Microsoft will release two critical patches this coming Tuesday April the 9th. The pair of patches are both for Windows and one for Internet Explorer.
One of the patches is a critical update to Windows 8, Vista, 7, XP and RT. The other patch is deemed "important" and is for Vista, 7 and XP. There is also patches for Windows Server 2012, 2008, and Server Core. An update of Microsoft's Windows Malicious Software Removal tool is also expected.
Keep an eye out for the updates next Tuesday.
Crowd funding website Indiegogo was hit by a DDOS attack by an unknown source after YourAnonNews posted up a fundraising campaign. YourAnonNews (YAN) is attempting to raise funds to develop and host a new website that is similar to a newswire for Anonymous news. Apparently someone didn't like the idea.
Over the past two years Your Anon News (YAN) has been many things to many people and has continuously evolved under the guidance of numerous contributors. Since our humble beginnings as a new account we have always resisted being held to the constraints placed upon mainstream media outlets, but were limited to the tools available to us via Twitter and Tumblr. Those of us contributing to YAN have always desired to expand our capabilities and to report, not just aggregate, the news.
It's not clear where the DDOS attack originated from and Indiegogo hasn't been exactly forthcoming about the attack. Slava Rubin, founder of Indiegogo, apologized for the outage and offered an extension to any campaigns ending this week: "Any campaigns scheduled to conclude this week will have the option of extending until Sunday by contacting our 24-7 Customer Happiness team."
You can check out the YAN Indiegogo campaign on the Indiegogo site.
Scribd has announced that it suffered a minor hack earlier this week. The hack seems to have targeted just user login information, meaning only e-mails and passwords were at risk. Scribd adds that they believe less than 1 percent of users were affected by the attack and that they have contacted every account asking them to reset their password.
Because of the way Scribd securely stores passwords, we believe that the passwords of less than 1% of our users were potentially compromised by this attack...We have now emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password...Our investigation indicates that no content, payment and sales-related data, or other information were accessed or compromised. We believe the information accessed was limited to general user information, which includes usernames, emails, and encrypted passwords.
If you didn't receive an e-mail, you're probably not affected. If you're still concerned, Scribd has set up a website to allow you to check if your account was one of the affected accounts.
If you haven't been keeping up with the current affairs of the world, North Korea are testing the waters of war at the moment - all while South Korea and their very tight and even more capable ally, the United States, play their war games with B2 Stealth Bombers, among other expensive military toys.
All while this is happening, Anonymous are jumping into the ring where the hacking collective are said to have started an initiative called "Operation Free Korea" and they're demanding that North Korean leader Kim Jong-un resign and install free democracy in the country.
Anonymous have also demanded that North Korea abandon their nuclear ambitions, and for the NK government to give universal and uncensored Internet access to their citizens. The hacking collective have claimed they've hacked into the North Korean intranet, mail servers and Web servers, threatening to wage war if their demands aren't met. The group has written:
We got all over 15k membership records of Uriminzokkiri.com and many more. First we gonna wipe your data, then we gonna wipe your badass dictatorship 'government.'
The world's largest DDoS attack took place between two Dutch companies, saw 300Gbps peak speeds during attack
The New York Times is reporting that a fight between Dutch anti-spam group Spamhaus and Dutch hosting company Cyberbunker has escalated quite quickly, not just in attacks, but in the pure bandwidth used.
The fight saw the world's largest recorded distributed denial-of-service (DDoS) attack, which saw peak speeds of 300Gbps this week. How did this all start you ask? Well, it started when Spamhaus added Cyberbunker to their blacklist, which is designed to help email providers block spammers.
It wasn't long after this that the anti-spam group was hit by a mammoth DDoS attack that was described by Akamai Networks chief architect, Patrick Gilmore, as "the largest publicly announced DDoS attack in the history of the Internet."
Activist in Tibet might want to reconsider spreading the word about their next rally through their Android based smartphones. Researchers at Kaspersky Labs have just discovered a new Trojan virus that is designed to target Tibetan and Uyghur Activist.
The malware is specifically designed for Android Phones and is injected into the device when the unsuspecting user opens an email that references the recent World Uyghur Conference. Kaspersky says that this is the first documented attack that targets Android smartphones but it will most certainly not be the last.
In an interview with Mashable, Kurt Baumgartner, a senior security researcher at Kaspersky, said:
This is the first time a precisely targeted attack is implementing an Android-based Trojan... this is the first instance that it was used in a targeted attack that's publicly documented.
Apple appears to be taking security more seriously. Just a mere 24 hours after Yontoo adware was discovered to be affecting Mac OS X systems, Apple has pushed out an update to its malware definitions to protect from the malware. The Yontoo adware was found to be injecting ads into sites visited in Chrome, Safari, and Firefox.
Apple hasn't always been so quick to respond to new threats. For a long time, Apple actually advertised that Mac OS X was basically invulnerable to viruses. Variants of Yontoo are bound to show up and it will be interesting to see if Apple is able to keep them at bay. As always, we'll keep our eye on the latest security threats and alert users when major problems arise.
