Fraunhofer SIT: Vulnerabilities in Android Security Apps

Security researchers found weaknesses in the virus hunters (Avira, Eset, Kaspersky, Malwarebytes, McAfee, AndroHelm und Cheetahmobile für Android-Smartphones) over which the virus protection can be set off and personal data can be tapped. In the worst case, there is a blockage and ransom extortion. It affects up to 675 million Android smartphones.

TeamViewer by DoS attack recently offline, denies security breach

The remote control software TeamViewer, which allows full control of connected computers was recently offline because of a denial of service attack. Meanwhile reports accumulate of users whose account has been hacked, but TeamViewer denies that someone broke into there server.

Blackmailer-mails threaten reputation over social media

The US FBI warns of extortionate emails which use the reporting over large data leaks such as password theft by LinkedIn, MySpace and Tumblr and threaten internet users to publish their personal information on there social media accounts to which they have access if the ransom is not paid.

127 million password hashes from the Badoo dating site on the web

A user database of the dating site Badoo with 127 million passwords currently circulate in the internet. In addition to the username are md5 hashed passwords included, which are particularly easy to crack.

Several Updater from PC manufacturers have serious security breaches

Large manufacturers preinstall those Updater to keep software, firmware and drivers up to date. These vulnerabilities were discovered among Acer, Asus, Dell, HP and Lenovo, which allows the attackers to inject themselves into the compound and the system to foist malicious code. Mostly it concerns with the software offerings to so-called Crapware which has no added value for the user.

At least 23 taz employee are affected by the spying

An editor of the newspaper had spied out his colleagues with a keylogger, including 19 women. The data theft should be against the colleagues and not against the newspaper.

Trojan-mails with personal data from the LinkedIn hack

The CERT-Bund of the Federal Office for Security in Information Technology (BSI) warns of Trojan-mails, which are provided with plausible personal salutation. The names and corporate positions which were used seem to come from LinkedIn profiles. Here is the chosen victims are pushed through fake invoices malicious code.

171 million VKontakte passwords on the network

The hacker "peace_of_mind" offers now 100 million passwords with associated usernames, and phone numbers, and some location information from the Russian social network VK.com (earlier Vkontakte). Overall, he should have captured 171 million passwords.

Zuckerberg's Twitter and Pinterest account hacked

The Twitter and Pinterest account by Mark Zuckerberg should have been hacked. On Pinterest succeeded hackers to replace the profile description with the text "hacked by OurMine team". Most likely he used the same password for multiple websites, which was previously captured from another hack.

UK: Releases New ransomware attack trial

About 20% of medium to large companies in the UK have no emergency measures in the case of a ransomware attack and nearly half of the British company does not save their data as proposed. A Citrix survey now found out that they arm themselves with a supply of digital currency to pay ransoms. There are more than 35% of the companies are willing to pay more than £ 50,000 (63,000 EUR), to get their data back.

Therefore companies in the UK get reserves in the cryptocurrency Bitcoin to be able to pay immediately ransom in case of infection by blackmail Trojans. Therefore, it is assumed that the onslaught of blackmail Trojans certainly rises now.

AVM warns of telephone abuse by routers with older firmware

The AVM Fritz box maker warns of phone misuse attacks on his router. According to informations are only "rare configurations" in connection with older FRITZ! OS versions affected so far.

DDoS attacks get stronger and cheaper

Distributed Denial of Service (DDoS) attacks are becoming more frequent and more powerful, because criminals can easily buy underground services at very reasonable prices. Such attacks can block the whole networks or websites of the victim and make them only available again by paying ransom.

ENISA points to possibilities of forensic analysis at cloud incidents

The European Agency for Network and Information Security Agency (ENISA) published a paper on the technical state of the analysis of security incidents in the cloud because they do not always keep pace with technological developments. This is an overview of the current status of forensic analysis and processes in such services are given.

Addresses and passwords by Hipp "My Baby Club" tapped

In a hack attack on the bonus program of the baby food manufacturer Hipp attackers looted names, email addresses, dates of birth, addresses and passwords. How the passwords were exactly protected is not clear Hipp gives no informations about it because of "security concerns".

Twitter disables accounts and warns affected

33 million alleged passwords for Twitter accounts surfaced on the net. After Twitter has found among the published passwords also current login information, the company closed the affected accounts and told the users via email to change their password. Where these data leaks came from is unclear.

Netgear router is by fixed keys easy to crack

The CERT at Carnegie-Mellon University warns of vulnerabilities in the DSL modem routers D3600 and D6000 from Netgear. Attackers can get administrator access to all devices of this series. In addition, the password reminder function of the device also has a gap, whereby the administrator password can be read.

Hacker "peace_of_mind" published 800 million passwords

The Russian hacker "peace_of_mind" has sold in the last weeks more than 800 million user names and password hashes from websites like LinkedIn, Tumblr, Vkontakte and Twitter on an underground market place. For this alone he earned circa 25,000 US-Dollar. Compared to the years of covert data sales which he did, is this just a fraction of what he had already earned.

Visual Studio 2015 stuffs unasked Tracing-Code in C ++ - programs

Microsoft Visual Studio 2015 development environment compiled unasked function calls in C ++ - programs which allow tracing of the finished program. The hereby collected data can easily leak out and represent a potential data leak. Microsoft has already apologized and announced to remove this unwanted feature in one of the next updates again.

Extended Windows protection circumvented by Exploit Kits

Tools like Microsoft EMET should harden the Windows systems against attacks, however there is now an exploit kit, which specifically avoids the additional protections to infect the victim's system with malware such as blackmail Trojans, KeyLocker or infect similar.

Blackmail Trojans RAA injects password stealer

The computer threat RAA should not only demand ransom for locked data, he should also bring with him a Trojan, which picks passwords. This Trojan disguises itself in a Word file in the email attachment and installs itself automatically when it is opened.

Attack on TalkTalk customers via TeamViewer arrivals

After a hack attack on the British provider TalkTalk whose customer data has been tapped, hackers try now to penetrate the customers computer with the captured data. Thereby they try to get access to the customers computers with the tapped data via TeamViewer.

Ransomware locks Android Smart TVs

A variant of the Android lockscreen Trojan Flocker has now appeared on smart TVs. An infection of Android users happens via manipulated websites. The Trojan disables the device and calls in the behalf of various police agencies from the victims ransom as fitting punishment for past infringements. However you must agree the installation of the trojan, which masquerades as a system update.

Antivirusscanner infected systems with Sality virus

Users of the free virus scanner Rising should disable it immediately and if possible remove it because the automatic update feature can infect the system with the Sality virus. This is particularly precarious, because such software should actually prevent this.

Critical Flash vulnerability remains unpatched despite Adobe's Patch Tuesday

Adobe closes gaps in ColdFusion, Adobe Creative Cloud, its open source text editor brackets and the Digital Negative (DNG) Development Kit. Patches for the Flash Player are not existing, although at least one critical vulnerability in the software exists which is already abused for targeted attacks loud Kaspersky.

Ancient gap from Windows 95-times closed by Microsoft Patchday

Microsoft released 16 security updates, of which 5 are critical and 11 are considered important. A vulnerability affects all versions of Windows 95, which can be misused to spy on Windows users. The Edge Browser and the versions of Internet Explorer 9 and 11 can be captured via manipulated websites and allow attackers to execute malicious code. Furthermore, vulnerabilities in Windows module Web Proxy Auto Discovery (WPAD) be misused to specifically manipulate the network traffic of the victim.

About 70,000 RDP server on underground marketplace from 2 euros on offer

Researchers from Kaspersky have now found out that on an underground marketplace only accesses on haked remote desktop servers are sold. Here are more than 72,000 servers (including 1,300 from Germany) on which among other are control information, accounting applications, software for POS systems and POS software, with access to map data are offered. Access to an RDP server can be purchased already starting from 2 EUR.

WordPress closes a dozen security vulnerabilities

The version 4.5.3 of the content management system closes 12 vulnerabilities over which attackers can shut down a web page, as well as get passwords for a page takeover. Also, the plug-in Jetpack, which is used for speed optimization of WordPress sites, had three vulnerabilities. Who uses the content management system should update it immediately.

