security news byes- nov

43
Security News Bytes Basaveswar Twitter: @basaveswark 11/26/2014 1 Null / OWASP / G4H Bangalore November Meet

Upload: prashsiv

Post on 08-Jul-2015

216 views

Category:

Technology


5 download

DESCRIPTION

Security happening in the past one month

TRANSCRIPT

Page 1: Security News Byes- Nov

Security News Bytes

Basaveswar

Twitter: @basaveswark

11/26/2014 1

Null / OWASP / G4H Bangalore November Meet

Page 2: Security News Byes- Nov

Disclaimer

11/26/2014 2

• The information contained in this presentation does

not break any intellectual property, nor does it

provide detailed information that may be in conflict

with any laws

• Registered brands belong to their legitimate owners

• The opinion here represented are my personal ones

and do not necessary reflect my employer’s views.

• This presentation doesn't teach you how to hack into

any system nor it encourages one to do without prior

permission .

• All the information has been collected from different

Security news sites(public domain).

Page 3: Security News Byes- Nov

• Arrests

• Data Breach

• Hack

• Mobile Security

• General

• Tools

• Acquisitions

• Stats

• Jobs

• Trends

• Hackable devices

• Acquisitions

• New Hardware

Agenda

11/26/2014 3

Page 4: Security News Byes- Nov

Arrests

11/26/2014 4

Page 5: Security News Byes- Nov

• WireLurker has been in action in China for

the past six months, first infecting Macs by

inserting Trojan software through

repackaged OS X apps, then moving on to

iOS devices. The firm claims that it is the first

to automate generation of malicious iOS

apps by implementing a binary file

replacement attack.

• So far, 467 OS X apps have been infected

and distributed through China's third-party

Maiyadi App Store, with downloads totaling

over 356,104 possibly impacting "hundreds

of thousands of users.

11/26/2014 5

Page 6: Security News Byes- Nov

• Fredrik Neij – known online as "TiAMO",

third and the last founder of the popular file

sharing website The Pirate Bay has been

arrested driving across the border of Laos

and Thailand.

• The 36-year-old fugitive Fredrik Neij was

convicted by a Swedish court in 2009 of

aiding copyright infringement and now

he has been arrested under an Interpol

warrant after four years on the run.

• Anyways, the awesome 'The Pirate Bay'

website is of course still alive and Kicking!

11/26/2014 6

Page 7: Security News Byes- Nov

• The joint operation by authorities of the U.S. Federal

Bureau of Investigation (FBI) and European law

enforcement seized Silk Road 2.0, an alternative to the

notorious online illegal-drug marketplace last week, and

arrested 26-year-old operator Blake Benthal.

• US and European authorities over the weekend

announced the seizure of 27 different websites as part of

a much larger operation called Operation Onymous,

which led to take-down of more than "410 hidden

services" that sell illegal goods and services from drugs

to murder-for-hire assassins by masking their identities

using the Tor encryption network.

• This globally-coordinated take down is the combined

efforts of 17 nations which includes the law enforcement

agencies in the U.S. and 16 member nations of Europol.

The operation led to the arrest of 17 people, operators of

darknet websites and the seizure of $1 million in Bitcoin,

180,000 Euros in cash, drugs, gold and silver. 11/26/2014 7

Page 8: Security News Byes- Nov

Data Breach

11/26/2014 8

Page 9: Security News Byes- Nov

• Home Depot announced that approximately

53 million email addresses were stolen in the

data breach that was confirmed by the

company in early September and, later that

month, was revealed by the retailer to have

put roughly 56 million unique payment cards

at risk.

• The criminals were able to get the malware

onto Home Depot's network by using a third-

party vendor's username and password and

then elevating their rights until they had

access to the retailer's point-of-sale (POS)

devices, the release indicates

11/26/2014 9

Page 10: Security News Byes- Nov

• Hackers thought to be working for the

Russian government breached the

unclassified White House computer networks

in recent weeks, sources said, resulting in

temporary disruptions to some services while

cybersecurity teams worked to contain the

intrusion

• The FBI, Secret Service and National

Security Agency are all involved in the

investigation. White House officials are not

commenting on who was behind the

intrusion or how much data, if any, was

taken.

11/26/2014 10

Page 11: Security News Byes- Nov

• The security of card processing systems

relating to food, beverage and retail sales at

the Cape May-Lewes Ferry was

compromised and data from certain credit

and debit cards used from Sept. 20, 2013 to

Aug. 7 may be at risk.

• Roughly 60,000 transactions were impacted

11/26/2014 11

Page 12: Security News Byes- Nov

Hack

11/26/2014 12

Page 13: Security News Byes- Nov

• Russian Hackers, dubbed the "sandworm

team", have been found exploiting a

previously unknown vulnerability in

Microsoft's Windows Operating systems,

reports iSight.

