Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

‘Stegano’ Malvertising Exposes Millions To Hacking

December 13, 2016 by  
Filed under Around The Net

Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking

Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.

The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.

The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.

The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.

The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.

Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.

Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.

The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.

ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.

Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html

Can iOS Activation Lock Be Bypassed?

December 7, 2016 by  
Filed under Around The Net

Comments Off on Can iOS Activation Lock Be Bypassed?

Two researchers report that they have discovered a way to bypass the activation lock feature in iOS that’s supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner.

The first report came Sunday from an Indian security researcher named Hemanth Joseph, who started investigating possible bypasses after being confronted with a locked iPad he acquired from eBay.

The activation lock gets enabled automatically when users turn on the Find My iPhone feature via iCloud. It links the device to their Apple IDs and prevents anyone else from accessing the device without entering the associated password.

One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it. This is supposed to restore the state of the tablet from where it was left off, in this case, loading the WPA2 screen again with the long strings of characters filled in.

“After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock,” he said in a blog post.

Hemanth said he reported the issue to Apple on Nov. 4, and the company is investigating it. He tested the bypass on iOS 10.1, which was released on Oct. 24.

Last week, a researcher named Benjamin Kunz Mejri, from German outfit Vulnerability Lab, posted a video showing the same bypass, but on the newer iOS 10.1.1 version.

Kunz Mejri’s method is similar and also involves overflowing the Add Wi-Fi form fields with long strings of characters but also requires rotating the tablet’s screen in order to trigger the crash after the smart cover trick.

Apple has not yet confirmed that issue and did not immediately respond to a request for comment.

Source- http://www.thegurureview.net/mobile-category/researcher-prove-ios-activation-lock-can-be-bypassed.html

Is Changing Your Password Often A Good Idea?

August 15, 2016 by  
Filed under Security

Comments Off on Is Changing Your Password Often A Good Idea?

Carnegie Mellon University professor Lorrie Cranor, who is the US FTC’s technology guru, has debunked a myth that it is a good idea to change your password often.

Talking to Ars Technica she said that while frequent password changes can lock hackers out they make make security worse.

She told the BSides security conference in Las Vegas that frequent password changes do little to improve security and very possibly make security worse by encouraging the use of passwords that are more susceptible to cracking.

A study published in 2010 by researchers from the University of North Carolina at Chapel Hill more or less confirmed her views. The researchers obtained the cryptographic hashes to 10,000 expired accounts that once belonged to university employees, faculty, or students who had been required to change their passcodes every three months. Researchers received data not only for the last password used but also for passwords that had been changed over time.

By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1″, for instance (excluding the quotation marks) frequently became “tArheels#1″ after the first change, “taRheels#1″ on the second change and so on. Or it might be changed to “tarheels#11″ on the first change and “tarheels#111″ on the second. Another common technique was to substitute a digit to make it “tarheels#2″, “tarheels#3″, and so on.

“The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation. They take their old passwords, they change it in some small way, and they come up with a new password.”

The researchers used the transformations they uncovered to develop algorithms that could predict changes with great accuracy.

A separate study from researchers at Carleton University showed that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.

Courtesy-Fud

PC Monitors Vulnerable To Hacking

August 12, 2016 by  
Filed under Security

Comments Off on PC Monitors Vulnerable To Hacking

You should probably be leery of what you see since, apparently, your computer monitor can be hacked.

Researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.

Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.

They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.

During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.

It wasn’t exactly an easy hack to pull off. To discover the vulnerability, both Cui and Kataria spent their spare time over two years, conducting research and understanding the technology inside the Dell monitor.

However, they also looked at monitors from other brands, including Samsung, Acer and Hewlett Packard, and noticed that it was theoretically possible to hack them in the same manner as well.

The key problem lies in the monitors’ firmware, or the software embedded inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.

The exploit requires gaining access to the monitor itself, through the HDMI or USB port. Once done, the hack could potentially open the door for other malicious attacks, including ransomware.

For instance, cyber criminals could emblazon a permanent message on the display, and ask for payment to remove it, Kataria said. Or they could even spy on users’ monitors, by logging the pixels generated.

However, the two researchers said they made their presentation to raise awareness about computer monitor security. They’ve posted the code to their research online.

“Is monitor security important? I think it is,” Cui said.

Dell couldn’t be reached for immediate comment.

Source- http://www.thegurureview.net/computing-category/computer-monitors-are-also-vulnerable-to-hacking.html

Swift To Focus More On Security

June 6, 2016 by  
Filed under Around The Net

Comments Off on Swift To Focus More On Security

The SWIFT secure messaging service that underpins international banking announced that it will launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT)’s chief executive, Gottfried Leibbrandt, told a financial services conference in Brussels that SWIFT will launch a five-point plan later this week.

Banks send payment instructions to one another via SWIFT messages. In February, thieves hacked into the SWIFT system of the Bangladesh central bank, sending messages to the Federal Reserve Bank of New York allowing them to steal $81 million.

The attack follows a similar but little-noticed theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, and a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.

The crimes have dented the banking industry’s faith in SWIFT, a Belgium-based co-operative owned by its users.

The Bangladesh Bank hack was a “watershed event for the banking industry”, Leibbrandt said.

“There will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident … this is a big deal. And it gets to the heart of banking.”

SWIFT wants banks to “drastically” improve information sharing, to toughen up security procedures around SWIFT and to increase their use of software that could spot fraudulent payments.

SWIFT will also provide tighter guidelines that auditors and regulators can use to assess whether banks’ SWIFT security procedures are good enough.

Leibbrandt again defended SWIFT’s role, saying the hacks happened primarily because of failures at users. “Many of the less protected banks are in countries were skills are really scarce,” he said, pointing the finger at providers of services to banks.

“We will have to create an ecosystem of providers and partners, for example by introducing certification requirements for third-party providers,” he said.

Courtesy-http://www.thegurureview.net/uncategorized/swift-to-implement-new-security-program-after-recent-hacking.html

Google And Yahoo Get Blocked

May 24, 2016 by  
Filed under Around The Net

Comments Off on Google And Yahoo Get Blocked

The IT department of the U.S. House of Representatives is prohibiting access to Yahoo Mail and the Google App Engine platform due to malware threats.

On April 30, the House’s Technology Service Desk informed users about an increase in ransomware-related emails on third-party email services like Yahoo Mail and Gmail.

“The House Information Security Office is taking a number of steps to address this specific attack,” the Technology Service Desk said in an email obtained and published by Gizmodo. “As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice.”

The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises questions: Are House workers using Yahoo Mail for official business, and, if they’re not, are they allowed to check their private email accounts on work devices?

If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House’s network, they could just as easily become infected there, where the ban is not in effect.

“The recent attacks have focused on using .js files attached as ZIP files to e-mail that appear to come from known senders,” the House’s Technology Service Desk said. “The primary focus appears to be through Yahoo Mail at this time.”

The increase in ZIP and RAR attachments that contain malicious JavaScript (JS) files has been observed by multiple security companies in recent months. Microsoft offers several recommendations, like using the Windows AppLocker group policy to restrict the execution of .JS files.

The House Information Security Office also banned access to appspot.com, the domain name used by applications hosted on the Google App Engine platform, Reuters reported.

Source- http://www.thegurureview.net/aroundnet-category/u-s-house-of-representatives-block-yahoo-and-google-apps.html

IBM’s Watson Goes Cybersecurity

May 23, 2016 by  
Filed under Computing

Comments Off on IBM’s Watson Goes Cybersecurity

IBM Security has announced a new year-long research project through which it will partner with eight universities to help train its Watson artificial intelligence system to tackle cybercrime.

