[Sammelthread] Artikel rund um sicherheitsrelevante Themen und Aspekte

Helios

Active member
Registriert
23 Sep. 2009
Beiträge
12.517
DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

drown-attack-openssl-vulnerability.png


A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2).

Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details…

...and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday.​

Kompletter Artikel: The Hacker News - DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

http://www.bleepingcomputer.com/new...ly-encrypts-your-data-but-also-speaks-to-you/
 
Zuletzt bearbeitet:
The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You
A ransomware called Cerber has been floating around for about a week, but we were not able to retrieve a sample until today. Thanks to @BiebsMalwareGuy and @MeegulWorth, samples were found and further analysis of the ransomware could be done. When infected, a victim's data files will be encrypted using AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back. Unfortunately, at this point there is no known way to decrypt a victim's encrypted files for free.

At this time we do not currently know how the Cerber ransomware is being distributed, but according to SenseCy, it is being offered as a service on a closed underground Russian forum. This means that it is probably a new Ransomware as a Service, or RaaS, where affiliates can join in order to distribute the ransomware, while the Cerber developers earn a commission from each ransom payment.

For anyone who is infected with this ransomware or wants to discuss the infection, we have a dedicated support topic here: CERBER Ransomware Support and Help Topic.
Kompletter Artikel: Bleeping Computer - The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You
 
Subgraph OS — Secure Linux Operating System for Non-Technical Users

Subgraph OS — Secure Linux Operating System for Non-Technical Users

subgraph-secure-operating-system.png


Information security and privacy are consistently hot topics after Edward Snowden revelations of NSA's global surveillance that brought the world's attention towards data protection and encryption as never before.

Moreover, just days after Windows 10's successful launch last summer, we saw various default settings in the Microsoft's newest OS that compromise users' privacy, making a large number of geeks, as well as regular users, migrate to Linux.

However, the problem is that majority of users are not friendly to the Linux environment. They don't know how to configure their machine with right privacy and security settings, which makes them still open to hacking and surveillance.

However, this gaping hole can be filled with a Debian-based Security-focused Linux operating system called Subgraph OS: A key solution to your Privacy Fear.

Offizielle Webseite - SubGraph OS

Exploring Subgraph OS
 
Zuletzt bearbeitet:
Habe ich ebenfalls gesehen. Will jetzt aber nicht heissen, dass der Tor-Browser per se zum Einsatz kommt. Zu lesen ist, dass jedoch das Tor-Netzwerk (.onion) verwendet wird.

By default policy, Subgraph OS will restrict the communication of applications so that they use the Tor network exclusively, obfuscating the endpoint's physical origin. Applications will be transparently redirected to connect through the Tor network via our Metaproxy application. Metaproxy will intercept outgoing connections and relay them through the correct proxy (SOCKS, HTTP, etc). Proxy configuration is managed within Metaproxy, allowing applications to transparently connect to the Tor network without having to configure each individual application to use a proxy. Exceptions to the "everything through Tor" policy will be made for specific use cases, such as accessing a captive portal on a public wi-fi network.
 
In Deinem selbst genannten Artikel ging es nicht um den Browser, sondern exakt genau um das gesamte Tor (onion)-Netzwerk!
SubGraph OS baut auf diesem Netzwerk auf. Also quasi ein Betriebssystem mit bereits bekannter eingebauter Hintertür direkt zum FBI.
 
Der Artikel zeigt auf, dass auch das Tor-Netzwerk keine Anonymität hegt entgegen vielen Meinungen. Das Problem mit Tor liegt jedoch tiefer. Die NSA markiert jeden Anwender als "auffällig" und speichert diesen in ihren DBs ab. Ebenfalls auch alle Verbindungen. Selbst, wer nur die Tor-Homepage besucht, wird markiert (mittels XKeyScore).

In Subgraph OS ist standardmässig das Tor-Netzwerk aktiv. Es lässt sich jedoch auch das "normale" Web mit einem in einer Sandbox liegenden Browser nutzen. Ist bereits alles in Subgraph OS integriert.

- - - Beitrag zusammengeführt - - -

How to Steal Secret Encryption Keys from Android and iOS SmartPhones

encryption-keys-android.png


Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform.

Every week new exploits are discovered for iOS and Android platform, most of the times separately, but the recently discovered exploit targets both Android as well as iOS devices.

