je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.


Tanium CEO admits using real hospital data in sales demos [Updated]

Ars Technica - 20 Duben, 2017 - 17:44

Enlarge / Orion Hindawi, co-founder and chief technology officer of Tanium Inc. (credit: Getty Images/Bloomberg)

Following a report by The Wall Street Journal that the security vendor Tanium used a hospital's live network as a demonstration platform on sales calls and even revealed private hospital data in a publicly posted demonstration video, Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital's network. Hindawi was vague about whether the company had live access to the network, but in a blog post late yesterday, he said that the data was from "this particular customer's demo environment" and that Tanium did not—and should not—have remote access to customers' security data except in a very few cases where customers had granted access.

[Update, 3:30 pm EDT] Ars has learned from a source familiar with the installation that the company did, in fact, use a connection to El Camino Hospital's on-premises instance of the Tanium web console for demonstrations.The connection would have had to have been provided by El Camino's information technology staff—though it is not clear how far up in the hospital's administration that arrangement was approved, and the arrangement was apparently never documented. Since 2015—about the time Tanium lost access to the El Camino Hospital installation—Tanium has required that these sorts of arrangements be codified in writing.

"We do have a few customers who have agreed for us to use their environments for external demos and have provided that access to us," Hindawi wrote. "Since 2015, we’ve insisted that before a customer is willing to let us demo from their environment, regardless of the access they offer us, we document that in writing and agree on what data we can show to ensure there isn’t any confusion. Other than the few customers who have signed those documents and provided us remote access to their Tanium platforms, we do not—and in fact cannot—demonstrate customer environments with Tanium."

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Locked out of your accounts? Facebook wants to hold the key

Sophos Naked Security - 20 Duben, 2017 - 16:58
Facebook's planned password recovery process might make some uncomfortable, but the good news is that it won't involve giving the social media giant access to everything

Drupal Closes Access Bypass Vulnerability in Core Engine

Threatpost - 20 Duben, 2017 - 15:57
Drupal released a point update for its core engine to patch a critical access bypass vulnerability.
Kategorie: Hacking & Security

Hackerem se může stát kdokoliv. Stačí pár tisíc korun - bezpečnost - 20 Duben, 2017 - 15:49
V dnešní době se může stát hackerem doslova kdokoliv. Nepotřebuje k tomu žádné hluboké znalosti počítačových sítí, ani nemusí neustále hledat nové bezpečnostní trhliny v různých programech. Jak upozornil server The Hacker News, stačí k tomu pár tisíc korun.
Kategorie: Hacking & Security

The IoT malware that plays cat and mouse with Mirai

Sophos Naked Security - 20 Duben, 2017 - 14:14
A botnet dubbed Hajime uses much the same tactics as Mirai - but to neutralise the damage done. Is this a good thing, though?

The Internet Drafts and Security Issues Around a Virtual Private Network Infrastructure

InfoSec Institute Resources - 20 Duben, 2017 - 14:00

All of our articles in this series have reviewed what a Virtual Private Network Infrastructure is all about. Essentially, it is simply another layer of Security that a business or a corporation can implement into their existing Information Technology Infrastructure, also known more specifically as a “VPN.” The design of a VPN can either be […]

The post The Internet Drafts and Security Issues Around a Virtual Private Network Infrastructure appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Lynis: Walkthrough

InfoSec Institute Resources - 20 Duben, 2017 - 14:00

Lynis is an open-source security audit tool used to check the security of Linux and UNIX based systems. Since it is self-hosted, it performs extensive security scans when compared to other vulnerability scanners. Lynis is a tool released by CISOFY. Lynis works on a variety of UNIX-based systems such as: FreeBSD Linux MacOS OpenBSD NetBSD […]

The post Lynis: Walkthrough appeared first on InfoSec Resources.

Kategorie: Hacking & Security

AI could be better than your doctor at predicting a heart attack

Sophos Naked Security - 20 Duben, 2017 - 13:14
In one study, predictive models seem to have done rather better than carbon-based medics at spotting the potential for heart disease, one of the world's biggest killers

Windows bug used to spread Stuxnet remains world’s most exploited

Ars Technica - 20 Duben, 2017 - 11:01

Enlarge (credit: Saurabh R. Patil)

One of the Microsoft Windows vulnerabilities used to spread the Stuxnet worm that targeted Iran remained the most widely exploited software bug in 2015 and 2016 even though the bug was patched years earlier, according to a report published by antivirus provider Kaspersky Lab.

The most widespread exploits of 2015. (credit: Kaspersky Lab)

The most widespread exploits of 2016. (credit: Kaspersky Lab)

In 2015, 27 percent of Kaspersky users who encountered any sort of exploit were exposed to attacks targeting the critical Windows flaw indexed as CVE-2010-2568. In 2016, the figure dipped to 24.7 percent but still ranked the highest. The code-execution vulnerability is triggered by plugging a booby-trapped USB drive into a vulnerable computer. The second most widespread exploit was designed to gain root access rights to Android phones, with 11 percent in 2015 and 15.6 percent last year.

