[Sammelthread] Artikel rund um sicherheitsrelevante Themen und Aspekte

Dringend beachten

Understanding the Windows Credential Leak Flaw and How to Prevent It

This week there has been a lot of news about a flaw in Windows that could be used by web sites to easily gain access to a visitor's Windows login name and password. When I tested this flaw it was downright scary. Using a test site for this flaw, the site was able to get my test Microsoft Account login name and the hash of its password in a few seconds. Then it took the site less than 30 seconds to crack the password! What is even scarier, is that this flaw is not new and was discovered in March 1997!


windows-leak-example.jpg

Test shows my account info and Password
Yes. I changed the password already.


Update 8/7/16: Updated the mitigation information to include registry keys that Home users can use to enable the policies below.

BleepingComputer - Understanding the Windows Credential Leak Flaw and How to Prevent It

- - - Beitrag zusammengeführt - - -

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide.

What's even worse: Most of those affected Android devices will probably never be patched.

Dubbed "Quadrooter," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device.

The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones.

That's a very big number.

The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas.​
The Hacker News - Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack
 
Zuletzt bearbeitet:
Ja, die Attacke auf Windows ist schon uralt und trotzdem immer wieder aktuell. Die c't hat vor ziemlich genau einem Jahr auch schon darüber und über die Hintergründe berichtet: http://www.heise.de/ct/ausgabe/2015-18-Pass-the-Hash-als-Gefahr-fuer-Windows-Netze-2767796.html
Ich hab's auch gerade mal ausprobiert. Beide Links zum Testen der Lücke haben bei mir unter Windows 10 Pro sowohl mit Chrome als auch mit Edge ergeben, dass ich nicht angreifbar sei. Auch, als ich meine Firewall mal komplett abgeschaltet habe. Wäre mal interessant, das auch mit anderen Systemen zu testen.
 
Dringend beachten

Edge und Internet Explorer sind bei mir auch sicher. Firefox ja sowieso. Allerdings hatte ich schon den Hinweis zur Schliessung der Lücke, wie im Artikel beschrieben, angewandt.

restrict-ntlm-policy.jpg


- - - Beitrag zusammengeführt - - -

NACHTRAG:

In der VM unter Windows 7 und 8.1 ist der Internet Explorer angreifbar. Werde sofort die GPOs ändern.



Hat geklappt. Die Browser sind nun nicht mehr anfällig auf diese Attacke.

- - - Beitrag zusammengeführt - - -

How Your Computer Monitor Could Be Hacked To Spy On You

computer-monitor-hack.png


Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked.

You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen.

Although changing pixels is really hard and complicated, a team of security researchers at this year’s DEF CON says that it is not impossible.

Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images.
The Hacker News - How Your Computer Monitor Could Be Hacked To Spy On You
 
Zuletzt bearbeitet:
Malicious Android Apps Use Obfuscation, Antiemulation Techniques to Avoid Detection

A set of malicious gaming applications for Android available on the Google Play Store employ obfuscation at multiple levels and antiemulation techniques to avoid detection.

The apps then initiate a series a commands that allow them to download APK files from external sources, leak sensitive information, and (like Android.Spy.305.origin) display or silent access advertisements.

Each app is determined to carry out its malicious activities, which is reflected in its efforts to avoid detection.

Fernando Ruiz, a mobile malware researcher at Intel Security, explains:

"The payload is obfuscated at many levels with a packer, an executable and linkable format (ELF) binary crafted to decrypt the malicious code from a file stored in the asset directory of the APK. The name of the assets.dat files, binary ELF, and classes related to the malware functionality are random to avoid detection. The strings are obfuscated inside the ELF binary and the encrypted malicious .dex files."


Each app also comes equipped with antiemulation techniques that allow it to remain under the radar of automated dynamic test environments.
BleepingComputer: Malicious Android Apps Use Obfuscation, Antiemulation Techniques to Avoid Detection

- - - Beitrag zusammengeführt - - -

Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot

uefi-secure-boot-bypass.png


Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI (Unified Extensible Firmware Interface) Secure Boot feature.

