security news bytes null dec meet bangalore
TRANSCRIPT
Security News Bytes
Vandana Verma
12/18/2014 1
Null/ OWASP / G4H Bangalore December Meet
Disclaimer
12/18/2014 2
• The information contained in this presentation does
not break any intellectual property, nor does it
provide detailed information that may be in conflict
with any laws
• Registered brands belong to their legitimate owners
• The opinion here represented are my personal ones
and do not necessary reflect my employer’s views.
• This presentation doesn't teach you how to hack into
any system nor it encourages one to do without prior
permission .
• All the information has been collected from different
Security news sites(public domain).
• Arrests
• Data Breach
• Hack
• Mobile Security
• General
• Tools
• Acquisitions
• Stats
• Jobs
• Trends
• Hackable devices
• Acquisitions
• New Hardware
Agenda
12/18/2014 3
Arrests
12/18/2014 4
The Straits Times reports that Mohammad
Azhar Tahir defaced the prime minister's
website in 2013 with messages and images
from the hacktivist group Anonymous, including
a Guy Fawkes mask. Tahir ultimately received a
sentence of six months after tacking on
separate sentences he'd received previously.
Tahir used a cross-site scripting (XSS) attack to
alter the prime minister's website. He inputted
HTML code into a Google search bar
embedded on the site.
12/18/2014 5
Data Breach & Hacks
12/18/2014 6
12/18/2014 7
Taiwanese Security Expert found
zero-day vulnerability in Xiaomi
website that allowed him to obtain
credentials of millions of Xiaomi
accounts and logs from the servers.
Xiaomi devices provide ‘Mi Account’
to its customers through which users
gain access to their Mi Cloud, Mi
Talk, MIUI Forum, Mi Market and
other Xiaomi services. These online
Xiaomi Mi Accounts store users’
personal information including mobile
numbers, email addresses and
account credentials.
8
• This began with a skull appearing on screens, and then a strange message telling users they’d been hacked by something called #GOP (Guardians of Peace).
• The cryptic message appeared on staff machines claims that it stole internal corporate data and this is just the beginning and then threatens to release internal data by 11 PM this evening. One of the Sony Sources has announced- “We are down, completely paralyzed”. As a precaution, computers in Los Angeles were shut down while the corporation deals with the breach.
• Just a week after the cyber-attack on Sony Pictures Entertainment, high-quality versions of five newest films – Annie, Fury, Still Alice, Mr. Turner and To Write Love on Her Arms – distributed by Sony Pictures leaked online during Black Friday.
• Just last week, the massive data breach at Sony appeared to have exposed more sensitive documents, revealing the US Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees.
• The gaming network also suffered a more severe hack in 2011, which led to the exposure of 77 million PlayStation and Qriocity accounts along with 25 million Sony Online Entertainment accounts, bringing the total to more than 100 million in one of the largest data breaches ever.
12/18/2014 9
• The Syrian Electronic Army hacked a
popular web service, Gigya, which manages
the comments and social logins of prominent
media and entertainment websites.
• DNS redirect that pointed Gigya's content
delivery network to a server run by the SEA.
• The SEA confirmed the attack via their
Twitter account, which was accompanied by
a screenshot of the backend control panel
for the Gigya.com domain at GoDaddy.com
• Gigya’s Top official said “"Rather, the attack
only served other JavaScript files instead of
those served by Gigya."
10
Mobile Security
12/18/2014 11
A security researcher made a worrying discovery this week and claims, "Uber’s app is literally malware."
The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Gironfound that a surprising amount of users’ data is being collected by the company’s mobile application for Android.
Researcher, who runs a cyber security firm in Arizona, just reverse-engineered the code of Uber’s Android application and come to the conclusion that it is a malware. He discovered that the app "calls home" and sends data back to the company. There is a long list of everything the Uber Android app can have about its users• Accounts log (Email)• App Activity (Name, PackageName, Process Number of
activity, Processed id)• App Data Usage (Cache size, code size, data size, name,
package name)• App Install (installed at, name, package name, unknown
sources enabled, version code, version name)
12/18/2014 12
• A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message.
• Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kardemonstrated the WhatsApp Message Handler vulnerability on how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app.
• The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.
• It has not been tested on iOS, but it is sure that all versions of WhatsApp including 2.11.431 and 2.11.432 are affected with this bug.
12/18/2014 13
General
12/18/2014 14
12/18/2014 15
The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet on Tuesday after Swedish Police raided the site's server room in Stockholm and seized several servers and other equipment.