The Windows vulnerability was first publicly disclosed in July 2010, a few days before security reporter Brian Krebs was the first to report on the Stuxnet outbreak. The bug resided in functions that process so-called .LNK files that Windows uses to display icons when a USB stick is connected to a PC. By hiding malicious code inside the .LNK files, a booby-trapped stick could automatically infect the connected computer even when its autorun feature was turned off. The self-replication and lack of any dependence on a network connection made the vulnerability ideal for infecting air-gapped machines. Microsoft patched the vulnerability in August, 2010.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Exploits: how great is the threat?

Kaspersky Securelist - 20 Duben, 2017 - 10:57

How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents the full toolset or whether there’s more to come, related to either Equation or another targeted threat actor.

Of course, Equation Group is not the first, and is certainly not the only sophisticated targeted attacker to use stealthy, often zero-day exploits in its activity.

Today we are publishing an overview of the exploit threat landscape. Using our own telemetry data and intelligence reports as well as publically available information, we’ve looked at the top vulnerabilities and applications exploited by attackers.

We have examined them from two equally important perspectives. The first part of the report summarises the top exploits targeting all users in 2015-2016, and the most vulnerable applications. The second part considers the vulnerabilities exploited between 2010 and 2016 by significant targeted threat actors reported on by Kaspersky Lab: that’s 35 actors and campaigns in total.

This report focuses on attacks using client-side exploits and does not include data on attacks using server-side exploits.

Key findings on exploits targeting all users in 2015-2016:
  • In 2016 the number of attacks with exploits increased 24.54%, to 702,026,084 attempts to launch an exploit.
  • 4,347,966 users were attacked with exploits in 2016 which is 20.85% less than in the previous year.
  • The number of corporate users who encountered an exploit at least once increased 28.35% to reach 690,557, or 15.76% of the total amount of users attacked with exploits.
  • Browsers, Windows, Android and Microsoft Office were the applications exploited most often – 69.8% of users encountered an exploit for one of these applications at least once in 2016.
  • In 2016, more than 297,000 users worldwide were attacked by unknown exploits (zero-day and heavily obfuscated known exploits).

2015-2016 witnessed a number of positive developments in the exploit threat landscape. For example, two very dangerous and effective exploit kits – Angler (XXX) and Neutrino, left the underground market, depriving cybercriminals community of a very comprehensive set of tools created to hack computers remotely.

A number of bug bounty initiatives aimed at highlighting dangerous security issues were launched or extended. Together with the ever-increasing efforts of software vendors to fix new vulnerabilities, this significantly increased the cost to cybercriminals of developing new exploits. A clear victory for the infosec community that has resulted in a drop of just over 20% in the number of private users attacked with exploits: from 5.4 million in 2015 to 4.3 million in 2016.

However, alongside this welcome decline, we’ve registered an increase in the number of corporate users targeted by attacks involving exploits. In 2016, the number of attacks rose by 28.35% to reach more than 690,000, or 15.76% of the total amount of users attacked with exploits. In the same year, more than 297,000 users worldwide were attacked by unknown exploits. These attacks were blocked by our Automatic Exploit Prevention technology, created to detect this type of exploits.

Key findings on exploits used by targeted attackers 2010 -2016:
  • Overall, targeted attackers and campaigns reported on by Kaspersky Lab in the years 2010 to 2016 appear to have held, used and re-used more than 80 vulnerabilities. Around two-thirds of the vulnerabilities tracked were used by more than one threat actor.
  • Sofacy, also known as APT28 and Fancy Bear seems to have made use of a staggering 25 vulnerabilities, including at least six, if not more zero-days. The Equation Group is not far behind, with approximately 17 vulnerabilities in its arsenal, of which at least eight were zero-days, according to public data and Kaspersky Lab’s own intelligence.
  • Russian-speaking targeted attack actors take three of the top four places in terms of vulnerability use (the exception being Equation Group in second place), with other English- and Chinese-speaking threat actors further down the list.
  • Once made public, a vulnerability can become even more dangerous: grabbed and repurposed by big threat actors within hours.
  • Targeted attackers often exploit the same vulnerabilities as general attackers – there are notable similarities between the list of top vulnerabilities used by targeted threat actors in 2010-2016, and those used in all attacks in 2015-2016.

When looking more closely at the applications used by targeted threat actors to mount exploit-based attacks, we weren’t surprised to discover that Windows, Flash and Office top the list.

Applications and Operation Systems most often exploited by targeted attack groups.

Moreover, the recent leak of multiple exploits allegedly belonging to the Equation cyberespionage group highlighted another known but often overlooked truth: the life of an exploit doesn’t end with the release of a security patch designed to fix the vulnerability being exploited.

Our research suggests that threat actors are still actively and successfully exploiting vulnerabilities patched almost a decade ago – as can be seen in the chart below:

Everyone loves an exploit

Exploits are an effective delivery tool for malicious payloads and this means they are in high demand among malicious users, whether they are cybercriminal groups, or targeted cyberespionage and cybersabotage actors.