What's even worse?

It will be impossible for Microsoft to undo its leak.

Secure Boot is a security feature that protects your device from certain types of malware, such as a rootkit, which can hijack your system bootloader, as well as, Secure Boot restricts you from running any non-Microsoft operating system on your device.

In other words, when Secure Boot is enabled, you will only be able to boot Microsoft approved (cryptographically signature checking) operating systems.

However, the Golden Keys disclosed by two security researchers, using alias MY123 and Slipstream, can be used to install non-Windows operating systems, say GNU/Linux or Android, on the devices protected by Secure Boot.

Moreover, according to the blog post published by researchers, it is impossible for Microsoft to fully revoke the leaked keys, potentially giving law enforcement (such as FBI and NSA) special backdoor that can be used to unlock Windows-powered devices in criminal cases.​
 
Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely

linux-server-tcp-packet-hacking.png


If you are using the Internet, there are the possibilities that you are open to attack.

The Transmission Control Protocol (TCP) implementation in all Linux systems deployed since 2012 (version 3.6 and above of the Linux kernel) poses a serious threat to Internet users, whether or not they use Linux directly.

This issue is troubling because Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs.

Researchers have uncovered a serious Internet flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet.

The vulnerability could also be used to forcefully terminate HTTPS encrypted connections and downgrade the privacy of secure connections, as well as also threatens anonymity of Tor users by routing them to certain malicious relays.

The flaw actually resides in the design and implementation of the Request for Comments: 5961 (RFC 5961) – a relatively new Internet standard that's designed to make commonly used TCP more robust against hacking attacks.​
 
New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer

air-gapped-computer-hacking.png


Air-gapped computers that are isolated from the Internet and other computers are long considered to be the most secure and safest place for storing data in critical infrastructures such as industrial control systems, financial institutions, and classified military networks.

However, these systems have sometimes been targeted in the past, which proves that these isolated systems are not completely secure.

Previous techniques of hacking air gap computers include:


Now, researchers have devised a new method to steal data from an infected computer even if it has not been physically connected to the Internet for preventing the computer to leak sensitive information stored in it.
The Hacker News - New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer

 
Someone is Spying on Researchers Behind VeraCrypt Security Audit

veracrypt-security-audit.png


After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people.

Due to the huge popularity of VeraCrypt, security researchers from the OSTIF (The Open Source Technology Improvement Fund) announced at the beginning of this month that it had agreed to audit VeraCrypt independently.

Using funds donated by DuckDuckGo and VikingVPN, the OSTIC hired vulnerability researchers from QuarksLab to lead the audit, which would look for zero-day vulnerabilities and other security holes in VeraCrypt's code.

Now, the most troubling part comes here:

The OSTIF announced Saturday that its confidential PGP-encrypted communications with QuarkLabs about the security audit of VeraCrypt were mysteriously intercepted.

"We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders." the OSTIF said. "Not only have the emails not arrived, but there is no trace of the emails in our "sent" folders. In the case of OSTIF, this is the Google Apps business version of Gmail where these sent emails have disappeared."​

The information linked to the VeraCrypt security audit is so confidential that the OSTIF instructed QuarksLab research team to give "any results of this audit directly to the lead developer of VeraCrypt using heavily encrypted communications."

- - - Beitrag zusammengeführt - - -

Internet Traffic Hijacking Linux Flaw Affects 80% of Android Devices

android-hack-linux.png


An estimated 80 percent of Android smartphones and tablets running Android 4.4 KitKat and higher are vulnerable to a recently disclosed Linux kernel flaw that allows hackers to terminate connections, spy on unencrypted traffic or inject malware into the parties' communications.

Even the latest Android Nougat Preview is considered to be vulnerable.

The security flaw was first appeared in the implementation of the TCP protocol in all Linux systems deployed since 2012 (version 3.6 and above of the Linux OS kernel) and the Linux Foundation has already patched the Linux kernel on July 11, 2016.

