*** The Security News Thread ***

[OhOh]

You registered to Teakdoor witha real email account?

Yea a "real email account".

How many "real email accounts" have you had in the past 20 years?

[baldrick]

Yea a "real email account".

TwistingHarrysTitties@gmail.com ?

[harrybarracuda]

TwistingHarrysTitties@gmail.com ?

hohodoesntknowwhatacloudemailaccountis@hotmail.com

[baldrick]

er ...aol.com

[harrybarracuda]

er ...aol.com

He definitely qualifies as an AOL.

[harrybarracuda]

Patch! Patch! Patch!

Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.

Following Preempt’s responsible disclosure of the vulnerabilities found in NTLM, Microsoft has issued security advisories and patches for the CVE-2019-1040 Windows NTLM Tampering Vulnerability and the CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability as part of the Patch Tuesday updates published today.

https://www.bleepingcomputer.com/new...o-rce-attacks/

[harrybarracuda]

Never give your phone to a chinky copper...

https://medium.com/@fs0c131y/mfsocke...l-58e8850c3de4

[harrybarracuda]

New MacOS Malware Discovered

A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.


A wave of malware targeting MacOS over the past month has raised the profile of the operating system once advertised as much safer than Windows. The newest attack code for the Mac includes three pieces of malware found in June — a zero-day exploit, a package that includes sophisticated anti-detection and obfuscation routines, and a family of malware that uses the Safari browser as an attack surface.

The zero-day exploit, dubbed OSX/Linker by researchers at Intego who discovered it, takes advantage of a vulnerability in MacOS Gatekeeper — the MacOS function that enforces code-signing and has the ability to limit program execution to properly sign code from trusted publishers.

The MacOS X GateKeeper Bypass vuln used in OSX/Linker was first discovered in February 2019 by independent researcher Filippo Cavallarin, who says that he notified Apple of the finding. After a 90-day disclosure deadline passed, Cavallarin publicly disclosed the vulnerability on May 24.

https://www.darkreading.com/attacks-breaches/new-macos-malware-discovered-/d/d-id/1335135

[harrybarracuda]

If you want to block chinky, russky and mad mullah spies, you can use these links to add the appropriate rules in your firewall:

https://lite.ip2location.com/china-ip-address-ranges

https://lite.ip2location.com/russian...address-ranges

https://lite.ip2location.com/iran-is...address-ranges

I would add North Korea but they do all their shit remotely.

[Klondyke]

^If it is so easy, so why the US election gone so wrong?

[harrybarracuda]

Fucking chinkies, at it again.

As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up adverts, cybersecurity researchers warned Wednesday.


Dubbed Agent Smith, the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google's operating system a priority, Israeli security company Check Point said.

Most victims are based in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google's operating system in recent memory.

The malware has spread via a third party app store 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the hackers' success in the U.S. and the U.K. more remarkable, Check Point said.

Whilst the replaced apps will serve up malicious ads, whoever's behind the hacks could do worse, Check Point warned in a blog. "Due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device," the researchers wrote.

They said they’d warned Google and the relevant law enforcement agencies. Google hadn't provided comment at the time of publication.
Typically the attack works as following: users download an app from the store - typically photo utility, games or adult themed apps (one called Kiss Game: Touch Her Heart is advertised with a cartoon of a man kissing a scantily clad woman). This app then silently installs the malware, disguised as a legitimate Google updating tool. No icon appears for this on the screen, making it even more surreptitious. Legitimate apps - from WhatsApp to the Opera browser and more - are then replaced with an evil update so they serve the bad ads. The researchers said the ads themselves weren't malicious per se. But in a typical ad fraud scheme, every click on an injected advert will send money back to the hackers, as per a typical pay-per-click system.


There's some indication that the attackers are considering moving to Google Play. The Check Point researchers said they'd found 11 apps on Google's store that contained a "dormant" piece of the hackers software. Google swiftly took those apps down.

Check Point believes an unnamed Chinese company based in Guangzhou has been building the malware, whilst operating a business that helps Chinese Android developers promote their apps on overseas platforms.