If you haven't enabled two-factor authentication quite yet, you might want to get on it. Yes, right now. A new vulnerability has been found that will allow a malicious user to reset a user's password by knowing just their e-mail address and date of birth. It's not clear if this bug resulted from Apple's new two-step authentication or if it has always been there.
A guide to doing the hack has been posted online, though we will not be linking to it for some very obvious security reasons. A malicious user has to simply paste in a modified URL and answer the date of birth security question to reset the password. The exploit makes use of Apple's iForgot tool.
Nearly 48 hours ago, South Korea saw a cyber attack that took down multiple banks and TV stations. It's now being reported that the cyber attack wiped the HDDs of the affected PCs, according to McAfee's analysis on the attack.
The PCs were infected by malware, wiping the master boot record (MBR) of the affected PCs. The MBR on a HDD contains crucial information on how the file systems on a HDD are organized, messing with this can take down a system easily. The malware used overwrote the data in the MBR with some weird characters: "PRINCPES, PR!NCPES, HASTATI." The attack also overwrote some random parts of the file system with the same weird characters.
The systems affected were then given a forced reboot command, but because the MBR and file system were attacked and thus corrupted, the restart was unable to complete.
Apple is implementing a security feature known as two-step verification. It's similar to the security measures used by Google and other web services. Users are able to enable the service through the Apple ID website, after which two-step verification will be required to make changes to a user's account.
Users will set up a trusted device, such as a Mac or iPhone, and will need to print a recovery key. In order to reset a user's password, they will need to have access to the recovery key that they printed out. The first time you attempt to buy an app on a new device, you'll be required to enter a pin that can be accessed from a trusted device.
You can head over to the Apple ID website to enable it for yourself. It's definitely recommended, though it's only currently available in the United States, United Kingdom, Australia, Ireland, and New Zealand.
A new virus specific to Mac has been discovered by Russian security firm Doctor Web. Named Trojan.Yontoo.1, the virus injects ads into webpages on the infected machine.
The malware works by installing an adware plugin into any of the popular browsers then overlays an advertisement in key locations on webpages. Doctor Web says that this trojan is just another piece of a large adware puzzle that has been infecting OS X for some time now.
The virus can be caught in several different ways, with the most popular method being the use of movie trailer pages in which users must install a plugin to view the content. Other methods of injection have been media player enhancement programs and download accelerators. One indication of infection is that when launched, Trojan.Yontoo.1 will prompt users to install a program called "Free Twit Tube" or something similar.
No information has been released from Apple on a removal tool yet, and it is expected that Apple will just patch its XProtect.plist which already blocks about 15 previous malware attacks. The best thing is to avoid any installs from unknown websites or anything that has a funny name. Remember, Google is your friend and if you are unsure of an application's validity, a five second search could prevent an infection. Be smart.
Just when Apple thought they were out of the woods, a new lockscreen vulnerability has been discovered. Apple released iOS 6.1.3 to fix a previously found lockscreen vulnerability, though it appears to have introduced a new one--or failed to fix one that was present in previous versions.
The bug isn't too difficult to activate, nor is it difficult to protect from. A person needs to simply make a telephone call by using Siri and remove the SIM card at the correct time. The bypass is demonstrated in the above embedded video.
To protect against the bypass until Apple fixes it, you just have to disable voice dial from the Password Lock screen. It's time for Apple to start working on iOS 6.1.4.
Samsung has confirmed that they are working on a fix for a flaw that allows bypassing of the lock screen. The bug was posted to the internet today and shows a method for bypassing the lock screen, permanently, if you have enough time to download an app from the Play Store.
The steps to reproduce the bug are below:
- From the lock screen, hit the emergency call button.
- Dial a non-existent emergency services number - e.g. 0.
- Press the green dial icon.
- Dismiss the error message.
- Press the phone's back button.
- The app's screen will be briefly displayed.
- This is just about long enough to interact with the app.
- Using this, you can run and interact with any app / widget / settings menu.
- You can also use this to launch the dialler.
- From there, you can dial any phone number (one digit at a time) and place a phone call.
- With Google Play, you can search for apps using the voice interface.
- You can download apps from the app store which will disable the screen lock.
The bug is only present on Samsung's implementation of Android. It doesn't seem to affect the stock build. In a statement, Samsung said, "We are aware of this issue and will release a fix at the earliest possibility. Samsung considers user privacy and the security of user data its top priority."
Microsoft is currently dealing with some high-profile hackings that have compromised the Xbox Live accounts of former and current Microsoft employees. The attack apparently used a series of stringed social engineering tactics that collected social security numbers and other information necessary to gain access to the accounts.
A group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox Live accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use.
It's not clear what Microsoft will be able to do to prevent this from happening in the future. Microsoft needs a way to properly identify an account's owner, but they can't prevent third-parties from giving out that private information.
NATO has released a new document that lays down the law about cyber warfare for all of its members. The document details what is considered acceptable and what is thought of as out of bounds for state sponsored hacking.
