FireEye has disclosed the details of a serious information disclosure vulnerability affecting a Qualcomm software package found in hundreds of Android device models.
Google announced this week that it released an Android update to patch tens of vulnerabilities. The search giant’s security advisory also mentioned an information disclosure vulnerability in the Qualcomm tethering controller (CVE-2016-2060) that allows a malicious application to access user information.
The vulnerability, discovered by researchers at FireEye-owned Mandiant, has been rated “high severity,” but Google noted that it does not affect Nexus devices. The patch for the issue is not in the Android Open Source Project (AOSP) repository — instead, it should be included in the latest driver updates for affected devices.
FireEye said its researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March, when it started reaching out to OEMs to let them know about the issue. Now it’s up to the device manufacturers to push out the patch to customers.
The flaw exists in an open source software package maintained by Qualcomm and is related to the Android network daemon (netd).
For online casinos, business begins to peak as gamblers punch out of work and belly-up to virtual blackjack tables. But on this Tuesday in February at 5p.m., the odds were not in the house’s favor. That’s when this virtual casino—with tens of millions of dollars in virtual transaction data, thousands of user profiles and millions invested in computer infrastructure—was hit with ransomware that risked turning a thriving business into an encrypted crime scene.
The criminals behind this attack couldn’t have picked a better target. This legal online casino, located outside the US, is one of the largest operators in the gambling and entertainment business. On the condition Threatpost would not identify the casino, we were given rare insight into a high-stakes ransomware attack that serves as a cautionary tale for any company.
Infecting the Master Boot Record (MBR) and encrypting files is nothing new in the world of malicious programs. Back in 1994, the virus OneHalf emerged that infected MBRs and encrypted the disk contents. However, that virus did not extort money. In 2011, MBR blocker Trojans began spreading (Trojan-Ransom.Win32.Mbro) that infected the MBR and prevented the operating system from loading further. The victim was prompted to pay a ransom to get rid of the problem. It was easy to treat a system infected by these blocker Trojans because, apart from the MBR, they usually didn’t encrypt any data on the disk.
Today, we have encountered a new threat that’s a blast from the past. The Petya Trojan (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Petr) infects the MBR preventing normal system loading, and encrypts the Master File Table (MFT), an important part of the NT file system (NTFS), thus preventing normal access to files on the hard drive.
2016 has only just got underway, but the first three months have already seen the same amount of cybersecurity events that just a few years ago would have seemed normal for a whole year. The main underlying trends remained the same, while there was significant growth in trends related to traditional cybercrime, especially mobile threats and global
Ransomware became the main theme of the quarter after knocking targeted attacks from the top of the most popular threat rating. Unfortunately, this is a situation that will continue to evolve, and those behind the extortion could well end up being named "problem of the year".
Android’s recent API modifications have hampered some malware’s ability to determine which application is currently running in the foreground of a device at any given point of time. As Android begins to successfully block this attack method, attackers may adopt a trick used by adware so that their threats can work again. Though we have previously seen mobile potentially unwanted applications (PUAs) abuse accessibility services to install arbitrary applications, we believe financial malware could use the same technique to circumvent a significant security improvement specifically created to thwart this kind of threat.
New quantum computing project is available to play with online.
IBM has a powerful new research project that anyone can use for free.
The business technology company’s research arm said on Wednesday that it’s giving everyone access to one of its quantum computing processors, an experimental technology that has the potential to quickly crunch huge amounts of data.
Anyone from university researchers to tech savvy teenagers can apply through IBM Research’s website to test the processor. IBM will determine how much access people receive to the processor depending on their technology background and how well versed they are in quantum technology, explained Jerry Chow, the manager of IBM’s experimental quantum computing group.
Generally speaking, in traditional computing, data is encoded in one of two states, as represented by the tiny transistors embedded on silicon chips being turned on or off. Quantum computing, however, uses particles called quantum bits, or qubits to handle the heavy duty processing.
Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters.
The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru (MAILRq.L), Russia's most popular email service, and smaller fractions of Google (GOOGL.O), Yahoo (YHOO.O) and Microsoft (MSFT.O) email users, said Alex Holden, founder and chief information security officer of Hold Security.
Within hours of the disclosure of serious vulnerabilities in ImageMagick, public exploits were available increasing the risk to thousands of websites that make use of the open source image-processing software.
Attackers can append malicious code to an image file that ImageMagick will process without question, leading to, in the case of one of the vulnerabilities, remote code execution. The scope of the issue is severe since image-processing plugins such as PHP imagick, Ruby rmagick and Ruby paperclip, and nodeJS imagemagick among others are built on top of the ImageMagick library.
Researcher Ryan Huber was among the first on Tuesday to publicly disclose that ImageMagick had a problem. A researcher from the Mail.ru team in Russia who goes by the handle Stewie found the flaw, while Nikolay Ermishkin, also of the Mail.ru team, found the remote code execution issue.
“We have collectively determined that these vulnerabilities are available to individuals other than the person(s) who discovered them,” Huber wrote on the ImageTragick website, a landing page complete with FAQ on the bugs. “An unknowable number of people having access to these vulnerabilities makes this a critical issue for everyone using this software.”
Cybercriminals accessed a W-2 portal maintained by payroll company ADP recently to glean sensitive information about employees at a handful of companies.
The company is stressing that the company itself wasn’t hacked, but that it appears identity thieves may have been able to create ADP accounts in the names of victims using previously leaked personally identifiable information.
The problem ADP claims was a self-service registration portal that allowed attackers to set up fraudulent accounts in the names of employees at those undisclosed companies.
An investigation carried out by the company determined that attackers likely pieced together information on victims using other information published about them online. Any individuals who had their W-2 information compromised, likely had their information compromised previously, ADP claims.
Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git.
Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution.
The new version of Xcode, 7.3.1, is available for El Capitain v 10.11 and later.
Apple said it updated git to version 2.7.4, patching a heap-based buffer overflow that occurred in the way it handled filenames. Belgian researcher Mattias Geniar wrote about the git flaws in March, saying that the bug had the potential to be huge because it enabled server and client side remote cod execution.
isco Systems said it has patched a critical flaw tied to its TelePresence hardware that allowed unauthorized third-parties to access the system via an API bug. The networking behemoth also alerted customers to a duo of denial of service attack vulnerabilities that represent a high risk for its FirePOWER firewall hardware.
The United States Computer Emergency Readiness Team (US-CERT) issued an alert on Wednesday and said Cisco has provided patches for the affected products.
The most serious of the flaws is tied to Cisco’s TelePresence XML application programming interface and allows hackers to bypass the authentication process for its TelePresence EX, MX, SX and VX hardware. Hackers with knowledge of the vulnerability are able to perform unauthorized configuration changes or issue control commands to TelePresence hardware running affected software.
Cisco issued a patch (CVE-2016-1387) for the TelePresence bug. Cisco wrote: “The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API.”
After years of ad hoc changes to its documentation system, Microsoft has announced a new plan to overhaul both its TechNet and MSDN documentation to make it fit for the purpose. Documentation will have a new site, docs.microsoft.com, with a new consistent look and features.