The Hacker News

Mise à jour

Mise à jour de la base de données, veuillez patienter...

Snapchat app vulnerable to denial-of-service attack, allows remotely crash iPhone

samedi 8 février 2014 à 19:20

iPhone SNAPCHAT app denial-of-service attack vulnerability

SNAPCHAT, photo sharing app is the majority choice for variety of users. Recently, the company has faced data breach and Captcha bypass vulnerability, and just yesterday a new denial-of-service attack has been revealed which can crash an iPhone.

Jamie Sanchez, a security researcher has found the app vulnerable, which can enable a hacker to launch a denial-of-service attacks, resulting prompt the user to reset the mobile device.

The flaw into the Snapchat app allows someone to flood a user with thousands of messages in a measure of seconds, "By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals" he said.

He demonstrated the vulnerability to LA Times reporter, bombarded his handset with thousands of messages within five seconds in a denial-of-service attack, which caused his iPhone to freeze until it restarted.

Snapchat's Android app is not much vulnerable to this denial-of-service attack, but it impacts on the performance of the phone and leave snapchat app useless until the attack is over. Jamie Sanchez declined to contact Snapchat with his findings as he believes the company has no respect for the cyber security research community after ignoring previous app vulnerability reports.

This is the third time in the past 10 weeks when snapchat has no prior information about the security flaws and reacted immediately after public disclosure of the vulnerability.

Update: Snapchat reacted, "We are working to resolve the issue and will be reaching out to the security researcher who publicized the attack to learn more.".

LINKUP - First Ransomware trojan that modifies DNS settings to mine Bitcoin forcefully

vendredi 7 février 2014 à 13:18

Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.

Emsisoft has detected a new piece of malware called “Linkup”, dubbed as “Trojan-Ransom.Win32.Linkup” that doesn't lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot. Sounds Interesting??

Once the Linkup Trojan is installed in your system, it makes a copy of itself and disables the selected Windows Security and Firewall services to facilitate the infection. Injected poisoned DNS Server will only allow the malware and Bitcoin miner to communicate with the internet.

It display a bogus notification on the victim's web browser, which is supposed to be from the Council of Europe, that accuses you of viewing “Child Pornography” and only returns the access of Internet back on the payment of a £0.01 (Euro) fine.

This is unconfirmed that after paying ransom money, the malware will restore the Internet access or not, "but most likely only a blatant lie". The Ransom amount is supposed to be paid by the Credit Card with the submission of your personal information, including your Name, DOB and City, as shown:

In addition to blocking your Internet access, Linkup malware also download and install other malware that connect your computer to a Bitcoin mining botnet forcefully, which can combine the computing power of multiple infected computers to earn Bitcoin for whoever is behind the attack.

Emsisoft has detail explanation of the working of malware on their site:

“This combination of ransomware and Bitcoin mining is a new and fascinating development. At this point, however, its functionality is still quite limited as the downloaded jhProtominer only works on 64-bit operating systems. In time, it will be interesting to see if Linkup is modified to download more flexible variants.”

If your computer has been infected, you are advised not to pay ransom money or submit any personal information, rather you can install 'Emsisoft Anti-Malware' to remove the malware and restoring DNS settings to default.

Bredo Banking Malware Campaign Targets Bank of America Customers

vendredi 7 février 2014 à 12:37

The Major US Financial institution, Bank of America is being targeted by a stealthy malicious financial malware campaign, according to AppRiver report.

Last month the researchers at AppRiver has noticed enormous volumes of traffic through their data centers, with the peaks of traffic reaching three or four times than their normal network traffic.

They caught and blocked a malware campaign that was using the new and novel tactics designed specifically to beat the filtering engines.

Last Wednesday the company experienced huge spam traffic i.e. 10 to 12 times the normal amount of their normal routine traffic. “These spikes have been driven by a tremendous increase in the number of incoming messages being sent with viruses attached.” and some user experienced delays in sending and receiving mail.

