Security Risk: ============== The security risk of the remote sql injection web vulnerability in the countrysearch.php file is estimated as critical. Credits & Authors: ================== [GuardIran Security Team] P0!s0nC0d3 - (http://www.guardiran.org) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  5. Kaspersky Lab’s global research and analysis team uncovered what they claim is the most sophisticated advanced persistent threat group yet known. Known as the Equation Group, researchers led by GReAT director Costin Raiu say the threat actors have been operating for 15 years or more and are known to have intercepted and maliciously modified hardware and CDs. Beyond that, the Equation Group is known to have had access to a pair of zero-day vulnerabilities that would eventually be used in the infamous Stuxnet attacks. We caught up with Kaspersky Lab principal security researcher Vitaly Kamluk at the company’s Security Analyst Summit in Cancun, Mexico. Source
  6. Hackers have targeted Lenovo with a website defacement attack believed to be intended to ‘punish' the firm for its use of the Superfish adware. The attack occurred on Wednesday and forced Lenovo.com to display a slideshow of images while playing Breaking Free from High School Musical. A Lenovo spokesperson told V3 that the firm is taking action to improve the site's security and "investigating other aspects of the attack". "Unfortunately, Lenovo has been the victim of a cyber attack. One effect of this was to redirect traffic from the Lenovo website. We are also actively investigating other aspects," said the spokesperson. "We are responding and have already restored certain functionality to our public-facing website. "We are actively reviewing our network security and will take appropriate steps to bolster our site and protect the integrity of our users' information and experience. "We are also working with third parties to address this attack and will provide additional information as it becomes available." The attack follows Lenovo's use of the Superfish adware on a selected number of laptops. The problem erupted on the Lenovo forum earlier in February when several customers reported finding Superfish installed on their machines. Superfish is adware that collects data such as web traffic information using fake, self-signed root certificates and then uses it to push adverts to the user. The Lizard Squad hacking group is believed to have mounted the attack on Lenovo, although this is yet to be confirmed. Andrew Hay, director of security research at OpenDNS, said that forensic evidence indicates that the attack did stem from Lizard Squad, highlighting similarities with a previous raid on Google.com.vn. Hay explained that Lenovo.com and Google.com.vn use the same registrar, Webnic.cc, and both are hosted in Digital Ocean's Netherlands data centre. He also noted that both raids "used Cloudflare to obfuscate the IP address of the destination server and to balance the traffic load to the website". Ken Westin, senior security analyst at Tripwire, pointed out that the attack would be in line with Lizard Squad's past behaviour in attacking companies that it believes have acted wrongly. "As a result of getting its hands caught in the privacy invading cookie jar with the deployment of the Superfish adware which compromised customers' privacy and security, it has made itself an open target for a number of hacking groups which have essentially declared it open season against Lenovo for its questionable practices," he said. Source
  7. Google is opting to make its annual Pwnium competition a year-round global opportunity with an endless bounty of reward money. In previous years, Pwnium was held once a year during a security conference, and security researchers would need to have a bug chain in March, pre-register for the event and be present at the competition's location, Google wrote on its blog. Now, researchers can submit bugs throughout the year through the Chrome Vulnerability Reward Program. “By allowing security researchers to submit bugs all year-round, collisions are significantly less likely and security researchers aren't duplicating their efforts on the same bugs,” Google wrote. The top available reward is $50,000, but the company's lawyers also noted in the post that, “this is an experimental and discretionary rewards program and Google may cancel or modify the program at any time.” Source
  8. Encrypted communications solutions provider Silent Circle said on Thursday that it has agreed to buy out a joint venture that it has with Geeksphone, giving Silent Circle a 100 percent ownership stake in SGP Technologies and full ownership of the privacy and security focused “Blackphone”. SGP Technologies was formed specifically to create the Blackphone, a smartphone that aims to protect users against snooping governments, industry rivals and hackers. The news comes shortly after the January appointment of F. William "Bill" Conner as Silent Circle's President and Chief Executive Officer and a member of the Board. Conner previously served as Entrust President and CEO and President of Nortel. Silent Circle was co-founded by Mike Janke, former Navy SEAL and security expert; PGP creator Phil Zimmermann; and Jon Callas, creator of Apple's whole disk encryption and co-founder of PGP Corporation. Silent Circle Logo "Silent Circle has brought tremendous disruption to the mobile industry and created an integrated suite of secure enterprise communication products that are challenging the status quo," said Janke, who serves as Executive Chairman of the Silent Circle Board. "This first stage of growth has enabled us to raise approximately $50m to accelerate our continued rapid expansion and fuel our second stage of growth." "As the nature and volume of data breaches increase, institutional trust is eroding," said Conner. "There are companies that have been hacked and there are those that don't know about it yet, which means that security in the traditional sense has failed us. With the number of employees connecting to an enterprise's network using their own devices rapidly rising, organizations need a different solution. In short, in a post-Sony and Gemalto world, security breaches have been made both enterprise and personal so it's no longer an issue affecting just the boardroom," said. " In a statement, Conner said the company would introduce new devices, software and services as part of an “enterprise privacy ecosystem” built from a fundamentally different mobile architecture. In May 2014, Silent Circle announced that it had raised $30 Million in funding and had decided to move its global headquarters from the Caribbean island of Nevis to Switzerland. In 2013 Silent Circle shut down its encrypted email service to avoid becoming a target after the US government subpoenaed the records of a similar secure e-mail provider called Lavabit. Source: securityweek.com
  9. Suntem in masura sa va prezentam o promotie speciala, cu licenta gratuita timp de 6 luni pentru BitDefender Internet Security 2015. Care sunt noutatile aduse produsului? In afara de interfata grafica noua, Tune-Up a fost imbunatatit si completat cu utilitare noi menite a imbunatatit timpul de pornire a PC-ului si viteza de operare. A fost adaugata functia Bitdefender One-click Optimizer, care optimizeaza dintr-un click sistemul, curatand spatiul de pe HDD de fisiere inutile, optimizeaza browserul si repara registry-ul. Au fost aduse imbunatatiri modulelor Parental Control, Wallet si scannerului de vulnerabilitati. De altfel, mai multe detalii gasiti pe pagina oficiala de testare: Bitdefender Beneficiati de BitDefender Internet Security 2015 cu licenta gratuita 6 luni accesand: Free Bitdefender 2015 Promotie limitata -> Sursa: BitDefender Internet Security 2015 – 6 luni licenta GRATUITA EDIT: // Link-ul de mai sus a expirat! Ramane valabil https://rstforums.com/forum/97182-bitdefender-internet-security-2015-6-luni-licenta-gratuita-post612950.rst#post612950 mai exact: Bitdefender Total Security 2015 (100% Discount Coupon)
  10. Introduction Last year – dubbed “the Year of the Hack” – saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony Pictures Entertainment. And after Target in 2013, another retailer, Home Depot, suffered a data breach with more than 56 million credit cards stolen. The consequences of these incidents can be devastating in terms of reputation damage and lawsuits that have been filed, charging negligent IT security control. Hackers exposed lots of poorly protected systems, and we should ask ourselves: What’s wrong here? It seems likely that data traffic security and network security have not kept abreast with the technological innovation. This article attempts to gain insight into some of the current issues related to the subject matter, such as proper data encryption, network segmentation, traffic originating from mobile devices, etc. Network Segmentation & Data Encryption Regulatory guidelines that ensure a general standard of compliance focus on traffic encryption for that data that traverse external or public networks, whereas local, inner-core networks are protected by means of logical network segmentation. Isolation of sensitive data on specific internal network repositories and cryptographic segmentation are common security standards today for many institutions that operate with loads of private and confidential information, e.g., banks and hospitals. Network segmentation is possible through technologies like firewalls and routing subnets. On the other hand, the encryption process for data in motion utilizes a large number of forms of encryption ranging from Web-based/HTTPS encryption to SSL-based VPNs. Enhanced Security with Proper Network Segmentation a) Unauthorized network access can be limited through network segmentation or security “zoning”. This mitigation technique will withhold the propagation of a threat, for instance, malicious actors attempting to move across the network. At the same time, segregating the network properly will enable access to those persons who are authorized. Firewalls and VLANs have a function that can partition the network into multiple zones. Multiple layers of control within the network – IT security corporations are more and more interested in dealing with network segmentation errors. But security is not the only problem with configuring proper network segmentation. Beware that while adding more security layers can impede access by cybercriminals, it can also have a negative impact on business dealings if the configuration is not user-friendly enough. Hence, we are obligated to take into consideration other key benefits associated with well-segmented networks, namely, “the ability to contain network problems, improve performance, and reduce congestion.” Diagram 1 “Example of Network Segmentation (Part 1)” Diagram 2 “Example of Network Segmentation (Part 2)” VLAN Network Segmentation and Security Network segmentation with virtual local area networks (VLANs) breaks a network into a number of isolated, smaller networks within the data center. Each of these networks operates as a separate logical broadcast domain. A proper VLAN segmentation can hinder significantly threat actors from accessing the system surface, and simultaneously diminishes their packet-sniffing capabilities. Furthermore, VLANs authorize legitimate users to