However, the vulnerability (CVE-2016-5696) is now affecting a large portion of the Android ecosystem.

According to a blog post published Monday by mobile security firm Lookout, the Linux flaw is present in Android version 4.4 KitKat and all future releases, including the latest developer preview of Android Nougat.​

- - - Beitrag zusammengeführt - - -

The NSA Hack — What, When, Where, How, Who & Why?

the-nsa-hack.png


You might have heard about the recent ongoing drama of NSA hack that has sparked a larger debate on the Internet concerning abilities of US intelligence agencies as well as their own security.

Saturday morning the news broke that a mysterious group of hackers calling themselves "The Shadow Brokers" claimed it hacked an NSA-linked group and released some NSA hacking tools with a promise to sell more private "cyber weapons" to the highest bidder.

The group dumped a bunch of private hacking tools from "Equation Group" – an elite cyber attack unit linked to the NSA – on GitHub and Tumblr.

The Shadow Brokers hacking group has published the leaked data in two parts; one includes many hacking tools designed to inject malware into various servers and another encrypted file containing the "best files" that they made available for sale for 1 Million Bitcoins.

However, GitHub deleted the files from its page, not due to any government pressure, but because the hackers were demanding cash to release more data and the company's policy don't allow the auction or sale of stolen property on its source code management platform.​
 
Zuletzt bearbeitet:
Apple - Wissenschaftler finden Sicherheitslücken in iOS

Ein internationales Team von Cybersicherheitsforschern unter Beteiligung der TU Darmstadt hat schwere Sicherheitslücken in Apples iOS gefunden. Die Sicherheitslücken ermöglichen nach Angaben der Forscher eine Vielzahl von Angriffen auf die Handys und Tablets von Apple

Die Forscher wollten die Sicherheitstechnologien von iOS beleuchten, da das geschlossene Betriebssystem von Apple immer wieder als sicherer gilt als das offene Android-Betriebssystem von Google und Apple in den letzten iOS-Versionen immer wieder Mechanismen zum Schutz der Daten des Nutzers eingeführt hat, so Ahmad-Reza Sadeghi, Professor für Systemsicherheit am Profilbereich Cybersicherheit der TU Darmstadt.
ComputerBase.de: Apple - Wissenschaftler finden Sicherheitslücken in iOS
 
WhatsApp to Share Your Data with Facebook — You have 30 Days to Stop It

facebook-whatsapp.png


Nothing comes for Free, as "Free" is just a relative term used by companies to develop a strong user base and then use it for their own benefits.

The same has been done by the secure messaging app WhatsApp, which has now made it crystal clear that the popular messaging service will begin sharing its users’ data with its parent company, Facebook.

However, WhatsApp is offering a partial opt-out for Facebook targeted ads and product related purposes, which I will let you know later in this article, but completely opting out of the data-sharing does not seem to be possible.

Let's know what the company has decided to do with your data.

Of course, Facebook is willing to use your data to sell more targeted advertisements.

WhatsApp introduced some significant changes to its privacy policy and T&Cs today which, if accepted once, gives it permission to connect users' Facebook accounts to WhatsApp accounts for the first time, giving Facebook more data about users for delivering more relevant ads on the social network.​

- - - Beitrag zusammengeführt - - -

Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist

apple-security-update.png


Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor.

One of the world's most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.

The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone.

The zero-day exploits have allowed the company to develop sophisticated spyware tools that can access the device location, contacts, texts, calls logs, emails and even microphone.

Apple fixed these three vulnerabilities within ten days after being informed by two security firms, Citizen Lab and Lookout, who conducted a joint investigation.​

- - - Beitrag zusammengeführt - - -

Wegen Datenklau - Opera-Nutzer müssen Browser-Passwort ändern

Opera warnt Nutzer des hauseigenen Browser-Synchronisationsdienstes vor einem möglichen Datenklau. Anfang der Woche habe es Anzeichen eines Angriffs auf den Sync-Dienst gegeben. Infolgedessen seien möglicherweise Account-Daten und Passwörter gestohlen worden. Die Untersuchung des Vorfalls dauere noch an.