Hospitals, nuclear power stations, dams and dykes are all on the do not touch list much like similar UN resolutions that do not allow its members to bomb certain targets. The new document does give the go-ahead to enact analog war against a country who is digitally attacking you.
"An international armed conflict exists whenever there are hostilities, which may include or be limited to cyber operations occurring between two states or more." The Guardian suggest that this may roll over into the so-called "hacktivist" community as well. This could leave its members venerable to physical attack if a country deems them a threat.
Samsung will be issuing a fix for a bug that allows unfettered access to a locked Galaxy S3's files "shortly". Meanwhile, Lookout, the company behind the popular antivirus app of the same name, has already produced a fix that is currently available through the Google Play Store.
Lookout describes how their app protects devices from being exploited through this particular bug: "When Lookout detects the emergency contact dialer has been backgrounded, we preemptively bring it back to the forefront so that the rest of the phone cannot be accessed."
Lookout says they expect Samsung to be released shortly, though an official statement from Samsung has not been given. Lookout highly recommends updating to the latest patch whenever Samsung makes it available. You can read Lookout's full blog post about the issue here. To read more about the bug in the Galaxy S III, you can see our other coverage.
China has said that it is willing to cooperate with the US in an effort to curb future cyber-attacks allegedly coming from within its borders. The country said it is ready to open a "constructive dialogue" to help put a stop to internet related attacks.
In a report released by the Associated Press, a spokesperson for China's foreign ministry said that he condemned the recent attacks. "Cyberspace needs rules and cooperation, not wars. China is willing to have constructive dialogue and cooperation with the global community, including the United States."
The response from China comes after White House national security adviser Tom Donilon released a statement saying "China should take serious steps to investigate and put a stop to these activities," and asked the country to "engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace."
Both the US and China have been working diligently to resolve their issues for quite a while now. After a visit by the Chinese Defense Ministry to the White House last year, then-US Defense Secretary, Leon Panetta, said that it was "essential for our two nations to communicate effectively on a range of very challenging issues.. our goal is to establish a constructive relationship for the future." It appears that we may be well on the way to achieving that goal after today's news.
As part of Microsoft's Patch Tuesday, the Windows developer will be pushing out a total of seven updates for Internet Explorer, Silverlight, and Office. Four of the patches are marked "critical", which means that they allow an attacker to run malware on the PC just by the person visiting a web site.
One of the critical patches is destined to fix a security hole present in Internet Explorer 6 to Internet Explorer 10 across XP to Windows 8. The critical Office patch is an interesting one. Woflgang Kandek, CTO at security firm Qualys notes:
"It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the 'critical' rating.
Like with all security updates, we recommend that you install these updates as soon as Microsoft makes them available.
At the Pwn2Own hacking competition currently running in Vancouver, Canada, two security researchers from MWR Labs have managed to exploit Google Chrome. As a result of this impressive feat, they have been awarded a $100,000 prize. The exploit relied on a bug in Chrome as well as a bug in the kernel of Windows 7.
By visiting a malicious webpage, users could be susceptible to the exploit, even if they are running fully patched software. The exploit allowed the researchers to run code in the sandboxed renderer process. They then utilized a kernel exploit in Windows 7, which granted them elevated privileges.
MWR Labs will not release details on the exploit until the vendors have a chance to patch the vulnerabilities. Chrome is generally seen as the most secure and was picked because of its wide use and perceived security.
In one of those "why would anyone ever think to try something like this" moments, researchers have discovered that freezing encrypted Android devices will allow them to gain access to previously encrypted data. The encryption scheme used by Android has been a "nightmare" for law enforcement, though it looks like this won't be the case for much longer.
Tilo Muller, Michael Spreitzenbarth and Felix Freiling, researchers at Erlangen's Friedrich-Alexander University, placed Android phones into a freezer until they were below -10C. For some reason, this allowed them to quickly connect and disconnect the battery, placing the phone into a vulnerable mode.
Once the phone was in this state, they could load custom software onto the device. Known as Forensic Recovery of Scrambled Telephones, or FROST for short, the software allowed the data to be copied off to a computer for analysis. Luckily for consumers, the group of researchers are now attempting to figure out a way to prevent this hack from working.
Coming on the heels of a bug that allows partial access to the Galaxy Note II, a new bug has been discovered that provides full access to a device locked with a pin, password, or gesture. The bug was posted on the Full Disclosure mailing list by Sean McMillian and makes use of a variation on the original bug.
ZDNet verified the bug on their Galaxy S III running Android 4.1.2 and note that "the issue is very small and difficult to replicate at first." McMillian's instructions are as follows:
- On the code entry screen, press Emergency Call
- Press Emergency Contacts
- Press the Home button once
- Just after pressing the Home button, press the power button quickly
- If successful, pressing the power button again will bring you to the S3's home screen.
It seems like it's not just Apple that is having security issues stemming from the emergency call function. Samsung has not yet commented on the bug and there is not a current estimate for how long it will take for a fix to be released.