Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

A Busy Day for the Security Arena Filled with Acquisitions & A Newly Filed IPO

March 2, 2015, 12:43 pm
$
0
0
Proofpoint Signs Definitive Agreement to Acquire Emerging Threats; Enhances Threat Intelligence, Detection and Response
more here.........http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=899160

HP to Acquire Aruba Networks to Create an Industry Leader in Enterprise Mobility
more here............http://www8.hp.com/us/en/hp-news/press-release.html?id=1923193#.VPTKVfnF-So


Veracode files for IPO
more here..........http://fortune.com/2015/03/02/exclusive-veracode-files-for-ipo/
Search

Paper: SCRIPT IN A LOSSY STREAM

March 2, 2015, 2:13 pm
$
0
0
Some years ago, developers of exploit kits began to use
malformed PDF fi les as attack vectors for malicious
drive-by downloads, usually by exploiting vulnerabilities
present in viewer applications. Detections were duly added to
AV products and as a result, the generated PDF fi les became
increasingly obfuscated as malware attempted to circumvent
the scanners.
Typically, advantage was taken of the wide range of fi lters
that are provided by the PDF specifi cation for streams
in a document. Besides the various text encodings and
common data compressors such as Defl ate and LZW, even
image compressors such as CCITTFaxDecode [1] and
JBIG2Decode [2] were seen storing payloads in the wild – all
due to the fact that a binary stream can usually be interpreted
as raw image data

more here...........https://www.virusbtn.com/pdf/magazine/2015/vb201503-lossy.pdf

How do you "do" analysis?

March 2, 2015, 4:50 pm
$
0
0
Everybody remembers "The Matrix", right?  So, you're probably wondering what the image to the right has to do with this article, particularly given the title.  Well, that's easy...this post is about employing various data sources and analysis techniques, and pivoting in order to add context and achieve a greater level of detail in your analysis.  Sticking with just one analysis technique or process, much like simply trying to walk straight through the building lobby to rescue Morpheus, would not have worked.  In order to succeed, Neo and Trinity had to pivot and mutually support each other in order to achieve their collective goal.  So...quite the metaphor for a blog post that involves pivoting, eh?


more here..........http://windowsir.blogspot.com/2015/03/how-do-you-do-analysis.html

Nuke-IOS (beta)

March 2, 2015, 4:52 pm
$
0
0
Automated ARP poisoning script for IOS

Just an auditing tool to test ARP attacks, can easily be avoided using Static-ARP entries on hosts or with AP isolation.

more here.........https://github.com/matheuslive/Nuke-IOS

The Next Shady TLD: .kim

March 2, 2015, 4:54 pm
$
0
0
Last month, we recommended that customers consider blocking the entire ".country" top level domain (TLD) space, due to the fact that it appeared to be entirely devoted to shady stuff -- mostly a big scam network. That recommendation remains in place: looking back at the Top 40 .country sites in the last seven days, only about 10 of them appear to be legitimate.

more here..........https://www.bluecoat.com/security-blog/2015-03-02/next-shady-tld-kim

Hacking the Linux kernel — Basics and address juggling

March 2, 2015, 4:56 pm
$
0
0
Lately I have come to the point where I had to ask myself: How is this kernel thing really working. After some days of thinking about what could I implement there no idea has come up. (Ok, ok there was: a simple kernel network package filter) I decided to take the vicious way: A kernel module which should be able to hide himself from seen from inside the system + a remote shell started by a magic packet.

In this post I’m going to explain the basics of kernel modules and how to hook the sys_newuname function without the use of the sys_call_table

more here..........http://none.io/posts/2015-02-28-Hacking-the-Linux-kernel-%E2%80%94-Basics-and-address-juggling.html

Ads Gone Bad

March 2, 2015, 4:58 pm
$
0
0
FireEye Labs tracks malvertising activity and recently discovered hundreds of sites that may have been exposed to malvertisements via abuse of ad networks that use real-time bidding (RTB).

