flaw

now browsing by tag

 
 

Mobile #networks #investigate flaw that leaves #4G #customers open to #hacking

Source: National Cyber Security News

Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol that could be exploited to spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and even knock devices entirely offline.
A new research paper [PDF] recently published by researchers at Purdue University and the University of Iowa details 10 new cyber attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals.
The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

Unlike many previous research, these aren’t just theoretical attacks. The researchers employed a systematic model-based adversarial testing approach, which they called LTEInspector, and were able to test 8 of the 10 attacks in a real testbed using SIM cards from four large US carriers.

Authentication Synchronization Failure Attack
Traceability Attack
Numb Attack
Authentication Relay Attack
Detach/Downgrade Attack
Paging Channel Hijacking Attack
Stealthy Kicking-off Attack
Panic Attack
Energy Depletion Attack
Linkability Attack

Among the above-listed attacks, researchers consider an authentication relay attack is particularly worrying, as it lets an attacker connect to a 4G LTE network by impersonating a victim’s phone number without any legitimate credentials.

This attack could not only allow a hacker to compromise the cellular network to read incoming and outgoing messages of the victims but also frame someone else for the crime.

Read More….

advertisement:

View full post on National Cyber Security Ventures

White House increases #transparency around #cybersecurity flaw #disclosure

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Dive Brief: The White House released the charter for the Vulnerabilities Equities Process (VEP), an interagency operation assessing whether the federal government should disclose cyber vulnerabilities it finds to vendors of a technology or whether it should “restrict” the finding in light of national security or law […] View full post on AmIHackerProof.com | Can You Be Hacked?

A DEEP FLAW IN YOUR CAR LETS HACKERS SHUT DOWN SAFETY FEATURES

Source: National Cyber Security – Produced By Gregory Evans

SINCE TWO SECURITY researchers showed they could hijack a moving Jeep on a highway three years ago, both automakers and the cybersecurity industry have accepted that connected cars are as vulnerable to hacking as anything else linked to the internet. But one new car-hacking trick illustrates that while awareness helps,…

The post A DEEP FLAW IN YOUR CAR LETS HACKERS SHUT DOWN SAFETY FEATURES appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers plunder bank accounts via SS7 TFA flaw – risk known ‘for years’

Source: National Cyber Security – Produced By Gregory Evans

Hackers plunder bank accounts via SS7 TFA flaw – risk known ‘for years’

According to reports by German Newspaper Suddeutsche Zeitung, the telco said that some of its customers had money taken out of the bank accounts using a two-part attack that exploits vulnerabilities in the Signalling System 7 protocol. This is a protocol that allows telecoms companies to send text messages from one network to another. It also allows users to make …

The post Hackers plunder bank accounts via SS7 TFA flaw – risk known ‘for years’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says

Source: National Cyber Security – Produced By Gregory Evans

Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says

Hackers allegedly linked to the Iranian government launched a digital espionage operation this month against more than 250 different Israel-based targets by using a recently disclosed and widely exploited Microsoft Word vulnerability, cybersecurity experts tell CyberScoop.

The hacking group, dubbed OilRig by security researchers and believed to be tied to Iranian intelligence services, utilized a software flaw in Word officially known as CVE-2017-0199 that allows attackers to execute a remote computer intrusion to take full control of a target device while leaving little or no trace, said Michael Gorelik, vice president of Israeli security firm Morphisec.

Over the last month, Morphisec has investigated the incident on behalf of multiple victims. Clients showed forensic evidence on their respective networks that could be linked back to OilRig. After its disclosure in March, CVE-2017-0199 was quickly exploited by nation-states and cybercriminals alike.

John Hultquist, ‎Director of Cyber Espionage Analysis at iSIGHT Partners, confirmed Morphisec’s findings.

“We have recently seen these actors and [other] cyber espionage actors targeting Asia adopt CVE-2017-0199. The vulnerability was a proliferation issue before it was patched, and remains one now,” said Hultquist.

OilRig has been around since at least 2015, according to numerous security industry experts who have watched the group target Israeli networks repeatedly and with varying tactics.

To exploit the Microsoft Word vulnerability, a target must open or preview an infected Microsoft Office or WordPad file, which OilRig sent out in large numbers to hundreds of Israeli-based targets, including government agencies and officials. When opened, the attachment designed by OilRig would download the Hanictor trojan, a variant of fileless malware capable of bypassing most security and anti-virus protections.

