Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Antus67

Pages: [1] 2 3 ... 7
1

Author: Lindsey O'Donnell
March 15, 2019 10:46 am



An unpatched high-severity vulnerability allows keystroke injections in Fujitsu wireless keyboards.

A popular Fujitsu wireless keyboard is vulnerable to keystroke injection attacks that could allow an adversary to take control of a victim’s system.

Researchers with Germany-based SySS reported on Friday that the high-severity vulnerability allows an attacker to send wireless keystrokes from 150 feet away, to a computer system running a Fujitsu Wireless Keyboard Set LX901.

Researcher Matthias Deeg with SySS said that “exploiting the keystroke injection vulnerability also enables attacks against computer systems with an active screen lock. For example, to install malware when the target system is currently unused and unattended.”

Full Article Here:https://threatpost.com/unpatched-fujitsu-wireless-keyboard-bug-allows-keystroke-injection/142847/

2
Web News / Proof-of-Concept Tracking System Finds RATs Worldwide
« on: March 16, 2019, 12:09:32 AM »
Author: Robert Lemos

Recorded Future finds nearly 500 malware controllers for 14 different families of remote-access Trojans, as well as the corporate networks they have infected.

A proof-of-concept system designed to detect remote-access Trojans (RATs) using only network data uncovered infections at companies in a variety of industries, according to a report released this week by information analysis firm Recorded Future.

Using only network scans and metadata collected between Dec. 2, 2018, and Jan. 8, 2019, Recorded Future uncovered 481 command-and-control (C2) servers used by attackers to manage computer systems compromised by 14 different families of RATs. In the report, which focused on three particular Trojans — Emotet, Xtreme RAT, and ZeroAccess — the company found nearly 20 command-and-control (C2) servers managing Emotet infections, more than 30 managing ZeroAccess infections, and nearly 70 managing xTreme RAT infections.

Full Article Here:https://www.darkreading.com/proof-of-concept-tracking-system-finds-rats-worldwide/d/d-id/1334175

3
By Sergiu Gatlan



Intel fixed 20 security vulnerabilities in the Intel Graphics Driver for Windows which would lead to escalation of privilege, denial of service, or information disclosure if exploited by attackers with local access to the system under attack.

According to the QSR advisory published 2 days ago, Intel issued multiple updates for its into graphics driver for Windows designed to mitigate the vulnerabilities found by internal and external security researchers.

Out of the 20 vulnerabilities found in the Intel Graphics Driver for Windows, two were rated as high risk with CVSS Base Scores of 7.3 and 8.2, allowing local attackers to execute arbitrary code after escalating their privileges.

Full Article Here:https://www.bleepingcomputer.com/news/security/intel-fixes-high-severity-vulnerabilities-in-graphics-driver-for-windows/

4
Author:  Zeljka Zorz, Managing EditorMarch 14, 2019

Choosing an effective Android antimalware app is a shot in the dark for many users and they may end up in more danger of malicious apps, not less.

In fact, as the results of AV-Comparatives’ latest test of Android antimalware apps has shown, only 80 of the 250 security apps tested detected over 30 percent of malicious apps and had no false positives, and only 50 achieved detection rates from 90 to 100 percent.

Full Article Here:https://www.helpnetsecurity.com/2019/03/14/android-antimalware/

5
 Author: Tara Seals
March 12, 2019



A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to the Windows registry. This would allow an adversary to plant malware or make other nefarious changes in the registry while getting around Windows’ built-in defenses, according to a researcher.

Normally when there is a change to the registry using a .reg file, a registry security warning dialog box will open, with an “are you sure you want to continue?” message and the option to click either “Yes” or “No.” According to white-hat researcher John Page (a.k.a. hyp3rlinx), it’s possible to edit what the dialog box says, to trick users into clicking “Yes.” For instance, an edited security prompt can tell them to click “Yes” to abort if they do not trust the source of the file. In reality, “Yes” clears the process to continue.

Full Article Here:https://threatpost.com/windows-bug-spoof-dialog-boxes/142711/

6
Web News / Citrix Breach Underscores Password Perils
« on: March 13, 2019, 11:53:56 AM »
Author: Robert Lemos

Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.

The recent cyberattack on enterprise technology provider Citrix Systems using a technique known as password spraying highlights a major problem that passwords pose for companies: Users who select weak passwords or reuse their login credentials on different sites expose their organizations to compromise.

On March 8, Citrix posted a statement confirming that the company's internal network had been breached by hackers who had used password spraying, successfully using a short list of passwords on a wide swath of systems to eventually find a digital key that worked. The company began investigating after being contacted by the FBI on March 6, confirming that the attackers appeared to have downloaded business documents.

Full Article Here:https://www.darkreading.com/application-security/citrix-breach-underscores-password-perils/d/d-id/1334139

7
By Lawrence Abrams

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.

BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since then, the actor behind this ransomware has strangely been promoting the service by tweeting to various ransomware and security researchers as shown below.