Since February 4, 2015, FireEye Labs has seen over 1,700 advertiser RTB requests that resulted in downloading of malicious SWF files. We believe this activity is part of an active malvertising operation.

more here.........https://www.fireeye.com/blog/threat-research/2015/03/ads_gone_bad.html

Samba _netr_ServerPasswordSet Expoitability Analysis

March 2, 2015, 4:59 pm
$
0
0
tl;dr

This is my analysis of the recent pre-auth Samba remote tracked by CVE-2015-0240[1]. It doesn’t appear to be very exploitable to me, but I’d love to be proven wrong.

Note that since the time when I originally did this analysis someone has released their own PoC and analysis [8] showing why they don’t think it’s exploitable on 32-bit.

more here........https://www.nccgroup.com/en/blog/2015/03/samba-_netr_serverpasswordset-expoitability-analysis/
Search

How Apple Pay Can Make Credit Card Fraud Easier

March 3, 2015, 2:31 am
$
0
0
First things first—and let's make this very clear—Apple Pay has not been hacked.

It does, however, appear that Apple's introduction of the contactless payment system has helped some scammers commit credit card fraud.

more here.........http://www.intego.com/mac-security-blog/how-apple-pay-can-make-credit-card-fraud-easier/

LogPOS - New Point of Sale Malware Using Mailslots

March 3, 2015, 2:33 am
$
0
0
There has been an explosion in POS malware in the last year.  At Morphick, Jeremy Humble and I found 2 undiscovered families in 2014 and we just found our first new family of 2015.  This new malware which we're calling LogPOS has several notable differences from recent POS malware.

more here........http://morphick.net/blog/2015/2/27/mailslot-pos

senseye- Dynamic Visual Debugging / Reverse Engineering Toolsuite

March 3, 2015, 2:35 am
$
0
0
Senseye is a dynamic visual binary analysis and debugging tool intended to assist in monitoring, analysing and grasping large data feeds e.g. static files, dynamic streams and live memory.

more here........https://github.com/letoram/senseye

Security Advisory -- And how to catch integer overflows with template metaprogramming

March 3, 2015, 2:38 am
$
0
0
A few days ago, the first major security bugs were found in Cap’n Proto C++ – two by security guru Ben Laurie and one by myself

more here.........https://capnproto.org/news/2015-03-02-security-advisory-and-integer-overflow-protection.html

Dropbox Accesses All The Files in Your PC (Not Just Sync Folder) and Steals Everything

March 3, 2015, 2:44 am
$
0
0
I've heard a lot about Dropbox until now. They were not so interesting but a little controversial. But now, I have discovered something quite striking. Dropbox syncs not only its own folder but also everything in local drive (C:) without any user consent or permission. I caught it red-handed while working with my DLP (data loss prevention) endpoint agent that I adjust DLP system to work properly on production environment.

more here.......http://www.e-siber.com/guvenlik/dropbox-accesses-all-the-files-in-your-pc-not-just-sync-folder-and-steals-everything/

Paper: ARMlock: Hardware-based Fault Isolation for ARM

March 3, 2015, 2:49 am
$
0
0
Software fault isolation (SFI) is an effective mechanism to confine
untrusted modules inside isolated domains to protect their host applications.
Since its debut, researchers have proposed different SFI
systems for many purposes such as safe execution of untrusted native
browser plugins. However, most of these systems focus on the
x86 architecture. In recent years, ARM has become the dominant
architecture for mobile devices and gains in popularity in data centers.
Hence there is a compelling need for an efficient SFI system
for the ARM architecture. Unfortunately, existing systems either
have prohibitively high performance overhead or place various limitations
on the memory layout and instructions of untrusted modules.
In this paper, we propose ARMlock, a hardware-based fault isolation
for ARM. It uniquely leverages the memory domain support
in ARM processors to create multiple sandboxes. Memory accesses
by the untrusted module (including read, write, and execution) are
strictly confined by the hardware, and instructions running inside
the sandbox execute at the same speed as those outside it. ARMlock
imposes virtually no structural constraints on untrusted modules.
For example, they can use self-modifying code, receive exceptions,
and make system calls. Moreover, system calls can be
interposed by ARMlock to enforce the policies set by the host. We
have implemented a prototype of ARMlock for Linux that supports
the popular ARMv6 and ARMv7 sub-architecture. Our security
assessment and performance measurement show that ARMlock is
practical, effective, and efficient.

