Archive for the ‘censorship’ Category

Immediately Patch Microsoft 0 day vulnerabilities being used to spread SPYWARE!

Thursday, September 14th, 2017

 

Windows 0-Day Flaw

Get ready to install a fairly large batch of security patches onto your Windows computers.

As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products.

 The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE).

Affected Microsoft products include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • .NET Framework
  • Skype for Business and Lync
  • Microsoft Exchange Server
  • Microsoft Office, Services and Web Apps
  • Adobe Flash Player

.NET 0-Day Flaw Under Active Attack

According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild.

Here’s the list of publically known flaws and their impact:

Windows .NET Framework RCE (CVE-2017-8759)—A zero-day flaw, discovered by researchers at cybersecurity firm FireEye and privately reported it to Microsoft, resides in the way Microsoft .NET Framework processes untrusted input data.

Microsoft says the flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email.

The flaw could even allow an attacker to create new accounts with full user rights. Therefore users with fewer user rights on the system are less impacted than users who operate with admin rights.

According to FireEye, this zero-day flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year.

FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies.

Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.

“The [new variant of FINSPY]…leverages heavily obfuscated code that employs a built-in virtual machine – among other anti-analysis techniques – to make reversing more difficult,” researchers at FireEye said.

“As likely another unique anti-analysis technique, it parses its own full path and searches for the string representation of its own MD5 hash. Many resources, such as analysis tools and sandboxes, rename files/samples to their MD5 hash in order to ensure unique filenames.”

Three Publicly Disclosed Vulnerabilities

The remaining three publicly known vulnerabilities affecting the Windows 10 platform include:

  • Device Guard Security Feature Bypass Vulnerability (CVE-2017-8746): This flaw could allow an attacker to inject malicious code into a Windows PowerShell session by bypassing the Device Guard Code Integrity policy.
  • Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8723): This flaw resides in Edge where the Content Security Policy (CSP) fails to properly validate certain specially crafted documents, allowing attackers to trick users into visiting a website hosting malware.
  • Broadcom BCM43xx Remote Code Execution Vulnerability (CVE-2017-9417): this flaw exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change, or delete data, even create new accounts with full admin rights.

BlueBorne Attack: Another Reason to Install Patches Immediately

Also, the recently disclosed Bluetooth vulnerabilities known as “BlueBorne” (that affected more than 5 Million Bluetooth-enabled devices, including Windows, was silently patched by Microsoft in July, but details of this flaw have only been released now.

BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.

So, users have another important reason to apply September security patches as soon as possible in order to keep hackers and cyber criminals away from taking control over their computers.

Other flaws patched this month include five information disclosure and one denial of service flaws in Windows Hyper-V, two cross-site scripting (XSS) flaws in SharePoint, as well as four memory corruption and two remote code execution vulnerabilities in MS Office.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Source:
Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Information Regarding Server Issues for VyprVPN Customers in China | Golden Frog

Friday, January 23rd, 2015

We are aware of recent network issues affecting our VyprVPN customers in China. If you are in China and are having trouble connecting to several different VPN server locations, including US and Australia servers, please use the following locations:

Netherlands

Hong Kong

Connections to these locations have been successful, but may not have a 100% success rate. In the event one of those locations fails, please try another.

Thank you for your patience in this matter. We are investigating the issue and will provide you with an update once we have additional information.

via Information Regarding Server Issues for VyprVPN Customers in China | Golden Frog.

Google and Microsoft step in to oppose Marriott Hotels’ Wi-Fi blocking petition | The Verge

Wednesday, December 24th, 2014

Marriot Hotels
A petition to grant hoteliers the right to block personal Wi-Fi on their premises is being met with staunch opposition from the biggest technology companies. Google and Microsoft are among those who have filed objections, noting the illegality of any devices capable of interfering with radio signals.

Marriott has been fined for blocking wi-fi connections before

Recode writes that hotel company Marriott International and the American Hospitality & Lodging Association had petitioned the FCC to allow hotel operators to utilize equipment to manage their networks, regardless of whether it may result “in interference with or cause interference to” devices used by guests. This followed a $600,000 settlement case in October, when it was discovered that the employees of Marriott’s Gaylord Opryland Hotel & Convention Center were using a jammer to block off internet access.

Microsoft laid out its arguments against the petition in the filing, stating that a Wi-Fi hotspot set up by a hotel guest is authorized to operate in the unlicensed spectrum, and pointing out that “wilfully excluding these other authorized devices from using that unlicensed spectrum, under the guise of mitigating so-called threats to the reliability (performance) of an operator’s own network, violates Section 333,” which bars “wilful or malicious interference” to radio signals.” The company also pointed out that by restricting the ability to set up their own connections, Marriott would be forcing the customer to pay to access the hotel’s own Wi-Fi, having already paid their mobile operator for the ability to set up a hotspot anywhere.