Alibaba hadn't responded to a request for comment on proliferation of malware on the 9apps platform at the time of publication.

https://www.forbes.com/sites/thomasbrewster/2019/07/10/25-million-android-phones-infected-with-malware-that-hides-in-whatsapp/#705d465d4470

[OhOh]

No gogle gaps or responses to be found by an ameristani regime publisher, how quaint

[harrybarracuda]

No gogle gaps or responses to be found by an ameristani regime publisher, how quaint

No American would do it you dumb shit. They can be sued.

Try that in Chinastan and hey presto! you're in a re-education camp or disappeared.

Jaysus you're thick.

[baldrick]

if you are using any of the following extensions in your browser - uninstall them - all or your PMs is belong to the borg

do not install extensions until you have seen them reviewed by trusted 3rd parties

Fairshare Unlock, a Chrome extension for accessing premium content for free. (A Firefox version of the extension, available here, collects the same browsing data.)available from Mozilla’s add-ons store.
SpeakIt!, a text-to-speech extension for Chrome.
Hover Zoom, a Chrome extension for enlarging images.
PanelMeasurement, a Chrome extension for finding market research surveys
Super Zoom, another image extension for both Chrome and Firefox. Google and Mozilla removed Super Zoom from their add-ons stores in February or March, after Jadali reported its data collection behavior. Even after that removal, the extension continued to collect browsing behavior on the researcher’s lab computer weeks later.
SaveFrom.net Helper a Firefox extension that promises to make Internet downloading easier. Jadali observed the data collection only in an extension version downloaded from the developer. He did not observe the behavior in the version that was previously
Branded Surveys, which offers chances to receive cash and other prizes in return for completing online surveys.
Panel Community Surveys, another app that offers rewards for answering online surveys.

http://arstechnica.com/information-t...and-4m-people/

[harrybarracuda]

So the old Russkies are after Tor as well.... no surprise really.

SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about internal projects.

Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and exfiltrated data about internal projects.

According to the Russian media, SyTech has been working with FSB since 2009, in particular, they contributed to several projects for FSB unit 71330 and for fellow contractor Quantum. The company earned 40 million rubles ($635,000) from public contracts in 2018. The latest project is the development of Nalog-3 for the Main Scientific Innovation Implementation Center.

“According to the data received, the majority of non-public projects of Sytech were commissioned by military unit No. 71330, which allegedly is part of the 16th directorate of the FSB of Russia.” states the website CrimeRussia.”This unit is engaged in electronic intelligence, experts form the International Center for Defense and Security in Tallinn believe.”

Some of the research projects accessed by the hackers were for Russia’s intelligence service, including one for deanonymizing Tor traffic.

On July 13, a hacker group named 0v1ru$ hacked into SyTech’s Active Directory server then compromised the entire infrastructure of the company, including JIRA instance.

The hackers exfiltrated 7.5TB of data and defaced the website of the company by publishing “yobaface.”

The hackers published images of the company’s servers on Twitter and also shared the data with another hacker crew known as Digital Revolution, that in 2018 breached the FSB contractor Quantum.

https://securityaffairs.co/wordpress/88657/intelligence/fsb-contractor-sytech-hacked.html

[OhOh]

Huawei Earns Highly Coveted “Recommended” Rating in NSS Labs 2019 NGFW Group Test


"[Shenzhen, China, July 18, 2019] Huawei announced today that it has earned NSS Labs' highly coveted "Recommended" rating in the latest Next-Generation Firewall (NGFW) group test. In this year’s test, 12 products from industry-leading vendors were tested. Only the top technical products earned a “Recommended” rating from NSS Labs.

Achieving this rating validates Huawei's best-in-class firewalls deliver high security effectiveness at a low total cost of ownership (TCO).

NSS Labs is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. NSS Labs' NGFW group test comprehensively measures and compares security effectiveness, performance, stability and reliability, and TCO among NGFWs from a variety of security vendors.