CVE-2017-0199 was patched earlier this month by Microsoft after an extraordinary nine-month delay from when it was initially communicated to the company privately. Getting the vast ecosystem of Microsoft users to patch machines is a slow and unreliable process, however, so many often remain vulnerable after a patch is published.

Point of initial contact

“The OilRig campaign is a multi-stage kill chain meant to burrow into Israeli critical defense infrastructure,” said Tom Kellermann, CEO of D.C.-based venture capital firm Strategic Cyber Ventures. Kellerman is a major investor in TrapX, another cybersecurity firm that also detected and helped clients defend against the Iranian cyberattack.

The beginnings of the Iranian operation are believed to have started with a series of phishing emails sent to Ben Gurion University employees although it quickly expanded to include various Israeli technology and medical companies. Ben Gurion University is home to Israel’s Cyber Security Research Center, a scientific institute that develops sophisticated cyber capabilities.

Gorelik said an investigation is ongoing to better understand the full scope of damage caused by the hackers. His firm, Morphisec, posted technical analysis of the attack on Thursday morning.

Investigators were able to identify a series of command and control servers activated by the hackers on April 16, which were subsequently used to launch the offensive cyber operation, according to a notification published Wednesday by Israel’s Computer Emergency Response Team. The first round of phishing emails were sent on April 19 and the last came on April 24. The malware-laden emails carried subject lines relating to nonexistent “resumes, exams and holiday plans,” said Gorelik.

Exploiting CVE-2017-0199 enables an attacker to download and execute a Visual Basic script containing PowerShell commands whenever a vulnerable user opens a document containing an embedded exploit, according to American cybersecurity firm FireEye. Malware payloads executed after the exploit can come from all manner of malware families.

FireEye previously found that various hackers — including both governments and cybercriminals — were using the same CVE-2017-0199 vulnerability to breach a wide array of different victims.

On April 11, researchers at FireEye described an attack exploiting CVE-2017-0199 this way:

A threat actor emails a Microsoft Word document to a targeted user with an embedded OLE2 embedded link object
When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious HTA file
The file returned by the server is a fake RTF file with an embedded malicious script
Winword.exe looks up the file handler for application/hta through a COM object, which causes the Microsoft HTA application (mshta.exe) to load and execute the malicious script
“This kind of vulnerability is very rare,” Gorelik said. “There has been progress from this group. This is one of the more advanced fileless campaigns I’ve seen. It was a targeted, large campaign using quite a big infrastructure. It’s fileless, so it’s very hard to detect. They regenerated signatures on the endpoint each and every time for the trojan so it’s very hard to remediate, identify or remove it.

He added, “this Iranian group is quite advanced I would say.”

The Iran-backed espionage campaign was first revealed in broad terms Wednesday through a vague press announcement issued by the Prime Minister’s Office, claiming that Israel’s newly formed Cyber Defense Authority helped to thwart the attack.

The attacks were “relatively well planned and took considerable resources. It is obvious that there was intelligence gathering prior to the attack and a careful selection of targets — in this case Israeli computing companies,” said Boaz Dolev, CEO of the Israeli security firm ClearSky in an interview with the Israeli newspaper Haaretz.

Source:

The post Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Samsung Smart TV flaw leaves devices open to hackers

Source: National Cyber Security – Produced By Gregory Evans

Samsung Smart TV flaw leaves devices open to hackers

Your Samsung Smart TV might be pretty dumb.

Penetration testing firm Neseso has found that a 32-inch Tizen-based smart TV, first released as part of the 2015 model year and still being sold in North America, isn’t authenticating devices that connect to it via Wi-Fi Direct.

Rather than requiring a password or PIN to authenticate devices that want to connect to the TV – like, say, your smartphone when you want to use it as a remote control – it’s relying on a whitelist of devices that the user’s already authorized.

To do that, Samsung’s Smart TV uses devices’ media access control (MAC) addresses. Those are like a digital fingerprint: a MAC address is constant to a piece of hardware (though it can be spoofed, either for legitimate purposes or by a thief who wants to hide it).