Knowledge about threats is often hidden in unstructured sources such as blogs, research reports and documentation, said Kevin Skapinetz, director of strategy for IBM Security.

“Let’s say tomorrow there’s an article about a new type of malware, then a bunch of follow-up blogs,” Skapinetz explained. “Essentially what we’re doing is training Watson not just to understand that those documents exist, but to add context and make connections between them.”

Over the past year, IBM Security’s own experts have been working to teach Watson the “language of cybersecurity,” he said. That’s been accomplished largely by feeding it thousands of documents annotated to help the system understand what a threat is, what it does and what indicators are related, for example.

“You go through the process of annotating documents not just for nouns and verbs, but also what it all means together,” Skapinetz said. “Then Watson can start making associations.”

Now IBM aims to accelerate the training process. This fall, it will begin working with students at universities including California State Polytechnic University at Pomona, Penn State, MIT, New York University and the University of Maryland at Baltimore County along with Canada’s universities of New Brunswick, Ottawa and Waterloo.

Over the course of a year, the program aims to feed up to 15,000 new documents into Watson every month, including threat intelligence reports, cybercrime strategies, threat databases and materials from IBM’s own X-Force research library. X-Force represents 20 years of security research, including details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities.

Watson’s natural language processing capabilities will help it make sense of those reams of unstructured data. Its data-mining techniques will help detect outliers, and its graphical presentation tools will help find connections among related data points in different documents, IBM said.

Ultimately, the result will be a cloud service called Watson for Cyber Security that’s designed to provide insights into emerging threats as well as recommendations on how to stop them.

Source-http://www.thegurureview.net/computing-category/ibms-watson-to-get-schooled-on-cybersecurity.html

Phishing Apps Plague Google Play

May 12, 2016 by  
Filed under Computing

Comments Off on Phishing Apps Plague Google Play

Google’s attempts to safeguard the Android app store — Google Play — are far from perfect, with malicious apps routinely slipping through its review process. Such was the case for multiple phishing applications this year that posed as client apps for popular online payment services.

Researchers from security firm PhishLabs claim that they’ve found 11 such applications since the beginning of 2016 hosted on Google Play, most of them created by the same group of attackers.

The apps are simple, yet effective. They load Web pages containing log-in forms that look like the target companies’ websites. These pages are loaded from domain names registered by the attackers, but because they are loaded inside the apps, users don’t see their actual location.

In some cases attackers registered domain names that are similar to those of the impersonated online payment services, PhishLab Security Threat Analyst Joshua Shilko said in a blog post.

More recently, attackers used domain names similar to those of cryptocurrency companies, suggesting that the cryptocurrency industry is also targeted.

PhishLabs did not name the exact payment card companies and online payment services whose users were targeted by these fake apps. However, most of those companies provide links to their official mobile applications on their websites and users should always use those links instead of manually searching for them on the Play store.

“In one case, a targeted company explicitly states on their website that no mobile application exists for their company and that users should be wary of any mobile application using their brand,” Shilko said.

The danger is that if phishers manage to routinely bypass Google’s review process and upload such apps to the Google Play store, their attacks might extend to other industries in the future.

Another problem is that even when these apps are detected by third-parties and reported, it can take several days for Google to remove them from the app store, leaving a sufficiently large window of opportunity for attackers. It’s not clear how attackers promote these fake apps or if they rely only on users finding them themselves, but in general phishing attacks are most effective during the first several hours after they’re launched.

Source- http://www.thegurureview.net/mobile-category/phishing-apps-continue-to-play-google-play.html

Is Samsung Preparing For A Price War?

April 27, 2016 by  
Filed under Computing

Comments Off on Is Samsung Preparing For A Price War?

Samsung Electronics changing its approach to its memory chip business and focus on market share over profit margins and the industry will suffer, according to one analyst.