access only those servers and devices related to their duties. VLANs have a positive unloading effect on network performance because the massive broadcast domains are divided into easily-manoeuvrable small parts. VLANs provide organizational flexibility, allowing administrators to group segmented mini-networks based on categories such as function, application, and project team. Lastly, VLANs can give secure but convenient user mobility to users assigned to a particular VLAN, since they can remain connected to that VLAN irrespective of location. What do the critics say about VLANs? VLANs are unable to enforce reliable control of privileged information because they simply isolate network traffic. It is deemed that they cannot inspect this traffic for threats. Moreover, along with other traditional tools, e.g., internal firewalls, VLANs can be a point of failure as far as security, flexibility, and management is concerned. That is because: “they necessitate physically changing the network topology to create or modify a secure domain; firewall rules to control user access incur time-consuming work-around fixes for authorized users; and security measures such as encrypting internal traffic isn’t always possible.” Next-Generation Networks Software Defined Networking (SDN), Network virtualization (NV), and Network Functions Virtualization (NFV) present an advanced software-based approach to IT virtualization of entire network architecture. A citation from this document illustrates in a few words the basic characteristics of these cutting-edge technologies: Software Defined Networking (SDN) In October 2013, the Open Networking Foundation (ONF) issued a research report in which two potential security challenges related to SDN were addressed: The centralized controller as a “potential single point of attack and failure.” The southbound interface between the controller and data-forwarding devices is “vulnerable to threats that could degrade the availability, performance and integrity of the network.” Measures within the SDN’s architecture: Secure the access to the Controller— protecting the Controller means protecting your SDN; Create a trusted network environment between the SDN Controller, the applications, the devices, which will protect the communications throughout the network; Enforce a robust policy framework to constantly check on the proper functioning of the SDN Controller; Enforce Remediation + Forensics procedures when necessary (i.e., recovery mechanisms, reporting, and analysis). Security outside the architecture can be embedded either in servers, storage and other computing apparatuses. Network Functions Virtualization (NFV) There are two basic security threats for NFVs: 1) A combination of all generic visualization threats; 2) Threats specific to the network function software. However, virtualization gives some complementary security by eliminating or mitigating several kinds of threats typical for the network function software with the help of new elements like centralized security management and hypervisor introspection. For improving the NFV’s security, Andreas Lemke advises users to utilize the following two-pronged combination: “Reducing generic virtualization threats as much as possible by securing the virtualization platform Eliminating as many network function-specific threats as possible by applying NFV-enabled security mechanisms, such as hypervisor-based protection” Drafting a stringent security policy on what is to be transferred from zone to zone is the next step. Accidental access of third parties to your network must be restricted to cases when it is absolutely needed and areas where there is no other information beyond what is required. A zone that contains highly sensitive data should be isolated as much as possible from the rest of the network, but it should not pose an undue burden on the overall data traffic. Tag zones differently depending on the type of data they contain. With regard to the previous point, be sure that a sensitive type of information is not within the reach of an unauthorized third party. Define “good faith”, innocuous communication paths and block suspicious data traffic. Building an enormous matrix of segregated zones may entail drafting a policy for traffic management between zones. Due to security changes over time, frequent changes in the policy have to be made as well so that the policy in question can respond to the present security dynamics of this new network environment. There are standards that can provide guidance on how to set up efficient separation of data within the network. The Payment Card Industry Data Security Standard (PCI-DSS) is such, and in this case sensitive information like payment card data should be isolated from the rest of the network. Case Study: Target Data Breach As some of the recent data breaches have shown, improper network segmentation can result in exposure of your data to system outages or theft. Stolen third-party credentials can be further exploited for getting a foothold in entire networks. That was the case with the infamous Target data leakage in December 2013. According to Jody Brazil, founder of the security vendor FireMon, Target failed to secure in a proper fashion the access of third parties to their payment systems. A main lapse seems to be the fact that they did not segment the network to ensure that sensitive cardholder data was separated from what outsiders can access – which is a noncompliance in itself with a ubiquitous security practice pursuant to the aforementioned PCI-DSS. Finally, Brazil concludes that despite the sophisticated nature of the malware used to intercept and steal payment card data from the company’s Point-of-sale (POS) systems, the attacker would have been stopped at the installation phase if Target had followed network segmentation procedures in the first place. Enhanced Security with Proper Encryption The classical security architecture counts on establishment of a trusted internal network guarded by firewalls. Thus, applications in the safe zone are deemed totally trustworthy. Security analysts bring these assumptions into question. As if the old maxima “Hope for the best and prepare for (assume) the worst” is better justified in terms of real-deal proactive security measures like encryption, especially for preservation of sensitive data. A survey conducted by Spiceworks, a professional network for IT specialists, ascertains that 76% of the IT managers use at least two forms of encryption to ensure that the data traffic of their enterprises is secure. Astonishingly, one out of three admits that he is forced to use three or more kinds of encryption or VPNs for data in motion. It seems clear that this might be a security problem, since these managers cannot reach some form of consensus concerning the promulgation of a uniform and consistent encryption policy, which would encompass all network segments and applications under its belt. Consequently, all gaps and inconsistencies in data traffic security are an aftermath of the existent fragmented environment. Corporations encounter difficulties with encryption management chiefly because of the fragmentation, which has a performance impact on firewalls and network devices. The direct effect of these issues is felt in the form of deployment of less than ideal data traffic security to compensate for shortcomings existing in network systems and firewalls – a dangerous trade-off that IT managers are bound to do. The following statistic reflects on the aforementioned subject: “45% of the respondents said encryption is too difficult to manage to use for segmentation, while 36 percent cited the performance hit on firewalls and network devices when encryption is turned on.” Presumably, the coordination of extremely fragmented, fractured means of data encryption and segmentation is often an arduous chore. Is it abstaining from encrypting a viable alternative? Highly unlikely. Nevertheless, more than half of the surveyed organizations confirm that concerns about performance quality preclude them from opting for this multiple encryption. II. Mobile Data Traffic and Network Security The mobile unencrypted traffic from apps is growing each month. At the moment 49% of all app traffic is unencrypted, which means that it is vulnerable to snooping and injection cyber attacks. These pose a significant threat to the normal functioning of day-to-day business operations. Interestingly, outsiders finding a loophole in the corporate network is not as frequent of a security nuisance as unsuspecting employees opening a door to a malicious cyber attack. Most users (72%) do not feel uncomfortable (at least at the beginning) with sharing sensitive information in their apps, such as credit card details and passwords. Diagram 3 Source: http://commons.wikimedia.org/wiki/File:Consumerization_Report_-_Chart_3.jpg (by Cgarlati). Bring Your Own Device (BYOD) Many people in Western countries have up to five Internet-connectable devices and 300 identities across a great number of online shopping portals and social media – an ongoing tendency that ushers in the bring your own device (BYOD) revolution. From a business point of view, there is a monetary as well as reputational risk associated with not being able to protect the data trusted to them because of the increasing adoption of personal devices in the workplace. And from a data transfer perspective, the equation gets even more complicated when cloud-based platforms allow employees to access business information regardless of geographic location. Besides proper employee management (that could be an IT security training of personnel), identity control based on staff movement restrictions across virtual, cloud and physical environment is vital for complying with the current standards in terms of efficiency and security. The silo style of mobility Mobile-device management and enterprise-mobility management have been developed by enterprises to manage devices like tablets and smartphones. Under the standard approach, these two systems integrate with a VPN server, for instance, to set up an encrypted data connection to the company. The silo-based nature of all mobile devices, however, localize the perimeter protection to the company’s boundaries. Consequently, if an employee has credentials on his mobile device, a malicious actor can obtain and leverage them to gain unfettered access to internal networks. And we all know that personal devices typically do not possess antivirus/antimalware software and often share information with untrustworthy apps. The security threat stems from the fact that all internal networks of the corporation continue to be considered “safe” and “trusted” (See Diagram 4). As a result, enterprises often use insufficient controls to segment data traffic and secure or isolate internal applications containing sensitive servers. Diagram 4 Conclusion The Spiceworks survey reported that improving network security was put on the priority agenda for the IT sector in 2015. Allocating funds to network security projects for this years is envisaged by approximately two-thirds of all enterprises participating in the interview. We can only hope that these measures will not come as “too little, too late”. And while the investment in the reconstruction of outdated network architectures and data traffic mechanisms is important, we should not forget to adjust our personal perception to these changes. Reference List Boone, A. (2015). Network Security Trends and Outlook. Retrieved on 15/02/2015 from https://www.sdxcentral.com/articles/contributed/network-security-trends-and-outlook-2015/2015/01/ Boone, A. (2015). 