Nutzer müssen Sync-Passwort ändern

Zwar konnte Opera den mutmaßlichen Angriff laut eigener Aussage schnell unterbinden. Es sei aber nicht auszuschließen, dass die Angreifer kurzzeitig Zugriff auf die Sync-Server hatten und im Zuge dessen Nutzerdaten erbeuteten. Zu den betroffenen Daten gehören Passwörter ebenso wie Login-Namen.

Aus Sicherheitsgründen hat Opera daher die Login-Passwörter aller Nutzer des Sync-Dienstes zurückgesetzt. Die betroffenen Anwender wurden per E-Mail über den Schritt informiert. Um sich wieder einloggen zu können, müssen Nutzer über Opera > Synchronisieren > Anmelden die Option „Passwort vergessen?“ wählen. Dann bietet Opera über einen via E-Mail verschickten Link die Möglichkeit, ein neues Passwort zu erstellen.

Wer die Synchronisationsfunktion des Browsers nicht verwendet, ist von dem Datenleck nicht betroffen und braucht keine Maßnahmen ergreifen, so Opera.

Auch gespeicherte Website-Passwörter können betroffen sein

Außer der Erstellung eines neuen Account-Passwortes empfiehlt Opera eine weitere Sicherheitsmaßnahme: Nutzer sollen die Passwörter aller über den Sync-Dienst gespeicherten Website-Logins ändern. Zwar speichere Opera die betroffenen Website-Passwörter verschlüsselt, es sei allerdings trotzdem empfehlenswert, neue Passwörter für die entsprechenden Websites festzulegen, um auf Nummer sicher zu gehen.
ComputerBase.de: Wegen Datenklau - Opera-Nutzer müssen Browser-Passwort ändern
 
Zuletzt bearbeitet:
Hackers may be able to Monitor your Keystrokes Using WiFi Signals

Researchers have devised a system that can recognize a user's keystrokes by exploiting available WiFi signals.

The research team, which is made up of computer scientists from Michigan State University and Nanjing University in China, explain in their paper (PDF) that their "WiKey" system works because most WiFi devices (including routers) come with multiple-input and multiple-output (MIMO) capabilities:
"Each MIMO channel between each transmit-receive (TX-RX) antenna pair of a transmitter and receiver comprises of multiple sub-carriers. These WiFi devices continuously monitor the state of the wireless channel to effectively perform transmit power allocations and rate adaptations for each individual MIMOstream such that the available capacity of the wireless channel is maximally utilized...."

In other words, most routers have the ability to monitor a wireless channel's behavior and pick up on its channel state information (CSI). Those CSI values, in turn, characterize something that's known as Channel Frequency Response (CFR), or fluctuations in signal exhibited between each antenna pair for a subcarrier.

Those fluctuations reveal a lot about a WiFi channel. As it turns out, they can even reveal hand and finger movements--that is, a user's keystrokes.

BleepingComputer: Hackers may be able to Monitor your Keystrokes Using WiFi Signals

- - - Beitrag zusammengeführt - - -

Chinese Certificate Authority 'mistakenly' gave out SSL Certs for GitHub Domains

github-ssl-certificate.png


A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.

But How? First of all, do you know, the traditional Digital Certificate Management System is the weakest link on the Internet today and has already been broken?

Billions of Internet users blindly rely on hundreds of Certificate Authorities (CA) around the globe to ensure the confidentiality and integrity of their personal data.

But, these CAs have powers to issue valid SSL cert for any domain you own, despite the fact you already have one purchased from another CA.

...and that's the biggest loophole in the CA system.

In the latest case as well, WoSign issued a duplicate SSL certificate for GitHub domains without verifying ownership of the base domain.

- - - Beitrag zusammengeführt - - -

Dropbox Hacked — More Than 68 Million Account Details Leaked Online

dropbox-account-hack.png


Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach.

Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users.

However, in a selection of files obtained through sources in the database trading community and breach notification service Leakbase, Motherboard found around 5GB of files containing details on 68,680,741 accounts, which includes email addresses and hashed (and salted) passwords for Dropbox users.