Neseso says a user will be notified about a whitelist device that connects to their Smart TV, but that’s it: if the device is on a whitelist, the TV will just lay out the welcome mat without requiring any authentication.

It’s easy for an attacker to get a whitelisted MAC address, Neseso said. In fact, a few years ago, we saw a US cop sniffing out stolen gadgets by MAC addresses, wardriving in his squad car with some software he rigged up to a thumb drive sized-antenna that plugs into the car’s USB port and looking for MAC addresses that matched those listed in a database of known stolen devices.

After an attacker spoofs a known MAC address, they’d be able to access all the services on the Smart TV, such as remote control service.

An attacker would have to know, ahead of time, the MAC address of, say, your smartphone’s Wi-Fi chip. They’ll also likely have to crouch outside in your shrubbery – given that Wi-Fi Direct doesn’t work over long distances – while clutching their laptop or smartphone to spoof that MAC address and start messing with channel-changing or screen mirroring.

OK, so an attacker can change your channel. Annoying, but hardly earth-shattering, eh? Well, it doesn’t stop with the remote exploitation of channel-surfing. An attacker could use it as a springboard to gain access to whatever network the Smart TV is connected to, Neseso said.

Would an attacker be able to get at your home Wi-Fi network’s name and password? Not necessarily through this Wi-Fi Direct vulnerability. But as another security researcher revealed a few weeks ago, the operating system running on millions of Samsung products – it’s called Tizen – is what Motherboard referred to as a hacker’s dream.

Israeli researcher Amihai Neiderman:

Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.
We’ve certainly heard of Samsung vulnerabilities before. In fact, last month, WikiLeaks published documents that purportedly showed how the CIA can monitor people through their Samsung Smart TVs.

Neseso contacted Samsung starting last month, with the Korean company eventually saying that it didn’t consider the find to be a security vulnerability. That’s why Neseso decided to publish details about it on Full Disclosure, it said.

The security outfit advised Samsung Smart TV owners to remove all their whitelisted devices and to avoid using the WiFi-Direct feature. It didn’t explain precisely how to do that, instead telling users to directly contact Samsung. You might want to poke around in the Network menu under Settings or simply disable Wi-Fi on your smart TV… though that would rob you of all those smart TV features you paid for.

Neseso didn’t test other Samsung models, but it suggested that they too might be vulnerable.

Short of disabling Wi-Fi, we’d suggest keeping an eye out for rustling shrubbery. If your TV channels start changing, call the police and then, by all means, switch off your TV’s Wi-Fi.

Source:

The post Samsung Smart TV flaw leaves devices open to hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers exploited Word flaw for months while Microsoft investigated

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft … The post Hackers exploited Word […]

The post Hackers exploited Word flaw for months while Microsoft investigated appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Google Researcher Reveals Flaw In Android And iOS That Can Be Hacked Via Wi-Fi

Source: National Cyber Security – Produced By Gregory Evans

No software is 100 percent watertight. A serious bug can pop up anytime that will leave your devices vulnerable. Just like what a Google Project Zero researcher has discovered. Gal Beniamini found a serious security flaw in Wi-Fi chipsets of …

The post Google Researcher Reveals Flaw In Android And iOS That Can Be Hacked Via Wi-Fi appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacking Of 3.2 Million Debit Cards Last Year Was Caused By Security Flaw In Hitachi’s Systems

Source: National Cyber Security – Produced By Gregory Evans

Hacking Of 3.2 Million Debit Cards Last Year Was Caused By Security Flaw In Hitachi’s Systems

Hitachi Payments Services has accepted its systems were compromised by a sophisticated malware in mid-2016, that led to one of the biggest cyber security breaches in the country with 3.2 million cards affected and a scare over security of card-based …

The post Hacking Of 3.2 Million Debit Cards Last Year Was Caused By Security Flaw In Hitachi’s Systems appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google: hackers still exploiting Windows ‘critical’ flaw

security-1

Source: National Cyber Security – Produced By Gregory Evans

Google: hackers still exploiting Windows ‘critical’ flaw

Although Adobe has worked to fix flaws found by Google, Microsoft has yet to act
Google has warned that a zero-day vulnerability still exists in Windows, despite it being almost a week since Microsoft was first notified of the problem.

The post Google: hackers still exploiting Windows ‘critical’ flaw appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures