STE WILLIAMS

Twitter app pwned by pro-Turkey hackers: Users’ accounts sling ‘Nazi’ slurs

A hack against the Counter third-party Twitter app was used to push propaganda messages containing swastikas through numerous high profile accounts on Wednesday.

The propaganda messages (screenshot below) labelled both Germany and the Netherlands as “Nazis” over the two European nations’ recent dealings with Turkey. Both countries have denied permission for Turkish ministers to speak about a forthcoming Turkish referendum on presidential powers at local rallies of Turkish expatriates.

Twitter Counter – a third-party app which licenses the Twitter name – admitted that a breach to its service was likely behind the trolling incident.

“We’re aware that our service was hacked and have started an investigation into the matter. We’ve already taken measures to contain such abuse,” it said, before adding. “Assuming this abuse is indeed done using our system, we’ve blocked all ability to post tweets and changed our Twitter app key.”

Turkish trolling tweet

The timing of the abusive messages – echoing the sentiment of Turkish President Recep Tayyip Erdogan, who said of the Dutch rally crackdown “Nazism is still widespread in the West” – comes on the day of the general election in the Netherlands.

Victims of purloined access to their account include infosec pundit Graham Cluley, Germany football club Borussia Dortmund and numerous others.

Twitter Counter sought to further reassure users by saying that it does not store users’ Twitter account credentials (passwords) nor credit card information. The service, which boasts millions of users, offers an overview and graph of Twitter stats.

The incident raises wider questions about third-party apps and Twitter accounts. Users would be wise to go to Settings/Apps and review the ability of third-party apps to access their account. Users can easily delete those they either no longer use or don’t recognise with just a couple of mouse clicks.

Jens Monrad, senior intelligence analyst at FireEye, said the Twitter Counter incident is part of an upsurge of Turkish nationalist hacktivism and/or trolling, mostly directed against Dutch targets.

“On the 11th of March, Shortly after the Dutch authorities prevented [Turkish] foreign minister Mevlut Cavusoglu from flying to Rotterdam, we observed disruption attacks carried out against Rotterdam The Hauge Airport’s website. The DDoS attack was most likely carried out by a Turkish hacktivist group that appears to be motivated by Turkish nationalism.

“There were several other disruption and web-defacement attacks carried out after the news broke about the prevention of Mevlut Cavusoglu’s travel to Rotterdam, including an attack against the website owned by Dutch [right-wing] politician, Geert Wilders, as well as several enterprises in the Netherlands were targeted.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/twitter_app_hack/

  • 15/03/2017
  • adm

More Brits’ IDs stolen than ever before

UK identity fraud has hit its highest recorded levels, according to a new report.

Fraud prevention service Cifas recorded 172,919 identity frauds in 2016 more than in any other previous year. Identity fraud now represents over half (53.3 per cent) of all fraud recorded by the UK’s not-for-profit fraud data sharing organisation.

Nine out of 10 fraudulent applications for bank accounts and other financial services were made online, Cifas reports.

Identity fraud happens when a fraudster poses as the innocent victim and attempts to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating.

The scam relies on access to a targeted victim’s personal information (name, date of birth, address, their bank etc). Fraudsters get hold of this information either by running phishing attacks, social engineering over the phone or by buying it in bulk from other crooks on the dark web.

Cifas reports a growing numbers of young people are falling victim to identity theft. Last year brought in 25,000 ID theft victims under 30, and a 34 per cent increase in under 21s. The fraud prevention service has repeated its call for better education around fraud and financial crime as well as urging young people to be vigilant about protecting their personal data.

It’s not only young people at risk. Last year saw increases in ID theft from victims aged over 40, with 1,869 more victims recorded by Cifas members.

Mike Haley, deputy chief executive of Cifas, said: “These new figures show that identity fraud continues to be the number one fraud threat. With nine out of 10 identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity.”

Commander Chris Greany, national co-ordinator for economic crime, added: “With close to half of all crime now either fraud or cyber crime we all need to make sure we protect our identity.