• The group has used this zero-day exploit to

hack computers used by NATO, Ukraine

Government, European Telecommunications

firms, Energy sectors and US academic

organization.

• The vulnerability is reportedly affecting all

versions of the windows operating systems

from Vista SP1 to Windows 8.1. It also

affects Windows servers 2008 and 2012.

Russian Hackers use Windows 0-Day exploit to hack NATO, Ukraine

11/26/2014 13

Page 14: Security News Byes- Nov

• The U.S. government is reportedly using spy

airplanes equipped with special military-grade

snooping equipment to eavesdrop on cell

phone information from millions of smartphone

users in U.S, according to a new report.

• This little device, nicknamed "Dirtbox", is

being used to mimic mobile phone tower

transmissions from the sky and gather data

from millions of mobile phones, helping the US

Marshals Service track criminals while

recording innocent citizens’ information.

• The purpose of the device is supposedly to

track a specific target, but if active, all mobile

devices in the particular area will respond to

the signal. The Dirtbox causes smartphones to

transmit back the users’ location, registration

information and identity data – uniquely

identifying IMEI numbers stored in every

mobile device, The Wall Street Journal

reported.11/26/2014 14

Page 15: Security News Byes- Nov

• Automated attacks began compromising

Drupal 7 websites that were not patched or

updated to Drupal 7.32 within hours of the

announcement of SA-CORE-2014-005 –

Drupal core – SQL injection. You should

proceed under the assumption that every

Drupal 7 website was compromised unless

updated or patched before October 15, 11pm

UTC, that is seven hours after the

announcement," the Drupal security

announcement said.

11/26/2014 15

Page 16: Security News Byes- Nov

Mobile Security

11/26/2014 16

Page 17: Security News Byes- Nov

• XDA Developers hacker who go by the name

DJAmol has found a wide open hole in OS

Windows Phone 8.1 which makes the

operating system very easy to hack. The

vulnerability allows attackers to run their

application with other user's privileges and

edit the registry.

• DJAmol realized that simply by replacing the

contents of a trusted OEM app that has been

transferred over to the SD card, the app will

inherit the privileges of the original app.

Once done, an attacker could then delete the

existing directory and create a new directory

with the same name as the original App.

11/26/2014 17

Page 18: Security News Byes- Nov

• The National Institute of Standards and

Technology (NIST) is warning users of a

newly discovered Zero-Day flaw in the

Samsung Find My Mobile service, which fails

to validate the sender of a lock-code data

received over a network.

• The vulnerability in Samsung’s Find My

Mobile feature was discovered by Mohamed

Abdelbaset Elnoby (@SymbianSyMoh), an

Information Security Evangelist from Egypt.

The flaw is a Cross-Site Request Forgery

(CSRF) that could allow an attacker to

remotely lock or unlock the device and even

make the device rings too.

11/26/2014 18

Page 19: Security News Byes- Nov

• WhatsApp, most popular messaging app with 600

Million users as of October 2014, has partnered

with Open Whisper Systems to boost its privacy

and security by implementing strong end-to-end

encryption on all text messages.

11/26/2014 19

Page 20: Security News Byes- Nov

• Users of Android operating system are

warned of a new variant of Android malware

Koler that spreads itself via text message

and holds the victim’s infected mobile phone

hostage until a ransom is paid.

• It locks the victim’s mobile screen and then

demands money from users with fake

notifications from law enforcement agencies.

• Once the device is infected by the Koler

variant, it will first send an SMS message to

all contacts in the device's address book with

a text stating, "Someone made a profile

named -[the contact's name]- and he

uploaded some of your photos! is that you?"

followed by a Bitly link, according to the

security firm.11/26/2014 20

Page 21: Security News Byes- Nov

General

11/26/2014 21

Page 22: Security News Byes- Nov

• The "Security Key" feature will currently work

on Chrome and will be free for Google users,

but the company also notes that the Security

Key is supporting the open Universal 2nd

Factor (U2F) protocol from the FIDO

Alliance, which will allow users to log in to

Google Accounts by inserting a USB device

into their systems.

11/26/2014 22

Page 23: Security News Byes- Nov

• Google's Security Team revealed that the

most widely used web encryption standard

SSL 3.0 has a major security vulnerability

that could be exploited to steal sensitive

data. The flaw affects any product that

follows the Secure layer version 3, including

Chrome, Firefox, and Internet Explorer.

