Jump to content

Cyber threats and Malware are REAL THREATS!

Darthrevan

By Darthrevan,
in Lite & EZ

 Share

Recommended Posts

zipping

zipping

Supersonic

http://www.hardwarezone.com.sg/tech-news-new-exploit-called-krack-just-broke-wi-fi-security-don-t-panic

 

 

 

A new exploit called KRACK just broke Wi-Fi security (but don’t panic)
02_120x160.jpg By Koh Wanzi - on 17 Oct 2017, 10:30am

wi-fi-on-phone-stock-image.jpg

Image Source: Tech Radar

 

We’ve been told that the best thing to do when setting up a home Wi-Fi network is to check the WPA2 box. You know, because WEP is riddled with flaws. That’s good advice, but it may not be quite so secure anymore.

Researchers have published details of a major new vulnerability in Wi-Fi security, which potentially allows hackers to intercept data transmitted from a wireless device, including sensitive information thought to be encrypted such as passwords, chat messages, and even credit card numbers.

More importantly, the flaw affects all modern protected Wi-Fi networks, and researchers said that it is also possible to inject and manipulate data, so attackers could inject malware into websites.

The exploit has been dubbed KRACK, which stands for key reinstallation attack, and it takes advantage of several key management flaws in the Wi-Fi Protected Access II (WPA2) security protocol.

And because these weaknesses exist in the WPA2 standard itself and not individual products, any device that supports Wi-Fi is likely affected.

KRACK works by attacking the four-way handshake that all client devices execute when joining a protected Wi-Fi network.

Normally, this confirms that both the client and the access point have the correct credentials, such as the Wi-Fi password, and it also negotiates a new encryption key that will encrypt all subsequent traffic in the user’s session.

 

The latter step is the third step in the four-step process, and KRACK tricks a vulnerable client into reinstalling an already-in-use key by forcing the cryptographic handshake messages to be replayed over and over again.

The Access Point usually retransmits the key if it does not receive an appropriate response from the device in order to account for lost or dropped messages. Each time a client receives this message, it reinstalls the same encryption key, which then resets the counters for how many packets of data have been sent or received for a particular key.

Unfortunately, KRACK can force these resets by collecting and replaying transmissions of this third message, which allows hackers to replay, decrypt, or even forge data packets.

 

 

It’s not all doom and gloom however. The good news is that KRACK is incredibly hard to execute. For instance, an attacker would need to be within range of a targeted Wi-Fi network to execute the deed, so you’re probably safe at home or in the office (unless your neighbors or co-workers are secretly elite hackers).

Patches are also already rolling out, and Microsoft has already released a fix for supported Windows versions. Apple has patched the exploit in beta versions of iOS, tvOS, watchOS, and macOS as well, and these should go out to consumers in a few weeks.

On Google’s end, it’s promised to have a patch in the coming weeks. The company’s Pixel devices will be the first to get a fix on 6 November, but other Android phones probably won’t be so lucky. This is particularly important because Android phones are especially vulnerable, with researchers saying that Android 6.0 and up contains a flaw that “makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices.”

In the meantime, there are certain precautions you can take, such as updating all of your wireless devices and staying off public Wi-Fi networks where possible. You can also opt to use a wired Ethernet connection and cellular data on your phone.

Source: Mathy Vanhoef

 

  • Praise 2
Link to post
Share on other sites
zipping

zipping

Supersonic

http://www.hardwarezone.com.sg/tech-news-psa-watch-out-windows-movie-maker-scam

 

 

windowsmoviemakerscam.jpg

Windows Movie Maker scam is ranking high on search engines.

 

While Microsoft has officially discontinued its free video editing software Windows Movie Maker in January 2017, scammers have been distributing a modified version to unaware users with much success. 

According to IT security firm ESET, the Windows Movie Maker scam has been very successful due to search engine optimization of the scammer's website and continuing demand for the free video editing software. The scammer's website appears as one of the top search results on Google and Bing. 

 

The Windows Movie Maker scam works by prompting the user to upgrade to a full version to enjoy all features of the software. The prompts will appear when the software is launched and later when the user tries to save a document. The fee for upgrading to a full version is US$29.95 and is touted as a 25% discount on the payment website. 

If you have already installed this version of Windows Movie Maker, ESET recommends that you uninstall it and run a scan using any reputable antimalware solution. To avoid falling victim to similar scams, you are advised to download software from official sources. If a software is no longer distributed by its original maker and you really need to use it, these steps are recommended: 

  • Use a reliable security solution to detect and block malicious content
  • Consider using the official replacement for the discontinued software (in this case, it's the Windows Story Remix.)
  • Don't pay for software that is or was officially offered for free. The information on software pricing should be available online.