“Identity fraud is the key to unlocking your valuables. Things like weak passwords or not updating your software are the same as leaving a window or door unlocked,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/uk_id_theft_surge/

  • 15/03/2017
  • adm

WhatsApp blind-sided by booby-trapped photo vulnerability

Security researchers have found the same type of vulnerability in the respective web platforms of WhatsApp and Telegram (WhatsApp Web and Telegram Web), two of the world’s most popular messaging services.

The now-resolved vulnerability – discovered by security researchers at Check Point – would have allowed an attacker to send the victim malicious code hidden within an innocent-looking image. As soon as the user clicked on the image, the attacker would have been able to gain full access to the victim’s WhatsApp or Telegram storage data, thus giving them full access to the victim’s account.

The flaw stemmed from a loophole in the way WhatsApp and Telegram verified content that created a means for hackers to create malicious content that side-stepped the pre-encryption verification process of the mobile messaging apps.

Both WhatsApp and Telegram have fixed the vulnerability.

“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,” says Oded Vanunu, head of product vulnerability research at Check Point. “By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”

Check Point notified both WhatsApp and Telegram of the problem last Wednesday (8 March). Both companies acknowledged the vulnerability, and WhatsApp responded promptly by fixing the issue on Thursday 9 March. Telegram confirmed that it had fixed the problem earlier this week.

Facebook-owned WhatsApp told El Reg that it resolved the flaw just a day after being notified by Check Point.

We build WhatsApp to keep people and their information secure. When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for web. To ensure that you are using the latest version, please restart your browser.

WhatsApp and Telegram both use end-to-end message encryption as a data security measure. This same end-to-end encryption was also the source of this vulnerability, according to Check Point.

Since messages were encrypted on the side of the sender, WhatsApp and Telegram were blind to the content, thus unable to prevent malicious content from being sent. After fixing this vulnerability, content will now validated before the encryption, so that malicious files can be blocked.

More details on the vulnerability can be found in a blog post by Check Point here.

WhatsApp has over 1 billion users worldwide, making it the most widely used instant messaging. Telegram is a cloud-based mobile and desktop messaging app that has over 100 million monthly active users. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/booby_trapped_photo_whatsapp_telegram_risk/

  • 15/03/2017
  • adm

WhatsApp, Telegram Flaw Gives Hackers Full Account Access

A new vulnerability discovered in popular messaging services like WhatsApp and Telegram lets hackers assume complete control over accounts.

A newly discovered vulnerability within WhatsApp Web and Telegram Web, online platforms for two popular messaging services, lets cybercriminals fully take over user accounts and access conversations, photos, videos, contact lists, and other shared files.

The flaw lets hackers send their victims malicious code disguised within a seemingly innocent picture. When victims click the image, attackers have access to all of their storage data and can spread the harmful file through users’ contact lists.

Both WhatsApp and Telegram employ end-to-end message encryption so only the participants in a conversation can view messages. This data security measure was the source of the vulnerability. Because content was encrypted on the sender’s side, the two platforms did not see the content and couldn’t prevent harmful files from being sent.

Check Point researchers revealed the vulnerability and disclosed its findings to the WhatsApp and Telegram security teams on March 8. Now content will be checked pre-encryption to stop malicious files from being sent.

Read more here.

Kelly is an associate editor for InformationWeek. She most recently reported on financial tech for Insurance Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she’s not catching up on the latest in tech, Kelly enjoys … View Full Bio

Article source: http://www.darkreading.com/vulnerabilities---threats/whatsapp-telegram-flaw-gives-hackers-full-account-access/d/d-id/1328408?_mc=RSS_DR_EDT

  • 15/03/2017
  • adm

Microsoft Fixes Critical Windows SMB Bug After Delay

Microsoft’s security patch release comes with nine ritical vulnerability fixes and nine bulletins.

In its Patch Tuesday release yesterday, Microsoft published 18 bulletins with nine “critical” vulnerability fixes and nine “important” bulletins. The fixes, available over Windows Update, include a critical flaw in which exploit code was disclosed publicly early February, but its patch release was delayed by a month, according to a ZDNet report.

