Social Network For Security Executives: Network, Learn & Collaborate
Researchers at Google and Red Hat disclosed the vulnerability in glibc on Tuesday. They described the issue as a critical buffer overflow vulnerability which, when exploited, could give an attacker complete remote control of systems running the affected software. The vulnerability affects all version of the GNU C Library, commonly known as glibc that UNIX systems rely on to run. The flaw itself is present in the glibc DNS client side resolver and is triggered when a particular library function called getaddrinfo() is used.
Spear phishing has become an endemic scourge: 95% of US and 83% of UK respondents in a recent Cloudmark survey said that they have experienced spear phishing attacks (91% combined). Of those Spear Phishing attacks over the last 12 months, 81% suffered some negative impact as a result, with an average financial cost of $1.6 million—and some losses in the tens of millions of dollars.
According to Symantec researchers, Netflix users are targeted by a new malware campaign that advertises itself as a cheaper method of accessing and watching movies on Netflix. These malware on ads that redirect interested users to a direct download website from where they get the malicious files themselves. These files are spiked with a malware family named Infostealer.Banload, a known banking trojan that steals credentials for various online banking portals.
Researchers have spotted a new type of mobile malware that roots Android devices with the purpose of generating fraudulent ad revenue for its operator. HummingBad is a complex root kit whose components are encrypted, in an attempt to avoid being flagged by security solutions as malicious. If the malware is able to gain root, it will contact one of its command and control (C&C) servers. After the malware has successfully called home for instructions, its C&C server can download APKs for installation on the, send referrer requests to create Google Play advertisement revenue, and launch different applications.
Heimdal Security uncovered the Mazar BOT Android malware, which, aside from being new on the scene, is notable in that it gains administrative rights that give it the ability to do almost anything with the victim's phone. The attack chain begins with a message: “You have received a multimedia message from +[country code] [sender number] Follow the link http: //www.mmsforyou [.] Net / mms.apk to view the message.” If the APK, a program file for Android, is run, it will gain administrator rights on the victim’s device.
CryptoWall is one of the most dangerous pieces of ransomware around today and it is estimated to have resulted in $325 million in damages. Imperva’s report clearly demonstrates that peeling the layers behind the financial infrastructure of ransomware is achievable and such investigations could be a powerful tool if undertaken by the appropriate authorities. Imperva believes one of the reasons ransomware is thriving is the lack of action from law enforcement agencies.
According to TechCrunch, Instagram has been testing two-factor authentication for some users, and is now planning to roll out the security feature for anyone who wants it. With two-factor authentication, users receive a text message containing a one-time code whenever they try to login on a new device. Users must then enter that code along with their email and regular password. This helps prevent remote hacking attempts by requiring physical access to the phone where the text message is sent.
Cisco informed customers on Monday that the IOS software running on some of the company’s industrial switches is plagued by a denial-of-service (DoS) vulnerability. The flaw, assigned the identifier CVE-2016-1330 and a CVSS score of 6.1, affects Cisco Industrial Ethernet 2000 Series Switches running IOS Software 15.2(4)E. This vulnerability, which affects Cisco Emergency Responder 11.5(0.99833.5), also remains unpatched with no workarounds available.
DB Networks has launched a new Layer 7 Database Sensor to provide original equipment manufacturers (OEMs) with advanced database security capabilities. the new Layer 7 Database Sensor delivers real-time deep protocol analysis of database traffic to OEMs, which can integrate it into their products to offer deep visibility into data-tier cyber threats. The solution also provides machine learning and behavioral analysis technology that can help identify database attacks.
Google Project Shield service, designed to stop DDOS attacks from being used as a censorship tool, currently protects close to a hundred similar sites focused on human rights, election monitoring and independent political news. And now it’s finally coming out of its invite-only beta phase to offer its free cyber attack protection to not just the most at-risk sites on the Internet, but to virtually any news site that requests it.
Operation Dust Storm has been active since 2010 and initially was detected by several security vendors via its use of the Misdat backdoor. Over the time the group has narrowed its focus to almost exclusively Japanese companies or foreign organizations headquartered in Japan. It designed a unique S-Type backdoor variant to infect a Japanese car-maker last year, for example, and has also been actively targeting Android devices with customized backdoors.
The next version of card data security standard PCI DSS could land as soon as next month, replacing the expected November release as the only update in 2016, according to the PCI Security Standards Council (SSC).The 3.2 we are evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE); incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers; clarifying masking criteria for primary account numbers (PAN) when displayed; and including the updated migration dates for SSL/early TLS.
Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study. The sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit). With the browsers, Citizen Lab found that a user's search terms, GPS coordinates, the addresses of websites visited and device's MAC address were sent to Baidu's servers without using SSL/TLS encryption.
Credit card giant MasterCard is set to extend its ‘pay-by-selfie’ facial recognition technology to 14 countries including the UK this summer as part of its ongoing attempt to crack down on identity fraud. The idea is that, like other biometric authentication systems, it will reduce the risk of identity fraud because it doesn’t rely on the user inputting passwords or other credentials which can be phished and reused by scammers.
Security vendor Palo Alto Networks, which sounded the alert on it this week, described Xbot as capable of taking a variety of malicious actions, including stealing banking credentials and credit card data, remotely locking Android devices, encrypting data on external storage, and asking for ransom. So far, the malware appears to be targeting only Android users in Australia and Russia. Once installed on a system, Xbot connects with a command-and-control server and launches phishing attacks when a user interacts with Google Play or any of the banking apps on its target list.
The banking HSBC giant will offer its 15 million customers the chance to log into their accounts via Apple’s Touch ID fingerprint scanning service or voice-activated authentication powered by speech recognition specialist Nuance.
The newly increasing crowded ranks of ransomware tools is "Locky," a somewhat awkwardly named but just as dangerous tool as the ones already floating out there. Locky is being distributed via a Microsoft Word attachment with malicious macros in it. Victims typically receive an email with an attached Word document purporting to be an invoice seeking payment for some product or service. Recipients who click on the attachment are presented with a document containing scrambled content and an instruction to click on an Office macro to unscramble it. Once enabled, the macro downloads Locky, stores it in the Temp folder and executes it.
The two Remote Code Execution vulnerabilities branded high-risk, after the e-commerce software vendors osCommerce and osCmax responsible failed to patch the issues despite being told about them at the end of December. Both are remote code execution flaws made possible by Cross Site Request Forgery (CSRF) and have been given a CVSSv3 base score of 5.3
A rare team investigation effort by researchers from multiple security vendors has traced the 2014 cyber attack on Sony Pictures Entertainment that wiped data and doxed its executives and sensitive company information, to earlier aggressive attacks on military, government, media, and other commercial interests mainly against South Korea and the US, but also Taiwan, Japan, and China. They also connected the dots to Operation DarkSeoul, which targeted banks and media in South Korea in 2013, as well as other attacks mainly targeting South Korean interests. South Korea government officials later called out North Korea as the culprit of the hacks.