A team of security researchers from Tel Aviv University, Technion and The University of Adelaide has devised an attack to steal cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other highly sensitive services from Android and iOS devices.
Kompletter Artikel: The Hacker News - How to Steal Secret Encryption Keys from Android and iOS SmartPhones



 
Zuletzt bearbeitet:
KeRanger: The First Apple Ransomware discovered in hacked installer for Transmission

The scourge of ransomware has finally come to OS X! Researchers at the security firm Palo Alto Networks have announced that version 2.90 of the Transmission bittorrent client for Mac OS X has been adulterated with a new ransomware variant they have named KeRanger. Users on the Transmission forum and a message on the front page of the Transmission website confirm this:

Apple_Ransomware.png

According to Palo Alto Networks, the malicious installer was generated on March 4, and once installed, will wait 3 days after infection before encrypting the victim's files. This means that the first victims won't notice they are affected until at least March 7. Once activated, the ransomware connects to a Command & Control server over the TOR network and will then begin to encrypt certain types of files. It will then demand a ransom of 1 bitcoin, or about $400 USD, to receive a decryptor.

Kompletter Artikel: Bleeping Computer - KeRanger: The First Apple Ransomware discovered in hacked installer for Transmission

paloalto Networks: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer - Technical Analysis

The Hacker News: First Mac OS X Ransomware Targets Apple Users

- - - Beitrag zusammengeführt - - -

Update (7. März 2016)

Bleeping Computer - Information about the KeRanger OS X Ransomware and How to Remove It.
 
Zuletzt bearbeitet:
More than a Billion Snapdragon-based Android Phones Vulnerable to Hacking

root-android-exploit.png


More than a Billion of Android devices are at risk of a severe vulnerability in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on the device.​

Security experts at Trend Micro are warning Android users of some severe programming blunders in Qualcomm's kernel-level Snapdragon code that if exploited, can be used by attackers for gaining root access and taking full control of your device.

Gaining root access on a device is a matter of concern, as it grants attackers access to admin level capabilities, allowing them to turn your device against you to snap your pictures, and snoop on your personal data including accounts’ passwords, emails, messages and photos.​

The company’s own website notes that Qualcomm Snapdragon SoCs (systems on a chip) power more than a Billion smart devices, including many Internet of Things (IoTs) as of today. Thus, the issue puts many people at risk of being attacked.​

Although Google has pushed out updates after Trend Micro privately reported the issues that now prevents attackers from gaining root access with a specially crafted app, users will not be getting updates anytime soon.​
Trend Micro - Android Vulnerabilities Allow For Easy Root Access
 
Zuletzt bearbeitet:
New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices

how-to-hack-android-phones.png


Attention Android users!

Millions of Android devices are vulnerable to hackers and intelligence agencies once again – Thanks to a newly disclosed Android Stagefright Exploit.​

Yes, Android Stagefright vulnerability is Back…

…and this time, the Stagefright exploit allows an attacker to hack Android smartphones in 10 seconds just by tricking users into visiting a hacker's web page that contains a malicious multimedia file.​
Read Full Story: The Hacker News - New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices

 
Zuletzt bearbeitet:
Who Viewed Your Profile on Instagram? Obviously, Hackers!

how-to-hack-instagram-account.png


Are you curious about who viewed your profile on Instagram?

This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile.​

But, should we believe them?​

Is there really some kind of way out to know who viewed your Instagram profile?​

The shortest answer to all these questions is 'NO', such functionality does not exist on Instagram at the moment.​
http://www.bleepingcomputer.com/new...d-for-the-nemucod-trojans-crypted-ransomware/
 
Zuletzt bearbeitet:
Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows

badlock-windows-samba.png



Security researchers have discovered a nasty security vulnerability that is said to affect almost every version of Windows and Samba and will be patched on April 12, 2016, the Samba development team announced Tuesday.

So, Save the Date if you are a Windows or Samba file server administrator.​

- - - Beitrag zusammengeführt - - -

Warning! Think Twice Before Using USB Drives

usb-data-stealing-malware.png



Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems.

Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm.

The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer.

USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň.
Read full story: The Hacker News - Warning! Think Twice Before Using USB Drives


- - - Beitrag zusammengeführt - - -

Decryptor Released for the Nemucod Trojan's .CRYPTED Ransomware

Fabian Wosar of Emisoft has released a free decryptor for the Nemucod .CRYPTED or Decrypt.txt ransomware. A decryptor was previously released by one of our users, macomaco, but required Python in order to generate the decryption key. When Fabian analyzed the ransomware, he saw that it utilized a similar encryption scheme as a previous ransomware and was able to release a Windows decryptor.

This ransomware is distributed via the Nemucod Trojan.Downloader, which is sent via email as a javascript (.JS) attachment. When a user opens this attachment, the javascript will execute and download further malware to the victim's computer. Recently, one of the malware infections that is being downloaded by Nemucod is the .CRYPTED ransomware, which will encrypt your data and then demand ~.4 bitcoins in order to get a decryption key.
Read full story: BleepingComputer - Decryptor Released for the Nemucod Trojan's .CRYPTED Ransomware
 
Petya Ransomware skips the Files and Encrypts your Hard Drive Instead

Typically, when a user becomes infected by a crypto-ransomware, the infection targets and encrypts the files on the victim's hard drives. This leaves the operating system working properly, but with the user unable to open the encrypted documents. The Petya Ransomware takes it to the next level by encrypting portions of the hard drive itself that make it so you are unable to access anything on the drive, including Windows. At the time of this writing, the ransom payments are at ~.9 bitcoins and there is no way to decrypt your drive for free.

This ransomware is currently being distributed via emails that are targeting the human resources departments of German companies. These emails contain dropbox links to supposed applications that download a file that when executed will install the Petya Ransomware on the computer. An example filename for the installer is Bewerbungsmappe-gepackt.exe.

It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.
Read Full Story: BleepingComputer - Petya Ransomware skips the Files and Encrypts your Hard Drive Instead
 
Here's the Exploit to Bypass Apple Security Feature that Fits in a Tweet

apple-sip-hack.png


Did you install the latest update OS X 10.11.4?

If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time.​

Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contain a bunch of vulnerabilities that could affect 130 Million Apple customers.

Just last week, we reported about a critical zero-day vulnerability in Apple's popular System Integrity Protection (SIP) security defenses, affecting all versions of OS X operating system.

Even after Apple had fixed the critical flaw in the latest round of patches for Macs and iThings, the SIP can still be bypassed in the most recent version of operating system, leaving Apple users vulnerable to flaws that could remotely hijack their machines.​
 
Hehe... auf zur nächsten Runde :D!


Staatstrojaner - Neue Spähsoftware nicht für Smartphones geeignet

Deutsche Sicherheitsbehörden können zwar wieder einen Staatstrojaner einsetzen, doch die neue Späh-Software reicht für die Bedürfnisse der Ermittler nicht aus, berichtet die Welt am Sonntag. Daher ist noch der Einsatz von ein weiteren Trojaner geplant, der von dem umstrittenen Unternehmen FinFisher entwickelt wird.

Der Kernproblem der Sicherheitsbehörden ist demnach: Der Trojaner läuft ausschließlich auf Windows-Systemen und ist dort auch nur in der Lage, die VoIP-Gespräche über Skype abzufangen. Für Smartphones ist die Software nicht geeignet. Kommunizieren Verdächtige nun also mit Chat-Programmen wie Telegram, Threema oder WhatsApp, sind diese für die Ermittler nicht zugänglich.
Kompletter Artikel: ComputerBase.de - Staatstrojaner - Neue Spähsoftware nicht für Smartphones geeignet

Nachtrag: Wikipedia - FinFisher
http://thehackernews.com/2016/04/webusb-api.html
 
Zuletzt bearbeitet:
Warning! CCTV Cameras Sold on Amazon Come with Pre-Installed Malware

home-security-system.png


Be careful while buying any off-brand electronics from Amazon, as they could end up infecting you.​

Recently, independent security researcher Mike Olsen discovered that the CCTV surveillance devices sold on Amazon came with pre-installed malware.​

Olsen discovered this nasty secret after he bought a set of outdoor CCTV surveillance cameras from Amazon for one of his friends.​

- - - Beitrag zusammengeführt - - -

WebUSB API — Connect Your USB Devices Securely to the Internet

webusb-api.png


Two Google engineers have developed a draft version of an API called WebUSB that would allow you to connect your USB devices to the Web safely and securely, bypassing the need for native drivers.

