now browsing by tag


The decade-ending “Y2K bug” that wasn’t – Naked Security

Source: National Cyber Security – Produced By Gregory Evans A curious Naked Security reader alerted us to what they thought might be a “Y2K-like bug” in Java’s date handling. The cause of the alarm was a Twitter thread that started with a headline tweet saying, “PSA: TIS THE SEASON TO CHECK YOUR FORMATTERS, PEOPLE.” PSA: […] View full post on AmIHackerProof.com

Intel asks #customers to #halt #patching for #chip #bug, citing #flaw

Source: National Cyber Security – Produced By Gregory Evans

Intel Corp (INTC.O) said on Monday that patches it released to address two high-profile security vulnerabilities in its chips are faulty, advising customers, computer makers and cloud providers to stop installing them.

Intel Executive Vice President Navin Shenoy disclosed the problem in a statement on the chipmaker’s website, saying that patches released after months of development caused computers to reboot more often than normal and other “unpredictable” behavior. 

“I apologize for any disruption this change in guidance may cause,” Shenoy said. “I assure you we are working around the clock to ensure we are addressing these issues.”

The issue of the faulty patches is separate from complaints by customers for weeks that the patches slow computer performance. Intel has said a typical home and business PC user should not see significant slowdowns.

Intel’s failure to provide a usable patch could cause businesses to postpone purchasing new computers, said IDC analyst Mario Morales.

Intel is ”still trying to get a handle on what’s really happening. They haven’t resolved the matter,” he said.

Intel asked technology providers to start testing a new version of the patches, which it began distributing on Saturday.

The warning came nearly three weeks after Intel confirmed on Jan. 3 that its chips were impacted by vulnerabilities known as Spectre and Meltdown, which make data on affected computers vulnerable to espionage.

Meltdown was specific to chips from Intel, as well as one from SoftBank Group Corp’s (9984.T) ARM Holdings. Spectre affected nearly every modern computing device, including ones with chips from Intel, ARM and Advanced Micro Devices Inc (AMD.O).

Problems with the patches have been growing since Intel on Jan. 11 said they were causing higher reboot rates in its older chips and then last week that the problem was affecting newer processors.

The post Intel asks #customers to #halt #patching for #chip #bug, citing #flaw appeared first on National Cyber Security .

View full post on National Cyber Security

Cyber #hacks driving ‘bug bounty’ #jobs and #programs in #corporate #America

Source: National Cyber Security News

If you have the skills to stop a cyber hacker in their tracks, you may soon be getting calls from recruiters trying to fill a new crop of jobs throughout corporate America.

Criminal data breaches are predicted to cost businesses a total of $8 trillion over the next four years, outstripping worldwide IT security spending, which is expected to be upwards of $120 billion by 2021, according to Gartner. Meanwhile, there is a shortage of talent, and an anticipated 1.8 million cybersecurity jobs will be unfilled by 2022, with millennials likely playing a big role as cited in a report from the Center for Cyber Education and Safety. These jobs will be in demand as the the number of reported cybersecurity incidents (which doubled between 2016 and 2017) continues to rise. Even with expert cybersecurity firms on retainer to improve overall cyber resilience, companies are struggling to stay ahead in the battle against malicious hackers.

To help close the gap, more businesses are turning to another kind of hacker: the ‘white hats’. Through carefully implemented bug bounty programs, organizations can crowdsource the expertise of security researchers to help identify vulnerabilities in exchange for money and recognition, and fix vulnerabilities before they can be exploited.

Read More….


View full post on National Cyber Security Ventures

Apple #HomeKit #bug made #smart locks #vulnerable to #hacking

Apple #HomeKit #bug made #smart locks #vulnerable to #hacking

The software bug in HomeKit can apparently allow bad actors to control accessories in smart homes.

Following the news of Apple’s recent security flaw in High Sierra OS for Macs, news has broken of a zero-day vulnerability in the firm’s HomeKit.

According to 9to5Mac, a flaw in the current version of iOS 11.2 could theoretically allow unauthorised individuals access to smart accessories such as smart locks and garage doors, using the home automation platform. 9to5Mac described the vulnerability as “difficult to reproduce” and said it also affected other smart accessories such as lights and thermostats.

The issue was not with the smart accessories, but with the HomeKit framework itself, which connects products from a broad range of companies together in a single interface. The details of the vulnerability itself are scant, but it required at least one iPhone or iPad running iOS 11.2 connected to the HomeKit user’s iCloud account.

Apple quick to remedy the HomeKit issue
Apple has released a temporary server-side fix that remedies the issue. On the user end, nothing needs to be done, but they will notice that the ‘remote access to shared users’ feature for HomeKit-connected devices has been disabled temporarily.

A full patch that completely solves the issue will arrive early next week along with the next iOS update.

