Security vulnerabilities found in 80% of best-selling SOHO wireless routers

February 21, 2014 – 6:30 PM

Tripwire has analyzed the security provided by the most popular wireless routers used in many small and home offices and found that 80 percent of Amazon’s top 25 best-selling SOHO wireless router models have security vulnerabilities.

Of these vulnerable models, 34 percent have publicly documented exploits that make it relatively simple for attackers to craft either highly targeted attacks or general attacks targeting every vulnerable system they can find.

Routers are an ideal target for cyberattackers because they can be used to eavesdrop on traffic sent to and from nearby enterprise access points. After an attacker has gained control of a router, they are able to monitor, redirect, block or otherwise tamper with a wide range of online activities. Once a router is compromised, devices guarded by the router’s firewall become targets for additional network-based attacks.

Even technically oriented users find it difficult to identify a wireless router cyberattack because router user interfaces are minimal, and the traffic sent from a compromised device to cyberattackers is typically invisible.

Source:
http://www.net-security.org/secworld.php?id=16399

One tweak can make your Windows PC virtually invulnerable

February 20, 2014 – 5:12 PM

Microsoft published 147 vulnerabilities in 2013 that were rated as Critical. Critical, however, is a relative term, and there is one simple thing anyone can do that would guard against almost every single Critical vulnerability according to a new report from Avecto.

In its 2013 Microsoft Vulnerabilities Study, Avecto found that you could mitigate almost every single Critical vulnerability simply by removing administrator rights. The exact number was 92 percent, but that brings the number of serious threats from 147 down to around 12.

Avecto also determined this would circumvent 91 percent of the Critical flaws in Office, and 100 percent–as in every single Critical vulnerability–of those that impact Internet Explorer.

Taken in the larger context of all vulnerabilities published by Microsoft, as opposed to just the Critical ones, the efficacy of taking away administrator privileges drops to 60 percent. However, the ability to make more than half of the vulnerabilities essentially go away by just changing from administrator to standard user privileges is nothing to scoff at.

There is another piece of this puzzle that the Avecto report doesn’t really address: Windows XP. Starting with Windows Vista, Microsoft introduced the concept of User Account Control (UAC), which enforces the concept of running with least privilege and requests authorization before elevating privileges for tasks that require Administrator rights.

The other aspect of Windows XP that skews the data is that Windows XP is simply more vulnerable. Generally, a flaw that exists for various versions of Windows is only Important or even Moderate on Windows 7 or Windows 8, but is Critical when exploited on Windows XP because it lacks many of the advanced security controls in the more modern versions of the operating system.

Source:
http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html?source=nww_rss

Security Updates Available for Adobe Flash Player

February 20, 2014 – 5:07 PM

Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.44 or earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 or earlier versions for Linux.  Exploitation of this vulnerability could allow an attacker to take control of an affected system.

US-CERT recommends that users and administrators review Adobe Security Bulletin APSB14-07 to determine which updates should be applied.

Source:
https://www.us-cert.gov/ncas/current-activity/2014/02/20/Security-Updates-Available-Adobe-Flash-Player

Belkin WeMo smart home networks in danger of hacks

February 19, 2014 – 5:20 AM

Smart home networks are rapidly gaining popularity, but some security experts worry that not enough encryption controls are coming with the products.

Security firm IOActive released an advisory (PDF) on Tuesday saying more than half a million Belkin WeMo devices are susceptible to widespread hacks. The firm uncovered several vulnerabilities in these devices, which would let hackers gain access to home networks and remotely control Internet-connected appliances.

The hacks could range from a mean-spirited prank to actually posing a danger. For example, they could be as benign as turning someone’s house lights on-and-off to something dangerous like getting a fire started.

Many of Belkin’s WeMo home automation products let users build their own smart home solutions by adding Internet connectivity to any device — like sprinkler systems, thermostats, and antennas. Once connected, users can control their appliances with a smartphone from anywhere in the world.

However, hackers could also get into these networks, warns IOActive. The vulnerabilities found by the firm would let hackers remotely control and monitor home networks, along with perform malicious firmware updates and gain access to other devices, like laptops and smartphones.

According to IOActive, the vulnerabilities would let hackers impersonate Belkin’s encryption keys and cloud services to “push malicious firmware updates and capture credentials at the same time.”

Source:
http://news.cnet.com/8301-1009_3-57619082-83/belkin-wemo-smart-home-networks-in-danger-of-hacks/

New variant of Zeus banking trojan concealed in JPG images

February 18, 2014 – 6:27 PM

A new variant of the nefarious Zeus banking trojan – dubbed ZeusVM – is concealed in JPG image files, according to the collaborative findings of Jerome Segura, senior security researcher with Malwarebytes, and French security researcher Xylitol.

The act is known as steganography – concealing messages or images in other messages or images.

In the case of ZeusVM, the malware’s code is hidden in unassuming JPG images, a Monday blog post by Segura revealed. These photos serve as misdirection for ZeusVM to retrieve its configuration file.

“The JPG contains the malware configuration file, which is essentially a list of scripts and financial institutions – but doesn’t need to be opened by the victim themselves,” Segura told SCMagazine.com in a Tuesday email correspondence. “In fact, the JPG itself has very little visibility to the user and is largely a cloaking technique to ensure it is undetected from a security software standpoint.”

Being infected by ZeusVM trojan allows for man-in-the-middle and man-in-the-browser attacks, Segura said, adding that visiting certain URLs, such as banking websites, will cause the trojan to respond and begin interacting in real-time.

This means attackers can obtain certain information by altering a login page using webinjects, or they could perform wire transfers while altering the victim’s account balance to make it seem like funds were never moved, Segura said.

Source:
http://www.scmagazine.com/new-variant-of-zeus-banking-trojan-concealed-in-jpg-images/article/334477/