2015 Predictions: Mobile security set for change in 2015. Retrieved on 15/02/2015 from http://www.rcrwireless.com/20150109/opinion/2015-predictions-mobile-security-set-for-change-in-2015-tag10 Certes (2015). Solving the data traffic encryption tangle. Retrieved on 15/02/2015 from http://certesnetworks.com/blog/solving-the-data-traffic-encryption-tangle/ Cryptozone. Network Segmentation. Retrieved on 15/02/2015 from http://www.cryptzone.com/solutions/network-segmentation Forsyth, L. (2012). Poor data security can cause lasting damage to your enterprise. Retrieved on 15/02/2015 from http://www.theguardian.com/media-network/media-network-blog/2012/dec/13/internet-data-security-enterprise Harrison, R. (2014). Network Segmentation Key To Good Network Hygiene. Retrieved on 15/02/2015 from http://www.networkcomputing.com/networking/network-segmentation-key-to-good-network-hygiene/a/d-id/1269687 McGillicuddy, S. (2014). SDN security issues: How secure is the SDN stack? Retrieved on 15/02/2015 from http://searchsdn.techtarget.com/news/2240214438/SDN-security-issues-How-secure-is-the-SDN-stack Natarajan, P. (2014). Rock-solid Data Traffic Security in a Virtualized Network World. Retrieved on 15/02/2015 from www.ciena.com/connect/blog/Rock-solid-Data-Traffic-Security-in-a-Virtualized-Network-World.html Open Networking Foundation (2013). SDN Security Considerations in the Data Center. Retrieved on 15/02/2015 from https://www.opennetworking.org/images/stories/downloads/sdn-resources/solution-briefs/sb-security-data-center.pdf Olzak, T. (2012). VLAN Network Segmentation and Security- Chapter 5. Retrieved on 15/02/2015 from http://resources.infosecinstitute.com/vlan-network-chapter-5/ Palo Alto Networks. Zero Trust Approach To Network Segmentation. Retrieved on 15/02/2015 from https://www.paloaltonetworks.com/solutions/initiative/network-segmentation.html Philbin (2014). Mobile Data Trends Report shows nearly half of app traffic now unencrypted. Retrieved on 15/02/2015 from https://www.wandera.com/blog/mobile-data-trends-report-shows-nearly-half-of-app-traffic-now-unencrypted/ Reichenberg, N. (2014). Improving Security via Proper Network Segmentation. Retrieved on 15/02/2015 from http://www.securityweek.com/improving-security-proper-network-segmentation SDNCentral. SDN Security Challenges in SDN Environments. Retrieved on 15/02/2015 from https://www.sdxcentral.com/resources/security/security-challenges-sdn-software-defined-networks/ TrendMicro (2013). Catch Evasive Threats That Hide Behind Real Network Traffic. Retrieved on 15/02/2015 from www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-network-detection-evasion-methods.pdf Vijayan, J. (2014). Target breach happened because of a basic network segmentation error. Retrieved on 15/02/2015 from http://www.computerworld.com/article/2487425/cybercrime-hacking/target-breach-happened-because-of-a-basic-network-segmentation-error.html Diagram 1 and 2 are based on graphs in: Raza, K. (2015). Network Segmentation & SD-WAN. Retrieved on 15/02/2015 from http://www.networkcomputing.com/networking/network-segmentation-and-sd-wan/a/d-id/1318634 Source
  11. Am cautat pe forum si nu l-am gasit postat asa ca am zis sa-l postez ( bine inteles pentru cei interesati ) Adversaries are committed to continually rening or developing new techniques that can evade detection and hide malicious activity. Meanwhile, the defenders—namely, security teams—must constantly improve their approach to protecting the organization and users from these increasingly sophisticated campaigns. Caught in the middle are the users. But now, it appears they not only are the targets, but also the complicit enablers of attacks. The Cisco 2015 Annual Security Report, which presents the research, insights, and perspectives provided by Cisco® Security Research and other security experts within Cisco, explores the ongoing race between attackers and defenders, and how users are becoming ever-weaker links in the security chain. Cybersecurity is a broad and complex topic that has a far-reaching impact on users, companies, governments, and other entities around the world. The Cisco 2015 Annual Security Report is divided into four areas of discussion. These sections, and the issues explored within them, may at rst glance seem disparate, but closer examination reveals their interconnectedness: Read more: https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2015_ASR.pdf
  12. WordPress is the most popular CMS (Content Management System) available nowadays online, used by the vast majority of all sites. If you have a look at this report, WordPress holds the lion share (60.6%) of the sites whose CMS we know and a total of 23.4% of all sites. It is easy to use and it offers great flexibility, with both ready and custom templates and a plethora of plugins to put into effect. Moreover, WordPress provides its users with the opportunity to enhance the SEO-friendly (and thus Google-friendly) nature of their site pretty smoothly and it also offers mobile-friendly themes. These are some of the major reasons why WordPress has been characterized as one of the most successful CMS options to date, and this is why it is the number one choice for many web designers, developers, tech freaks and even novices and tech-illiterate people who seek to find a simple yet effective tool for creating their site. Due to its exponential growth and its universal popularity, WordPress is not immune to threats and hacking attempts. It is true that the more popular something is, the more likely it will be for others to seek compromising it in the long run. This is why it is not that rare a phenomenon to hear about WordPress sites having been hacked and not being able to function properly. Before we continue with our guide about cleaning up WordPress, it is important that we truly understand what website hacking is and what this can do to your site and your computer. What Website Hacking is, and How it Affects You There are two major types of website hacking that you should beware of, in order to ensure that you offer the best user experience to every single visitor and not compromise his or her overall security: The first type has to do with the establishment of a backdoor; this means that the hacker leaves room for returning to your site whenever he feels like it and gaining access to places that should be out of reach for him. The difficulty in tracing this type of website hacking lies in the fact that this backdoor is not visible to the naked eye – and thus it can go unnoticed for a truly long time. The second type involves the deterioration of user experience and the compromise of your site directly from the source. The visitors that click on your site can be redirected to other sites or get pop-ups on their screen as soon as they head to your home page. In addition, malware can be installed silently to the computers of your site’s visitors, and of course this is never a good thing. Now that we have comprehended what goes on in cases of WordPress sites being hacked, and before moving on to the process of WordPress database cleanup, it is time to highlight the signs that should alarm you that something is wrong with your site. Signs that Reveal a Potential WordPress Hack Even though the signs are not a perfect match to every single WordPress site that has been compromised, they offer some truly helpful information that should get you on your feet and urge you to dig deeper and see whether or not your site has indeed been hacked. Let’s see these signs in the form of bullets: Problems with e-mails: The hackers will start sending e-mails from your site, and you will most probably be blocked as spam mailer. This can affect your communication with others, as you will not even have a clue about your e-mail activity. Bad content added to WP: You cannot control what content is added to your site, and this is in fact one of the major factors that ought to urge you to start cleaning up the mess. Slow performance or crash: This is another indicator that you are in need of WordPress clean up after a hack. If you are experiencing too slow performance or if you see that your site has crashed, you should look no further. Traffic drops significantly: You will most likely observe that you get no traffic at all or you have lost most of your visitors from one day to the next. Unless you have dealt with a matter of bad reputation recently, this should alarm you. Website disappears: This is the most shocking sign that your site has been under attack. In some cases, the hackers remove everything from the site and thus take it down. As soon as you have noticed some of these signs, it is high time to take matters into your own hands. Though this process is neither easy nor simple to complete, you can in fact repair your WordPress site and make sure that you shield it against any future acts of this sort. How to Repair Your Hacked WordPress Site From the very moment when you determine that your WordPress site has been hacked, you need to take some immediate actions and start working toward cleaning everything up and securing your digital premises. Let’s have a look at what it takes for you to accomplish that: Restore Your Site via Upgrade and Reinstallation: Make use of your backup and restore your site, so that it can keep running. Upon doing so, you need to be thorough while reinstalling all the plugins and additional tools that you have been using so far. It is important to reinstall them and then upgrade them to the latest version. Scan and Cleanup Your Machine: If you had not installed an anti-virus program, please DO! This is essential, in order to highlight any red flags for you to consider. Scan the machine of yours in detail and fix any problems that emerge. Change All the Passwords: Do not be sloppy when it comes to cleaning up WordPress. On the contrary, you ought to be really scholastic and change all the passwords that you have been using in e-mail accounts, financial transactions and anywhere else. Of course, it goes without even saying that you need to change the WP administrator password and get a new one (rather than the default that many users don’t mind keeping). Back up Everything: Besides being able to restore your site in the event of hacking or crashing, you can compare the backups with your current WP site and check for any alterations whatsoever. Check wp-config.php File: If you come across any modifications when comparing your file with the wp-config-sample.php file, you had better change them. Engage in Premium Security Solutions: Although it can be tempting to handle your WordPress site and its maintenance on your own or make use of your son’s talent or the wit of your best friend, such options generally come with a greater percentage of risk. Instead, consider premium security solutions that will safeguard your site and deal with the proper WordPress maintenance required. Any Uploaded File Should Be Copied: This will allow you to keep everything under control. Even in the discomforting event of a crash or any other problem