The discovery of this vulnerability highlights existing concerns around smart home devices, and the general need for more robust protocols in terms of IoT, particularly in a domestic setting.

It also raises questions for Apple in terms of its own security-auditing process for its operating systems and products, especially considering its otherwise positive reputation as a technology vendor and innovator. Bugs are not uncommon in the development process but when it comes to home security, a certain level of trust is required in order to get customers on board.

More than 50 brands worldwide are compatible with HomeKit, including some models of Honeywell thermostats, the August smart lock and Chamberlain MyQ Home Bridge, a garage-door opener.

View full post on National Cyber Security Ventures

A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug

Source: National Cyber Security – Produced By Gregory Evans

A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.

The group is not your regular spam botnet, but a top cyber-criminal operation known to security researchers as Cobalt, a hacking outfit that has targeted banks, ATM networks, and financial institutions for the past two years.

CVE-2017-11882 used by Cobalt hacking group

According to Reversing Labs, a UK-based cyber-security firm, the Cobalt group is now spreading RTF documents to high-value targets that are laced with exploits that take advantage of CVE-2017-11882.

This is a vulnerability in the Office Equation Editor component that allows an attacker to execute code on victims’ computers without user interaction.

You don’t need a grizzled veteran of the infosec community to tell you that a vulnerability with such results would be incredibly valuable for any cyber-criminal organization.

Besides the damage this vulnerability can do, Cobalt’s quick adoption of CVE-2017-11882 was most likely aided by the availability of four proof of concept (PoC) exploits that have been published online in the past week [1, 2, 3, 4].

According to Reversing Labs, the Cobalt is currently sending emails laced with a booby-trapped RTF file that would utilize a CVE-2017-11882 exploit to download and run additional malicious files. The infection chain would go through multiple steps, but in the end, it would download and load a malicious DLL file that has yet to be analyzed in more depth.

Proofpoint Matthew Mesa also saw the same emails, but saw a slightly different exploitation chain.

Cobalt has jumped on Microsoft bugs before

As for the Cobalt group, they have a history of jumping on Microsoft bugs as soon as they’re disclosed and weaponizing them for their campaigns. The same thing happened with CVE-2017-8759, a remote code execution vulnerability that affected the .NET Framework, patched by Microsoft in the September 2017 Patch Tuesday.

Security firms first started documenting the Cobalt group in 2016, when it was spotted hitting ATMs and financial institutions across Europe. The group then spread to targets in the Americas, and later also targeted Russian banks, using the ex-Soviet space as a testing ground for new attacks, before it moved to more wealthy targets elsewhere.

The group’s most well-known malware family is Cobalt Strike, named after an eponymous commercial penetration testing software because it uses some of its components.

Patch now, before vulnerability is exploited en masse

As we’ve seen in the past, it doesn’t take too long for a vulnerability to trickle down from professional cyber-criminal groups to spam botnet herders once public PoCs are available.

Users should apply Windows updates KB2553204, KB3162047, KB4011276, and KB4011262, included in the November 2017 Patch Tuesday, to guard against CVE-2017-11882 exploitation.


The post A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps

Source: National Cyber Security – Produced By Gregory Evans

iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps

The cyber security community is still reeling after the revelation of the KRACK security vulnerability that breaks down Wi-Fi encryption. Now it seems another Wi-Fi-based bug has also been discovered.

Presented at the global Pwn2Own hacking contest in Tokyo, a team of researchers demonstrated how a separate Wi-Fi bug could be exploited to gain entry to iPhones and install malicious apps on them without the owners knowledge.

The details of the threat haven’t been made public yet as Apple hasn’t had time to patch the flaw. It’s discovery was enough to net the Tencent Keen Security Lab the top prize of $110,000.

The hacking contest is set up and run by the Zero Day Initiative, which seeks to find vulnerabilities in popular products and services and alert the manufacturers in time.

According to the official event page , the Tencent Keen Security Lab team used “code exectution through a WiFi bug” to escalate “privileges to persist through a reboot.” Effectively breaking through an iPhone’s lock screen through a Wi-Fi network.

The flaw will be relayed to Apple which could offer a software patch to close the gap.

“Once we verify the research presented is a true 0-day exploit, we immediately disclose the vulnerability to the vendor, who then has 90 days to release a fix,” explains the Zero Day Institute.

“Representatives from Apple, Google, and Huawei are all here and able to ask questions of the researchers if needed.

“At the end of the disclosure deadline, if a vendor is unresponsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigation in an effort to enable the defensive community to protect users.”

As ever, from a security standpoint it is always advisable to make sure your phone is running the latest OS version and you closely vet the permissions you give to certain apps.

The post iPhone #Wi-Fi #bug lets #hackers #hijack your #phone and #secretly install #malicious #apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures