Sign up for our Technology Newsletter 
Dyreza Trojan Targeting Windows 10
An infectious banking trojan has been updated so that it supports financial mayhem on the freshly baked Windows 10 operating system and supporting Microsoft Edge browser.
Microsoft reckons that Windows 10 is installed on over 100 million machines, and this suggests prime picking for people who deploy banking trojans, not to mention the fact that most people will still be getting used to the software and its services and features.
The newest edition to the Windows 10 spectrum is a variant of the Zeus banking malware known as Dyreza. It is related to Dyre, a threat that we reported on earlier this year.
The warning at the time was that as many as one in 20 online banking users could be exposed to the threat, and things look as bad this time around. Heimdal Security said in a blog post that the malware has been strengthened in scale and capability.
“The info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers,” said the post.
“Moreover, the new Dyreza variant kills a series of processes linked to endpoint security software in order to make its infiltration in the system faster and more effective.”
The threat already has a footprint, and the people behind it have increased it. Heimdal said that, once Dyreza is done with your bank account, it will move you into position on a botnet. The firm estimates that this botnet is currently 80,000-strong.
“By adding support for Windows 10, the Dyreza malware creators have cleared their way to growing the number of infected PCs in their botnet. This financial trojan doesn’t only drain the infected computers of valuable data, it binds them into botnets,” said Heimdal.
Source- http://www.thegurureview.net/computing-category/dyreza-trojan-appears-to-be-targeting-windows-10.html
Apple Removes Data Spying Apps From Store
October 21, 2015 by admin
Filed under Consumer Electronics
Comments Off on Apple Removes Data Spying Apps From Store
Apple has removed several apps from its store that it said could pose a security risk by exposing a person’s Web traffic to untrusted sources.
The company recommended deleting the apps but did not name them, which may make it hard for people to know which apps put their data at risk.
The apps in question installed their own digital certificates on a person’s Apple mobile device. It would enable the apps to terminate an encrypted connection between a device and a service and view the traffic, which is a potential security risk.
Most websites and many apps use SSL/TLS (Secure Socket Layer/Transport Security Layer), a protocol that encrypts data traffic exchanged with a user. SSL/TLS is a cornerstone of Web security, ensuring data traffic that is intercepted is unreadable.
It is possible in some cases to interfere with an encrypted connection. Many enterprises that want to analyze encrypted traffic for security reasons will use SSL proxies to terminate a session at the edge of their network and initiate a new one with their own digital certificate, allowing them to inspect traffic for malicious behavior.
In that scenario, employees would likely be more aware or expect that kind of monitoring. But people downloading something from the App Store probably would have no idea of the access granted to their sensitive data traffic.
Apple checks applications to ensure that malicious ones are not offered in its store. Those checks are in large part the reason why Apple has had fewer problems with malicious mobile applications in its store.
Installing digital certificates isn’t itself a malicious action per se, but Apple may be concerned that users are not fully aware of the consequences of allowing an app to do so.
Source-http://www.thegurureview.net/aroundnet-category/apple-removes-data-spying-apps-from-store.html
Is The Shifu Trojan Wreaking Havoc In Japan?
Comments Off on Is The Shifu Trojan Wreaking Havoc In Japan?
Security research has found a banking trojan called Shifu that is going after Japanese financial firms in a big way.
Shifu is described as “masterful” by IBM X-Force, and is named after the Japanese word for thief, according to the firm. It is also the Chinese word for skilled person, or tutor.
X-Force said in a blog post that the malware has been active since the early summer, and comprises a number of known tools like Dyre, Zeus and Dridex. It has been put together by people who know what they are doing, and sounds like a significant problem for the 20 institutions it is targeting.
“The Shifu trojan may be a new beast, but its inner workings are not entirely unfamiliar. The malware relies on a few tried-and-true trojan mechanisms from other infamous crimeware codes,” said the IBM researchers.