The hotel chain had argued that it wasn’t breaking the law, but was protecting its guests from “rogue wireless hotspots that can cause degraded service, insidious cyber attacks and identity theft.” But Marriott’s arguments are weak, as there are several examples that show guests are far safer jumping onto their own personal Wi-Fi hotspots than they are connecting to a potentially compromised hotel Wi-Fi network. In November, for example, Kaspersky Labs discovered a group of hackers targeting high-profile business executives who were working from luxury hotels.

via Google and Microsoft step in to oppose Marriott Hotels’ Wi-Fi blocking petition | The Verge.

81% of Tor Users Can be Easily Unmasked By Analysing Router Information

Wednesday, November 19th, 2014

UPDATE

 1872  255 Reddit127  30  2549

 

81% of Tor Users Can be Easily Unmasked By Analysing Router Information

Tor has always been a tough target for law enforcement for years and FBI has spent millions of dollars to de-anonymize the identity of Tor users, but a latest research suggests that more than 81% of Tor clients can be “de-anonymised” by exploiting the traffic analysis software ‘Netflow’ technology that Cisco has built into its router protocols.

NetFlow is a network protocol designed to collect and monitor network traffic. It exchanged data in network flows, which can correspond to TCP connections or other IP packets sharing common characteristics, such UDP packets sharing source and destination IP addresses, port numbers, and other information.
The research was conducted for six years by professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi.
Chakravarty used a technique, in order to determine the Tor relays, which involved a modified public Tor server running on Linux, accessed by the victim client, and modified Tor node that can form one-hop circuits with arbitrary legitimate nodes.

The server modulates the data being sent back to the client, while the corrupt Tor node is used to measure delay between itself and Tor nodes,” researchers wrote in a paper PDF. “The correlation between the perturbations in the traffic exchanged with a Tor node, and the server stream helped identify the relays involved in a particular circuit.”

According to the research paper, to carry out large-scale traffic analysis attacks in the Tor environment one would not necessarily need the resources of a nation state, even a single AS may observe a large fraction of entry and exit node traffic, as stated in the paper – a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.

It is not even essential to be a global adversary to launch such traffic analysis attacks,” Chakravarty wrote. “A powerful, yet non- global adversary could use traffic analysis methods […] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.”

The technique depends on injecting a repeating traffic pattern into the TCP connection that it observes as originating from the target exit node, and then correlating the server’s exit traffic for the Tor clients, as derived from the router’s flow records, to identify Tor client.
Tor is vulnerable to this kind of traffic analysis because it is designed as low-latency anonymous communication networks.

To achieve acceptable quality of service, [Tor attempts] to preserve packet interarrival characteristics, such as inter-packet delay. Consequently, a powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections,” Chakravarty explains.

Chakravarty’s research on traffic analysis doesn’t need hundreds of millions of dollars in expense, neither it needed infrastructural efforts that the NSA put into their FoxAcid Tor redirects, however it benefits from running one or more high-bandwidth, high-performance, high-uptime Tor relays.
Just few days ago, US and European authorities announced the seizure of 27 different websites as part of a much larger operation called Operation Onymous, which led to take-down of more than “410 hidden domains” that sell illegal goods and services from drugs to murder-for-hire assassins by masking their identities using the Tor encryption network.

UPDATE
However, the Tor Project responded via a blog post. In a statement Tor project member ‘Arma’ confirmed that they have been aware of the network analysis attacks and has already implemented security measures in place.

It’s great to see more research on traffic correlation attacks, especially on attacks that don’t need to see the whole flow on each side. But it’s also important to realise that traffic correlation attacks are not a new area.” reads the blog post.

The discussion of false positives is key to this new paper too: Sambuddho’s paper mentions a false positive rate of 6%. … It’s easy to see how at scale, this ‘base rate fallacy’ problem could make the attack effectively useless,” he said.

via 81% of Tor Users Can be Easily Unmasked By Analysing Router Information.

Victimized Celebs Blamed for Their Indecent Exposure | Hacking | TechNewsWorld

Wednesday, September 3rd, 2014

icloud iphone

The iBrute code on GitHub is "a garden-variety brute-force attack," said Andrew Jaquith, CTO of SilverSky.

The "fmipmobile.icloud.com" host that the iBrute code authenticated against is found in 76 other GitHub locations, which means the authentication vector "was clearly well-known to the broader programming community," he explained.

Apple "already has protections against brute force for most of their websites," Bob Doyle, security consultant at Neohapsis, told TechNewsWorld. "Reports now indicate they’ve restricted the number of incorrect guesses you can send to the "Find My iPhone" API, which should make it resistant to automated brute-forcing attacks like these."

Let’s Hear It for Fear and Loathing!

