AV engines are riddled with exploitable bugs

July 29, 2014 – 5:40 AM

A security researcher has found a great number of exploitable vulnerabilities in popular security solutions and the AV engines they use, proving not only that AV engines are as vulnerable to zero day attacks as the applications they try to protect, but can also lower the operating system’s exploit mitigations.

“Installing an application in your computer makes you a bit more vulnerable,” says Joxean Koret, a researcher with Singapore-based Coseinc, and that is equally true for AV solutions.

Wielding a custom developed fuzzing testing suite against all the AV engines he could find, he unearthed dozens of remotely exploitable vulnerabilities. He tested the engines used by BitDefender, Comodo, F-Prot, F-Secure, Avast, ClamAV, AVG.

Almost all engines written in C and/or C++, which opens the door for attackers to discover and leverage buffer and integer overflow bugs. Also, most of them install OS drivers, which could allow attacker to perform escalation of privilege.

“Most (if not all…) antivirus engines run with the highest privileges: root or local system,” he noted. “If one can find a bug and write an exploit for the AV engine, (s)he just won root or system privileges.”

Finally, most AVs get updates via HTTP only protocols, which could lead to man-in-the-middle attacks that deliver malware instead of updates.

Source:
http://www.net-security.org/malware_news.php?id=2823

Apple “inadvertently admitted” to iOS backdoor: forensics expert

July 23, 2014 – 5:36 AM

Apple has “inadvertently admitted” to creating a “backdoor” in iOS, according to a new post by a forensics scientist, iOS author and former hacker, who this week created a stir when he posted a presentation laying out his case.

Apple has created “several services and mechanisms” that let Apple — and, potentially, government agencies or malicious third parties — extract lots of personal data from iOS devices, says Jonathan Zdziarski. There is, he says, no way to shut off this data leakage and there is no explicit consent granted by endusers.

He made his case in a talk, “Identifying back doors, attack points, and surveillance mechanisms in iOS devices,” [available in PDF] at the annual HOPE X hackers conference last week in New York City. The talk was based on a paper published in the March issue of “Digital Investigation,” which can be ordered online.

Essentially, Zdziarski says that Apple over time has deliberately added several “undocumented high-value forensic services” in iOS, along with “suspicious design omissions…that make collection easier.” The result is these services can copy a wide range of a user’s personal data, and bypass Apple’s backup encryption. That gives Apple, and potentially government agencies, such as the National Security Agency, or just bad people intent on exploiting these service, the ability to extract personal data without the user knowing this is happening.

Source:
http://www.pcadvisor.co.uk/news/security/3532138/apple-inadvertently-admitted-to-ios-backdoor-forensics-expert/?olo=rss

EFF releases Firefox, Chrome plugin to stop online tracking

July 22, 2014 – 7:04 PM

The Electronic Frontier Foundation (EFF) has released a beta version of Privacy Badger, a browser extension for Firefox and Chrome that detects and blocks online advertising and other embedded content that tracks you without your permission.

Privacy Badger was launched in an alpha version less than three months ago, and already more than 150,000 users have installed the extension. Monday’s beta release includes a feature that automatically limits the tracking function of social media widgets, like the Facebook “Like” button, replacing them with a stand-in version that allows you to “like” something but prevents the social media tool from tracking your reading habits.

“Widgets that say ‘Like this page on Facebook’ or ‘Tweet this’ often allow those companies to see what webpages you are visiting, even if you never click the widget’s button,” said EFF Technology Projects Director Peter Eckersley. “The Privacy Badger alpha would detect that, and block those widgets outright. But now Privacy Badger’s beta version has gotten smarter: it can block the tracking while still giving you the option to see and click on those buttons if you so choose.”

EFF created Privacy Badger to fight intrusive and objectionable practices in the online advertising industry. Merely visiting a website with certain kinds of embedded images, scripts, or advertising can open the door to a third-party tracker, which can then collect a record of the page you are visiting and merge that with a database of what you did beforehand and afterward. If Privacy Badger spots a tracker following you without your permission, it will either block all content from that tracker or screen out the tracking cookies.

Source:
http://www.net-security.org/secworld.php?id=17152

Angler Exploit Kit delivers Tor-using Critroni ransomware

July 22, 2014 – 5:03 PM

Following an international takedown of Cryptolocker, new ransomware identified by Microsoft as Critroni.A has been gaining momentum since making a June appearance in underground marketplaces, according to a security researcher going by the name Kafeine.

The malware – which is marketed as CTB-Locker (Curve-Tor-Bitcoin Locker) and costs $3,000 per month – uses Elliptic Curve Diffie-Hellman encryption and its command-and-control is hidden on the Tor network, Fedor Sinitsyn, a senior malware analyst at Kaspersky Lab who is investigating the ransomware, told Threatpost.

Critroni is being served up in the wild by the Angler Exploit Kit, according to Kafeine. Once it claims a victim, the ransomware provides ample instructions on how to send the Bitcoin ransom. The Bitcoin ransom can be specified by the attacker, as can the extensions of files that are encrypted.

Source:
http://www.scmagazine.com/angler-exploit-kit-delivers-tor-using-critroni-ransomware/article/362227/

Beware Keyloggers at Hotel Business Centers

July 14, 2014 – 4:51 AM

The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

A DHS/Secret Service advisory dated July 10, 2014. In a non-public advisory distributed to companies in the hospitality industry on July 10, the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) warned that a task force in Texas recently arrested suspects who have compromised computers within several major hotel business centers in the Dallas/Fort Worth areas.

“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” the advisory reads.

“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning continues. “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”

Source:
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/