 

  • Praise 5
Link to post
Share on other sites
zipping

zipping

Supersonic

http://www.hardwarezone.com.sg/tech-news-hundreds-hp-laptops-have-been-found-have-hidden-keylogging-code

 

 

hp-envy-13.jpg

The HP Envy 13 is one of the affected notebooks. (Image Source: HP)

 

A security researcher has found a hidden keylogger in a touchpad driver commonly used on HP laptops.

Michael Myng, who also goes by the handle ZwClose, was initially just exploring the possibility of controlling the keyboard backlighting on a friend’s HP laptop. But after poking around in the Synaptics touchpad driver, he found what looked to be a sleeping keystroke logger that could be activated by a simple change in the Windows registry.

The keylogger is disabled by default and is supposedly included for debugging purposes during development, so it’s not that HP or anyone else was trying to actively monitor your keystrokes.

The problem is that it could be exploited by malicious actors to obtain log-in credentials or other sensitive data. A user or software with administrative privileges could activate the keylogger remotely using Windows Management Instrumentation (WMI) or PowerShell scripts, and have it generate a trace log file.

 

The code is also found on hundreds of HP and Compaq business and consumer notebooks, including models in the EliteBook, ProBook, Pavilion, and Envy lines.

HP has released a full list of the affected devices (it stretches back to 2012) here, so you might want to check it out if you own an HP laptop. The same driver is also used on Windows laptops from other brands and these are affected as well, according to HP.

The company has already made available patched drivers for its many laptops, and it stressed that neither it nor Synaptics had obtained customer data because of the keylogger.

A similar keylogger was found in audio drivers pre-installed on HP laptops in May, so this isn’t the first time the company has run foul of keyloggers.

Source: ZwClose

 

Link to post
Share on other sites
zipping

zipping

Supersonic

http://www.channelnewsasia.com/news/singapore/beware-of-dbs-singapore-airlines-phishing-websites-police-9513662

 

 

Beware of DBS, Singapore Airlines phishing websites: Police

An email reportedly sent as part of a phishing scam. (Photo: Joseph/Facebook)

 

 

 

 

20 Dec 2017 06:54PM(Updated: 20 Dec 2017 07:50PM)
Share this content
Bookmark
 

SINGAPORE: Several people have been tricked into providing their personal information and credit card details after responding to emails that were purportedly sent out by DBS Bank and Singapore Airlines (SIA), said the police on Wednesday (Dec 20).

The victims later discovered that unauthorised transactions in foreign currencies were made to their credit cards.

In the case of the DBS phishing scam, victims would receive an email informing them that their Internet banking accounts have been locked after multiple failed logins. Similarly, scammers have been luring Singapore Airlines customers into providing their personal data with promises of free air tickets or credits. 

Victims were then asked to clink on a link provided in an email and to follow the instructions to unlock their DBS accounts of complete an SIA survey. 

This link would direct them to a site resembling the genuine website of the companies, where they would be asked to enter their personal information and bank account details, credit card number and card verification value to verify themselves. 

They were also prompted to key in the one-time password sent to their mobile phones on the website.

 

The victims later received an SMS notification about unauthorised foreign transactions made through their credit cards. 

In its advisory, the police said members of the public should take the following measures to ensure that they do not fall for online scams:

  • Be cautious when disclosing personal and sensitive information online.
  • Look for tell-tale signs that indicate that a website is not genuine. For example, secure websites often use "https:" instead of "http:" in their URL, or display a closed padlock or unbroken key at the bottom of the web browser.
  • Report fraudulent charges to credit card bills to the bank immediately.

DBS Bank said in a statement that it is mindful of cybersecurity threats. 

"We actively alert our customers to any unusual internet banking login experience that may be caused by phishing or malware intrusions," a spokesman said. 

Alerts are posted on DBS' website at http://www.dbs.com.sg/security, and communicated to customers using emails, online banners and bank statements, DBS said. 

"If customers detect any unusual activity, they should inform the bank promptly, so that we are able to take the necessary action to protect them from incurring any loss," the spokesman added.

"Customers are reminded never to give out their userID, iBanking pin or OTP over the phone or via email and DBS staff will never ask for such information."

In a separate advisory on Wednesday, SIA warned customers to be wary if they receive emails, calls, messages, surveys and contests that claim to be from the airline and which offer free air tickets or credits.

Source: CNA/aa

 

 

 

post-172915-0-01232800-1513784307_thumb.jpg

Link to post
Share on other sites
Victor68

Victor68

Turbocharged

I just wonder, don't we have some schools here specialize in training students to counter this for our future? For their training, won't it be best to expose them to 1st hand training to take out such sites? :pissed-off:

Link to post
Share on other sites
Ash2017

Ash2017

Twincharged

I just wonder, don't we have some schools here specialize in training students to counter this for our future? For their training, won't it be best to expose them to 1st hand training to take out such sites? :pissed-off:

we have...