Bernstein Research’s senior analyst Mark C. Newman said that the competitive dynamic in the memory chip industry is not as good as we thought due to Samsung’s aggressive and opportunistic behavior. This is analyst speak for Samsung is engaging in a supply and price war with the other big names in the memory chip marking business – SK hynix and Micron.

“Rather than sit back and enjoy elevated profit margins with a 40 percent market share in DRAMs, Samsung is intent on stretching their share to closer to 50 percent,” he said.

Newman said the company is gaining significant market share in the NAND sector.

“Although Samsung cares about profits, their actions have been opportunistic and more aggressive than we predicted at the expense of laggards particularly Micron Technology in DRAMs and SK hynix in NANDs,” he said.

SK hynix is expected to suffer. “In NAND, we see Samsung continuing to stretch their lead in 3D NAND, which will put continued pressure on the rest of the field. SK hynix is one of the two obvious losers.”

Newman said that Samsung’s antics have destroyed the “level of trust” among competitors, perhaps “permanently,” as demand has dropped drastically with PC sales growth down to high single digits in 2015 with this year shaping up to be the same.

“Sales of smartphones, the main savior to memory demand growth have also weakened considerably to single digit growth this year and servers with datacenters are not strong enough to absorb the excess, particularly in DRAM,” Newman said.

He is worried that Samsung could create an oversupply in the industry.

“The oversupply issue is if anything only getting worse, with higher than normal inventories now an even bigger worry. Although we were right about the shrink slowing, thus reducing supply growth, the flip side of this trend is that capital spending and R&D costs are soaring thus putting a dent in memory cost declines,” he said.

China’s potential entry into the market and new technologies will provide further worries “over the longer term.”

“Today’s oversupply situation would become infinitely worse if and when China’s XMC ramps up big amounts of capacity. New memory technologies such as 3D X-point, ReRAM and MRAM stand on the sidelines and threaten to cannibalize part of the mainstream memory market,” he said.

Courtesy-Fud

Hospitals Should Brace For Surge In Ransomware Attacks

April 18, 2016 by  
Filed under Security

Comments Off on Hospitals Should Brace For Surge In Ransomware Attacks

U.S. hospitals should brace for a surge in “ransomware” attacks by cyber criminals who take computer networks hostage, then demand payment in return for unlocking them, a non-profit healthcare group warned on Friday.

The Health Information Trust Alliance conducted a study of some 30 mid-sized U.S. hospitals late last year and found that 52 percent of them were infected with malicious software, HITRUST Chief Executive Daniel Nutkis told Reuters.

The most common type of malware was ransomware, Nutkis said, which was present in 35 percent of the hospitals included in the study of network traffic conducted by security software maker Trend Micro Inc.

Ransomware is malicious software that locks up data in computers and leaves messages demanding payment to recover the data. Last month, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $17,000 to regain access to its systems.

This week, an attack on MedStar Health forced the largest healthcare provider in Washington, D.C., to shut down much of its computer network. The Baltimore Sun reported a ransom of $18,500 was sought. MedStar declined to comment.

HITRUST said it expects such attacks to become more frequent because ransomware has turned into a profitable business for cyber criminals.

The results of the study, which HITRUST has yet to share with the public, demonstrate that hackers have moved away from focusing on stealing patient data, Nutkis said.

“If stuff isn’t working, they move on. If stuff is working, they keep doing it,” said Nutkis. “Organizations that are paying have considered their options, and unfortunately they don’t have a lot of options.”

Extortion has become more popular with cyber criminals because it is seen as a way to generate fast money, said Larry Whiteside, a healthcare expert with cyber security firm Optiv.

Stealing healthcare data is far more labor intensive, requiring attackers to keep their presence in a victim’s network undetected for months as they steal data, then they need to find buyers, he added.

“With ransomware I’m going to get paid immediately,” Whiteside said.

Courtesy- http://www.thegurureview.net/aroundnet-category/hospitals-should-brace-for-surge-in-ransomware-attacks.html

Next Page »