Hacking as a Business Model...

Hello everybody! A 31 years old Israeli, Gery Shalon – from the Republic of Georgia who prosecutors said used aliases, fake passports and banking havens to turn hacking into the backbone of his criminal enterprise. Last July in Israel, Shalon and Orenstein were arrested and the U.S. is seeking their extradition to New York for trial. Shalon’s organisation was a conglomerate that allegedly ran illegal Internet casinos and elaborate pump-and-dump stock schemes, while dabbling in credit-card fraud and fake pharmaceuticals. His team ran Some of the biggest...

KeePass Looter: KeyFarce...

Hi all, An app that can steal passwords from the popular local storage vault KeePass was developed by a security researcher based in Auckland named Denis Andzakovic. The jeu de mots KeyFarce dumps the passwords to a file when the user has logged into their vault, allowing the attackers to steal it. This does not necessarily pose a threat for KeePass or other password managers but gives an advantage to hackers. Andzakovic published Keefarce to Github and the Full Disclosure mailing list, first noticed by Ars Technica “One of the main uses of the tool is for...

XSS Bug in Cisco’s Social Miner...

Hello everybody! Cisco just reported a kind of embarrassing bug in its SocialMiner 10.0(1) product- its WeChat page is open to cross-site scripting. It means if a support staff accidentally clicks on a malicious link without paying attention to what they receive, they could get tricked. SocialMiner is yet-another “brand management for social media” application. Basically if it sees an unfavourable comment or call for help about a brand on a social network, the software will send an alert to the organisation to respond. Preferably before anything looks like going...

Galaxy S6 Edge Had 11 Nasty Bugs...

Hi all, Google’s Project Zero team in Europe and the United States found 11 vulnerabilities in the Samsung Galaxy S6 Edge. This hacking experiments were focused on Samsung’s latest OEM product because of its popularity and the necessity to make it secure. The team included James Foreshaw, Natalie Silvanovich and Mark Brand and a few others Tamagotchi defiler Silvanovich showed that it is possible for attackers to forward Samsung emails to whatever address they please, own devices with media ala Stagefright, and pop phones with five memory corruption...

Commvault Backup and Whatnot...

Hi guys Users of the Commvault’s Edge Server have the chance to view and access their backups from mobile devices – a trick giving access to the webserver. Version 10 R2 of that server has a security hole: it “deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server’s privileges.” This is not going to happen by accident. This flaw has not being remediated and the only recommendation provided is “only allow connections from trusted hosts and networks”. This is not practical because one...

UK Law and Cyber-Spying...

Hello all, The Investigatory Powers Bill in the UK have left IT security experts confused. The draft of the internet surveillance law was introduced in the House of Commons. Home Secretary Theresa May stated that it is a break from measures in the ultimately unsuccessful Communications Data Bill of 2012. The draft law reads; “will not impose any additional requirements in relation to encryption over and above the existing obligations in RIPA [the Regulation of Investigatory Powers Act, 2000]” Under the RIPA regulation CSPs [communications service providers]...

What Is It About The Dyreza Malware?...

Hello everybody, Interested in looking into the technical aspects of Dyreza? Upatre (malware downloader) and Dyreza (credential stealer) is a malicious duet used in spam campaigns. Dyreza is a complex piece of malware and various samples come with various techniques but, the main features remain common. Dyreza is an eclectic malware, developed by professionals. It is clear that they are constantly working on quality – each new version carries some new ideas and improvements, making analysis harder. Analyzed samples ff3d706015b7b142ee0a8f0ad7ea2911 – Dyreza executable-...

Angler Exploit Kit Back in Action...

Hi guys, Angler Exploit Kit (EK) experienced a takedown recently but  is back in business now. On 30-October-2015, ThreatLabZ has noticed that a payload called Cryptowall 3.0 delivered through Angler EK has compromised a  Chinese government website. This compromise does not appear targeted and the compromised site was cleaned up within 24 hours. There are a few recent changes to Angler, including the inclusion of newer Flash exploits. The “Chuxiong Archives” website, www.cxda[.]gov.cn, was compromised with injected code. It looked similar to both Chuxiong...

Russian and Japanese Banks hit by new Ti...

Hi all The criminals behind the Tinba banking Trojan  are now focusing on larger banks in Russia and Japan. researchers with Dell SecureWorks have looked into an instance of malware last month and have found that the variant of the malware is targeting the biggest banks in Europe and and two popular payment service providers in Russia. Tinba aka Tiny Banker is a Trojan with a small code behind it and is used to pilfer banking credentials, passwords, and other information that’s later used to perpetrate wire, or Automated Clearing House (ACH) fraud. In October the...

PageFair customers tricked on Halloween!...

Hey guys, PageFair got hit by a Trojan masquerading as an Adobe Flash update on Halloween night and the company issued an apology. The PageFair CEO Sean Blanchfield published a series of posts after they discovered the attack. He said that the 83-minute long attack, affected 501 publishers of the company’s free analytics service. Online publishers are able to see how many of their visitors are blocking ads and there is an advertising system  that displays “adblock-friendly” ads to adblockers on PageFair. A Trojan named  adobe_flashplayer_7.exe  has...

Next Entries »