Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security.
DHS’ US-CERT warned enterprises that running standalone inspection appliances or other security products with this capability often has a negative effect on secure communication between clients and servers.
“All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected,” US-CERT said in its alert.
HTTPS inspection boxes sit between clients and servers, decrypting and inspecting encrypted traffic before re-encrypting it and forwarding it to the destination server. A network administrator can only verify the security between the client and the HTTP inspection tool, which essentially acts as a man-in-the-middle proxy. The client cannot verify how the inspection tool is validating certificates, or whether there is an attacker positioned between the proxy and the target server.
The Linux team has patched a "dangerous" vulnerability in the Linux kernel that allowed attackers to elevate their access rights and crash affected systems.
The security issue, tracked as CVE-2017-2636, existed in the Linux kernel for the past seven years, after being introduced in the code in 2009.
This is the fourth "years-old" security flaw discovered in the Linux kernel after similar flaws came to light last fall and winter.
Intel and Microsoft have launched new bug bounty programs with thousands of dollars on offer for the most dangerous bugs.
Intel revealed the new bug bounty program will be hosted on HackerOne at the CanSecWest security conference on Wednesday. While old hat for companies including Microsoft, Facebook, and Google, the scheme is the first of its kind for the tech giant.
"We want to encourage researchers to identify issues and bring them to us directly so that we can take prompt steps to evaluate and correct them, and we want to recognize researchers for the work that they put in when researching a vulnerability," Intel said. "By partnering constructively with the security research community, we believe we will be better able to protect our customers."
We’ve uncovered a new breed of point-of-sale (PoS) malware currently affecting businesses across North America and Canada: MajikPOS (detected by Trend Micro as TSPY_MAJIKPOS.A). Like a lot of other PoS malware, MajikPOS is designed to steal information, but its modular approach in execution makes it distinct. We estimate that MajikPOS’s initial infection started around January 28, 2017.
While other PoS malware FastPOS (its updated version), Gorynych and ModPOS also feature multiple components with entirely different functions like keylogging, MajikPOS’s modular tack is different. MajikPOS needs only another component from the server to conduct its RAM scraping routine.
MajikPOS is named after its command and control (C&C) panel that receives commands and sends exfiltrated data. MajikPOS’s operators use a combination of PoS malware and remote access Trojan (RAT) to attack their targets, to daunting effects. MajikPOS is a reflection of the increasing complexity that bad guys are predicted to employ in their malware to neuter traditional defenses.
A new CryptoMix, or CryptFile2, variant called Revenge has been discovered by Broad Analysis that is being distributed via the RIG exploit kit. This variant contains many similarities to its predecessor CryptoShield, which is another CryptoMix variant, but includes some minor changes that are described below.
As a note, in this article I will be referring to this infection as the Revenge Ransomware as that will most likely be how the victim's refer to it. It is important to remember, though, that this ransomware is not a brand new infection, but rather a new version of the CryptoMix ransomware family.
Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars?
Now there's a new version, and it's even more dangerous than before.
In case you missed it the first time around, a Hong Kong-based company built a weaponized pocket-sized USB stick, which when plugged into a device, will rapidly charge its capacitors from the USB power supply and then discharge, frying the affected device's circuits.
Dubbed the USB Kill stick, it fries almost any device with a USB port, though modern Apple hardware is apparently not affected.
Researchers have shown that a malicious music file can trick an accelerometer into giving false readings.
Researchers from the University of Michigan and the University of South Carolina have revealed a handful of sonic hacks on sensors that might not seem dangerous today, but do show one more way that hackers could use the Internet of Things to cause physical harm.
The researchers demonstrated that acoustic signals at the right frequency can apply enough pressure on an accelerometer's sensing mechanism, a mass buoyed on springs, that it can spoof acceleration signals.
Last night, a swath of Twitter accounts with large followings—including Duke University, BBC North America, Forbes, and Amnesty International—tweeted out the same message, in Turkish, that included a swastika and hashtags that translate to “Nazi Germany, Nazi Holland.”
The hacked accounts, which apparently stem from increasing vitriol between Turkey and Holland, appear to have all been restored. They’re an unfortunate reminder, though, any Twitter account is only as safe as the apps you let access it.
One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to be proven, many end-users are concerned as WhatsApp and Telegram use end-to-end encryption to guarantee user privacy. This encryption is designed to ensure that only the people communicating can read the messages and nobody else in between.
Nevertheless, this same mechanism has also been the origin of a new severe vulnerability we have discovered in both messaging services’ online platform – WhatsApp Web and Telegram Web. The online version of these platforms mirror all messages sent and received by the user, and are fully synced with the users’ device.
Yesterday, a Russian national accused of helping develop the Citadel banking trojan was arraigned in front of a US judge for the first time, after being extradited from Fredrikstad, Norway.
The man's name is Mark Vartanyan, 28, known online as Kolypto. According to US authorities, Vartanyan allegedly developed, improved and maintained the Citadel malware, a banking trojan made available via a Malware-as-a-Service offering.
Federal prosecutors charged two Russian intelligence agents with orchestrating a 2014 hack that compromised 500 million Yahoo accounts in a brazen campaign to access the e-mails of thousands of journalists, government officials, and technology company employees.
In a 38-page indictment unsealed Wednesday, the prosecutors said Dmitry Aleksandrovich Dokuchaev, 33, and Igor Anatolyevich Sushchin, 43—both officers of the Russian Federal Security Service—worked with two other men—Alexsey Alexseyevich Belan, 29, and Karim Baratov, 22—who were also indicted. The men gained initial access to Yahoo in early 2014 and began their reconnaissance, the indictment alleged. By November or December, Belan used the file transfer protocol to download part or all of a Yahoo database that contained user names, recovery e-mail accounts, and phone numbers. The user database (UDB) also contained the cryptographic nonces needed to generate the account-authentication browser cookies for more than 500 million accounts.