WebUSB – developed by Reilly Grant and Ken Rockot – has been introduced to the World Wide Web Consortium's Web Incubator Community Group (W3C WICG), is build to offer a universal platform that could be adopted by browser makers in future versions of their software.
Full story: The Hacker News - WebUSB API — Connect Your USB Devices Securely to the Internet

- - - Beitrag zusammengeführt - - -

Adware uploads Screenshot of your Active Windows without your Permission

The crap being pushed out by adware purveyors is seriously out of control and this latest one causes a major breach of privacy. While installing some adware bundles today I ran into a particular nasty variant called Faster Internet that uploads quite a bit of information to their servers without the user's permission. To make matters worse, it uploads a screenshot of what is currently being displayed on your computer without alerting the user.

When Faster Internet is installed it will create a fingerprint consisting of information related to your motherboard, CPU, hard drives, network adapters, and other information about your computer. This information is then uploaded to the developers server. It will then take a screenshot of the active display on your computer at the time of the install and send this screenshot along with your IP address to the a.duofoldmortify.online/buploada.php URL.
Full story: BleepingComputer - Adware uploads Screenshot of your Active Windows without your Permission

- - - Beitrag zusammengeführt - - -

Why Everyone should uninstall QuickTime Now!

Yesterday US-Cert released a security alert about two new vulnerabilities discovered in QuickTime for Windows. Both of these vulnerabilities are classified as critical as they could allow attackers to remotely execute commands on vulnerable computers. Since Apple has stated that they are no longer supporting QuickTime for Windows and that these vulnerabilities will not be fixed, it is important that everyone uninstall QuickTime from their computer.

Apple's reaction to these vulnerabilities has been disappointing to say the least. If they are no longer supporting the product and it is known that they contain two critical vulnerabilities, then why are they still offering these vulnerable programs via their Apple Software Update program?
Full story: BleepingComputer - Why Everyone should uninstall QuickTime Now!
 
Hackers can spy on your calls and track location, using just your phone number

IN BRIEF

The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they hacked into an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles.

Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages.

The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks.

All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations.​

SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.​
 
Gefahr - iOS- und Mac-Apps stürzen durch manipulierte PNGs ab

Mit speziell manipulierten PNG-Dateien können Apps unter Apples iOS oder OS X zum Absturz gebracht werden. Das Problem dabei ist, dass der Fehler im Image-I/O-Framework liegt, das von vielen Anwendungen genutzt wird, womit die Anzahl der betroffen Applikation sehr hoch ausfällt.

Auch iOS 9.3.1 und OS X 10.11.4 betroffen
Bereits Mitte Dezember des letzten Jahres meldete der Sicherheitsforscher Lander Brandt das Problem Apple. Diese teilten jedoch erst Ende März dieses Jahres mit, dass sich die Entwickler dem Problem angenommen haben. Bis heute besteht der Fehler jedoch weiterhin und betrifft dabei auch die neusten Versionen von iOS und OS X.

Der Fehler wird ausgelöst, wenn die manipulierte PNG-Datei einen unbekannten Datenblock enthält, der nicht in der von Apple zu Darstellungen verwendeten Bibliothek libpng enthalten ist. Dadurch kommt es zu einem Fehler, der ist je nach Anwendung unterschiedlich schwer auswirkt.
Kompletter Artikel - ComputerBase.de: Gefahr - iOS- und Mac-Apps stürzen durch manipulierte PNGs ab

- - - Beitrag zusammengeführt - - -

Ist ja mal der Hammer!!!

How Did Hackers Who Stole $81 Million from Bangladesh Bank Go Undetected?

bank-hack.png


In Brief

Investigators from British defense contractor BAE Systems discovered that hackers who stole $81 million from the Bangladesh Central Bank actually hacked into software from SWIFT financial platform, a key part of the global financial system.

The hackers used a custom-made malware to hide evidence and go undetected by erasing records of illicit transfers with the help of compromised SWIFT system.
Full story - The Hacker News: How Did Hackers Who Stole $81 Million from Bangladesh Bank Go Undetected?
 
  • ok1.de
  • thinkstore24.de
  • Preiswerte-IT - Gebrauchte Lenovo Notebooks kaufen
Zurück
Oben