getting in the way, you will know that you have got copies to turn to. Fresh, New Version of WordPress: Do not settle for older versions of WordPress. Instead, be sure to get updates and have the latest version of WordPress that has fixed security issues and can keep you thoroughly protected. Go through Every Post: This can take some time, but it is worth the trouble. You should go through every post of yours and identify any problem, in order to deal with it effectively. How to Protect Your Site from Any Future Attack As hacking is not a one-time deal, you will have to comply with some security precautions that help you maintain everything perfectly secured on your WordPress site. Below, there are some pieces of advice that you ought to consider for protecting your WordPress website from any malicious intent: Restrict Administrative Privileges: The fewer the people who access your admin panel, the less likely it will be for breaches to occur. Scan on a Daily Basis: If you are vigilant and you do not neglect scanning your site daily for bugs and other vulnerabilities, the hack is less likely to succeed. Use Secured Protocols: Instead of connecting with the use of FTP, you can go for SFTP or SSH for ensuring that it is infinitely more difficult for somebody to track you down. Use 2-Verification: Make sure that you enhance your site’s security using 2-step verification. This will result in the hacker requiring much bigger effort towards accessing your site. Disable PHP Execution: You can find detailed instructions on how you can do that, since it will certainly help you out eliminate threats in the future. From everything that has been analyzed in this article on cleaning up WordPress, this is a tough job – however, it is not impossible to complete and what you gain is truly remarkable; a fully protected WordPress site that does not compromise anything in terms of security and performance! Source
  13. Google on Thursday unleashed its own free web application vulnerability scanner tool, which the search engine giant calls Google Cloud Security Scanner, that will potentially scan developers' applications for common security vulnerabilities on its cloud platform more effectively. SCANNER ADDRESSES TWO MAJOR WEB VULNERABILITIES Google launched the Google Cloud Security Scanner in beta. The New web application vulnerability scanner allows App Engine developers to regularly scan their applications for two common web application vulnerabilities: Cross-Site Scripting (XSS) Mixed Content Scripts Despite several free web application vulnerability scanner and vulnerability assessment tools are available in the market, Google says these website vulnerability scanners are typically hard to set up and "built for security professionals," not for web application developers that run the apps on the Google App Engine. While Google Cloud Security Scanner will be easier for web application developers to use. This web application vulnerability scanner easily scans for Cross-Site Scripting (XSS) and mixed content scripts flaws, which the company argues are the most common security vulnerabilities Google App Engine developers face. Today, common HTML5 and JavaScript-heavy applications are more challenging to crawl and test, and Google Cloud Security Scanner claims to take a novel approach by parsing the code and then executing a full-page render to find more complex areas of a developer's site. GO FOR WEB VULNERABILITY SCAN NOW The developers can access the Cloud Security Scanner under Compute > App Engine > Security in Google's Developers Console. This will run your first scan. It does not work with App Engine Managed VMs, Google Compute Engine, or other resources. Google notes that there are two typical approaches to such security scans: Parse the HTML and emulate a browser – This is fast; however, it comes at the cost of missing site actions that require a full DOM or complex JavaScript operations. Use a real browser – This approach avoids the parser coverage gap and most closely simulates the site experience. However, it can be slow due to event firing, dynamic execution, and time needed for the DOM to settle. Security Engineering head Rob Mann says that their web vulnerability scanner uses Google Compute Engine to dynamically create a botnet of hundreds of virtual Chrome workers that scan at a max rate of 20 requests per second, so that the target sites won’t be overloaded. The search engine giant still recommended developers to look into manual security review by a web app security professional, just to be on the safer side. However, the company hopes its vulnerability scanner tool will definitely provide a simple solution to the most common App Engine issues with minimal false positives. Source
  14. CANCUN–When (or if) people think about the security of the devices they interact with and use on a daily basis, the machines that run their local car wash probably aren’t high up on that list. But, like everything else with a computer for a brain these days, those machines are connected to the Internet. And Billy Rios can hack them. Rios has spent years pulling apart the innards of all kinds of automation equipment, mostly in the ICS and SCADA realms. But now that TVs, parking meters, dishwashers and everything else under the sun comes with an embedded Web server and other potential targets, he has begun having a look at what surprises those devices hold, as well. Looking in one of the more obscure corners of the web, he discovered automated car wash equipment online. The device he researched has a considerable attack surface. The device was running a version of Windows CE on an ARM processor and after a bit of poking around, Rios found that it also had Telnet enabled and a default five-character password and default username. “If you know that default username and default password you can do a lot of interesting things,” Rios said in a talk at the Kaspersky Lab Security Analyst Summit here Tuesday. “You car wash can send you emails and yes, your car wash is on Facebook, too.” The car wash device controls the mechanisms that wash the top and bottom of a car and by sending special POST requests to the device, an attacker could cause some mischief, such as changing the kind of wash a car is getting. But more seriously, if an attacker was able to access the device, he also could disable the safety sensors on the back and front doors of the wash bay, which prevent them from coming down on a person or vehicle. The problem isn’t limited to one manufacturer or one industry or one kind of device. Lack of security in Internet-enabled devices is spread across the board. “Remote access changes your threat model. But to be honest, I don’t think we can trust the makers,” Rios said, referring to manufacturers of all sorts of gear with embedded computers and remote access capabilities. “The people who made that car wash won’t understand any of things we just talked about, like SQL injection or buffer overflows. We’re going to see this in other IoT places as well.” Security researchers have been turning their attention to the growing crop of non-PC devices that contain computers, WiFi, Bluetooth and other capabilities, and what they’re finding in terms of security controls is typically pretty bad. Many of companies rushing to Internet-enable everything they make aren’t spending a lot of time thinking about the security implications of what they’re doing, but the attackers are. “It’s asymmetric. The knowledge in attacking these things is very high and it’s very low in defending,” Rios said. Source
  15. Computer maker Lenovo has been forced to remove hidden adware that it was shipping on its laptops and PCs after users expressed anger. The adware - dubbed Superfish - was potentially compromising their security, said experts. The hidden software was also injecting adverts on to browsers using techniques more akin to malware, they added. Lenovo faces questions about why and for how long it was pre-installed on machines - and what data was collected. The company told the BBC in a statement: "Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in the market from activating Superfish. Complaining "Superfish was preloaded on to a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish." Users began complaining about Superfish in Lenovo's forums in the autumn, and the firm told the BBC that it was shipped "in a short window from October to December to help customers potentially discover interesting products while shopping". User feedback, it acknowledged, "was not positive". Last month, forum administrator Mark Hopkins told users that "due to some issues (browser pop up behaviour, for example)", the company had "temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues". He added it had requested that Superfish issue an auto-update for "units already in market". Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones. Such adware is widely regarded in the industry as a form of malware because of the way it interacts with a person's laptop or PC. Security expert from Surrey University Prof Alan Woodward said: "It is annoying. It is not acceptable. It pops up adverts that you never asked for. It is like Google on steroids. "This bit of software is particularly naughty. People have shown that it can basically intercept everything and it could be really misused." According to security experts, it appears that Lenovo had given Superfish permission to issue its own certificates, allowing it to collect data over secure web connections, known in malware parlance as a man-in-the-middle attack. "If someone went to, say, the Bank of America then Superfish would issue its own certificate pretending to be the Bank of America and intercept whatever you are sending back and forth," said Prof Woodward. Ken Westin, senior analyst at security company Tripwire, agreed: "If the findings are true and Lenovo is installing their own self-signed certificates, they have not only betrayed their customers' trust, but also put them at increased risk." Clean install Although Lenovo has said that it has removed Superfish from new machines and disabled it from others, it was unclear what the situation would be for machines where it had already been activated. Prof Woodward said: "Lenovo is being very coy about this but it needs to explain how long it has been doing this, what the scale is and where all the data it has collected is being stored. "There will be remnants of it left on machines and Lenovo does not ship the disks that allow people to do a clean install." It raises wider questions about the deals that computer manufacturers do with third parties and the amount of software that comes pre-installed on machines. Mr Westin said: "With increasingly security and privacy-conscious buyers, laptop and mobile phone manufacturers may well be doing themselves a disservice by seeking outdated advertising based monetisation strategies." Users were particularly angry that they had not been told about the adware. One Lenovo forum user said: "It's not like they stuck it on the flier saying... we install adware on our computers so we can profit from our customers by using hidden software. "However, I now know this. I now will not buy any Lenovo laptop again." The problem also caused a storm on Twitter, where both Lenovo and Superfish were among the most popular discussion topics. Source