Full Article Here:https://www.bleepingcomputer.com/news/security/yatron-ransomware-plans-to-spread-using-eternalblue-nsa-exploits/

8
BY:  Help Net SecurityMarch 11, 2019

As emerging technology and threat landscapes experience rapid transformation, the skillsets need to change as well.

80 percent of 336 IT security professionals Dimensional Research polled on behalf of Tripwire believe it’s becoming more difficult to find skilled cybersecurity professionals, and nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years.



Full Article Here:https://www.helpnetsecurity.com/2019/03/11/cybersecurity-skills-gap-worsens/

9
By Lawrence Abrams



In addition to encrypting a victim's files, the STOP ransomware family has also started to install the Azorult password-stealing Trojan on victim's computer to steal account credentials, cryptocurrency wallets, desktop files, and more.

The Azorult Trojan is a computer infection that will attempt to steal usernames and passwords stored in browsers, files on a victim's desktop, cryptocurrency wallets, Steam credentials, browser history, Skype message history, and more. This information is then uploaded to a remote server that is under the control of the attacker.

Full Article Here:https://www.bleepingcomputer.com/news/security/stop-ransomware-installing-password-stealing-trojans-on-victims/

10
BY: Scott Olson, VP of Product Marketing, iovationMarch 11, 2019

In this Help Net Security podcast, Scott Olson, the VP of Product Marketing at iovation, talks about the impact of spear phishing, and offers practical suggestions on how to prevent this growing threat.

This is a growing problem and if you’re curious what spear phishing is or if you haven’t heard about it, spear phishing is the fraudulent practice of sending emails or other messages. It could be a text message as an example, that appeared to be from a known or trusted sender, and is sent in order to induce the targeted individuals to reveal either confidential information about the organization, to provide details that would allow a compromise of the network, or to execute a financial transaction. Most of the large spear phishing breaches have targeted wire transfers and financial transactions, although there are some examples that I’ll be discussing that included data breaches.

Full Article Here:https://www.helpnetsecurity.com/2019/03/11/spear-phishing-impact/

11
Web News / Insert Skimmer + Camera Cover PIN Stealer
« on: March 11, 2019, 11:44:40 AM »
BY: Brian Krebs

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINulls. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.

And sometimes, the scammers just hijack the security camera built into the ATM itself.

Below is the hidden back-end of a skimmer found last month placed over top of the customer-facing security camera at a drive-up bank ATM in Hurst, Texas. The camera components (shown below in green and red) were angled toward the cash’s machine’s PIN pad to record victims entering their PINs. Wish I had a picture of this thing attached to the ATM.

Full Article Here:https://krebsonsecurity.com/2019/03/insert-skimmer-camera-cover-pin-stealer/

12
BY:  Zeljka Zorz, Managing EditorMarch 8, 2019

To what extent do users’ opinions about threat severity expressed online align with expert judgments and can these opinions provide an early indicator to help prioritize threats based on their severity?



A group of researchers from Ohio State University, Leidos and FireEye wanted to answer those questions, so they:

    Annotated a collection of tweets describing software vulnerabilities with opinions on threat severity
    Matched tweets to NVD records, i.e. CVEs (by using CVE numbers in the URL or web pages linked in the tweets)
    Defined a severity forecast score and a threat severity classifier to assign it (before the NVD publication date)
    Waited for the official CVSS severity score to be announced and compared it with their forecasted score, to see whether their models’ performance at identifying severe threats was precise enough.


Full Article Here:https://www.helpnetsecurity.com/2019/03/08/vulnerability-severity-prediction/

13
Web News / MyEquifax.com Bypasses Credit Freeze PIN
« on: March 10, 2019, 01:48:24 PM »
BY: Brian Krebs

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Consumers in every U.S. state can now freeze their credit files for free with Equifax and two other major bureaus (Trans Union and Experian). A freeze makes it much harder for identity thieves to open new lines of credit in your name.

Full Article Here:https://krebsonsecurity.com/2019/03/myequifax-com-bypasses-credit-freeze-pin/

14
By Sergiu Gatlan



The number of Android users attacked by banking malware saw an alarming 300% increase in 2018, with 1.8 million of them being impacted by at least one such attack during the last year.

While in 2016 the overall number of attacked users was of 786,325 and during 2017 it dropped to 515,816, in April 2018 the number of attacks went on a severely increasing trend.



Full Article Here:https://www.bleepingcomputer.com/news/security/18-million-users-attacked-by-android-banking-malware-300-percent-increase-since-2017/

15
Web News / Google Discloses Actively Exploited Windows Vulnerability
« on: March 09, 2019, 12:15:38 PM »

By Ionut Arghire on March 08, 2019

Google this week released information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw (CVE-2019-5786).

The Windows vulnerability has been described as a local privilege escalation in the win32k.sys kernel driver and it can be abused for a security sandbox escape.

“The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,” Clement Lecigne of Google’s Threat Analysis Group explains.

Full Article Here:https://www.securityweek.com/google-discloses-actively-exploited-windows-vulnerability

Pages: [1] 2 3 ... 7