The Windows SMB bug, discovered last year by Laurent Gaffié, involved a memory corruption bug that impacts all versions of Windows in varying degrees.

The other fixes published in yesterday’s release include two updates for Internet Explorer and its Edge browser. This month’s Patch Tuesday comes after the February release was delayed, reportedly due to problems with Microsoft’s build system.

Read details on ZDNet.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/vulnerabilities---threats/microsoft-fixes-critical-windows-smb-bug-after-delay/d/d-id/1328403?_mc=RSS_DR_EDT

  • 15/03/2017
  • adm

Security in the Age of Open Source

Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here’s what you need to know and do about it.

There have been a lot of changes in recent years around how organizations build, deploy, and manage software, all focused on shortening development lifecycles. Agile development is focused on getting functional software to users more quickly. DevOps and containers are being adopted as a way to deploy applications more quickly, and simplify the management of production software.

The biggest change, however, is the adoption of open source. Ten years ago, most organizations avoided using open source. They were fearful of egregious licenses, and many didn’t trust software that wasn’t built in-house. Today, it is rare to see software that doesn’t include open source. We embrace open source with good reason. It provides critical functionality we no longer need to build from scratch, lowering development costs while accelerating time to market. We frequently see in-house applications that are comprised of 75% or more open source.  Even commercial applications are increasingly based on open source. Our 2016 study, The State of Open Source Security in Commercial Applications, found that over 35% of the average commercial code base was open source, made up of over 100 distinct open source components.  Over a third of the code bases we examined were 40% or more open source. 

These dramatic changes in the use of open source require modifications to organizations’ application security strategies. People understand that sending code under development to a separate security team for testing breaks the agile model, and that reuse of base-level containers risks propagating vulnerabilities in the Linux stack. What is less well-understood is how open source requires changes to our security testing regimens.

[Mike will be speaking about open source myths and perceptions during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]

Organizations can conduct a variety of security activities throughout the software development life cycle (SDLC), including security requirements, threat modeling, and using automated testing tools. These are all great for the code you write. However, traditional security testing tools like static and dynamic analysis have proved to be ineffective in identifying security issues in open source “in the wild.” Heartbleed was present in OpenSSL for two years before it was found.  Shellshock was in Bash for over 25 years! Think of how many times applications using these components were subjected to static analysis, dynamic analysis, and pen tests during those times, without any of the tools (or people using the tools) noticing the bugs.

Don’t get me wrong: static and dynamic analysis are great tools, if you understand what they are good at, and also what they miss. They undoubtedly help us all build more secure code by identifying coding errors that result in vulnerabilities. But, they aren’t capable of finding all classes of vulnerabilities, nor are they capable of finding all instances of vulnerabilities in the classes they do cover (Heartbleed as a buffer overflow). They just aren’t good at finding vulnerabilities in open source – even those disclosed years ago. This could be because the vulnerabilities in open source are too complex for the tools, or because control and data flow are difficult to map in projects built by hundreds of developers over time. The end result is the same, however.

If traditional tools don’t work, and open source is part of your code base, you need to adopt other controls. At a high level, these controls are very straightforward. You need visibility and information. The former is a list of the open source you’re using in an application. The latter is ongoing information about the security status of each component. 

These are simple tasks on the surface, but difficult to control. Developers are accustomed to pulling in open source from internal repos, GitHub, SourceForge, and project home pages. Many times, they are less than diligent about documenting all of the open source in use, including transient dependencies (other open source components that components require to operate).  Open source is also likely entering the code base from reused internal components.  If developers are including out-sourced code or commercial components, open source is likely coming from these sources as well.

Once you have a complete list of components (including version levels), you need a reference source for security information (you should also check licensing information to make sure you’re not risking your own IP by using components under restrictive licenses improperly). The National Vulnerability Database (NVD) is a good starting point, allowing you to look up components by version number and view associated vulnerabilities. If you do this diligently, you can leverage all of the benefits of open source and mitigate the risk associated with using components with known vulnerabilities (OWASP Top Ten Item A9). 

That’s a great first step, but what happens the day after you ship?