  16. The world's biggest SIM card manufacturer, Gemalto, revealed yesterday to have been hacked by the NSA and GCHQ, has taken a $470m hit in its stock price. Gemalto was caught unawares by the revelation that the US and UK intelligence agencies had compromised its systems, and stole potentially millions of SIM card keys used to encrypt phone calls around the world. Gemalto supplies SIMs to 450 networks on Earth, from AT&T to T-Mobile, and launched an investigation. Speculation that the Dutch manufacturer may be forced to recall chips, incurring huge costs, caused its share price to fall eight per cent in early trading before recovering a little to four per cent down on closing. Obtaining SIM card private keys allows intelligence agencies to decrypt intercepted calls without anyone knowing – not the users, the network operators nor the handset manufactures. Communications eavesdropped today, yesterday or five years ago can be decoded once a SIM's Ki key is obtained. The company issued a statement today in which it promised to get to the bottom of the hack: "Gemalto is especially vigilant against malicious hackers, and has detected, logged and mitigated many types of attempts over the years. At present we cannot prove a link between those past attempts and what was reported yesterday. “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.” Incensed Security watchers praised the company for its prompt and forthright response. But privacy and communications experts are incensed by the latest revelations about GCHQ/NSA warrantless mass surveillance. The World Wide Web Foundation has called for urgent steps to be taken to secure private calls and online communications. Its chief exec Anne Jellema commented: "The news that US and UK spy agencies hacked the network of a Dutch company to steal encryption keys for billions of SIM cards is truly shocking. "Possession of these keys would allow these agencies to access private calls, web browsing records and other online communications without any of the legal safeguards and processes in place to prevent abuses of power.” Jellema argued that the surveillance would undermine trust in mobile payments, among other concerns. “This is yet another worrying sign that these agencies think they are above the law. Apart from its blatant disregard for multiple human rights, this foolish move undermines the security and future of the global mobile payments industry." She noted that any security weakness or backdoors into a cryptographic system might also be exploited by third-party cybercriminals and called for an investigation into GCHQ including "a full and frank disclosure as to why they hacked a private company, and one headquartered in an ally country." Other security experts warned that other intelligence agencies may be up to the same tricks. Andrew Conway, research analyst at Cloudmark, said: “The ease with which the NSA and GCHQ were able to compromise all mobile communications is shocking. But there are other nation state actors with just as much determination and sophisticated hackers. In particular, China's Axiom Group has shown remarkable abilities to penetrate targets in the West.” Not just the NSA? He highlighted other worrying accounts of mobile companies being targeted: "Last year, mobile security company ESD revealed that they had detected a network of fake mobile phone towers intercepting communications near US military bases. It was assumed that whoever was responsible was just collecting metadata, because 3G and 4G communications are encrypted. Could it be that this was some foreign espionage agency with the ability to listen to US mobile phone calls? Or perhaps it was the NSA monitoring all civilian phone calls near military bases for possible terrorist activity? Regardless, it is clear that mobile communications have been badly compromised.” A complete revamp of mobile comm security may eventually be required, Conway concluded. "In the short term organizations requiring secure voice communications can consider deploying mobile devices with another layer of encryption, such as Blackphone or Cryptophone. In the long term, we need to do a better job of end-to-end encryption of all mobile and fixed line communications - which will include not relying on a single master key for all communications." Source
  17. This week's headlines have been security heavy thanks to the influx of news coming from Kaspersky's Security Analyst Summit. We've seen Kaspersky report everything from a $1bn cyber bank heist operation, to potentially NSA-sponsored and Middle Eastern advanced persistent threats. Specifically we saw threat research papers on the Carbanak, Equation and Desert Falcons attack campaigns. Carbanak is a banking-focused cyber operation that is believed to have stolen $1bn from 100 banks in more than 30 regions using specialist attack tools. Equation is a dangerous hack campaign, believed to have stemmed from the US National Security Agency, that uses a selection of attack tools, including one that can infect the operating systems on hard drives. Desert Falcons is a Middle Eastern cyber mercenary group that is believed to have infected thousands of Windows and Android devices with over 100 different malware variants. Each of these campaigns has its own specific implications for security professionals and the industry in general, but there is one unifying factor for me that is the most interesting: all three used phishing as a primary infection tactic. Phishing, for those who don't know, is an attack that aims to spread malware using infected messages that often masquerade as stemming from a trustworthy source. The message system used in phishing campaigns can include everything from Facebook posts and instant messages, to tweets and basic email. The campaigns are sometimes fairly basic and easy to see through, such as the Nigerian prince emails that circulate offering incredible sums of money in return for bank details, while others can include a social engineering element and are made to look like invoices or corporate communications. The attack strategy may sound simple enough to stop, but for me the trio of threats highlighted by Kaspersky show that most businesses still haven't addressed the phishing threat. There are likely to be several reasons why phishing still works so well. One of the most common that I hear from talking to industry professionals is that many businesses still assume that security is an out-of-the-box technological issue, not a cultural one. Despite constant warnings from security providers and government departments, many companies still assume that, if they have basic perimeter defences in place, they have ticked the security box and don't have to worry about cyber attacks, such as phishing. Sadly, this simply isn't the case. The Carbanak campaign is a particularly good example. Carbanak initially targets victims with spear phishing emails designed to look like legitimate banking communications. The messages contain malicious Microsoft Word and Control Panel Applet attachments that exploit flaws in Microsoft Office 2003, 2007 and 2010 (CVE-2012-0158 and CVE-2013-3906) and Microsoft Word (CVE-2014-1761) to execute the Carbanak backdoor. The initial infection didn't get the hackers access to the more secure internal systems they wanted to breach, but it did get them far enough into the network to begin a reconnaissance phase targeting bank employees, particularly systems administrators. From here, using information stolen during the reconnaissance phase, the attackers were able to get to the companies' crown jewels and steal vast sums of money. The key takeaway here is that firms need to back up their defence technology with robust cyber security awareness, using education programmes that not only teach staff how to spot and avoid falling victim to phishing messages, but how to report incidents to the IT team. Incidents will, of course, still occur; some of the social engineering behind phishing is seriously impressive and can lead to very realistic looking communications. But it would help dramatically to reduce the hackers' win rates and profit margins, a development I think everyone on the right side of the law would regard as positive. Hopefully, while bad, the discovery of Carbanak, Equation and Desert Falcons will at the very least make some firms aware of this. Although, considering my past experience covering the fallout of these attack campaigns, I'm not holding my breath. Source
  18. A cyber mercenary group, codenamed Desert Falcons, has infected thousands of government departments and businesses with malware, according to Kaspersky Lab. The security firm revealed the campaign at its Security Analyst Summit, revealing that it has already detected 3,000 confirmed Desert Falcons infections on Android and Windows devices. Victims include military and government bodies, media outlets, financial firms, research institutions, political activists, energy companies and physical security providers in Egypt, Palestine, Israel and Jordan. "The Desert Falcons cyber criminals are native Arabic speakers, and it is believed to be the first known Arab group to develop and run a full cyber espionage operation," read the report. "Desert Falcons began its operations in 2011, with the first infections taking place in 2013. The group became very active in late 2014/early 2015." The group is believed to have around 30 members split into three teams, and focuses mainly on stealing political and military intelligence. Kaspersky estimated that the hackers managed to steal more than one million files and documents containing sensitive information before being discovered. Dmitry Bestuzhev, security expert at Kaspersky Lab's Great team, said the Desert Falcons target victims with tailored campaigns which include a prolonged period of surveillance. "The individuals behind this threat are highly determined, active and with good technical, political and cultural insight," he explained. "Using only phishing emails, social engineering and homemade tools and backdoors, Desert Falcons was able to infect hundreds of sensitive and important victims." The campaign used a variety of malware types, and is one of the first to attempt to spread malware using Facebook chat. "The attackers created authentic Facebook accounts and then interacted with chosen victims through common Facebook pages until they had gained their trust. Then they sent Trojan files in the chat hidden as an image or similar," read the paper. "The Desert Falcons depends on two different backdoors to spy on victims. Both are homemade and are under continuous development. We were able to identify and collect more than 100 malware samples used by the Desert Falcons." The selection of tools gives the hackers a variety of powers, including key-logging and the ability to upload and download files to command and control servers owned by the group. Other powers include the ability to view information on all the .doc and .xls files on the victim's hard disk or connected USB devices, steal passwords and record audio files using infected machines. Kaspersky has managed to identify some Desert Falcon members, but expects the group to continue operating. "We were able to track and identify the full profile of some of the attackers, including Facebook and Twitter accounts, private blogs and websites," read the paper. "[but] we expect their operations to carry on developing more trojans and using more advanced techniques." Desert Falcons was one of many high-profile threat campaigns revealed during Kaspersky's security conference. Kaspersky researchers reported on Tuesday that they had uncovered a widespread Equation attack infecting hard drive operating systems with malware. The team also reported a Carbanak campaign which is believed to have stolen over $1bn from financial institutions. Source