In this year's NGFW group test, NSS Labs used its state-of-the-art attacks and evasions to evaluate the capability of products to defend against the latest threats on the live networks.

The Huawei USG6620E NGFW demonstrated a 99.36% live exploit block rate with 94.2% overall security effectiveness as well as comprehensive "SSL/TLS functionality", passing 100% of the interoperability tests.

Huawei's NGFW stood out with outstanding cost-performance, having a low Total Cost of Ownership.




2019 Next Generation Firewall (NGFW) Security Value Map (SVM) from NSS Labs

The NGFW is the first line of defense against today’s threats and is also a critical component of any defense-in-depth strategy. The NGFW market is one of the largest and most mature markets in the cybersecurity industry. IDC Forecast Report estimate that ^[1], the NGFW market is estimated to grow from US$15.8 billion in 2018 to US$23.8 billion by 2023 at a compound annual growth rate (CAGR) of 8.52%^[2].

“In the NSS Labs 2019 NGFW Group test, the Huawei HiSecEngine USG6000E NGFW demonstrated strong protection at a low total cost of ownership. We commend Huawei for achieving a ‘Recommended’ rating for the HiSecEngine USG6000E NGFW,” said Vikram Phatak, Founder of NSS Labs. “As an NSS Labs ‘Recommended’ product, the HiSecEngine USG6000E NGFW should be considered by companies looking to deploy an NGFW.”

Huawei HiSecEngine USG series NGFWs are Huawei's core security engine products that provide comprehensive, efficient, and integrated security for cloud service providers, large data centers, midsize and large enterprises, and chain organizations. In addition to basic NGFW capabilities, Huawei HiSecEngine USG series NGFWs can interwork with other security devices to proactively defend against network threats, enhance border detection capabilities, and effectively defend against advanced threats. Denzel Song, President of Huawei Security Product Domain said, "Earning the 'Recommended' rating from NSS Labs proves that Huawei's NGFW is among best products in the industry.

Strictly evaluated by the independent third party, Huawei NGFW products instill confidence. This is the result of more than ten years of unremitting effort by Huawei in the security field. We will continue our efforts to bring better products and greater benefits to our customers."

To read the Analysis Report of Huawei HiSecEngine USG6000E Series Firewall Earning Recommended Rating from NSS Labs, please see the link: Download

https://www.huawei.com/en/press-even...gfw-group-test


https://www.nsslabs.com/news/2019/7/...p-test-results

[harrybarracuda]

"Huawei NGFW products instill confidence"


said Huawei.

[OhOh]

said Huawei.

It appears that the ameristani NSS Labs testing company, had no qualms about it's recommendation of fit for purpose/value for money

Or did the company receive an 'incentive" from Asia?

It does seem many of their countrymen are easily persuaded by the quick fix of green folding paper

[harrybarracuda]

The chinkies probably just gave them a modified unit with the backdoors removed.

[harrybarracuda]

Looks like common sense prevailed in the trial of Marcus Hutchins.

Although it was pretty fucking dumb of the US to prosecute him in the first place.

Security Researcher Who Stopped WannaCry Avoids Jail Time

The 25-year-old Marcus Hutchins was sentenced to one year of supervised release for his past involvement in creating a separate malware strain known as Kronos. In 2017, Hutchins famously activated a kill switch to the WannaCry ransomware attack.

The researcher who helped stop the WannaCry ransomware outbreak will avoid jail time for his past involvement in creating a separate malware strain known as Kronos.

On Friday, a US federal court in Wisconsin sentenced the 25-year-old Marcus Hutchins to one year of supervised release, according to TechCrunch.


"Sentenced to time served!" Hutchins tweeted after the ruling. "Incredibly thankful for the understanding and leniency of the judge."




https://www.pcmag.com/news/369798/se...oids-jail-time

[harrybarracuda]

Comprehensive testing of 21 free Android antivirus apps revealed big security vulnerabilities and privacy concerns; especially for AEGISLAB, BullGuard, dfndr and VIPRE.

A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues – including a critical vulnerability that exposes user’s address books, and another serious flaw that enables attackers to turn off antivirus protection entirely.

