Google warns of actively exploited Windows zero-day

November 1, 2016 – 5:40 AM

Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild.

According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security sandbox escape, and can be triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.”

The same vulnerability has been shared with bith Microsoft and Adobe on October 21st, as it also affected Flash Player. But while Adobe has already pushed out an update with the patch, Microsoft has not been so quick.

“Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10,” Adobe said in the security bulletin accompanying the release.

Google has made public the flaw before Microsoft has had the chance to fix it because it is a critical vulnerability that could lead to system compromise, and it is being actively exploited.

They have advised users to update Flash and implement the Microsoft patch as soon as it is made available.

In the meantime, Windows 10 users can use Google Chrome to protect themselves against possible attacks leveraging the flaw.

Source:
https://www.helpnetsecurity.com/2016/11/01/google-warns-actively-exploited-windows-zero-day/

IoT Scanner Checks for Vulnerabilities In Your Connected Devices

October 24, 2016 – 4:17 PM

Last week’s DDoS attack on Dyn that shut down portions of the internet was fueled by bots created from hacked connected devices, like internet-connected cameras and DVRs, but can also theoretically include connected routers, printers, and more. While there’s not exactly a fix for this problem, IoT Scanner is a tool that can at least tell you if a device in your house is creating a vulnerability.

In the case of last week’s attacks, the botnet was created by taking control of a bunch of different connected cameras that still had the default passwords in use. To scan if you have such devices in your network, Bullguard Security created IoT Scanner. Head to the site, click the scan button, and IoT Scanner looks for open ports on your network.

If IoT Scanner comes back saying that your network can be breached, that means some device that’s connected to your Wi-Fi network has an open port that makes it accessible from the internet. This could be on purpose if you’re running a server or have some other device that you can access from outside your home network. If you’re not doing that and IoT Scanner says your network can be breached, then it’s a good idea to dig in and see which device has that open port.

Like most tools of this ilk, take the results with a grain of salt and use them as a starting point to really secure your network. IoT Scanner’s results are vague, but they’ll at least give you a place to start your search.

Source:
http://lifehacker.com/iot-scanner-checks-for-vulnerabilities-in-your-connecte-1788154835

Easy-to-exploit rooting flaw puts Linux computers at risk

October 21, 2016 – 1:15 PM

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that’s already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.

The vulnerability, tracked as CVE-2016-5195, has existed in the Linux kernel for the past nine years. This means that many kernel versions that are used in a variety of computers, servers, routers, embedded devices and hardware appliances are affected.

The Red Hat security team describes the flaw as a “race” condition, “in the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.” This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system.

The vulnerability was fixed this week by the Linux kernel developers and patches for Linux distributions, including Red Hat, Debian, Ubuntu, Gentoo and Suse, have been released or are in the process of being released.

The vulnerability, which has been dubbed Dirty COW by the security community, was discovered by security researcher Phil Oester when it was reportedly used in an attack against one of his servers. This suggests that attackers have known about the vulnerability and have exploited it in the wild for some time.

Source:
http://www.csoonline.com/article/3133965/security/easy-to-exploit-rooting-flaw-puts-linux-computers-at-risk.html

Remove ransomware infections from your PC using these free tools

October 7, 2016 – 4:36 PM

Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.

It is estimated that ransomware attacks cost more than $1 billion per year.

The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.

Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.

However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.

Source:
http://www.zdnet.com/article/remove-ransomware-infections-from-your-pc-using-these-free-tools/

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency

October 4, 2016 – 5:17 PM

Users are still dealing with the Yahoo’s massive data breach that exposed over 1 Billion Yahoo accounts and there’s another shocking news about the company that, I bet, will blow your mind.

Yahoo might have provided your personal data to United States intelligence agency when required.

Yahoo reportedly built a custom software programmed to secretly scan all of its users’ emails for specific information provided by US intelligence officials, according to a report by Reuters.

The tool was built in 2015 after company complied with a secret court order to scan hundreds of millions of Yahoo Mail account at the behest of either the NSA or the FBI, according to the report that cites three separate sources who are familiar with the matter.

According to some experts, this is the first time when an American Internet company has agreed to such an extensive demand by a spy agency’s demand by searching all incoming emails, examining stored emails or scanning a small number of accounts in real time.

The tool was designed to search for a specific set of character strings within Yahoo emails and “store them for remote retrieval,” but it’s unclear exactly what the spies were looking for.

Source:
https://thehackernews.com/2016/10/yahoo-email-spying.html