Bredo Banking Malware Campaign Targets Bank of America Customers

They found the malware campaign, distributing a Financial Trojan designed to target, the Bank of America customers, known as ‘Bredo virus’, capable of stealing information such as Credit Card Numbers, Banking credentials, user’s keystrokes.

AppRiver said that ‘The software may also have abilities to further infect a system by downloading more malware on to the machine’ and added that, ‘running through a variety of virus scanners showed that only 11 of 51 antivirus vendors were classifying it as malware.’

The Bredo botnet was first detected in May 2009 and is capable of propagating through malicious e-mails that includes malware attachments which would infect a computer when opened, effectively turning the computer into another zombie controlled by the botnet.

In October 2010, the Dutch law enforcement agents seized 143 LeaseWeb servers used as command & the control center of botnet, but were not able to successfully vanish it completely.

Microsoft February Patch Tuesday : Two critical and Three Important Security Updates

vendredi 7 février 2014 à 12:16

Today Microsoft has released Security Bulletin Advanced Notification for February 2014 Patch Tuesday. The notification dictates five bulletins out of which two have critical Remote Code Execution and rest are important in aspect to severity of security flaw.

A Remote Code Execution vulnerability has been found in Security software of Microsoft i.e. Forefront Protection 2010 for Exchange Server, but this time there will be no new bulletins for Internet Explorer.

Not only this, users of Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1 are also advised to patch their systems in order to protect themselves from being a victim of malicious code which is exploiting Remote code execution vulnerability.

Except the remote code execution, Microsoft is going to release patches for privilege escalation, information disclosure, and denial of service security flaws in Windows operating system. Privilege escalation is also marked important for .NET framework of Microsoft.

In August 2013 advisory, Microsoft announced: “The availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to, certificates issued under roots in the Microsoft root certificate program. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.”

On the coming patch Tuesday, Microsoft will deprecate MD5 hash for signing certificates for server authentication, code signing, and time stamping and will use SHA-2 for signing such certificates. But updates have already been released to test the impact of it for about six months.

For more details, you can read a report on the risks of using weak hash functions for signing the Digital Certificates.

Facebook releases 'Conceal' API for Android developers to Encrypt data on Disk

vendredi 7 février 2014 à 11:03

Many Smartphone applications support, installation or app data storage to an external SD Card, that can be helpful in saving space on the internal memory, but also vulnerable to hackers.

Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your Phone's SD Card.

To prevent the data from being misused by any other app, the best implementation is to encrypt the data, but that will drop the performance of the device.

On its 10th birthday, as a treat for mobile developers, Facebook has unveiled the source code of its Android security tool called 'Conceal' cryptographic API Java library, that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface.

Smaller than other cryptography standards and built for speed, the Conceal might end up the best solution. "We saw an opportunity to do things better and decided to encrypt the private data that we stored on the SD card so that it would not be accessible to other apps" Facebook Software Engineer said in a blog post.

The tool is based on algorithms from OpenSSL, a common open source encryption system for the web:

"Conceal doesn't implement any crypto. Instead, it uses specific cryptographic algorithms from OpenSSL. OpenSSL's crypto library is about 1MB when built for armv7. By using only the parts of OpenSSL we needed, we were able to reduce the size of OpenSSL to 85KB. We believe providing a smaller library will reduce the friction of adopting state of the art encryption algorithms, make it easier to handle different Android platform versions, and enable us to quickly incorporate fixes for any security vulnerabilities in OpenSSL as well."

Conceal is smaller and faster than existing Java crypto libraries, uses AES-GCM, an authenticated encryption algorithm that helps to detect any potential tampering with data. "We instead use AES-GCM which is an authenticated encryption algorithm that not only encrypts the data, but also computes a MAC of the data at the same time." he said.

The library also provides resources for storing and managing keys to protect against known weaknesses in the Android's random number generator. Conceal officially supports Android 2.3 and higher (Gingerbread). It will run on 2.2 (Froyo) phones as well.

The company is already using the tool with the primary Facebook app that runs on Android. Developers can access the Conceal API from GITHUB.