According to an analysis from Comparitech of 21 Android antivirus vendors, three of the apps tested (from VIPRE Mobile, AEGISLAB and BullGuard) had serious security flaws, and seven apps couldn’t detect a test virus. In total, 47 percent of the vendors tested failed in some way.

VIPRE’s popular app was found to have two insecure direct object reference (IDOR) bugs, including a critical flaw that put premium users with address book sync enabled at risk of having their contacts stolen, including full names, photos, addresses and notes with sensitive personal information.

“Using the online dashboard, we discovered it was possible for attackers to access the address books of VIPRE Mobile users with cloud sync enabled,” Comparitech researchers said in a blog posting on Thursday. “Based on our proof-of-concept and the popularity of the app, we estimate over a million contacts were sitting on the web unsecured.”

The flaw was caused by broken or poorly implemented access control, which manifests as an IDOR vulnerability in VIPRE Mobile’s backend.

“The script responsible only checked to make sure the attacker was logged in,” researchers said. “No further checking was done to ensure the request was being performed by the proper device or account.”

The other serious flaw opened the door to an attacker sending fake antivirus alerts.

“Generating fraudulent alerts and sending them to unsuspecting users was trivial,” researchers said. “We found we could edit fields in the alert request to make it say whatever we wanted. We were able to push fake alerts by capturing the request generated when a virus is found, then manipulating the request to change the user ID and other parameters. The result is an entirely real looking virus alert displayed on the victim’s VIPRE Mobile dashboard.”

BullGuard’s app meanwhile also contained a serious IDOR flaw, which meant that all users were vulnerable to an attacker remotely disabling their antivirus protection. Also, the app had a serious cross-site scripting issue (XSS) that would allow attackers to insert malicious code because of a vulnerable

The IDOR vulnerability would allow an attacker to iterate through customer IDs and disable BullGuard on every device.

“We were able to intercept and alter the request to disable BullGuard Mobile antivirus,” the researchers wrote. “Our testing found the request generated when a user shuts off antivirus protection can be captured and altered. By changing the user ID in this request, antivirus protection on any device can be disabled. Access control did not appear to be in place to ensure the correct user was making the request.”

In addition, Comparitech found that one of the scripts responsible for processing new users on the BullGuard website is vulnerable to XSS.

“The script in question doesn’t sanitize any parameters passed to it, which enables an attacker to run malicious code,” they explained.

Attackers could exploit this to display an alert on the page, hijack sessions, harvest personal data or use the website as a platform for phishing campaigns.

And finally, users of the AEGISLAB web dashboard were also at risk from a serious XSS flaw that would open the door to attackers inserting malicious code, because the firm didn’t lock down the app’s dashboard.

“We found several XSS flaws affecting one script running on the my2.aegislab.com domain,” according to the analysis. “Because none of the parameters passed to the script were sanitized, it would have been trivial for an attacker to execute malicious code.”

All three vendors have updated their apps to address the vulnerabilities, according to Comparitech.

Virus Detection and Privacy

In addition to the security issues, many apps were found to fall down on the job when it came to basic detection. AEGISLAB Antivirus Free; Antiy AVL Pro Antivirus & Security; Brainiacs Antivirus System; Fotoable Super Cleaner; MalwareFox Anti-Malware; NQ Mobile Security & Antivirus Free; Tap Technology Antivirus Mobile; and Zemana Antivirus & Security failed to detect a test virus.

“The Metasploit payload we used attempts to open a reverse shell on the device without obfuscation,” explained the researchers, in a posting on Thursday. “It was built for exactly this sort of testing. Every Android antivirus app should be able to detect and stop the attempt.”

On the privacy front, many of the “free” apps display targeted ads. So, the researchers also used information from the Exodus mobile privacy database to look for dangerous permissions and advertising trackers.

