Patrick Howell O’Neill – Page 21

Linksys ignores zero-day exploit discovered on DirecTV hardware

Posted on December 13, 2017 by Patrick Howell O'Neill

Researchers publicly disclosed a zero-day exploit in a piece of television hardware on Wednesday after trying to get the device maker to fix the flaw over the past few months. The device, Linksys WVBR0-25, is a wireless video bridge that DirecTV parent company AT&T gives to new customers for the satellite television service. A Trend Micro researcher and DirecTV customer found that, without authentication, the WVBR0-25 hands out information including connected clients and running processes. A wireless video bridge is an access point (similar to a router) used by DIRECTV to send signals to a user’s wireless set top boxes. The easy-to-exploit vulnerability allows hackers to potentially gain root access and take full control of the device. The device also fails to properly sanitize data and leaves the door wide open to remote attackers taking over the device, said Dustin Childs, director of communications for Trend Micro ZDI. Although the issue was reported over half a year ago by Trend Micro’s […]

The post Linksys ignores zero-day exploit discovered on DirecTV hardware appeared first on Cyberscoop.

Continue reading Linksys ignores zero-day exploit discovered on DirecTV hardware→

It’s easy to fake Extended Validation certificates, research shows

Posted on December 12, 2017 by Patrick Howell O'Neill

What does the happy green lock at the top of your browser mean? Maybe not what you think. Extended Validation certificates — the files that tell your browser to show the lock — are supposed to make crystal clear who owns a website, in order to stymie cyberattacks and phishing. Instead, EV certificates are dangerously easy to fake, according to experts like U.S.-based researcher Ian Carroll. The certificates are meant to prove legal ownership of HTTPS websites so that you are certain, for instance, that Google owns the website you’re visiting. Browsers like Chrome and Firefox show a green bar with the company name to signify security. The iOS version of Safari even replaces URLs entirely with the EV certificate. The problem, Carroll explained in a recent blog post, is that it’s easy to incorporate under the same name as big-time companies and therefore imitate their EV certificate. Carroll did exactly that by incorporating […]

The post It’s easy to fake Extended Validation certificates, research shows appeared first on Cyberscoop.

Continue reading It’s easy to fake Extended Validation certificates, research shows→

Atos makes $5 billion bid for Gemalto

Posted on December 12, 2017 by Patrick Howell O'Neill

Atos, a French technology consulting firm, to buy the Dutch tech firm Gemalto for €4.3 billion ($5.06 billion) on Monday. The acquisition offer was made two weeks ago at a premium of 42 percent on Gemalto’s stock price. Combining Atos and Gemalto will create a cyber and national security business with total annual revenue of €1.5 billion, Breton said in a statement on Monday. That line of business in particular would be a major player in both the European and American markets. Gemalto’s cybersecurity business is a driving force behind the offer, according to Thierry Breton, Chairman and CEO of Atos. Gemalto is one of the world’s biggest microchip manufacturers, but profits have been lower than expected for the last year. The company is the world’s largest manufacturer of SIM cards and credit card chips. Gemalto’s businesses in data encryption, identity and access management and crypto management are meant to complement Atos’s artificial intelligence, big data, high performance computers and cloud […]

The post Atos makes $5 billion bid for Gemalto appeared first on Cyberscoop.

Continue reading Atos makes $5 billion bid for Gemalto→

Conficker worm still spreading despite being nearly 10 years old

Posted on December 8, 2017 by Patrick Howell O'Neill

Nearly a decade after it first burst across the world, the Conficker worm remains one of the internet’s most prevalent malware threats, according to research by the security firm Trend Micro. Conficker, also known as Downad, was first spotted in 2008 when it infected as many as 15 million machines. Experts saw it as one of the worst and most sophisticated cybersecurity crises to date. The malware rapidly propagates across networks via network shares, removable media or software vulnerabilities. European businesses and governments quickly lost millions due to disruptions. By technological standards, Conficker’s initial attack phase occurred a long time ago. This year, however, saw 2,564,618 successful infections. The pattern is clear: Anyone using old, unpatched machines remain vulnerable and are hit with abandon. “Although it is not as exciting to the public eye as more modern malware such as WannaCry and Petya, it remains a persistent threat – and will continue to be as […]

The post Conficker worm still spreading despite being nearly 10 years old appeared first on Cyberscoop.

Continue reading Conficker worm still spreading despite being nearly 10 years old→

Critical vulnerability found in Microsoft Malware Protection Engine

Posted on December 7, 2017 by Patrick Howell O'Neill

Microsoft revealed a critical vulnerability in the Microsoft Malware Protection Engine (MPE) on Thursday that allows an attacker to take full control of a target’s computer. A vast array of Microsoft security products are affected, including Windows Defender for Windows 10. The Microsoft Malware Protection Engine provides the core cybersecurity capabilities for Microsoft anti-virus and anti-spyware programs in all of the company’s products. The vulnerability is fixed and patches are going out to users now. There is no sign it was exploited in the real world, according to Microsoft. The vulnerability is exploited when a specially crafted file is scanned by the Microsoft Malware Protection Engine that then allows an attacker to gain remote code execution. The report from Microsoft warned “there are many ways that an attacker could place a specially crafted file in a location that is scanned” by the vulnerable software. A dangerous file could be delivered by a website, email and messengers. If […]

The post Critical vulnerability found in Microsoft Malware Protection Engine appeared first on Cyberscoop.