  19. AVG Internet Security 2015 provides you with protection against viruses, malware, spam, scams, phishing, and more. Plus, it has additional features such as a firewall, internet accelerator, privacy protector, and more Link: Free AVG Internet Security 2015 (100% discount)
  20. The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems. Sounds like most months, for sure. But what sets this month apart is the regular stream of disclosures from researchers in the hours and days following patches from Microsoft. The latest surrounds MS15-010, a bulletin that patches six critical remote code execution, security bypass and privilege escalation bugs in the Windows kernel-mode driver. That bulletin includes a security feature bypass in CNG.sys, or the Cryptography Next Generation kernel-mode driver, disclosed by Google’s Project Zero research team. The vulnerability was out in the open for close to two weeks after Project Zero’s 90-day disclosure window expired. Details on a privilege escalation vulnerability, CVE-2015-0057, in the Windows kernel GUI component, the Win32k.sys module, yesterday were shared by researchers at enSilo. According to CTO Udi Gavo, all versions of Windows are affected, including the Windows 10 Technical Preview, and attackers could exploit the bug and gain control over the compromised computer. “A threat actor that gains access to a Windows machine (say, through a phishing campaign) can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization,” he said in a published report. The vulnerability can be exploited by modifying one bit in Windows, the report said. The exploit works, enSilo said, despite the presence of numerous kernel-level protections instituted by Microsoft, in particular in Windows 8.1. Kernel DEP, ASLR, SMEP and others are mitigations that prevent code execution within certain kernel regions, but some researchers have already developed bypasses. EnSilo provides technical details on the vulnerability in its report, in particular an examination of the xxxEnableWndSBArrows function which enables and disables scrollbars in Windows. “Through a single call, this function can alter the state of both scrollbars,” the report said. “It is precisely within this function wherein the vulnerability lies.” On Tuesday, consultancy JAS Global Advisors released details on critical vulnerabilities in Group Policy that expose Windows users to man-in-the-middle attacks, remote code execution attacks, and security bypasses. The Jasbug, as it was nicknamed, was reported in January 2014 but since it was a design issue rather than one related to an implementation, it required some re-engineering by Microsoft. “The vulnerability is remotely exploitable and may grant the attacker administrator level privileges on the target machine/device,” JAS said. “Roaming machines – domain-joined Windows devices that connect to corporate networks via the public Internet (e.g. from hotels and coffee shops) – are at heightened risk.” JAS said that computers connecting over a virtual private network should be immune to compromise. Further mitigating the risk, JAS said, is that a number of scenarios have to be in place for exploits to work. “It certainly doesn’t work universally and it depends on some funky misconfigurations and happenstance. But it works frequently enough to be of concern,” JAS said in its advisory. Microsoft also addressed reports with a silent feature update in Visual Studio (KB3001652) that was causing Windows machines to lock up. The update has since been re-released after it was removed from Windows Update. Sursa
  21. Apple has introduced two-step verification to the iMessage and FaceTime chat services in a bid to boost security. Apple's support page explains that the two-step verification process is triggered when Apple Mac or iOS users log-in to iMessage or FaceTime. The iMessage and FaceTime apps were previously accessed with only an Apple ID email address and standard password. The new verification process requires users to log-in to their Apple ID through the web which will generate an app-specific password to be used as a second layer of security. The process differs slightly from the verification needed for iCloud, which requires a four-digit code to be sent to a registered ‘trusted device', such as a phone. Apple users are also given a 14-character recovery key to allow those who have lost a trusted device to gain access to an account. People less concerned about the security of their Apple ID can disable the verification feature if they wish. The additional layers of security have been implemented to make it harder for hackers to gain access to Apple ID accounts and swipe images from iCloud or pose as the account holder on iMessage. Apple's move to add more services to two-step verification is an indication of the company's commitment to improving security on its Mac and iOS platforms. The iCloud hacks of 2014, which resulted in private images of celebrities being leaked online, highlighted the need for Apple to shore up the log-in and access process to its services. Apple has taken an active approach in dealing with security flaws, having recently issued the first automatic security update for Mac OS X. However, Apple has been accused of failing to meet a 90-day patch deadline to fix vulnerabilities in the Mac operating system, after Google publically revealed three security flaws in Mac OS X. Source
  22. Oh, Adobe Flash. I knew you well, starting from when you were known as Macromedia Flash in the late 1990s. The dynamic web content you provided me was amazing. Streaming video over 56k would’ve been a major test of my patience, hence YouTube didn’t launch until 2005. But the games… Oh, the games! They were fun. Wait fifteen minutes to download, then five minutes of amusement could be had before it got tiring. Webmasters loved the razzle dazzle of Flash applets even more than JavaScript applets for tacky animated menus and the like. Back when websites had “Best viewed with Netscape,” or “Best viewed with Internet Explorer” icons on their home pages, some web developers really enjoyed one upping each other in needless Flashiness. “Look ma, this ain’t GeoCities no more!” As web developers started to emphasize function over gimmickry, they started to focus their energy on interesting and useful web apps and streaming video as opposed to taking the sentiment behind the old HTML <blink> tag way too far. With Flash, the possibilities seemed endless. If you could make a very good SWF applet, people really appreciated it, especially once most people had Flash plugins in their web browsers. And of course, Flash was necessary for YouTube. YouTube launched the same year Adobe bought Macromedia, 2005. YouTube was such a phenomenon that Google had the good sense to buy it a year later. Adobe is good at developing creative tools, however proprietary they are. What they’re not good at is security. No bloody way! Security bugs are inevitable in all applications from developers both big and small. But, they’re way more common in Adobe Acrobat and Adobe Flash than is typical for similar applications. One of the things I habitually do in my security hardening routine for both personal and professional client PCs is uninstall Acrobat, and replace it with another PDF viewer, such as Foxit Reader, when the machine I’m working on runs Windows. Even though the end user doesn’t realize that I’ve given them a more secure application to open PDFs in, they always appreciate how their new application patches without popups, and gives them a better designed GUI, better in-browser functionality, and an overall better user experience. I’m really happy to be able to say that now I can do the same thing to Flash as I do to Acrobat. Except, I don’t have to install another application to replace it. All I’ve got to ask an end user is, “do you ever go to YouTube?” They’ve always said yes. The really computer illiterate end users don’t know what Flash is, nor do they know that they sometimes view YouTube videos as an embedded applet on a webpage that’s not hosted at youtube.com. Asking them if they enjoy other websites that use Flash is an exercise in futility. “Huh? Do I use Google or Foxfire?” (Why oh why do they call Firefox “Foxfire?” Explaining to them the difference between the Google search engine and the Google Chrome web browser has made me ruin my manicures here and there.) But I could usually assume that they needed Flash for YouTube most of the time. A few years ago, they really needed it for games in Facebook, as well. The first nail in the coffin was mobile. The late Steve Jobs, although I strongly dislike the guy, was correct when he said, “Flash has not performed well on mobile devices. We have routinely asked Adobe to show us Flash performing well on a mobile device, any mobile device, for a few years now. We have never seen it.” Although Adobe really wanted to port Flash to mobile platforms, that effort was never successful. It was never available for iOS. It was available at times for Symbian, Palm OS, and webOS. It was available for some devices running Android versions 2.2 through 4.0.4. It never really seemed to catch on, once smartphones and tablets became the primary way for consumers to enjoy content from the Internet. W3C started working on HTML 5 in 2004. It was usable for me to play around in starting in 2010. But I’m more of a web page developer than a web app developer, so my web development was focused on standards compliance and cross browser and device compatibility rather than creating nifty things with the canvas element. Nonetheless, the introduction of the <video> tag made it a lot easier to embed video without Flash than ever before. And other new tags and functions in HTML 5, combined with sophisticated CSS and JavaScript use, rendered Flash unnecessary for dynamic apps, as well. HTML 5, when used by a competent developer, works just as well on mobile as it does on desktop platforms, and that was apparent well before HTML 5 became officially stable on October 28th, 2014. In fact, I can’t think of a more successful and widespread beta release off the top of my head. Unless you directly worked in web browser and engine development, October 28th would’ve been just another Tuesday. Adobe announced that they had given up on developing Flash for mobile in November 2011. That well predated HTML 5’s stable release. In addition to games and other web apps using open standard alternatives to Flash, YouTube started to make HTML 5 compatible videos available in January 2010, via WebM and H.264. Also, there are native mobile apps for watching YouTube videos outside of the web. So, the thorough acceptance of cross platform open standards, especially HTML 5, combined with everyone and their grandma using mobile devices and Adobe’s struggle with