“It appears that Shifu’s internal makeup was composed by savvy developers who are quite familiar with other banking malware, dressing Shifu with selected features from the more nefarious of the bunch.”
The Shifu package offers a range of attack features as well as clean-up tools to cover its tracks. It reads like a Now that’s what I call … recent attacks compilation CD, and has some oldies but baddies.
“Shifu wipes the local System Restore point on infected machines in a similar way to the Conficker worm, which was popular in 2009,” added the firm as one example.
The package can wreak havoc on companies and their users. If we had a bucket of damp sand we would pour it all over Shifu and stamp on it.
“This trojan steals a large variety of information that victims use for authentication purposes. For example, it keylogs passwords, grabs credentials that users key into HTTP form data, steals private certificates and scrapes external authentication tokens used by some banking applications,” said IBM.
“These elements enable Shifu’s operators to use confidential user credentials and take over bank accounts held with a large variety of financial service providers.
“Shifu’s developers could be Russian speakers or native to countries in the former Soviet Union. It is also possible that the actual authors are obfuscating their true origin, throwing researchers off by implicating an allegedly common source of cybercrime.”
Source-http://www.thegurureview.net/computing-category/is-the-shifu-trojan-wreaking-havoc-in-japan.html
Criminals Remotely Erasing Smartphone Data
Comments Off on Criminals Remotely Erasing Smartphone Data
Smartphones taken as evidence by police in the UK are being wiped remotely by crooks in order to remove potentially incriminating data, an investigation has uncovered.
Dorset police told the BBC that six devices were wiped within the space of a year while they were being kept in police custody, and Cambridgeshire, Derbyshire, Nottingham and Durham police also confirmed similar incidents.
The technology being used was originally designed to allow device owners to remove sensitive data from phones or tablets if they are lost or stolen.
“We have cases where phones get seized, and they are not necessarily taken from an arrested person, but we don’t know the details of these cases as there is not a reason to keep records of this,” a spokeswoman for Dorset police told the BBC.
A spokeswoman for Derbyshire police also confirmed one incident of a device being remotely wiped while in police custody.
“We can’t share many details about it, but the case concerned romance fraud, and a phone involved with the investigation was remotely wiped,” she said. “It did not impact upon the investigation, and we went on to secure a conviction.”
Software that enables this remote wiping has been available from a variety of security firms for some time now.
For example, BitDefender announced a product a while back intended to track lost or stolen Android devices. Not only did it allow users to connect remotely and ‘wipe’ data from a web profile via the internet, but to activate commands with text messages.
Pen Test Partners’ digital forensics expert, Ken Munro, said it is common practice to immediately put devices that are seized as evidence into a radio-frequency shielded bag to prevent any signals getting through and stop remote wipes.
“If we can’t get to the scene within an hour, we tell the client to pop it in a microwave oven,” he said. “The microwave is reasonably effective as a shield against mobile or tablet signals – just don’t turn it on.”
OpenSSL Gets Updated
OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.
While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.
Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.
Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.
OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.
While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.
Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.
Many Websites Still Exposed
The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.
On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.
Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.
Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.
The bug had been introduced in OpenSSL in late 2011.
Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.
The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.
The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.
While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.
Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.
Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.
Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.
Heartbleed Hits Oracle
Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.
However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.
Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.
Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.
Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.
Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.
Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.
Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.
The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.
A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.
Can Android Fight Cyber Threats With A.I.?
February 5, 2014 by admin
Filed under Smartphones
Comments Off on Can Android Fight Cyber Threats With A.I.?
A security firm called Zimperium has launched mobile software that learns from smartphones to fend off malicious cyber attacks.
Claiming to be the first security software to be powered by artificial intelligence (AI), the app is called zIPS, with the “IPS” standing for “intrusion prevention system”. The aim of the AI is to better spot malware before it causes harm or spreads to other devices.