Continue reading Critical vulnerability found in Microsoft Malware Protection Engine→

Stanford U. official ousted after keeping quiet about huge exposure of sensitive data

Posted on December 6, 2017 by Patrick Howell O'Neill

The chief digital officer at Stanford University’s Graduate School of Business is out of a job after failing to disclose a data breach that included confidential student financial aid records and sensitive information from 10,000 employees. Ranga Jayaraman served as CDO at Stanford for six years before stepping down Wednesday. The decade-old breach was made public after a business school student found 14 terabytes of confidential student data from financial aid applications in February 2017 on an unspecified public server. Stanford business student Adam Allcock reported the breach and saw the records removed within an hour. Public disclosure only took place on Dec. 1 after Jayaraman originally had made the decision to not disclose the breach. In an email to colleagues seen by the San Francisco Chronicle, Jayaraman took “full responsibility for the failure to recognize the scope and nature of the … data exposure and report it in a timely manner to the Dean and the University […]

The post Stanford U. official ousted after keeping quiet about huge exposure of sensitive data appeared first on Cyberscoop.

Continue reading Stanford U. official ousted after keeping quiet about huge exposure of sensitive data→

Ethiopia using Israeli spyware to spy on dissidents, journalists

Posted on December 6, 2017 by Patrick Howell O'Neill

The Ethiopian government targeted dissidents around the world with spyware developed by the Israeli firm Cyberbit, according to the Toronto-based research institute The Citizen Lab. Dissidents in the United States, United Kingdom and approximately 20 total countries are targeted with phishing emails containing spyware pretending to be Adobe Flash updates and PDF plugins. Targets included Ethiopian media, a lawyer and a PhD student. A Citizen Lab researcher, Bill Marczak, was also targeted during the course of the investigation. Cyberbit, a subsidiary of the publicly traded company Elbit Systems, markets their wares at all the major offensive hacking industry conferences including ISS World and Milipol. Researchers found a public log file on the spyware’s infrastructure suggesting the company’s other clients include Thailand, Zambia and the Philippines. “Our analysis of the spyware indicates it is a product known as PC Surveillance System, a commercial spyware product… offered by Cyberbit — an Israel-based cyber security company that is a […]

The post Ethiopia using Israeli spyware to spy on dissidents, journalists appeared first on Cyberscoop.

Continue reading Ethiopia using Israeli spyware to spy on dissidents, journalists→

Kirstjen Nielsen confirmed as Homeland Security Secretary

Posted on December 5, 2017 by Patrick Howell O'Neill

The Senate confirmed Kirstjen Nielsen on Tuesday as Secretary of Homeland Security by a vote of 62-37. The tally comes after President Donald Trump nominated Nielsen once John Kelly moved to become Trump’s chief of staff. She previously was the White House’s deputy chief of staff where she was widely considered a close Kelly ally. Nielsen was chosen by the White House as the preferred nominee in early 2017 but waffled on the decision, which stalled the nomination of DHS leadership for months. Nielsen’s confirmation comes despite criticism on her relative lack of leadership experience, independence and ethics that hampered her nomination process. Despite increasing prominence in the national conversation, cybersecurity was a secondary topic during Nielsen’s confirmation hearing. The security of voting machines, the electric grid and the nation’s critical infrastructure took a relative backseat to climate change, border security and immigration enforcement. Senate committee votes to nominate Nielsen were delayed multiple times […]

The post Kirstjen Nielsen confirmed as Homeland Security Secretary appeared first on Cyberscoop.

Continue reading Kirstjen Nielsen confirmed as Homeland Security Secretary→

Andromeda botnet mastermind arrested in Belarus, identified by his ICQ number

Posted on December 5, 2017 by Patrick Howell O'Neill

The prolific hacker behind the Andromeda botnet was brought down by open source intelligence, according to the cybersecurity firm Recorded Future. One day after an international collection of law enforcement announced the dismantlement of the long-running Andromeda botnet, researchers say they identified the man arrested in Belarus as the leader behind one of the oldest and widespread botnets in history. Recorded Future identified Sergey Jaretz, a 33-year old male residing in Rechitsa, Belarus as recently arrested by Belarusian authorities as part of the global police effort. Online, he was known as Ar3s but he hasn’t been seen online since November 22. “Ar3s is recognized as a leading expert in malware development and reverse engineering, network security, and antivirus technology,” Recorded Future analysts Andrei Barysevich and Alexandr Solad wrote in a blog post. “On technologically sophisticated forums he acts as a highly reputable guarantor of deals on the one hand, and an analyst on the other. ” Andromeda, […]

The post Andromeda botnet mastermind arrested in Belarus, identified by his ICQ number appeared first on Cyberscoop.

Continue reading Andromeda botnet mastermind arrested in Belarus, identified by his ICQ number→

Android developer apps suffered from multiple severe vulnerabilities

Posted on December 5, 2017 by Patrick Howell O'Neill

A series of critical vulnerabilities in Android developer tools exposed software developers to breaches that could allow access to every file on the developer’s computer, according to the Israeli cybersecurity firm Check Point Technologies. Several of the most common Android development tools were affected, including Google’s Android Studio, JetBrains’ IntelliJ IDEA and Eclipse. The problems also impact reverse-engineering tools like APKTool, the Cuckoo-Droid service and more. This past year has seen multiple supply chain cyberattacks against organizations, including hacks against CCleaner and Notepad++. The goal is to gain access to organizations and then progress to attacking users and companies. The vulnerabilities discovered by Check Point opened up Android developers, the largest software development community in the world, to a series of potential attacks that ultimately put a wide array of users at risk. Check Point researchers found APKTool suffered a XML External Entity (XXE) vulnerability that exposed users’ entire operating system that let attackers […]

The post Android developer apps suffered from multiple severe vulnerabilities appeared first on Cyberscoop.

Continue reading Android developer apps suffered from multiple severe vulnerabilities→