it, sealed Flash’s doom. Then, on January 27th of this year, YouTube announced that HTML 5 video is now default in Chrome, Internet Explorer 11, Safari 8, and the latest Firefox releases. If your browser uses one of the same rendering engines, such as the latest stable versions of WebKit and Trident, you’ll probably experience the same. A Brief Summary of Adobe’s Security Problems This is by far not a complete summary of all of the security problems Flash (and Acrobat) has had, but I’ll explain some of the major ones. In 2007, an Adobe (Acrobat) Reader bug exposed the local filesystems of users’ computers to anyone who knew how to exploit it. Trojan Adobe Flash Player and Reader updates started to become prevalent in 2008. It’s been such a problem that when I see an update popup on a user’s machine, I assume it’s malicious until I determine otherwise. So, that’s been a huge problem for consecutive years now. How come all kinds of other applications, open and closed, from developers of all sizes can patch without popups users have to interact with, but Adobe can’t manage to do that? That’s a massive trojan vector, and there are two disastrous sides to that coin. The vast majority of end users lack my expertise, particularly in malware. A Flash or Reader update popup could be a trojan. Sometimes end users have had experience with Adobe trojans already, so someone like me may have advised them to exercise caution when they see such a popup. But the popup could necessitate interaction for a legitimate and very necessary security patch. So with end users unable to determine whether or not a popup is a trojan, not interacting with it could be the less secure rather than more secure thing to do. In 2009, Symantec’s Internet Security Threat Report explained how Adobe, with Flash and Reader, had one of their most insecure years ever. Adobe’s Chuck Geschke was tremendously arrogant when he was interviewed by John Paczkowski about that. Paczkowski: “Both Apple and Microsoft have said publicly now that Flash has issues with reliability, security, and performance. Do you think those complaints are legitimate?” Geschke: “I think they’re old news. Go to our website and read the actual facts about Flash. We enumerate the facts about Flash there as we see them. They may have a different set of facts that they believe are accurate. It’s up to you to decide.” Ummm, Mr. Geschke… Facts are never subjective by their very definition. Facts are facts, period. You sound like a bloody Scientologist. “Today, I feel like 2 + 2 = 5. It just feels right to me, but your mathematics professor may have a different set of facts they believe are accurate.” Here are the facts. This is what Symantec’s 2009 report actually said, and I hold them in much higher esteem than I do Adobe: “In 2009, Symantec documented 321 vulnerabilities affecting plugins for web browsers. ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plugin technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe Reader had 49 vulnerabilities, QuickTime had 27 vulnerabilities, and Adobe Flash Player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox… “Among the vulnerabilities discovered in 2009, a vulnerability affecting both Adobe Reader and Flash Player was the second most attacked vulnerability. This was also one of four zero-day vulnerabilities affecting Adobe plug-ins during 2009. Two of the vulnerabilities were in the top five attacked vulnerabilities for 2009. Additionally, Adobe vulnerabilities have been associated with malicious code attacks such as the Pidief.E Trojan.” Ouch! And Adobe’s position as one of the most insecure major software vendors ever didn’t cease in 2009. It still isn’t “old news,” Mr. Geschke. Malicious PDFs were used to sucessfully attack Rackspace, Adobe, and Google in 2010. A remote access bug was discovered in Flash in 2011. When properly exploited, one could acquire full control of an affected client machine. Flash Player made it to the top of Symantec’s list of most exploitable plugins in 2012. In October 2013, Adobe was attacked, revealing the sensitive data of 2.9 million users. The sensitive data affected included credit card and debit card information. The same day, YouTube announced default HTML 5 video, January 27th, 2015, Adobe had to release a security patch for two really major Flash vulnerabilities. Independent security researcher Kafiene discovered vulnerability CVE-2015-0311. It allowed Flash to be used as a vector for malicious code injection which could, once again, give complete control of an affected machine to a blackhat. A security researcher named Bilou discovered CVE-2015-0312. It was very similar to CVE-2015-0311, it also enables remote code injection. And of course, with Adobe being Adobe, barely a week passed before fifteen vulnerabilities had to be addressed in a patch that released on February 5th. Yet again, these vulnerabilities enable remote malicious code injection and execution. If you’re still using Flash in Windows, OS X, and GNU/Linux, this is what you must know about eighteen additional CVE listings: “Users of Adobe Flash Player for Windows and OS X should update to Adobe Flash Player 16.0.0.305. Users of Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269. Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442. The Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.305.” I can safely assume that we’ll continue to learn about really major vulnerabilities that pertain to Flash and Reader for as long as those products continue to be developed by Adobe. I base that assumption not only on Adobe’s reputation and their tendency to take a head in the sand approach to security, but also on Adobe’s patch management style. Their patches address vulnerabilities that are near the surface of their applications, rather than the really deep vulnerabilities at the center of their really old code bases. Way too much of the code is unchanged from the 1990s. I’d love for a security firm with much greater resources than I have to do a really thorough penetration test of the most recent versions of Flash and Reader for Windows, OS X, and GNU/Linux. The reported findings would probably require a forest’s worth of pulp if printed on paper. So, yes, security vulnerabilities can be found in products from all developers. But Adobe is much worse than the norm. Alternative PDF viewers and creators are available for pretty much all mobile and desktop platforms. And open web standards such as HTML 5 have made Flash obsolete. Heck, I even use GIMP instead of Photoshop. Here’s my advice. Whether you’re enterprise or a consumer, get Adobe out of your abode. Now you can do it for content creation and consumption. And it’s easy. References Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched- Shaun Nichols, The Register Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched • The Register YouTube flushes Flash for future flicks- Simon Sharwood, The Register YouTube flushes Flash for future flicks • The Register YouTube now defaults to HTML 5 <video>- Richard Leider, YouTube Engineering and Developers Blog YouTube Engineering and Developers Blog: YouTube now defaults to HTML5 <video> Another day, yet another Adobe Flash patch. Because that’s how we live now- Iain Thomson, The Register Another day, yet another emergency Adobe Flash patch. Because that's how we live now • The Register Adobe has an epically abysmal security record- Jose Pagliery, CNN Money Adobe has an epically abysmal security record - Oct. 8, 2013 Adobe says hackers accessed data for 2.9 million customers- James O’Toole, CNN Money http://money.cnn.com/2013/10/03/technology/security/adobe-hack/index.html?iid=EL Thoughts on Flash- Steve Jobs, Apple.com https://www.apple.com/hotnews/thoughts-on-flash/ Why You Should Ditch Adobe Shockwave- Brian Krebs, Krebs on Security http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/ YouTube says HTML5 video ready for primetime, makes it default- Ron Amadeo, ArsTechnica http://arstechnica.com/gadgets/2015/01/youtube-declares-html5-video-ready-for-primetime-makes-it-default/ The tooth gnashing you hear is from Flash users installing a new 0day patch- Dan Goodin, ArsTechnica http://arstechnica.com/security/2015/01/those-teeth-gnashings-you-hear-are-flash-users-installing-a-new-0day-patch/ How secure is Flash? Here’s what Adobe won’t tell you- Ed Bott, ZDNet http://www.zdnet.com/article/how-secure-is-flash-heres-what-adobe-wont-tell-you/ Adobe issues emergency Flash update for Windows and Mac- Dara Kerr, C|Net http://www.cnet.com/news/adobe-issues-emergency-flash-update-for-windows-and-mac/ Source
  23. Hackers are targeting Apple iCloud users with phishing messages designed to steal financial information. Sophos employee Paul Ducklin reported in a blog post that the messages are tailored to look like legitimate security alerts. 'Your account may have been compromised. Please cancel the following Order Number: WZEYMHCQVWZ20,' reads the bogus message. 'Within Apple Inc. latest security checks, we recently discovered that today there were incorrect login attempts to your account. For your account status to get back to normal, Go Here >> to complete the details.' The links in the message go to a page owned by the criminals, which requests the filling in of a 'cancellation form'. "The bogus payment cancellation form is hosted on what looks like a hacked home-user DSL connection in Canada," explained Ducklin. "The data submission form goes to a similar ‘server' hosted on a connection via a boutique ISP in Switzerland." Ducklin recommended a variety of protective measures to defend against phishing attacks of this kind. "Don't assume that crooks aren't interested in you. You may have the smallest, simplest web server in the world, but if there's a security hole, the crooks can use your server, and your URLs, as a staging post for their cyber crimes," he said. "Use two-factor authentication if you can. This relies on one-time log-in codes, so the crooks can't simply phish your password and use it over and over." Ducklin is one of many security professionals to call for wider use of two-factor authentication. Attackers are believed to have taken advantage of a lack of two-factor authentication to guess celebrities' iCloud passwords during a wave of high-profile incidents in 2014. Source