"When Scarlett Johansson’s account got hacked, that should have been a massive red flag for any celebrity who had any kind of compromising photographs in their accounts," KnowBe4’s Sjouwerman said. "If they had nude photos of themselves on the Internet, they should have deleted them."

Johansson’s account was hacked in 2011 and the hacker, Christopher Chaney, was jailed.

"This entire situation underscores the reality that today’s interconnected universe of networks is extremely complex and the potential access methods for criminals are many and varied," Steve Hultquist, chief evangelist at RedSeal Networks, told TechNewsWorld.

Protect Yourself at All Times

"Celebrities have, and always will be, easy targets simply due to the amount of information about their lives which can be gleaned from any gossip site," Evan Keiser, a security analyst at SilverSky, told TechNewsWorld.

via Victimized Celebs Blamed for Their Indecent Exposure | Hacking | TechNewsWorld.

​Elite US hackers shut down Syrian internet trying to snoop on traffic – Snowden

Thursday, August 14th, 2014

Syrian Internet and TAO

An elite team of US government hackers left Syria without internet, when they tried to hack one of the cores routers but instead crashed it, NSA whistleblower Edward Snowden said.

The three-day nationwide internet blackout in war-torn Syria in November 2012, which was blamed on either the government or the rebels, depending on who you listened to, was actually the doing of the Tailored Access Operations (TAO), a group of hackers in the employment of the US National Security Agency.

NSA whistleblower Edward Snowden told the story to Wired magazine as it was preparing its cover story on MonsterMind, a US software designed to detect cyber-attacks and hit back in response.

via ​Elite US hackers shut down Syrian internet trying to snoop on traffic – Snowden — RT News.

US senator urges FCC net neutrality hearings outside Washington | Reuters

Wednesday, August 13th, 2014

net neutrality

The FCC is working to write new so-called "net neutrality" rules that regulate how Internet service providers ISPs manage traffic on their networks. In January, a federal court struck down their previous version.More than 1 million comments have poured into the FCC on the issue, many of them in opposition to the rules tentatively proposed by the FCC. The proposed rules, while prohibiting ISPs from blocking any content, suggest allowing some "commercially reasonable" deals where content providers could pay ISPs to ensure smooth and fast delivery of their traffic.The FCC is now planning six roundtable discussions in September and October at its offices in Washington, where the public can meet with FCC staff to talk about the proposed rules and how they may be changed.Leahy, a Democrat from Vermont, urged to expand the FCC’s roundtables to other parts of the country, which the FCC has done in the past on other controversial issues such as changes to the rules restricting who can own how many and what kinds of media outlets in local markets."Most of those who had commented on the proposed rules online will not be able to come to Washington to participate in the roundtables that have been scheduled, but their voices are more important than industry lobbyists and Members of Congress," Leahy wrote to Wheeler.

via US senator urges FCC net neutrality hearings outside Washington | Reuters.

Russian Gov offers big money for anonymous TOR network exploit

Saturday, August 2nd, 2014

The Russian government is offering almost 4 million ruble which is approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor, an encrypted anonymizing network used by online users in order to hide their activities from law enforcement, government censors, and others.
The Russian Ministry of Internal Affairs (MVD) issued a notice on its official procurement website, originally posted on July 11, under the title “шифр «ТОР (Флот)»” ;which translates as “cipher ‘TOR’ (Navy)” an open call for Tor-cracking proposals whose winner will be chosen by August 20.
The MIA specifically wants researchers to “study the possibility of obtaining technical information about users and users’ equipment on the Tor anonymous network,” according to a translated version of the Russian government’s proposal.

TOR network vulnerable and de-anonymized!

Saturday, August 2nd, 2014

A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday.
115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS
According to a security advisory, Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users.
“While we don’t know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected,” Tor said.
When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, making it very difficult for anyone — malicious actor or a government spy agency — to tell where traffic is coming from and going to.

Germany to Consider Typewriters to Protect From US Spying

Wednesday, July 16th, 2014

typewriter

So far we have heard that using privacy tools by every individual and offering encrypted communication by every company is the only solution to Mass Surveillance conducted by the government and law enforcement authorities. But, Germany says the only solution to guard against surveillance is – Stop using Computers!!

Ohh Please!! Is it a joke?

No, it does not mean that they are going to completely throw out all of their computer systems, but rather they would use it preposterous.

A year ago, when it came to light that German Chancellor Angela Merkel’s own personal mobile phone had been spied by the U.S. National Security Agency (NSA) for years, Surveillance has become a big issue for Germany. Such a big that prominent politicians are seriously considering using manual typewriters for sensitive documents instead of computers.

The head of the Germany’s NSA Inquiry Committee, Patrick Sensburg said in an interview with the Morgenmagazin TV show on Monday night, that the government is seriously considering a low-tech solution to the ongoing espionage problem and to keep American eyes off of sensitive documents.

via Germany to Consider Typewriters to Protect From US Spying.