“In our analysis, dfndr security was far and away the worst offender,” the firm said. “The sheer number of advertising trackers bundled with the app is impressive. As far as we can tell, dfndr puts users search and browser habits up for sale on every ad exchange there is.”

dfndr also requests permission to access fine location data, access the camera, read and write contacts, look through the address book, and grab the IMEI (unique ID) and phone number of the device, according to the analysis.
The vendor did not immediately return a request for comment.

The issues found are a testament to the fact that mobile malware is still not a high-volume threat, the researchers said.

“In 2018, Kaspersky Labs reported it blocked 116.5 million virus and malware infections on Android and iOS devices; that sounds like a huge amount but, according to their numbers, only 10 percent of users in the U.S., 5 percent in Canada, and 6 percent in the U.K. needed to be protected from a mobile threat last year,” explained the analysts. “So vendors focus on adding features to differentiate themselves, sometimes instead of improving their codebase. And they clearly don’t always do a great job. Every vulnerability we found was with a system incidental to the actual virus scanning.”

https://threatpost.com/critical-bug-android-antivirus/146927/

[OhOh]

“In 2018, Kaspersky Labs reported it blocked 116.5 million virus and malware infections on Android and iOS devices

Are we to assume that Kaspersky Labs, as they are quoted above in a helpful way, that their free or purchased, Android, PC and network products, are thus regarded as "safe"?

If not what are the recommendations of our TD security experts, for free and purchased products?

[harrybarracuda]

Microsoft Defender (Free)
Microsoft Defender ATP (extremely not free)

You can't trust that Kaspersky shit, they're bound to be sending all of your personal stuff to Vlad.

[harrybarracuda]

AT&T employees took bribes to plant malware on the company's network

DOJ charges Pakistani man with bribing AT&T employees more than $1 million to install malware on the company's network, unlock more than 2 million devices.

By Catalin Cimpanu for Zero Day | August 6, 2019 -- 14:02 GMT (15:02 BST) | Topic: Security

AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the Department of Justice said yesterday.

These details come from a DOJ case opened against Muhammad Fahd, a 34-year-old man from Pakistan, and his co-conspirator, Ghulam Jiwani, believed to be deceased.

The DOJ charged the two with paying more than $1 million in bribes to several AT&T employees at the company's Mobility Customer Care call center in Bothell, Washington.

The bribery scheme lasted from at least April 2012 until September 2017. Initially, the two Pakistani men bribed AT&T employees to unlock expensive iPhones so they could be used outside AT&T's network.

The two recruited AT&T employees by approaching them in private via telephone or Facebook messages. Employees who agreed, received lists of IMEI phone codes which they had to unlock for sums of money.

Employees would then receive bribes in their bank accounts, in shell companies they created, or as cash, from the two Pakistani men.

This initial stage of the scheme lasted for about a year, until April 2013, when several employees left or were fired by AT&T.

That's when Fahd changed tactics and bribed AT&T employees to install malware on AT&T's network at the Bothell call center. Between April and October 2013, this initial malware collected data on how AT&T infrastructure worked.

According to court documents unsealed yesterday, this malware appears to be a keylogger, having the ability "to gather confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications.

The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time.

In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.

The DOJ claims Fahd and Jiwani paid more than $1 million in bribes to AT&T employees, and successfully unlocked more than two million devices, most of which were expensive iPhones. One AT&T employee received more than $428,500 in bribes over a five year period, investigators said.

The DOJ said the two operated three companies named Endless Trading FZE, Endless Connections Inc., and iDevelopment. The DOJ didn't say if Fahd and Jiwani were unlocking stolen devices, or running a unauthorized phone unlocking website. For some email communications, Fahd used the unlockoutlt@ymail.com address, suggesting the latter scenario.

Fahd was arrested in Hong Kong in February 2018, and extradited to the US on August 2, last week. He now faces a litany of charges that may send him behind bars for up to 20 years.

AT&T estimated it lost revenue of more than $5 million/year from Fahd's phone unlocking scheme.

"We have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments," an AT&T spokesperson told ZDNet. The company said this incident did not involve access to customers' personal data.

https://www.zdnet.com/article/at-t-e...panys-network/

[Klondyke]

Damned Chinks...