An unnamed Dropbox employee verified the legitimacy of the data.


The takeaway:

Change your passwords for Dropbox as well as other online accounts immediately, especially if you use the same password for multiple websites.
 
Zuletzt bearbeitet:
Critical DoS Flaw found in OpenSSL — How It Works

openssl-ddos-attack.png


The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.

OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well as other secure services.

The vulnerabilities exist in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0 and patched in OpenSSL versions 1.1.0a, 1.0.2i and 1.0.1u.​
 
hinweis zu einer veranstaltung in zürich
bei :
Center for Information Technology, Society, and Law (ITSL)
thema : netzsperren
link : http://www.itsl.uzh.ch/de/Veranstaltungen.html
datum : 19. 10. 2016 >>> keine anmeldung nötig, teilname kostenlos.

wollte keinen fred für die info eröffnen
und im weitesten sinne hat es ja auch mit sicherheit zu tun,^^ oder ?
 
Da es alle Windowsversionen betrifft...

This Code Injection Technique can Potentially Attack All Versions of Windows

AtomBombing-attack.png


Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer.

Isn't that scary? Well, definitely for most of you.

Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows operating system, even Windows 10, in a manner that no existing anti-malware tools can detect, threaten millions of PCs worldwide.

Dubbed "AtomBombing," the technique does not exploit any vulnerability but abuses a designing weakness in Windows.
Kompletter Artikel: The Hacker News - This Code Injection Technique can Potentially Attack All Versions of Windows
 
Meine Güte, das wird aber wieder von allen möglichen Seiten aufgeblasen! Die entsprechende Technik ist nicht erst grad entdeckt worden, sondern schon 2012 wurde drüber berichtet. Das ist alles andere als neu.
http://mista.nu/research/smashing_the_atom.pdf

Damit man die AtomTable manipulieren kann, muss man auf dem System Code ausführen können. Wenn man sowieso schon Code auf einem System ausführen kann, ist das Kind eh schon in den Brunnen gefallen und man muss gar nicht erst mit den AtomTables rumspielen.
Ich hab aus der Sache noch nicht rauslesen können, ob sich das evtl. zu einer privilege escalation ausnutzen lässt. Aber die Vorgehensweise wäre auch da umständlich. Man müsste etwas mit Benutzerrechten persistent starten und hoffen, dass jemand danach mit Adminrechten etwas ausführt, um dann Befehle umzubiegen. Aber wie gesagt, keine Idee, ob das darüber überhaupt möglich ist.

Ich würde das so eher als Sturm im Wasserglas sehen.
 
Die Sache ist, dass es sich nicht um eine Sicherheitslücke oder mehrere in den Windowsversionen handelt, sondern dies "by design" der Fall ist. Folglich wird es in kommender Zeit auch keinen Patch oder ähnliches geben.

Das Ganze ist höchst bedenklich und nicht nur eine Kleinigkeit, welche gerne nach einem Tag des Lesens wieder vergessen wird.
 
Zuletzt bearbeitet:
Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready.

Yes, the critical zero-day is unpatched and is being used by attackers in the wild.

Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix.

According to a blog post by Google's Threat Analysis Group, the reason behind going public is that it has seen exploits for the vulnerability in the wild and according to its internal policy, companies should patch or publicly report such bugs after seven days.
The Hacker News - Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable


Update

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe.

While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix.

Microsoft criticized Google's move, saying that the public disclosure of the vulnerability — which is being exploited in the wild — before the company had time to prepare a fix, puts Windows users at "potential risk."

The result? Windows Vista through current versions of Windows 10 is still vulnerable, and now everybody knows about the critical vulnerability.

Now, Microsoft said that the company would be releasing a patch for the zero-day flaw on 8th November, as part of its regular round of monthly security updates.
The Hacker News - Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google
 
  • ok1.de
  • thinkstore24.de
  • Preiswerte-IT - Gebrauchte Lenovo Notebooks kaufen
Zurück
Oben