To take just one example, when we looked at our most recent threat statistics we found that exploits to CVE-2010-2568 (used in the notorious Stuxnet campaign) still rank first in terms of the number of users attacked. Almost a quarter of all users who encountered any exploit threat in 2016 were attacked with exploits to this vulnerability.

Conclusion and Advice

The conclusion is a simple one: even if a malicious user doesn’t have access to expensive zero-days, the chances are high that they’d succeed with exploits to old vulnerabilities because there are many systems and devices out there that have not yet been updated.

Even though developers of popular software invest huge resources into finding and eliminating bugs in their products and exploit mitigation techniques, for at least the foreseeable future the challenge of vulnerabilities will remain.

In order to protect your personal or business data from attacks via software exploits, Kaspersky Lab experts advise the following:

  • Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
  • Wherever possible, choose a software vendor which demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
  • If you are managing a network of PCs, use patch management solutions that allow for the centralized updating of software on all endpoints under your control.
  • Conduct regular security assessments of the organization’s IT infrastructure.
  • Educate your personnel on social engineering as this method is often used to make a victim open a document or a link infected with an exploit.
  • Use security solutions equipped with specific exploit prevention mechanisms or at least behavior-based detection technologies
  • Give preference to vendors which implement a multilayered approach to protection against cyberthreats, including exploits.

Further details on exploits used in attacks in 2015 and 2016, as well as by the big targeted threat actors over the last six years – and Kaspersky Lab guidance on how to address the threat they present, can be found in the full report.

MktoForms2.loadForm("//", "802-IJN-240", 11329);

Google Won't Trust Symantec and Neither Should You - 20 Duben, 2017 - 10:43 As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
Kategorie: Hacking & Security

Network Firewalls: How to Protect Your Network from Unauthorized Access - 20 Duben, 2017 - 10:41 They lack the buzz of more recent security innovations, so network firewalls can be overlooked. Yet firewalls are an essential aspect of any security strategy. We cover the basics of network firewall technology and look at the latest in next-generation firewalls.
Kategorie: Hacking & Security

Hackers Steal Payment Card Data From Over 1,150 InterContinental Hotels

The Hacker News - 20 Duben, 2017 - 10:22
InterContinental Hotels Group (IHG) is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on payment card systems at 1,174 franchise hotels in the United States. It's the second data breach that U.K.-based IHG, which owns Holiday Inn and Crowne Plaza, has disclosed this year. The multinational hotel conglomerate
Kategorie: Hacking & Security

Hackeři si vzali na mušku hotely. Napadli jich přes tisíc - bezpečnost - 20 Duben, 2017 - 08:35
Zhruba 1200 hotelů ve Spojených státech fungujících pod značkami řetězce InterContinental Hotels Group (IHG) se loni stalo terčem útoku hackerů, jejichž software mohl sbírat informace z platebních karet hostů. Informovala o tom firma.
Kategorie: Hacking & Security

Tanium exposed hospital’s IT while using its network in sales demos

Ars Technica - 19 Duben, 2017 - 23:11

Enlarge / Orion Hindawi, co-founder and chief technology officer of Tanium Inc. (credit: Getty Images/Bloomberg)

Information security company Tanium is a relatively well-established "next-generation" cybersecurity vendor that was founded 10 years ago—far ahead of the wave of the venture capital-funded newcomers, like Cylance, who have changed the security software space. (Tanium has reached a market valuation of more than $3 billion, though there are no indications of when it will make an initial public offering.)

Starting in 2012, Tanium apparently had a secret weapon to help it compete with the wave of newcomers, which the company's executives used in sales demonstrations: a live customer network they could tap into for product demonstrations. There was just one problem: the customer didn't know that Tanium was using its network. And since the customer was a hospital, the Tanium demos—which numbered in the hundreds between 2012 and 2015, according to a Wall Street Journal report—exposed live, sensitive information about the hospital's IT systems. Until recently, some of that data was shown in publicly posted videos.

In 2010, Tanium's software was installed at Allscripts Healthcare Solutions' El Camino Hospital (which markets itself as "the hospital of Silicon Valley") in Santa Clara County, California. The hospital no longer has a relationship with Tanium. While Tanium did not have access to patient data, the demos showed desktop and server management details that were not anonymized.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Microsoft Touts New Phone-Based Login Mechanism

Threatpost - 19 Duben, 2017 - 22:08
Microsoft announced this week its giving users a new way to sign into their accounts without long and complicated passwords.
Kategorie: Hacking & Security

Phishing with ‘punycode’ – when foreign letters spell English words

Sophos Naked Security - 19 Duben, 2017 - 19:58
Many letters in English come from Greek, so they look the same even if they don't sound the same. Phishers could use this to trick you...

Patched Flaw in Bosch Diagnostic Dongle Allowed Researchers to Shut Off Engine

Threatpost - 19 Duben, 2017 - 18:58
Two vulnerabilities were identified in Bosch’s Drivelog Connect OBD-II dongle and smartphone app that allowed researchers to shut off the engine of a vehicle.
Kategorie: Hacking & Security
Syndikovat obsah