Security is not static. We need to track the ongoing security of the components we use. Since 2014, NVD has disclosed over 7,000 vulnerabilities in open source components. Not all of these are well publicized outside of NVD. We all know about Heartbleed, for example, but what about the 89 vulnerabilities reported in NVD for OpenSSL since Heartbleed? 

More on Security Live at Interop ITX

The point here is not that open source is less secure than commercial software, or more secure.  It’s software, and therefore will have bugs and vulnerabilities. The controls we have used for the code we write are ineffective at identifying vulnerabilities in the code we don’t write – open source. As we continue to adopt open source in increasing volume, we need to maintain visibility into and control over it.

After all, you can’t defend against a risk you don’t know exists.

Related Content: 

 

Mike Pittenger has 30 years of experience in technology and business, more than 25 years of management experience, and 15 years in security. At Black Duck, he is responsible for strategic leadership of security solutions, including product direction. Pittenger’s extensive … View Full Bio

Article source: http://www.darkreading.com/application-security/security-in-the-age-of-open-source/a/d-id/1328407?_mc=RSS_DR_EDT

  • 15/03/2017
  • adm

Russian Hacker Charged in ‘Citadel’ Malware Attacks

US Department of Justice said Mark Vartanyan is accused of computer fraud involving Citadel malware responsible for $500 million in losses.

A Russian hacker, Mark Vartanyan aka “Kolypto,” has been charged in a US court for computer fraud involving Citadel malware toolkit which he allegedly developed and deployed to steal financial details of his victims. According to the US Department of Justice (DoJ), Vartanyan was extradited from Norway in December.

Vartanyan is the second to be charged in a case linked to Citadel malware, the first being fellow Russian Dimitry Belorossov, who was jailed in 2015 for 54 months for using Citadel to attack computers through a botnet which he controlled from Russia. This malware, say authorities, was been responsible for infecting around 11 million computers, leading to over $500 million in losses.

According to the DoJ, Citadel is used by cybercriminals to target major financial and government organizations globally. Vartanyan, operating between August 2012 and January 2013 from Ukraine and then between April and June 2014 from Norway, allegedly infected computers with Citadel and stole financial account credentials of victims.

 Read DoJ release here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/russian-hacker-charged-in-citadel-malware-attacks/d/d-id/1328404?_mc=RSS_DR_EDT

  • 15/03/2017
  • adm

The 6 Riskiest Social Media Habits to Avoid at Work

Cybercriminals are turning to Facebook, Twitter and other platforms to launch attacks via employee behavior that could be putting your business at risk. PreviousNext

(Image: Ronnie Chua via Shutterstock)

(Image: Ronnie Chua via Shutterstock)

Social media is a popular gateway for hackers to access corporate networks, and employee behavior is driving the trend.

Most people don’t recognize the inherent danger of social media, says Evan Blair, cofounder and CEO at ZeroFOX. They trust platforms like Facebook because they use these tools to establish connections with people, not usernames or email addresses.

People rarely approach social media with the same caution they employ for suspicious emails or shady websites. This behavior leaves plenty of opportunities for cybercriminals to take advantage of their trust and launch successful attacks.

“Exploitation of trust is always something we’ve seen, but on a device level,” says Blair. “Now we’re seeing it at a human level, which is almost a greater risk because humans are the weakest link in the cyber kill chain.”

The risk is poised to grow, says Marc Laliberte, information security threat analyst at WatchGuard Technologies. Attacks uncommon in early 2016, like malware delivery via Facebook, are a growing threat one year later. Social media threats will evolve from the “carpet bomb” era of attacks we’re currently in, to more sophisticated and convincing attacks.

There are several ways employees’ social media habits are putting your organization at risk. Here, experts discuss which behaviors are most common, the dangers they pose, and what you should do about them.

