Cyber Threat Intelligence

Icon

Just another WordPress.com site

Observations on the recent Java 0-day exploits in the wild « Fox-IT International blog

Observations on the recent Java 0-day exploits in the wild « Fox-IT International blog: “”

(Via .)

Filed under: Malware Analysis, ,

Complaint Alleges Contractor Sabotaged Network and Stole Data (August 30, 2012) | National Cyber Security

Complaint Alleges Contractor Sabotaged Network and Stole Data (August 30, 2012) | National Cyber Security: ”

Complaint Alleges Contractor Sabotaged Network and Stole Data (August 30, 2012)
| August 31, 2012
A civil complaint filed by Toyota in US District Court in Kentucky alleges that a former employee sabotaged applications on the Toyota network and stole data after he was fired…….

Filed under: Uncategorized,

Researchers find critical vulnerability in Java 7 patch hours after release – Computerworld

Researchers find critical vulnerability in Java 7 patch hours after release – Computerworld: “Skip the navigation

Researchers find critical vulnerability in Java 7 patch hours after release
The new vulnerability allows a complete Java Virtual Machine sandbox escape in Java 7 Update 7, researchers from Security Explorations say

By Lucian Constantin
August 31, 2012 12:08 PM ET4 Comments .
IDG News Service – Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.

Security Explorations “

(Via .)

Filed under: Uncategorized

PayPal mobile app updated with new UI and ability to add credit cards to account via photo

PayPal mobile app updated with new UI and ability to add credit cards to account via photo: “”

(Via .)

Filed under: Financial Services, North America, ,

Merchant of Malice: Trojan.Shylock Injects Phone Numbers into Online Banking Websites | Symantec Connect Community

Merchant of Malice: Trojan.Shylock Injects Phone Numbers into Online Banking Websites | Symantec Connect Community: “”

(Via .)

Filed under: Financial Services,

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com: “”

(Via .)

Filed under: Retail Industry,

I hack, therefore I am: Automated Static Malware Analysis with Pythonect

I hack, therefore I am: Automated Static Malware Analysis with Pythonect: “”

(Via .)

Filed under: Malware Analysis

GPS Weakness Could Enable Mass Smartphone Hacking – Technology Review

GPS Weakness Could Enable Mass Smartphone Hacking – Technology Review: “”

Weaknesses in the technology that allows smartphone users to pinpoint themselves on a map, or check into restaurants and bars using apps such as Foursquare, could allow those users to be tracked remotely.

Ralf-Philipp Weimann, a researcher at the University of Luxembourg, reported this finding at theBlack Hat computer security conference in Las Vegas yesterday. He believes that the complex mechanism by which phones get location fixes likely also hides vulnerabilities that could allow the mechanism to be used to install and run malicious code on the device.

Smartphones do not use GPS satellites alone to determine their location, because doing so accurately requires complex calculations based on signals collected from four orbiting satellites, a process that takes as long as 12 minutes. Instead, they use assisted GPS (A-GPS), in which a cellular network supplies an approximate location to simplify and speed up the necessary GPS calculations. A-GPS also allows a device to ask the mobile network to do the work and send back the exact location fix once it’s finished.

Advertisement

Weimann discovered that the messages that pass between a phone and its network during this process aren’t exchanged over a secure connection, but rather over a non-secure Internet link. That makes it possible to trick a phone into swapping A-GPS messages with an attacker instead, Weimann realized, and to have that attacker know the result of every location fix wherever the phone goes.

Using this method, a malicious Wi-Fi network could instruct phones to relay back all future requests for A-GPS help and to report all location fixes, even after the phone goes out of range. “If you just turn it on once and connect to that one network, you can be tracked any time you try to do a GPS lock,” said Weimann. “This is rather nasty.”

Weimann demonstrated the vulnerability on a variety of Android handsets and said that handset manufacturers haven’t bothered to implement technologies that could prevent such attacks. The problem is solvable, though, and Weimann said it will likely be addressed in future versions of software from mobile-device manufacturers. “I wouldn’t count on it until you buy the next-gen device.”

Weimann also presented work showing how A-GPS messages could be used for seriously compromising attacks. He showed that many smartphones process these messages on their main processor, not the GPS chip or the radio chip dedicated to communicating with the cellular network. This means the messages could potentially be used to trigger crashes that would allow the device to be taken over remotely, said Weimann, who added that he has identified some candidate bugs already.

Other experts at the conference said that the kind of attack Weimann demonstrated could convince professional malware developers to take mobile devices more seriously as lucrative targets. Today, it is not easy to infect many users with a malicious app, explained Vincenzo Iozzo, of the information-security company Trail of Bits, who is a member of Black Hat’s advisory board. “What’s interesting is to find the venues where an attacker can gain additional scale and profit,” he said. “This attack actually allows them to reach a huge number of targets without being close to them.”

It is still early days, Iozzo said, but there’s cause for concern. “Exploitation for the time being is not going to be a big problem in mobile, but mobiles are more complex compared to desktops and so offer more places to explore.”

Filed under: Telecommunications, ,

Cuckoo: Increasing the Power of Malware Behavior Reporting With Signatures | /dev/random

Cuckoo: Increasing the Power of Malware Behavior Reporting With Signatures | /dev/random: “/DEV/RANDOM Can’t sleep, hackers will eat me! About Me About Me PGP Public Key DisclaimerTools twittermon pastemon hoover alerts2afterglow rrhunter ossec2dshield ossec_dashboard known_hosts_bruteforcer syslog2loggly InfoSec Calendar

Cuckoo: Increasing the Power of Malware Behavior Reporting With Signatures

July 27, 2012 Cuckoo, Malware, Security, Software, 0 The new version (0.4) of Cuckoo, the open source  malware analysis system has been released this week. That’s a great news! The list of changes and new features is very impressive. So big that an upgrade is not recommended. In my case, I just installed a brand new Cuckoo instance. It was much easier and save me some nightmares. I still need to upgrade the instance running on my Macbook pro, I hope it will run also very smoothly. Some of the most significant changes are:

Brand new  base code Support for KVM Support for YARA & VirusTotal New post-analysis modules Behavioral signatures The last feature is really what I was expectin”

(Via.)

Filed under: Uncategorized,

Pentagon to recruit Russian hackers | HITBSecNews

Pentagon to recruit Russian hackers | HITBSecNews

 

The U.S. government has a plan to put the skills of the best hackers in the world to work fighting terrorism and designing security systems for government agencies. John Arquilla, an adviser to U.S. President Barack Obama’s and the man who coined the term “cyberwarfare” told the UK’s Guardian newspaper that the U.S. Defense Department plans to hire about 100 hackers, primarily Russians for the initiative.

Arquilla accused the Pentagon of wasting billions of dollars on “pointless aircraft carriers, tanks and planes at the expense of nimbler, leaner strategy” of spending on experts. He said that as a result the U.S. has fallen behind other superpowers in the global cyber race.

“We intend to set up something like the English Bletchley Park (where the UK ran decryption operations during World War II),” said Arquilla. “We will hire Russians and Asians. They are definitely the best code crackers in the world. I have already established contact with several very influential hackers. I even brought one to meet the CEO of a major company to evaluate the vulnerability of his information systems. He managed to break into the system in just a few minutes.”

Filed under: North America