Researchers recommend Message Authentication Codes for sensitive data

Researchers from the US and Germany have worked out together with Microsoft Research a Counterfeit Object-Oriented Programming (COOP) Technology with which data can be distort in programs. Via memory corruption can attackers transfect data in target processes and thereby override Objective-C instances during execution. Furthermore, protective mechanisms such as Address Space Layout Randomization (ASLR) can be levered by Information Leaks. They recommend so-called message authentication codes (MACs) to verify the authenticity and integrity of the data.

Critical vulnerability in AirPort Base Stations

By Apple firmware update for the WLAN base stations AirPort Extreme, AirPort Express and Time Capsule in addition to small errors, a critical vulnerability has been closed. This had previously allowed attackers to inject malicious code.

Renewed spread of the Trojan Locky

The blackmail Trojans Locky is back and tries to encrypt your data with well-camouflaged emails to get ransom. Wih the opening of the appendix in an e-mail you should take extreme caution because affected are not only invoice-mails, but also application-mails.

Online backup provider Carbonite demands users to make a password reset

Unknown try to get access to the user accounts of the online backup service Carbonite. Hereby could personal data be withdrawn. Therefore, the company recommends customers to change their password.

Unauthorized access to remote control software GoToMyPC

Unknown tried to log into the accounts of GoToMyPC users with log-in data from multiple server break-ins. Because of safety reasons the passwords of all the registered users has been reset. Furthermore, it was recommended by the provider, to activate the two-factor authentication.

Personal user data from Acer copied

By a break-in the Acer company server, the user data from 34,500 North American customers has been copied. Hereby the addresses and names, and the complete credit card information including the number, the expiration date and the security code were stolen. With this information, the criminals are able to buy online and pay without any problems at the expense of the victims.

Exploit-Kits Angler and Nuclear disappeared

For several weeks, the Exploit-Kits Angler and Nuclear were no longer used to inject malware onto computers. The reasons therefore are different. But the threat situation by malware through the disappearance of the exploit kits had not changed. Moreover, it can be assumed that these kits be replaced by other or further developed.

Critical vulnerability on multiple Apple platforms

In addition to the AirPort base stations are even older versions of iOS, OS X and watchOS affected.

Vulnerability in DHL Packing Stations

Because of the app "DHL Paket" it was much easier for the criminals to open the packing stations without authorization. By owning foreign credentials it was very easy to get the 4-digit mTAN. Because the store cards are very easy to fake was an unnecessary security risk, which DHL only admitted after the gap stood in the darknet for marketing.

Criticism at the safeguarding of the Bundeswehr IT network

In the review stands the BWI Informationstechnik GmbH which operate the IT at 1200 locations of the Bundeswehr as well as the three data centers and the central help desk. Further they are driving forward the IT modernization of the Bundeswehr. The Federal Audit Office has now identified vulnerabilities, which gave access to the confidential communication such as human and financial data and thus endanger the operational readiness of the troops.

Bachelor work let the US-government run potential malicious code

Although Typosquatting is an old method to foist victims malicious code there are still a lot of them who fall for it. This now proved the German computer science student Nikolai Philipp Tschacher as part of his dissertation who demonstrated how effective this type of attack still is. It fell on its potential malicious code even the US government and the US military, as well as further 45,000 people.

Ex IT Director recommends the NSA Committee to encrypt all

Martin Schallbruch, longtime IT Director at the Ministry of the Interior recommends the NSA investigation committee of the Bundestag in the fight against mass surveillance by intelligence agencies to encrypt all data and communications traffic.

Three serious vulnerabilities in open source library libarchive

Because of the vulnerabilities attackers can infiltrate foreign computers by prepared archive formats with own code. If a victim opens the archive with one of these versions, the malicious code will be executed. Library users or programmers who use this should update to the version 3.2.1 or higher.

Crypto Trojan disguised as media market email

The crypto Trojan Cerber writes now disguised as articles booking of Media Markt to potential victims. These should click on a link to confirm the order or cancel it. If you do this, your computer gets automatically infected with the crypto Trojan.

DAO secures the remaining money after hack attack

After 3.6 million units of the cryptocurrency Ethereum (equivalent to approximately EUR 41 million) were stolen from the million project DAO by exploiting a bug the company secured now the remaining money in the amount of 87 million euros over the same bug to prevent a further outflow of funds.

Abus and Climax alarm systems have serious vulnerabilities

Networked alarm systems should actually ensure greater safety and ease of use, but now a lot of them have serious security gaps. By which the attackers get the full control of the respective system and can determine their exact position.

