5.3 billion devices at risk for invisible, infectious Bluetooth attack

September 12, 2017 – 4:16 PM

What spreads through the air, is invisible to users, and requires no user interaction— no clicking, no pairing, no downloading, not even turning on discoverable mode— but could bring the hurt to billions of devices? It’s an attack vector dubbed Blueborne. Researchers revealed eight different bugs that affect the Bluetooth of more than 5.3 billion devices, including Android, Windows, Linux and iOS.

IoT security company Armis warned that all it takes is having Bluetooth on, and within 10 seconds, your device could be pwned from 32 feet away. And it’s wormable, a regular walking worm, meaning one infected device could spread it to others. While that already sound ominous, Armis gave a scenario that included the infection spreading ransomware from Bluetooth-enabled device to device.

The flaws are not in the Bluetooth protocol, but in the stacks — the Bluetooth implementations. The researchers discovered four of the flaws in Android’s Bluetooth stacks, one in Windows, one in iOS and two in Linux. They are not just talking about desktops, laptops and phones; Armis warned that Bluetooth “is used by devices of all kinds, from regular computers and mobile devices to IoT devices such as TVs, watches, cars and even medical appliances.”

Source:
https://www.csoonline.com/article/3224365/security/53-billion-devices-at-risk-for-invisible-infectious-bluetooth-attack.html

Chrome 63 notifies you of Man-in-the-Middle issues

September 11, 2017 – 6:36 AM

Google plans to launch a new security feature in the upcoming Chrome 63 browser that notifies users about Man-in-the-Middle (MITM) issues.

MITM is best known as a method to attack user systems by intercepting and manipulating traffic. Many security programs with firewall and browsing components do use similar functionality to inspect encrypted traffic.

The security feature that will launch in Chrome 63 displays a notification to users if (legitimate) security software causes issues on the system because of its interference with encrypted SSL traffic.

Source:
https://www.ghacks.net/2017/09/11/chrome-63-notifies-you-of-man-in-the-middle-issues/

Researcher discloses 10 D-Link zero-day router flaws

September 11, 2017 – 6:33 AM

When a zero-day vulnerability becomes public, of which by its nature no patches or fixes are available at the time, one is enough for vendors to come to terms with in order to rapidly devise a solution.

D-Link now has 10 such previously-unknown bugs on its plate to fix.

Last week, security researcher Pierre Kim chose to publicly disclose his findings related to D-Link 850L routers due to “difficulties” working with the vendor on a coordinated disclosure.

In a blog post, Kim said the flaws were found in the D-Link 850L, a wireless AC1200 dual-band gigabit cloud router, which also enables users to use Mydlink Cloud Services to access their home networks remotely.

Kim describes the product as a “router overall badly designed with a lot of vulnerabilities,” and says that he was able to compromise everything, from the LAN to the WAN, as well as the custom MyDlink cloud protocol.

Source:
http://www.zdnet.com/article/10-d-link-zero-day-router-flaws-exposed/

Expired domain names and malvertising

September 5, 2017 – 4:17 PM

In Q1 and Q2 of 2017, we noticed a sharp decline in drive-by downloads coming from compromised websites. The campaigns of the past are either gone (Pseudo Darkleech) or have changed focus (EITest using social engineering techniques).

Malvertising – which has remained steady and is currently the main driving force behind some of the most common malware and scam distribution operations- not only stems from various publishers but also from ‘abandoned’ websites. Those related domains once served a legitimate purpose but were never renewed by their owners and fell into the hands of actors looking to make a quick profit using questionable practices.

In this post, we take a look at how malicious redirections from expired domains work and what kind of traffic they lead to.

The life, death, and resurrection of a domain name

Most issues when it comes to web security don’t usually come from the platforms themselves but from the people that run them or from properties that have simply been relinquished. The folks over at Sucuri have written about this extensively and in a recent post, they showed how expired domains and outdated plugins in popular CMS were a deadly mix, resulting in malicious redirects.

Source:
https://blog.malwarebytes.com/threat-analysis/2017/09/expired-domain-names-and-malvertising/

Hardcoded Credentials Expose Customers of AT&T U-Verse

September 1, 2017 – 6:30 PM

On August 31, 2017, Nomotion released five vulnerabilities for two Arris modems used by AT&T U-Verse customers in the US. The vulnerabilities are of the following types:

The hardcoded credentials give attackers access to the device via SSH or HTTP/HTTPS. On certain devices, when logged into the modem, the attacker can then leverage the authenticated command injection vulnerabilities to get a root shell. This vulnerability is especially bad for users whose devices are exposed to the internet.

The firewall bypass vulnerability is particularly worrisome. After successfully gathering the list of hosts behind the firewall using the port 61001 information exposure, an unauthenticated remote attacker can then connect to any device behind the firewall by using the firewall bypass. Effectively opening the internal network to attack.

Source:
https://www.tenable.com/blog/hardcoded-credentials-expose-customers-of-att-u-verse

Page 2 of 35112345...102030...Last »