 

mcf

  • Praise 1
Link to post
Share on other sites
Jamesc

Jamesc

Hypersonic

I heard that people that suffer from dementia have been giving away

 

a lot of money to strangers from the internet?

 

Anyone here suffer from dementia?

 

:D

 

 

Link to post
Share on other sites
zipping

zipping

Supersonic

http://www.hardwarezone.com.sg/tech-news-intel-cpus-reportedly-have-security-flaw-and-patch-could-cause-huge-performance-hit

 

 

intel-8th-gen.jpg

Image Source: Intel

 

Reports have surfaced of a hardware bug in modern Intel CPUs that potentially allows an attacker to access low-level kernel memory, which is normally shielded from access by user programs.

At first glance, this means that hackers could more easily exploit other security bugs, but the more worrying scenario is when the vulnerability inadvertently allows programs and logged-in users to read the contents of the kernel’s memory.

This memory space may contain sensitive information, such as passwords and files cached from the disk.

All Intel processors produced in the past decade are thought to be affected, and the bug requires an OS kernel patches to fix, spanning major platforms like Windows, OS X, and Linux. That’s because the flaw is in Intel’s x86-64 hardware, and can’t be addressed with a microcode update.

A true solution would be new processors without the design flaw, so the OS patches are just a short-term measure. It involves separating the kernel’s memory completely from user processors using something called Kernel Page Table Isolation (KPTI).

Intel-CPU-Kernel-Memory-Bug.jpg

Image Source: python sweetness

 

When a running program performs an action, it needs to temporarily hand control of the processor to the kernel. This means a transition from user mode to kernel mode and then back again, where the kernel is present in the virtual memory address spaces of all processes to make the switch as quick as possible.

However, the kernel is invisible to these programs, even though the code and data is technically present.

 

What these KPTI patches do is move the kernel into a completely separate address space, so not only is it invisible to the running process, it’s not even there. Unfortunately, the fix comes with a performance penalty, as it can be quite time consuming to always have to switch between two different address spaces for every system call and hardware interrupt.  

Furthermore, these context switches don’t happen instantly, so the CPU has to constantly flush cached data and reload it from slower system memory.

Ultimately, this increases the kernel’s overhead, and leads to a slower machine. That said, newer Intel chips have features like Process-Context Identifiers that can reduce the performance penalty, which is said to be anywhere from five to 30 per cent, depending on the task and your hardware.

But don’t panic yet, because it seems like it’s the big-name cloud services that run large-scale applications, and not single users, that are the most affected. Early numbers on Linux platforms also show that I/O-intensive workloads are particularly sensitive to the KPTI changes.

Phronix-Compile-Bench-Test.jpg

Image Source: Phoronix

 

It's difficult to say for sure what this means for gaming performance, and we may not know how Microsoft intends to address this on Windows until its regular Tuesday patch.

In the meantime, AMD has put out a statement asserting that its chips are not affected.

Source: Hot Hardware

 

  • Praise 1
Link to post
Share on other sites
zipping

zipping

Supersonic

https://www.techspot.com/news/72551-hundreds-android-ios-apps-use-microphone-monitor-tv.html

 

 

 

Hundreds of Android and iOS apps use your microphone to monitor your TV viewing habits. Legal, but creepy By Rob Thubron  on Jan 3, 2018, 6:15 AM
2016-01-15-image-8.jpg

With so many modern devices containing microphones, it’s understandable that people worry about being surreptitiously recorded. But sometimes a bit of paranoia is justified. A report by the New York Times has found that hundreds of Android and iOS games are using smartphones’ mics, not to record conversations, but to monitor users’ TV viewing habits for advertising purposes.

More than 250 games on the Google Play store were found to use software from a company called Alphonso. While the firm says it doesn’t record human speech, it can collect data on what people are watching by identifying audio signals in TV ads and shows. The information is then sold to advertisers for analysis and to improve ad targeting accuracy.

Some of the apps that use the software don’t disclose this fact, while those that do tend to bury it in descriptions that require users to click a ‘read more’ button first, which very few people ever do.

CEO Ashish Chordia told the publication that his company also works with Hollywood studios to analyze people’s big-screen viewing habits. “A lot of the folks will go and turn off their phone, but a small portion of people don’t and put it in their pocket,” he said. “In those cases, we are able to pick up in a small sample who is watching the show or the movie.”

While many of the games are available in Google’s Store, some are found on Apple’s app store. Most of these apps do not otherwise use a microphone and can monitor a mic even when they’re closed. Moreover, several of them are aimed at children, something Alphonso says it doesn’t approve of.

Chordia has defended the practice, arguing that it complies with FTC guidelines and that "the consumer is opting in knowingly and can opt out any time."

Back in October, Facebook was once again forced to deny the long-running conspiracy theory that it listens in on users’ conversations for targeted advertising. In reality, it probably doesn’t need to—the social network already knows plenty about you and your friends.

 

↡ Advertisement
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...