  24. WordPress is the most popular blogging platform in the world. Millions of websites including various popular blogs are using WordPress as a content publishing platform. So, hackers are also more interested in hacking WordPress based websites. WordPress usually pushes updates to patch all the known vulnerabilities, but third party themes and plugins make WordPress vulnerable. Sometimes hackers also find vulnerabilities in WordPress that allow them to hack the whole server. In the past three months, we have seen 2 major zero-day vulnerabilities and mass hacking of WordPress websites. Thousands of websites were hacked by exploiting these vulnerabilities. There are many past examples in which a single vulnerable plugin led to the hacking of whole web server hosting hundreds of websites. A few days back, we discussed SoakSoak malware which affected 100k websites in very little time by exploiting the vulnerability in a plugin. So, if you are a WordPress user, you must take care of security. You must always keep your WordPress installation updated and secure. In a previous post, I also discussed WPScanner, a tool for scanning a WordPress website and finding vulnerabilities in it. If you are WordPress user, you can use this tool to find vulnerabilities in your website and patch. In this post, I will discuss various security plugins available for WordPress. These security plugins offer a wide range of features to make your WordPress blog secure from known threats. These plugins keep their services updated with security from the latest exploits and threats. If you are really serious about your online business running on WordPress, you must use any of these plugins to make it secure. These are the 7 best security plugins available for WordPress. 1. WordFence WordFence is one of the most popular WordPress security plugins. It keeps on checking your website for malware infection. If scans all the files of your WordPress core, theme and plugins. If it finds any kind of infection, it will notify you. It claims to make your WordPress website 50 times faster and secure. For making your website faster, it uses Falcom caching engine. This plugin is free, but a few advanced features are available for premium users. If you can afford it, do it. This plugin blocks bruteforce attack and can add two factor authentication via SMS. You can also block traffic from a specific country. It also includes a firewall to block fake traffic, botnet and scanners. It also scans your hosting for known backdoors including C99, R57 and others. If it finds anything, you will instantly get email notification. It also scans your posts and comments for malicious code. It also supports multi-site. You can also check the traffic on your WordPress website in real time and see if there is any security threat attacking your website. Download WordFence 2. BulletProof Security BulletProof Security is another popular WordPress security plugin that takes care of various things. It adds firewall security, database security, login security and more. It comes with four-click setup interface. Just activate this plugin and then relax. It will take care of your website. It limits failed login attempts and blocks security scanners, fake traffic, IP blocking and code scanners. It keeps on checking the code of WordPress core files, themes and plugins. In case of any known infection, it notifies admin. It also optimizes the performance of your website by adding caching. It comes with built-in file manager for htaccess. It protects WordPress websites against various vulnerabilities including XSS, RFI, CRLF, CSRF, Base64, Code Injection, SQL Injection and many other. This plugin keeps itself updated with new vulnerabilities to keep your website protected. It keeps on updating it according to new exploits and vulnerabilities. It also has a pro version which offers some advanced features to improve the security of your website. But the free version is popular enough to make your website secure. Download BulletProof Security 3. Sucuri Security Sucuri Security is the security plugin for WordPress. This plugin is from the popular website security and auditing company Sucuri. This plugin offers various security features like security activity auditing, file integrity monitoring, malware scanning, blacklist monitoring, and website firewall. It incorporates various blacklist engines including Google Safe Browsing, Sucuri Labs, Norton, McAfee Site Advisor and more to check your website. If there is anything wrong, it will notify you via email. It protects your website from DOS attack, Zero Day Disclosure Patches, bruteforce attacks and other scanner attacks. It also keeps log of all activities and keep these logs safe in the Sucuri cloud. So, if an attacker is able to bypass the security controls, your security logs will be safe within Sucuri’s security operations center. If you are willing to pay, you can go for the Sucuri premium service. They are a well known web application security company with a team of experts. So, you can get better service and advice. Download Sucuri Security 4. iThemes Security (formerly Better WP Security) iThemes Security is also a nice WordPress security plugin which claims to offer 30+ ways to secure and protect your WordPress website. With one click installation, you can stop automated attacks and protect your website. it also fixes various common security holes in your website. It tracks registered users’ activity and adds two-factor authentication, import/export settings, password expiration, malware scanning, and various other things. It scans the entire website and tries to find if there is any potential vulnerability in your website. It also prevents bruteforce attacks and ban IP addresses which try to bruteforce. It also forces users to use secure passwords and also forces SSL for admin area in server support. Unlike other plugins, the GeoIP banning feature is not available. But the company has promised to bring this feature soon. We cannot say exactly when, but it says the feature is coming soon. It also integrates Google reCAPTCHA to prevent comment spam on your website. Download iThemes security 5. Acunetix WP SecurityScan Acunetix WP Security Scan is the WordPress security plugin by Acunetix. Acunetix is a well known company in web application security. It offers a security scanning tool to find vulnerabilities in web applications. This plugin helps you to secure your WordPress website and suggests measures to improve the security. It offers file permission security, version hiding, admin protection, removing WP generator tag from source, and database security. It removes various information from the source code of the page which can be used in the information gathering process before attack. This includes theme update information, plugin update information, really simple discover meta tag, WordPress version, Windows live write meta tag, error information from login page, versions from scripts, versions from stylesheets, database and php error reporting. It also offers a database backup tool to take a backup of your website. With its live traffic monitor tool, you can check traffic in real time. It also scans your website to notify known web application vulnerabilities. Download Acunetix WP SecurityScan 6. All In One WP Security & Firewall All In One WP Security & Firewall is another popular WordPress security plugin to check vulnerabilities in your WordPress website. This plugin is easy to use and reduces the security risks by adding recommended security practices. It protect against bruteforce login attack and lockdown if someone tries to bruteforce. It also sends you an email notification if somebody gets locked out due to failed login attempts. It detects if a user tries to save a weak password and forces him/her to use a strong password. It also monitors the account activity of all users and keeps track of username, IP and login date time. It also allows you to schedule automatic backup and receive email notification. It also protects PHP code by disabling admin area editing. It adds a web application firewall in your website and enables 5G Blacklist to prevent various attacks. It denies bad query strings, prevent XSS, CSRF, SQL injection, malicious bots and other security threats. It also has a security scanner which keeps track of files and notifies you about each changes in your WordPress system. It can also detect malicious code in your WordPress website. It blocks and protects your blog from comment spam. It also works with most plugins without any problem. Download All In One WP Security & Firewall 7. 6Scan Security 6Scan Security is a popular auto-fix protection for your WordPress site. It can protect your website from hackers. It offers rule-based protection for your website and tries to keep the security of your website up to date. It has a security scanner which scans and protect your website against SQL injection, Cross Site Scripting, CSRF, Directory traversal, Remote file including, DOS attack and other OWASP top ten security vulnerabilities. A notable feature of the plugin is its automatic vulnerability fix. When it finds any vulnerable code, it applies auto-fix by using its auto-fix server-side agent solution. It also has an automatic malware fix for malware related issues on your website. Like other plugins, it also sends email notifications if there is anything serious in your website. Download 6 Scan Security Additional security measures Along with these WordPress plugins, you should also follow a few security measures from your side. These will help you in improving the security of your blog. Always keep your WordPress installation up to date. Update your WordPress as soon as possible if there is any new WordPress update. Most of the times, hacked websites are those which are using an older version of WordPress. Older versions of WordPress always have a few known security issues. And exploits for these security issues are available for free. Even a kid can hack your website if it is running on a vulnerable version of WordPress. Always keep plugins and themes added in your blog updates to latest version. New versions always come with new features and security fixes. So, updating plugins and themes is necessary. Most of the time, these third party plugins and themes are the reason for vulnerability in WordPress websites. Attackers can exploit these plugins to gain access to your website or inject malicious script in your website. Download themes and plugins only from trusted sources. Nulled themes and themes from untrusted sources generally contain malware in the code. If you install any security plugin, you will be notified, but why to take risk. Avoid any unknown source for download plugins and themes. Avoid using the administrator username ‘admin’, because this is default and common. By using this username in your blog, you are making the attacker’s work easier. He does not need to guess the username now, just bruteforce your website for username admin. Thanks to these plugins, bruteforce will not work anymore. Always use strong password for your WordPress account. WordPress bruteforcing tools are available. So, do not take the risk. Use a long password with capital letters, small case letters, numbers and special characters. A combination of these makes a strong password which is hard to guess. Conclusion These are few WordPress security plugins you can use to make your WordPress blog secure. You do not need to download all these plugins. Just try any one and see if it suits you. If you are not happy with its performance, you can download any other plugin to check and use. Every single plugin offers unique security features. You will feel relaxed after having any of these plugins in your website. Malware scanning, exploit scanning and brute force protection are few features which you must have in your website. If you have a good budget and do not want to be in technicalities, you can go for premium versions of the plugins which offer more advanced security features with detail reports. A few plugins also offer free customer support and security assessment with the pro version. With an increasing number of hacking attacks, it is necessary to have security in your website. If you are a WordPress user, what security plugin do you use in your website? Share it with us in the comments. Source
×
×
  • Create New...