Widely used WebEx plugin for Chrome will execute attack code

January 23, 2017 – 9:20 PM

The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit.

A combination of factors makes the vulnerabilities among the most severe in recent memory. First, WebEx is largely used in enterprise environments, which typically have the most to lose. Second, once a vulnerable user visits a site, it’s trivial for anyone with control of it to execute malicious code with little sign anything is amiss. The vulnerability and the resulting patch were disclosed in a blog post published Monday by Tavis Ormandy, a researcher with Google’s Project Zero security disclosure service.

All that’s required for a malicious or compromised website to exploit the vulnerability is to host a file or other resource that contains the string “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” in its URL. That’s a “magic” pattern the WebEx service uses to remotely start a meeting on visiting computers that have the Chrome extension installed. Ormandy discovered that any visited website can invoke the command not just to begin a WebEx session, but to execute any code or command of the attacker’s choice. To make the exploit more stealthy, the string can be loaded into an HTML-based iframe tag, preventing the visitor from ever seeing it.


Choosing a Strong Password in 2017

January 14, 2017 – 7:17 AM

Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.

If you value your privacy, you must learn how passwords work, how the attacks that attempt to break them work and finally how to choose a strong password that won’t break no matter what you throw at it.

Most people don’t have a proper system for managing passwords. They pick the easiest password that they can remember and probably reuse it in multiple places. In this tutorial we’ll take a look at why this needs to change and how to replace this ad hoc process with a secure and more convenient approach.


The worst passwords of 2016 are as lazy as ever

January 14, 2017 – 7:00 AM

It seems that password security simply doesn’t work.

Many of us rely on simple, easy-to-remember strings of characters and letters, including strings found on your keyboard such as “1234567” or “qwertyu.”

While these strings are easy for you to remember, they are also no trouble at all for attackers to brute-force hacking techniques — or little more than a guess or two — to compromise your online accounts and take over your digital identity.

Online vendors and agencies are getting up to speed with these practices and now often offer or require two-factor authentication which connects a mobile phone to your account — or will ban soft, easy passwords like this altogether.

But as many are, many are not — and it is both companies and individuals that are at fault for lax security at the first stage.

According to Keeper Security’s annual list of commonly used passwords, we still haven’t got the message.

The security company’s researchers were left shaking their heads in despair as they discovered that the most common passwords used to protect our accounts have not changed much at all — and “123456” is still very much in existence.

The company scoured through 10 million passwords which became public domain over the year thanks to data breaches.

Keeper Security found that almost 17 percent of users insisted on using “123456” to ‘protect’ their accounts from intrusion, while “123456789,” “qwerty” and “password” also make an appearance in the top 25 worst passwords found — which, sadly, are also the most common.


CERT advises users to ‘discontinue use’ of two Netgear routers due to major security flaw

December 10, 2016 – 7:32 PM

In a major setback for Netgear, it appears that at least two of its high-end routers may contain a severe security flaw according to an advisory issued by CERT.

The vulnerability itself is incredibly easy to leverage and simply relies upon accessing a specially crafted URL in the following format from the local network:

http://< router_IP >/cgi-bin/;COMMAND

The above will result in a command injection attack via the router’s web interface which will execute arbitrary commands with root privileges. Notably, the attack can be initiated remotely by an attacker who manages to fool a local user into clicking on a malicious URL hidden behind a shortened link. Otherwise, a nefarious user already on the local network can craft and visit a URL of their choice in order to achieve the same outcome.

So far, the two routers that have been confirmed to be susceptible to this vulnerability are:

  • Netgear R6400 with firmware version (and possibly earlier)
  • Netgear R7000 with firmware version (and possibly earlier)

While unconfirmed by CERT, one Reddit user indicated that their Netgear R8000 router was also affected by the flaw, which means that the list of impacted hardware may well expand over the coming days.


323,000 pieces of malware detected daily

December 8, 2016 – 5:37 AM

According to Kaspersky Lab, the number of new malware files detected by its products in 2016 increased to 323,000 per day. This is an increase of 13,000 from the amount in 2015, and a significant jump from the 70,000 files per day identified in 2011.

The number of cyberthreats appearing every day is now so big that it is impossible to process each one of them manually. That’s why automating the malware discovery and analysis process, in combination with human expertise, is the best approach when it comes to fighting modern cyber threats.

As a result, the Kaspersky Lab cloud malware database, includes discoveries by Astraea – a machine-learning based malware analysis system working inside the Kaspersky Lab infrastructure. Over a fifth of the malicious objects included in the cloud database were discovered and identified as malicious by Astraea. The database now carries a billion malicious objects, including viruses, Trojans, backdoors, ransomware, and advertisement applications and their components.

The percentage of malware discovered and added automatically to the Kaspersky Lab cloud database by Astraea has been growing steadily over the last five years: from 7.53 percent in 2012, to 40.5 percent in December 2016. The proportion is growing in line with the number of new malicious files discovered daily by Kaspersky Lab experts and detection systems. This has increased from 70,000 files per day in 2011 to 323,0001 per day in 2016.