[Sammelthread] Artikel rund um sicherheitsrelevante Themen und Aspekte

PLATINUM Hackers Hijack Windows Hotpatching to Stay Hidden

cyber-attack-windows-hotpatching.png


In Brief

The Microsoft’s Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique (a way of updating the operating system without requiring a restart) to hide its malware from Antivirus products.

PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia.
Full story: The Hacker News - PLATINUM Hackers Hijack Windows Hotpatching to Stay Hidden

- - - Beitrag zusammengeführt - - -

Former Tor Developer Created Malware for FBI to Unmask Tor Users

fbi-unmask-tor-users.png


In Brief

According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road.
Full story: The Hacker News - Former Tor Developer Created Malware for FBI to Unmask Tor Users

- - - Beitrag zusammengeführt - - -

U.S. Supreme Court allows the FBI to Hack any Computer in the World

hack-any-computer.png


In Brief

The US Supreme Court has approved amendments to Rule 41, which now gives judges the authority to issue search warrants, not only for computers located in their jurisdiction but also outside their jurisdiction.

Under the original Rule 41, let’s say, a New York judge can only authorize the FBI to hack into a suspect's computer in New York.

But the amended rule would now make it easier for the FBI to hack into any computer or network, literally anywhere in the world.
Full story: The Hacker News - U.S. Supreme Court allows the FBI to Hack any Computer in the World

- - - Beitrag zusammengeführt - - -

Ransomware Virus Shuts Down Electric and Water Utility

ransomaware-virus.png


Recently, the American public utility Lansing Board of Water & Light (BWL) has announced that the company has become a victim of Ransomware attack that knocked the utility's internal computer systems offline.

Also Read: FBI Suggests Ransomware Victims — 'Just Pay the Ransom'.

The attack took place earlier this week when one of the company’s employees opened a malicious email attachment.
Full story: The Hacker News - Ransomware Virus Shuts Down Electric and Water Utility
 
Warning — Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution

ImageMagick-exploit-hack.png


A serious zero-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers.

ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images.

The ImageMagick tool is supported by many programming languages, including Perl, C++, PHP, Python, Ruby and is being deployed by Millions of websites, blogs, social media platforms, and popular content management systems (CMS) such as WordPress and Drupal.

Slack security engineer Ryan Huber disclosed a zero-day flaw (CVE-2016–3714) in the ImageMagick image processing library that allows a hacker to execute malicious code on a Web server by uploading maliciously-crafted image.​

- - - Beitrag zusammengeführt - - -

High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

openssl-vulnerability.png


OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.

OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol.

One of the high-severity flaws, CVE-2016-2107, allows a man-in-the-middle attacker to initiate a "Padding Oracle Attack" that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI.
Full story - The Hacker News: High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

- - - Beitrag zusammengeführt - - -

U.S. developing Technology to Identify and Track Hackers Worldwide

trace-hacker.png


Without adequate analysis and algorithms, mass surveillance is not the answer to fighting terrorism and tracking suspects.

The aim of Enhanced Attribution program is to track personas continuously and create “algorithms for developing predictive behavioral profiles.

"The goal of the Enhanced Attribution (EA) program is to develop technologies for generating operationally and tactically relevant information about multiple concurrent independent malicious cyber campaigns, each involving several operators; and the means to share such information with any of a number of interested parties without putting at risk the sources and methods used for collection," reads the project’s official site.​

In other words, the Enhanced Attribution Program will not only help the government characterize the cyber criminal but also share the criminal’s modus operandi with potential victims and predict the attacker’s next target.
Full story - The Hacker News: U.S. developing Technology to Identify and Track Hackers Worldwide
 
Zuletzt bearbeitet:
Wieder mal zu gut fürs Guinness-Buch der Rekorde :thumbsup:.


U.S.A's Nuclear Defense Program is run from Floppy Disks

Sometimes you read something and you can't quite believe it and then you read it again and get scared. This is what happened when I read through the United States Government Accountability Office's Report to Congressional Requesters about the need to update aging legacy systems.