• Researchers dubbed the attack as

"POODLE," stands for Padding Oracle On

Downgraded Legacy Encryption, which

allows an attacker to perform a man-in-the-

middle attack order to decrypt HTTP

cookies. The POODLE attack can force a

connection to “fallback” to SSL 3.0, where it

is then possible to steal cookies, which are

meant to store personal data, website

preferences or even passwords.11/26/2014 23

Page 24: Security News Byes- Nov

• The vulnerability (designated as CVE-2014-

6352) is triggered when a user is forced to

open a PowerPoint files containing a

malicious Object Linking and Embedding

(OLE) object. For now on, only PowerPoint

files are used by hackers to carry out

attacks, but all Office file types can also be

used to carry out same attack.

11/26/2014 24

Page 25: Security News Byes- Nov

Tools

11/26/2014 25

Page 26: Security News Byes- Nov

• The open source tool, dubbed as Nogotofail,

has been launched by the technology giant in

sake of a number of vulnerabilities discovered

in the implementation of the transport layer

security, from the most critical Heartbleed bug

in OpenSSL to the Apple's gotofail bug to the

recent POODLE bug in SSL version 3.

• Nogotofail tool, written by Android engineers

Chad Brubaker, Alex Klyubin and Geremy

Condra, works on devices running Android,

iOS, Linux, Windows, Chrome OS, OS X, and

“in fact any device you use to connect to the

Internet.” The tool can be deployed on a router,

a Linux machine, or a VPN server.

• https://github.com/google/nogotofail11/26/2014 26

Page 27: Security News Byes- Nov

• OpenSOC integrates a variety of open

source big data technologies in order

to offer a centralized tool for security

monitoring and analysis. OpenSOC

provides capabilities for log

aggregation, full packet capture

indexing, storage, advanced

behavioral analytics and data

enrichment, while applying the most

current threat intelligence information

to security telemetry within a single

platform.

11/26/2014 27

Page 28: Security News Byes- Nov

• Google today released security testing

tool Firing Range, a Java application

that contains a wide range of XSS and

a few other web vulnerabilities. A

deployed version is available on

Google App Engine.

• The company has used Firing Range

itself both as a continuous testing aid

and as a driver for its own

development by “defining as many bug

types as possible, including some that

we cannot detect (yet!).”

11/26/2014 28

Page 29: Security News Byes- Nov

Statistics

11/26/2014 29

Page 30: Security News Byes- Nov

• Google Dorks - 6

• Remote Exploits - 21

• Local Exploits - 14

• Web Application Exploits - 49

• Denial of Service Attacks - 12

• Shell Code - 1

• Whitepapers - 4

11/26/2014 30

• Total CVEs - 369

Page 31: Security News Byes- Nov

Jobs

11/26/2014 31

Page 32: Security News Byes- Nov

11/26/2014 32

Page 33: Security News Byes- Nov

Trends

11/26/2014 33

Page 34: Security News Byes- Nov

World-wide Karnataka

11/26/2014 34

Page 35: Security News Byes- Nov

Hackable Devices

11/26/2014 35

Page 36: Security News Byes- Nov

11/26/2014 36

Page 37: Security News Byes- Nov

Acquisitions

11/26/2014 37

Page 38: Security News Byes- Nov

• Microsoft has bought Israeli cloud security firm

Aorato for an undisclosed sum ($200 Million

???)

• US-based software security firm Cigital has

acquired Bangalore-based iViz Security

• CensorNet, the next generation cloud security

company, has been acquired in a closed deal by

a group of industry veterans, led by new CEO

and chairman, Ed Macnair.

• Raytheon Buys Cyber Security Firm Blackbird

for $420 Million

11/26/2014 38

Page 39: Security News Byes- Nov

New Hardware

11/26/2014 39

Page 40: Security News Byes- Nov

• The anonabox is an embedded linux device

that routes all Internet traffic over the Tor

network. This provides the security,

anonymity and censorship-bypassing power

of the Tor network without having to

download or configure software. This is the

first commercially available router to do this

where all the software is Open Source.

11/26/2014 40

Page 41: Security News Byes- Nov

References

11/26/2014 41

Page 42: Security News Byes- Nov

• www.google.com

• www.thehackernews.com

• www.ehackingnews.com

• www.news.cnet.com/security/

• http://cve.mitre.org/

• https://www.indiegogo.com

• http://www.scmagazine.com/

• http://www.infosecurity-magazine.com/

• http://jobs.null.co.in/

• http://www.hackersnewsbulletin.com

• http://www.shodanhq.com/

• http://threatpost.com/

• http://www.securityweek.com/

• http://www.infosecurity-magazine.com

11/26/2014 42

Page 43: Security News Byes- Nov

Thank You !!

11/26/2014 43