Lenovo warns again for vulnerabilities

In the System software Solutions Center Lenovo had 2 new vulnerabilities been discovered. These allow the attackers to install malware on the computers via the tool. Customers should as soon as possible upgrade to the latest version.

Bug in the DRM-System Widevine

Apparently it is possible to download DRM protected video streams with the Chrome browser. Thereby movies from Netflix and Amazon Prime can be stored on the computer. The error can be out backed to the implementation of the DRM system Widevine, which belongs to Google.

New encryption Trojan discovered

The new encryption Trojan "Bart" tries like "Locky" to bring potential victims under the Windows operating system via fake emails to open the File Annex. After opening, the victim's computer gets encrypted and then ransom in the amount of three Bitcoin (corresponds to about 1700 EUR) is demanded. Cryptologists suspect behind two Trojans the same masterminds.

Many beach-webcams violate privacy rights

At the North and East Sea, about half of the beach-cameras took more than just the beach weather. Through incorrect camera angle and activated zoom functions, could among other things faces, carried clothes and vehicles been shown on the Internet. If the operator does not change this, those threaten penalties.

For chocolate almost every second reveals his password

Attackers not only try to get access via technical loopholes, often they use human weaknesses to benefit. A study has now revealed that a third of randomly surveyed about computer security gave their password to, just because they pretended a scientific background. In the study group where the random participants additionally received a bar of chocolate, even betrayed every second its password.

BND wants to expand surveillance

The BND wants to expand the monitoring of data. Hereby they orient on the monitoring method of the NSA. A new draft law has already endorsed by the Cabinet and should now be treated as soon as possible by the Bundestag and the Bundesrat. However, the planned final report of the NSA committee of inquiry 2017 should not be awaited.

List of suspected terrorist supporters leaked

Security researcher Chris Vickery came to a list of "World-Check" on which are approximately 2.2 million suspected terrorist supporters. Worldwide, 49 of the 50 largest banks and about 300 enforcement and intelligence agencies work with this list. According to Vickery, is the list from 2014 and should contain suspected criminals, and their compounds to terrorism. However, also various innocents should be on this list whose accounts have been frozen and they have the right to get to know this. Therefore Vickery considers whether he should put the database online.

Almost all anti-virus products from Symantec and Norton have critical gaps

The security expert Tavis Ormandy of Google's "Project Zero" found in almost all anti-virus products from Symantec and Norton critical vulnerabilities. Affected are the products for Windows, OS X, Linux and UNIX versions. Attackers can thus with little effort inject malicious code on the computer and enter into the networks. In addition the company uses vulnerable open source software in its decomposer library, which has not been updated by Symantec for 7 years.

Password cracker hashcat aims at Android and veracrypt

The password cracker can now try to decrypt data from TrueCrypt Fork VeryCrypt, and tries to crack the device encryption of Android. With version 3.00, the tools hashcat (CPU) and oclhashcat (GPU) were merged to make the use more easier. Among the newly added hash decryption functions include the Android Full Disk Encryption (Samsung DEK), Keepass 1 (AES / Twofish) and Keepass 2 (AES), RAR5, veracrypt plus PIN resp. password of Windows Phones (version 8)

Extradition procedures of Hacker "Lauri Love"

In extradition proceedings against hackers "Lauri Love" who was involved in the Anonymous operation "Last Resort", which should avenge the death of Aaron Schwartz, the court heard defense witnesses now. "Lauri Love", who was diagnosed the Asperger's syndrome, defends itself against an extradition to the US. The court adjourned the proceedings to a later date, at which the prosecution and defense are holding their final arguments. The method is the first test of the newly introduced scheme, which should prevent a too rapid extradition of British citizens, especially since no charges have been laid against the hacker in the UK.

Privacy Policy from Google ensures trouble

Google let in its privacy policy grant the right to capture extensive data about the smartphone use from Android users. This is to phone numbers, caller number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and type of calls. Experts now sound alarm, because this could be be a huge "private data retention".

US Rep planning expert group for encryption techniques

A committee of the US House of Representatives calls for a committee of experts which deals with cryptography and prosecution. Democrats and Republicans agreed to this proposal alike. The group of experts which should directly report to the Congress, in order to bring more clarity to this complex issue, is provisional called "Digital Security Commission".