more here.........http://www.yajin.org/papers/ccs14_armlock.pdf

Cryptolocker delivered by "fax" still as bad as ever

March 3, 2015, 3:00 am
$
0
0
Ransomware arrived in one of the email honeypot accounts last week, disguised using the well-worn electronic fax "Incoming Fax Report" trope. We don't usually see this kind of malware arrive as a direct delivery; Typically, ransomware arrives as a payload delivered by some other piece of malware, or an exploit kit.

more here........https://www.bluecoat.com/security-blog/2015-03-02/cryptolocker-delivered-fax-still-bad-ever
Search

Return of the Masque Attack

March 3, 2015, 3:01 am
$
0
0
Late last year, Lacoon published its insights on two related iOS threats. Wirelurker, one of the first significant malwares to affect non-jailbroken devices, and Masque Attack, the actual vulnerability in iOS that Wirelurker exploits, proved a lethal combination. This post discusses Lacoon’s insights on another aspect of the original Masque Attack, URL Scheme Hijacking.

Masque Attack is unique and particularly dangerous because it takes advantage of a security flaw in iOS that allows an app to be replaced by another app of same Bundle ID – regardless of the developer.

more here.......https://www.lacoon.com/return-masque-attack/

Hillary Clinton used personal email for government business, putting security at risk

March 3, 2015, 6:59 am
$
0
0
The New York Times has published claims that Hillary Clinton did not have a government email address throughout her four-year tenure at the US State Department, but instead used a personal email address.
The use of a private email account is likely to get Clinton, who is widely tipped to be the next Democratic presidential candidate, into some hot water.

more here......http://www.welivesecurity.com/2015/03/03/hillary-clinton-personal-email-security/

PostgreSQL Pass­The­Hash protocol design weakness

March 3, 2015, 7:26 am
$
0
0
The PostgreSQL Challenge­Response Authentication using the AUTH_REQ_MD5 method or
simply configuring "md5" as the Host Based Authentication (HBA) in pg_hba.conf is the
default setting on many linux distributions as well as recommended in the default
configuration on github:METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that "password" sends passwords in clear text; "md5" is preferred since it sends encrypted passwords. It has a severe protocol design weakness. The weakness we have found here, and that we can demonstrate with a proof of concept (POC) code, is also known as a pass­the­hash (PTH) vulnerability [1].

more here.........https://hashcat.net/misc/postgres-pth/postgres-pth.pdf


Proof of Concepts on the following links:
https://hashcat.net/misc/postgres-pth/postgresql_diff_clean.txt
https://hashcat.net/misc/postgres-pth/postgresql_diff_minimal.txt

MongDB phpMoAdmin GUI Tool Zero Day Vulnerability Puts Websites at Risk

March 3, 2015, 11:13 am
$
0
0
About two weeks back, over 40,000 organizations running MongoDB were found unprotected and vulnerable to hackers. Now, once again the users of MongoDB database are at risk because of a critical zero-day vulnerability making rounds in underground market.

more here.......http://thehackernews.com/2015/03/phpMoAdmin-mongoDB-exploit.html

SMACK: State Machine AttaCKs

March 3, 2015, 11:23 am
$
0
0
Implementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes and key exchange methods, where each combination may prescribe a different message sequence between the client and the server. We address the problem of designing a robust composite state machine that can correctly multiplex between these different protocol modes.

We systematically test popular open-source TLS implementations for state machine bugs and discover several new critical security vulnerabilities that have lain hidden in these libraries for years.

This page presents exploits and disclosure information related to these attacks.

more here........https://www.smacktls.com/
Viewing all 8064 articles
Browse latest View live
Search