The zIPS software works whether the smartphone is offline or online and can protect against malicious apps, such as those that can self-modify, and network attacks like a “man in the middle” attack where a hacker intercepts data being sent between one user and another.
“With zIPS, corporations will now have the opportunity to use [bring your own device] as an advantage to their security. zIPS is the first security solution that can combat modern cyber-attacks on mobile,” said Zimperium’s founder and CEO Zuk Avraham. “There is already evidence of attacks that are happening to infiltrate organisations, which only zIPS can prevent.”
Prior to working on the Android app, Avraham worked as a security researcher for the Israeli Defense Forces and Samsung electronics before setting up Zimperium in response to what he thinks is a poor selection of good mobile security software.
According to MIT Technology Review, Zimperium said that there have as yet been no programs that can detect, notify and protect against cyber attacks deployed through mobile devices.
The zIPS Android app has arrived in the Google Play store for all Android devices at a time when malware on Android is at an all time high.
Last year, Trend Micro warned that Google’s Android mobile operating system is so beset by cyber criminals creating malicious apps that the malware was on track to hit the million mark before the end of 2013.
The firm said that this was attributable to hackers seeking to exploit Android’s growing global user base.
Google Updates It’s SSL Certificate
Google has announced plans to upgrade its Secure Sockets Layer (SSL) certificates to 2048-bit keys by the end of 2013 to strengthen its SSL implementation.
Announcing the news on a blog post today, Google’s director of information security engineering Stephen McHenry said it will begin switching to the new 2048-bit certificates on 1 August to ensure adequate time for a careful rollout before the end of the year.
“We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key,” McHenry said.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications. This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.”
McHenry advised that for a smooth upgrade, client software that makes SSL connections to Google, for example, HTTPS must: “perform normal validation of the certificate chain; include a properly extensive set of root certificates contained […]; and support Subject Alternative Names (SANs)”.
He also recommended that clients support the Server Name Indication (SNI) extension because they might need to make an extra API call to set the hostname on an SSL connection.
He pointed out some of the problems that the change might trigger, and pointed to a FAQ addressing certificate changes, as well as instructions for developers on how to adapt to certificate changes.
F-secure’s security researcher Sean Sullivan advised, “By updating its SSL standards, Google will make it easier to spot forged certificates.
“Certificate authorities have been abused and/or hacked in the past. I imagine it will be more difficult to forge one of these upgraded certs. Therefore, users can have more confidence.”
Apple Blasted For Not Blocking Stolen Certificates
Comments Off on Apple Blasted For Not Blocking Stolen Certificates
A security researcher blasted Apple for what he called “foot dragging” over the DigiNotar certificate fiasco, and urged the company to act fast to update Mac OS X to protect users.
“We’re looking at some very serious issues [about trust on the Web] and it doesn’t help matters when Apple is dragging its feet,” said Paul Henry, a security and forensics analyst with Arizona-based Lumension.
Unlike Microsoft, which updated Windows Tuesday to block all SSL (secure socket layer) certificates issued by DigiNotar, Apple has not updated Mac OS X to do the same.
DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website’s identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for weeks.
Because almost all the people who were routed to a site secured with one of the stolen certificates were from Iran, many experts suspect that the DigiNotar hack was sponsored or encouraged by the Iranian government, which could use them to spy on its citizens.
Microsoft isn’t the only software maker to block all DigiNotar certificates: Google, Mozilla and Opera have also issued new versions of their browsers — Chrome, Firefox and Opera — to completely, or in Opera’s case, partially prevent users from reaching websites secured with a DigiNotar certificate.
Users of Safari on Mac OS X, however, remain at risk to possible “man-in-the-middle” attacks based on the fraudulently obtained certificates.
Because Safari relies on the underlying operating system to tell it which certificates have been revoked or banned entirely, Apple must update Mac OS X. The Windows edition of Safari, which has a negligible share of the browser market, taps Windows’ certificate list: That version is safe to use once Microsoft’s Tuesday patch is applied.