Android Trojan HummingBad on 85 million units

According to security researchers from Checkpoint are worldwide 85 million thereof 40,000 smartphones and tablets in Germany affected. An infected device is unfortunately not readily apparent. HummingBad should infect the respective devices by drive-by-download from porn sites and can root the Android devices and thus get full access. Infected devices are abused for advertising click fraud whereby criminals generate approximately 300,000 $ per month.

Security problems in Free-CA StartEncrypt

The launch of the Free Certification Body StartEncrypt started with some vulnerabilities, through which anyone could issue trusted SSL certificates for foreign domains. According to reports, of the Dutch IT service Computest, among other for domains of Google, Facebook or Dropbox. This would have allowed to read the encrypted traffic, which has been prepared with this certificate.

Unpatched BIOS gap at Lenovo

The BIOS vulnerabilities in the System Management Mode (SMM), which was discovered by an independent third party, Lenovo had already confirmed on June 30. Through those can users perform arbitrary code on the system with local administrator access. Here, the code running over the SMM can directly access hardware components, past the controls and protection mechanisms of the operating system. Together with Independent BIOS Vendors (IBVs) and Intel will be made available as soon as possible a patch.

Free tools decrypt six blackmail Trojans

The provider of anti-virus software (AVG) published several free tools for 6 older Trojans species with which under certain circumstances you can get your data without ransom payments back. On the website of AVG can be found through the name extension of the blackmail Trojans the right tool.

Critical security holes in Foxit Reader and Phantom

Affected is the PDF viewer Foxit Reader and the Foxit Phantom PDF Editor. By security holes it was possible for attackers to inject malicious code on victims' computers. Hereby it handels itself among other things of a buffer transition on the heap, which occurs in the TIFF data processing. The update to version 8 now closes these gaps.

Design problem of the encrypting from Android smartphones make data vulnerable

The full encryption of Android smartphones know of a potential design problem, whereby the decryption is simplified. To protect the data and to make only the used device decipherable, the smartphones are equipped with a hardware key, called the UID-Key. However, unlike to the iPhone is this stored within the TrustZone from the KeyMaster and is accessible by software. Thus, the decryption of the data can be done from any device once you have read the Key.

Fling portal deceiving users with bots

The Fling portal Ashley Madison has admitted the use of bots, which should keep as supposedly interested women the male members happy to move them to make further payments. The new head of the company announced that it is widely used in that industry. According to researches by the industry magazine c't bots have been used too at the German dating portal Lovoo. The bots were 2014 off for US customers and international a year later.

Medium-sized companies rely on Cloud Security

The study "Security balance Germany" now found out that medium-sized companies and administrations often use cloud solutions in the fields of e-mail and Web security, data security, application security or network security. Thus already more than half of the surveyed companies uses such solutions, only the trade is laying behind the other sectors.

Computer malware masquerades as WeTransfer-mail

Currently the criminals send fake emails from the file hosting service WeTransfer. Whoever clicks the download link will download a zip archive with JavaScript files. If you open one of these files after unpacking, the threat is automatically installed. About the File hosting service "WeTransfer" can large files be shared with friends, therefore the files are uploaded with the provider, and the email address of the person who should have access to them indicated.

Opinion of the Data Protection Officer at the EU-US data transfer undesirable

The privacy advocates Johannes Caspar criticized opposite to heise online that over the recently added renegotiated version of the "Privacy Shield" not even the Data Protection Officers of the Article 29 group has been informed. Apprehensive at this is that still information masses in public safety services are collected. The representative of the United States now claimed that it is not an indiscriminate mass surveillance.

Standard password at UPC wireless routers readable

Security researchers warn of the router EVW3226 the Austrian manufacturer Ubee. Its standard wireless password can be derived and displayed by an available tool on the Internet. The wireless router is used among other places at the German provider Unitymedia. Who uses an own WLAN-password for its wireless network is not endangered.

EU Parliament for better security of networks and information systems

The deputies approved the draft that extends the liability of operators of critical infrastructure and large online service to. Here the concerned companies must notify the authorities when security and privacy breakdowns and IT attacks take place on their own systems. These regulations apply, inter alia, for Google, Amazon and eBay.