This report outlines how some of the critical systems in the US government are running on outdated programming languages, hardware, and that the Strategic Automated Command and Control System (SACCS) still uses floppy disks!!!!!!! This aging equipment and software comes with a hefty price tag as its very costly to maintain. In fact, this report shows that of the $80 billion budget allocated to 26 government agencies, 61 billion, or close 76%, of that budget was used towards operations and maintenance.
Read full story at BleepingComputer: U.S.A's Nuclear Defense Program is run from Floppy Disks

http://thehackernews.com/2016/05/facebook-ads.html
 
Zuletzt bearbeitet:
Facebook Ads now Tracks you, Even if you don't have an Account

There's nowhere to hide across the web, especially from the marketing and advertising companies.

If you are paranoid about your privacy, you may get upset to know that Facebook will now track and deliver targeted Ads on other apps and websites for everyone, even if you do not have Facebook accounts.

Until now, Facebook was showing targeted ads only to its users, but now the social networking giant says it needs extra data to make its ads better.
Full story - The Hacker News: Facebook Ads now Tracks you, Even if you don't have an Account
 
Passwortmanager KeePass 2 potentiell angreifbar

Der Passwortmanager KeePass 2 ist potentiell gefährdet, weil der Entwickler sich weigert, eine automatische Update-Routine mit HTTPS besser abzusichern. Die Begründung lautet, Werbeeinnahmen würden mit HTTPS sinken. Somit bleibt KeePass 2 gegen Man-in-the-Middle-Angriffe verwundbar.

Beim ersten Start des Open-Source-Passwortmanagers KeePass 2 wird der Anwender gefragt, ob er der Empfehlung nachkommen und den automatischen Update-Check aktivieren möchte. Wird dies bestätigt, werden bis hin zur aktuellen Version 2.33 unverschlüsselte HTTP-Anfragen verwendet, um auf vorhandene Updates zu prüfen.
Kompletter Artikel - Computerbase.de: Passwortmanager KeePass 2 potentiell angreifbar

- - - Beitrag zusammengeführt - - -

Have you ever suspected that Facebook is listening to your conversations through Microphone?

Have you ever felt Facebook is showing you very relevant ads about topics you’re only discussing around your phone?

If yes, then you may find this news worth reading.

Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are talking about.

However, the social networking giant responds it does listen to audio and collect information from users, but does not record or use sounds heard around people for targeted ads.

"Facebook does not use microphone audio to inform advertising or News Feed stories in any way," a Facebook spokesperson said. "Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection."
Full story - The Hacker News: Have you ever suspected that Facebook is listening to your conversations through Microphone?

 
Zuletzt bearbeitet:
Blackberry liefert User-Daten an Behörden in aller Welt

Blackberry entschlüsselt BBM- und PIN-Nachrichten und liefert zahlreiche weitere User-Daten an ausländische Behörden in aller Welt. Der kanadischen Polizei dürfte Blackberry sogar einen Generalschlüssel gegeben haben.

Quelle
 
Android Ransomware now targets your Smart TV, Too!

smart-tv-ransomware.png


Do you own a Smartwatch, Smart TV, Smart fridge, or any Internet-connected smart device?

If your answer is yes, then you need to know the latest interest of the cyber criminals in the field of Internet of Things.

Ransomware!

After targeting hospitals, universities, and businesses, Ransomware has started popping up on Smart TV screens.
The Hacker News - Android Ransomware now targets your Smart TV, Too!
 
Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices

android-hacking-tool.png


It's not at all surprising that the Google Play Store is surrounded by a large number of malicious apps that has the ability to gain users' attention into falling victim for one, but this time, it is even worse than most people realize.

Researchers at Trend Micro have detected a family of malicious apps, dubbed 'Godless,' that has the capability of secretly rooting almost 90 percent of all Android phones.

Well, that's slightly terrifying.

The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps.​

- - - Beitrag zusammengeführt - - -

Researcher spots an ATM Skimmer while on vacation in Vienna

ATM-skimmer.png


We have heard a lot about ATM skimmers, but it's nearly impossible to spot one.

Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM.

But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable.
The Hacker News - Researcher spots an ATM Skimmer while on vacation in Vienna
 
Zuletzt bearbeitet:
Zero-Day Warning! Ransomware targets Microsoft Office 365 Users

microsoft-office-zero-day-exploit.png


If just relying on the security tools of Microsoft Office 365 can protect you from cyber attacks, you are wrong.

Variants of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools.

According to a report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments.