It remained unavailable for several hours, but the site appeared back online in the late hours with a new URL hosted under the top-level domain for Costa Rica
The Pirate Bay has previously been shut down number of times and had its domain seized. Back in September, The Pirate Bay claimed that it ran the notorious website on 21 "raid-proof" virtual machines.
• . A new mobile Trojan horse infection has been discovered by security researchers that masquerades as a ringtone app and comes pre-loaded with Android smartphones.
• DeathRing malware app cannot be uninstalled or removed by the end user or by antimalware software
• Though the malware pretends to be a genuine ringtone app, but actually downloads SMS and WAP content from its command-and-control server to the victim’s handset, which gives it potential to phish user’s sensitive data through fake text messages.
AFFECTED SMARTPHONE HANDSETS
Counterfeit Samsung GS4/Note II A variety of TECNO devicesGionee Gpad G1 Polytron Rocket S2350Gionee GN708W Gionee GN800Hi-Tech Amaze Tab Karbonn TA-FONE A34/A37Jiayu G4S – Galaxy S4 clones, Haier H7a i9502+ Samsung clone by an unspecified manufacturer
12/18/2014 16
December 02, 2014 17
Fixes were issued for several critical
memory safety bugs in the browser
engine used by Firefox, as well as other
Mozilla-based products.
Disabling support for SSL 3.0 will
address POODLE, a severe
vulnerability in SSL 3.0 that was
discovered by Google researchers in
October and could enable an attacker to
intercept plaintext data from secure
connections.
Fallback to SSL 3.0 was removed in
Chrome 39 when the Google browser
was promoted to the stable channel in
November
18
Attackers are freely distributing pirated
Joomla, WordPress and Drupal themes
and plugins that are packaged with a
backdoor being referred to as CryptoPHP.
Fox-It released a whitepaper on
CryptoPHP and revealed that most of the
command-and-control domains had been
sinkholed or taken down.
Fox-It mentioned the number of
connections to the sinkholes is declining,
but threat is not over since the attackers
are still distributing the compromised
plugins and themes via their websites.
Malwares
12/18/2014 19
LusyPOS malware, a new malware point-of-sale (PoS) uncovered by CTBS
reverse engineers early this month. This malware clocks in around 4.0 MB in size,
so it’s not small. The malware will also create the mutex “prowin32Mutex” and
injects code into iexplore.exe. This was a strange mix of dexter-like behavior
mixed with Chewbacca-like techniques.
It comes in freeware, toolbar, games, and other downloadable apps that are
costless. Some people may install the programs packed with LusyPOS malware
code intentionally by agreeing to the terms and conditions of the downloaded
program.
Tools
12/18/2014 21
• Google launched a new "Devices and
Activity dashboard" with additional insight
over the devices which will allow Google
Apps users to identify every single active
device that has been used to access their
account in the last 28 days as well as those
currently signed in.
• The company also launched a new security
wizard to help secure Google for Work
accounts by walking users through functions
to tighten security features including
recovery settings, and the ability to review
account permissions and access.
12/18/2014 22
Statistics
12/18/2014 23
• Google Dorks - 6
• Remote Exploits – 18
• Local Exploits - 16
• Web Application Exploits - 34
• Denial of Service Attacks - 10
• Shell Code - 1
• Whitepapers - 5
12/18/2014 24
Jobs
12/18/2014 25
12/18/2014 26
Trends
12/18/2014 27
World-wide Karnataka
12/18/2014 28
Hackable Devices
12/18/2014 29
• TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS.
• The attacks are mainly targeted at browsers as the attacker has to inject malicious JavaScript to begin the attack.
• A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical,” he argued.
• So far F5 load balancers have been found to be impacted by the threat. The firm has issued this advisory on how to patch any affected kit.
12/18/2014 30
References
12/18/2014 31
• www.google.com
• www.thehackernews.com
• www.ehackingnews.com
• www.news.cnet.com/security/
• http://cve.mitre.org/
• https://www.indiegogo.com
• http://www.scmagazine.com/
• http://www.infosecurity-magazine.com/
• http://jobs.null.co.in/
• http://www.hackersnewsbulletin.com
• http://www.shodanhq.com/
• http://threatpost.com/
• http://www.securityweek.com/
• http://www.infosecurity-magazine.com
12/18/2014 32
Thank You !!
12/18/2014 33