 

Kelly is an associate editor for InformationWeek. She most recently reported on financial tech for Insurance Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she’s not catching up on the latest in tech, Kelly enjoys … View Full BioPreviousNext

Article source: http://www.darkreading.com/vulnerabilities---threats/the-6-riskiest-social-media-habits-to-avoid-at-work/d/d-id/1328406?_mc=RSS_DR_EDT

  • 15/03/2017
  • adm

Boffins Rickroll smartphone by tickling its accelerometer

Smartphone vendors might be learning to mistrust software, but what about the hardware? University of Michigan boffins have put this question to the world by sending unauthorised data to a Samsung turns-out-to-be-not-so-smartphone by buzzing its accelerometer.

The problem highlighted in this paper is that systems “blindly trust the unvalidated integrity of sensor inputs”.

MEMS (micro-electrical mechanical systems)-based accelerometers can be hosed by lots of loud, random noise, but Timothy Trippel, Ofir Weisse, Peter Honeyman and Kevin Fu of the University of Michigan and Wenyuan Xu of the University of South Carolina wanted to go further, and use modulated sound to push signals into the target (for their demonstration, a Samsung Galaxy S5).

“Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems”, they write.

As you can see in the video below, the group kept their attack simple, merely tricking the Galaxy S5 into displaying the word WALNUT on its screen.

The MEMS detects movement of the phone by the movement of a tiny mass inside the component, which changes its capacitance; this is amplified, fed to an analogue-digital converter (ADC), and presented to the processor as a digital value.

Attacking the sensor isn’t trivial – as they write, it’s not a “lunch-time attack” – but since the accelerometers are common chips, it’s not hard to get a device and model its response to vibrations.

Since a victim is bound to notice if you aim a loudspeaker at their phone, so there’s another nifty angle to the WALNUT attack: it’s carried in audio played on the target device. That way, an attack could be embedded in what seems like a harmless music file (the researchers call this a “drive-by ditty”).

Having identified the resonant frequency of the target accelerometer – for example, an ADXL337 from Analog Devices resonates at 2.9 kHz – it’s a cinch to embed control signals into a music video.

Warning: it’s a Rickroll. Of course it is

Youtube Video

As another level of difficulty, the Trippel’s team also attacked an RC car’s control app using the accelerometer, as well as spoofing thousands of steps on a FitBit app.

Rickroll-free

Youtube Video

The attack takes advantage of aliasing in the ADC’s sampler, and either amplitude modulation or phase modulation can create signals the phone will misinterpret.

The researchers characterised sensors from Bosch, STMicroelectronics, InvenSense, Analog Devcies and Murata, and only three devices (all from Murata) were immune to attack.

The paper notes that there are two software defences available: software can randomise the sampling at the ADC, which blocks the biasing attack because it depends on predictable sampling intervals; and adjusting the sampling phase by 180°, because this attenuates signals at the resonant frequency. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/boffins_rickroll_smartphone_by_tickling_its_accelerometer/

  • 15/03/2017
  • adm

Petya ransomware returns, wrapped in extra VX nastiness

Researchers have spotted a variant of last year’s Petya ransomware, now with updated crypto and ransomware models.

Kaspersky’s Anton Ivanov and Fedor Sinitsyn say the attack, which they’ve dubbed “PetrWrap”, uses the PsExec tool to install ransomware on any endpoint it can access.

Rather than use the original Petya, which was cracked last April, “the group behind PetrWrap created a special module that patches the original Petya ransomware ‘on the fly’”, the Kaspersky post states.

The on-the-fly patching is designed to hide the fact that Petya is handling the infection, and PetrWrap uses its own crypto routines.

If the PetrWrap vxers had stuck with Petya’s ransomware-as-a-service model, they would need a Petya private key to decrypt victims’ data. Their solution is to replace the ECDH implementation with their own crypto, and their own public and private keys.

The cryptography uses OpenSSL library components instead of the mbedtls library that Petya used.

Once it’s installed, a victim ends up with their NTFS partitions’ master file table (MFT) encrypted with a better scheme than in the old Petya. The new malware’s authors didn’t write their own low-level bootloader, so didn’t make other mistakes seen in earlier versions of Petya.

Kaspersky says it’s got a signature for PetrWrap, and we presume other A/V vendors will follow soon. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/petya_returns_wrapped_in_extra_vx_nastiness/

  • 15/03/2017
  • adm