The Cerber ransomware is invoked via Macros. Yes, it's hard to believe but even in 2016, a single MS Office document could compromise your system by enabling 'Macros'.​

- - - Beitrag zusammengeführt - - -

IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack

cctv-camera-hacking.png


The Internet of Things (IoTs) or Internet-connected devices are growing at an exponential rate and so are threats to them.

Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks.

We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins.

And now…

Cyber crooks are hacking CCTV cameras to form a massive botnet that can blow large websites off the Internet by launching Distributed Denial-of-service (DDoS) attacks.

Researchers at Security firm Sucuri came across a botnet of over 25,000 CCTV cameras targeting business around the globe while defending a small jewelry shop against a DDoS attack.
The Hacker News - IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack

 
Antivirus firm Avast to Buy its rival AVG for $1.3 Billion

avast-avg-antivirus-software.png


Antivirus company Avast Software is planning to acquire Dutch rival AVG Technologies for $1.3 Billion in cash.

Avast announced today that it would buy Amsterdam-based AVG Technologies for $25 per share in an all-cash transaction valued at $1.3 Billion in an aim to expand its presence in the emerging markets.

With more than 230 Million users worldwide, Avast provides free and paid security software packages for both PCs as well as mobile devices to businesses and individuals.
The Hacker News - Antivirus firm Avast to Buy its rival AVG for $1.3 Billion


Addendum:

https://www.computerbase.de/2016-07/antiviren-software-avast-will-avg-fuer-1.3-mrd.-us-dollar-uebernehmen/
 
Zuletzt bearbeitet:
Vorsicht beim Herunterladen von Pokémon GO-APKs auf Android!

Downloading Pokémon GO Game for Android? Beware! It Could be Malicious...
Due to the huge interest surrounding Pokémon Go, many gaming and tutorial websites have offered tutorials recommending users to download the APK from a non-Google Play link.

In order to download the APK, users are required to "side-load" the malicious app by modifying their Android core security settings, allowing their device's OS to install apps from "untrusted sources."

...

Pokémon Go is Installing DroidJack Malware

Security researchers have warned users that many of these online tutorials are linked to malicious versions of the Pokémon Go app that install a backdoor on Android phones, enabling hackers to compromise a user's device completely.

Security firm Proofpoint has discovered the malicious app, or APK, that has been infected with DroidJack – a Remote Access Tool (RAT) that can hack any Android device by opening a silent backdoor for hackers.
The Hacker News - Downloading Pokémon GO Game for Android? Beware! It Could be Malicious...

- - - Beitrag zusammengeführt - - -

Uh-Oh! Pokémon GO grants itself 'Full Access' to your Google Account — Fix It NOW

pokemon-go-game-ios-android-download.png


Pokémon GO – A Huge Security Risk


Adam Reeve labeled the game "malware," saying that Pokémon GO is a "huge security risk" as the game, for some reason, grants itself "full account access" to your Google account when you sign into the app via Google on iPhone or iPad.

Yes, you heard that right: Full Account Access.

Any app, according to Google's own support page, that granted Full account access, can:
"See and modify nearly all information in your Google Account (but it can't change your password, delete your account, or pay with Google Wallet on your behalf)."
Full Story - The Hacker News: Uh-Oh! Pokémon GO grants itself 'Full Access' to your Google Account — Fix It NOW
 
Here's How Riffle Anonymity Network Protects Your Privacy better than Tor

riffle-online-anonymous-proxy-tool.png


Online privacy is an Internet buzzword nowadays. If you are also concerned about the privacy of your web surfing, the most efficient way is to use TOR – a free software that lets users communicate anonymously by hiding their actual location from snoopers.

Although TOR is a great anonymous network, it has some limitations that could still allow a motivated hacker to compromise the anonymity of legions of users, including dark web criminals as well as privacy-minded innocents.

Moreover, TOR (The Onion Network) has likely been targeted by the FBI to arrest criminals, including the alleged Silk Road 2 lieutenant Brian Richard Farrell, who was arrested in January 2014.

...

RIFFLE – A New Anonymity Network


Researchers from the Massachusetts Institute of Technology (MIT) and the École Polytechnique Fédérale de Lausanne (EPFL) have created a new anonymity network, which they claim fixes some of Tor's weak points.

Dubbed Riffle, the anonymity network promises to provide better security against situations when hackers introduce rogue servers on the network, a technique to which TOR is vulnerable.

Riffle maintains users' privacy as long as at least one of its server remains safe.
Full article: The Hacker News - Here's How Riffle Anonymity Network Protects Your Privacy better than Tor

MIT News: Riffle - How to stay anonymous online
 
Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

tor-exit-node.png


Another blow to the Tor Project: One of the Tor Project's earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration.

Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity network.

However, Green announced last weekend that "it is no longer appropriate" for him to be part of the Tor Project, whether it is financially or by providing computing resources.
The Hacker News - Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

- - - Beitrag zusammengeführt - - -

Beware! Your iPhone Can Be Hacked Remotely With Just A Message

how-to-hack-iphone.png


In Brief

Do you own an iPhone? Mac? Or any Apple device?

Just one specially-crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker.

The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message.
The Hacker News: Beware! Your iPhone Can Be Hacked Remotely With Just A Message
 
Police Unlock Dead Man's Phone by 3D-Printing his Fingerprint

3d-print-fingerprint-unlock-phone.png


Now no more fight with Apple or any smartphone maker, as federal authorities have discovered a new tool for unlocking phones, as far as your phone is using any biometric sensor…


3D Printing!


Yes, Police in Michigan is considering 3D printing a dead man’s fingers so they could unlock smartphones in investigation crimes using their biometric sensors.
The Hacker News - Police Unlock Dead Man's Phone by 3D-Printing his Fingerprint
 
End of SMS-based 2-Factor Authentication; Yes, It's Insecure!

SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past.

Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection.

Here's what the relevant paragraph of the latest DAG draft reads:

"If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
The Hacker News - End of SMS-based 2-Factor Authentication; Yes, It's Insecure!




KeySniffer Lets Hackers Steal Keystrokes from Wireless Keyboards

Radio-based wireless keyboards and mice that use a special USB dongle to communicate with your PC can expose all your secrets – your passwords, credit card numbers and everything you type.

Back in February, researchers from the Internet of things security firm Bastille Networks demonstrated how they could take control of wireless keyboards and mice from several top vendors using so-called MouseJack attacks.

The latest findings by the same security firm are even worse.

Researchers have discovered a new hacking technique that can allow hackers to take over your wireless keyboard and secretly record every key you press on it.

Dubbed KeySniffer, the hack is death for millions of wireless, radio-based keyboards.​
 
Beware! Advertisers Are Tracking You via Phone's Battery Status

Is my smartphone battery leaking details about me?

Unfortunately, YES!

Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report.

In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.

The latest threat is much worse.​
 
Was Apps nicht alles für Informationen und Berechtigungen brauchen ... verwundert mich immer wieder.

@Helios
Ein großes Danke übrigens für diesen Thread hier. Er kostet mich zwar Schlaf, ist aber sehr informativ :D
 
Zuletzt bearbeitet:
4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

http2.png


If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.

HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users.

Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today’s web is based on.

The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash.​

- - - Beitrag zusammengeführt - - -

This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

hack-chip-pin-credit-card.png


Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards.

It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes.

We have been told that EMV (Europay, MasterCard and Visa) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards.

But, it turns out to be just a myth.

A team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions.

The demonstration was part of their presentation titled, "Hacking Next-Gen ATMs: From Capture to Washout," [PDF]. The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash.​
The Hacker News - This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

 
Zuletzt bearbeitet:
Telegram Accounts gehackt:
http://www.heise.de/newsticker/meld...fe-von-Mobilfunkprovider-gehackt-3289434.html
Eine Hackergruppe hat im Iran rund ein Dutzend Konten des verschlüsselnden Messengers Telegram abgehört, wozu vermutlich die Mithilfe eines iranischen Mobilfunkproviders vonnöten war, wie Reuters berichtet. Dabei wurde nicht etwa die Verschlüsselung geknackt, sondern das Konto angegriffen: Die Angreifer haben die Bestätigungs-SMS abgefangen, die Telegram bei der Installation der App ans Smartphone sendet. Damit gelang es den Hackern, weitere Geräte mit dem Konto zu verbinden und somit alle Nachrichten abzuhören und eigene zu schreiben.

Diese Art von Angriffen ist immer dann möglich, wenn die Hacker mit einem Mobilfunkprovider zusammen arbeiten, etwa die Geheimdienste in totalitären Staaten.
 
  • ok1.de
  • thinkstore24.de
  • Preiswerte-IT - Gebrauchte Lenovo Notebooks kaufen
Zurück
Oben