cybersecurity   5260

« earlier    

CCleaner malware hack: What it is and how to avoid it | PCWorld Sep 2017
"On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data."

"Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version. "

"Cisco Talos also studied the malware’s command server and reports that it was attempting to infiltrate PCs in technology organizations, including Intel, Samsung, HTC, VMWare, Cisco itself, and others. "
PCWorld  CCleaner  cybersecurity  hacks  exploit 
yesterday by pierredv
PowerPoint File Armed with CVE-2017-0199 and UAC Bypass | Fortinet Blog
This exploit targets a vulnerability identified as CVE-2017-0199, which was disclosed and patched last April 2017. It triggers a remote code execution in Microsoft Office or WordPad when parsing specially crafted files. Attackers who successfully exploit this flaw in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office can take control of the affected system.
uac  cybersecurity  exploit 
2 days ago by bwiese
How the Mimikatz Hacker Tool Stole the World's Passwords | WIRED
Just a few minutes earlier, the then 25-year-old French programmer had made a quick trip to the front desk to complain about the room's internet connection. He had arrived two days ahead of a talk he was scheduled to give at a nearby security conference and found that there was no Wi-Fi, and the ethernet jack wasn't working. Downstairs, one of the hotel's staff insisted he wait while a technician was sent up to fix it. Delpy refused, and went back to wait in the room instead.
cybersecurity  mimikatz  wired  russia 
2 days ago by bwiese
Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime / Boing Boing
Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords.

Delpy told Microsoft about his discovery, only to be rebuffed by Microsoft's engineering team, who told him that his security discovery was irrelevant because it would be too hard to exploit. As a way of proving his point and improving his C, he coded up Mimikatz ("Cute Cat"), a password stealing tool that has since grown into an "insanely powerful" Swiss Army Knife of Windows password-cracking.

Delpy released the sourcecode for Mimikatz after traveling to Russia to present on it at the Positive Hack Days conference in Moscow; that's because, while he was there, Russian spies repeatedly came after his code. First, he walked in on a spy who was physically tampering with his laptop while it was in his hotel room, then a "man in a dark suit" insisted that he put a copy of his presentation and sourcecode on a USB stick.
mimikatz  russia  spy  cybersecurity 
2 days ago by bwiese
Finding Your Naughty BITS
Limited logging of Microsoft update service, Background Intelligent Transfer Service (BITS). attackers "living off the land" since 2007
cybersecurity  bits  microsoft  forensics 
3 days ago by bwiese
Spinner: Semi-Automatic Detection of Pinning without Hostname Verification
We present Spinner, a new
tool for black-box testing for this vulnerability at scale that does
not require purchasing any certificates. By redirecting traffic to
websites which use the relevant certificates and then analysing the
(encrypted) network traffic we are able to determine whether the
hostname check is correctly done, even in the presence of certificate
pinning. We use Spinner to analyse 400 security-sensitive Android
and iPhone apps. We found that 9 apps had this flaw, including
two of the largest banks in the world: Bank of America and HSBC.
We also found that TunnelBear, one of the most popular VPN apps
was also vulnerable. These apps have a joint user base of tens of
millions of users.
tls  cybersecurity  app  banking  compsci  privacy  certificatepinning 
3 days ago by bwiese
Researchers find exploit affecting Microsoft's BITS
“The poisoned BITS tasks, which created installation and clean-up scripts after their payloads were downloaded, were self-contained in the BITS job database, with no files or registry modifications to detect on the host,” a SecureWorks blog post stated.
Malware creators have previously used Microsoft's BITS to launch similar attacks by downloading malware updates, initially in May 2007 and most recently in December 2015.
malware  bits  windowsupdate  cybersecurity 
3 days ago by bwiese

« earlier    

related tags

!uwitm  2017  5g  adversaries  aerospace  ai  algorithms  analytics  api  app  apple  apt  ar  atlanticcouncil  authentication  aventi  aviation  aviationweek  banking  bigdata  bitcoin  bits  blockchain  book  botnets  breaches  bsides  bugreporting  canada  captcha  cargo-theft  ccleaner  ceh  certificate  certificatepinning  cis3360  cisco  compsci  crypto  cryptography  ctf  cyberaware  cybercrime  cypter  database  databases  ddos  digitalmarketing  dl  doxing  edtech  education  emerging  encryption  ethics  exploit  facebook  faq  federal  fintech  firewall  firmware  forensics  government  govtech  hackers  hacks  hak5  hash  health  honeypot  horrorstories  identity  image  incidentresponse  infosec  innovation  insiderthreat  insurtech  internetofthings  iot  iphone  irp  ks3  law  learning  legislation  li  libraries  logistics  machine  machinelearning  malware  martech  microsoft  mimikatz  mobile  networking  networks  neural  nist  nvd  onlinelearning  opinion.analysis  orgbehavior  osint  passwords  pattern  pcworld  pdf  pentest  pentesting  politics  porn  privacy  ransomeware  ransomware  recaptcha  recognition  recordsmgmt  reference  research  risk-assessment  risk-management  russia  saas  sdn  sdr  search  security  sensors  seo  siem  smartcity  spy  stego  stream  successstory  technology  technomessianism  test  tls  top10  toread  uac  uk  unfetter  unicode  usability  usb  uw:bothell  video  vision  vr  vulnerabilities  vulnerability  webapps  wha  windowsupdate  wired  womenintech  workforce  workplaces  yeigh.wolf 

Copy this bookmark: