#1337day WordPress WPshop eCommerce 1.3.9.5 Shell Upload Exploit [remote #exploits #0day #Exploit]

#1337day WordPress InBoundio Marketing 2.0 Shell Upload Exploit [remote #exploits #0day #Exploit]

#1337day Ubuntu usb-creator 0.2.x – Local Privilege Escalation Vulnerability [remote #exploits #Vulnerability #0day #Exploit]

#1337day ZYXEL P-660HN-T1H_IPv6 Denial Of Service Exploit [dos #exploits #0day #Exploit]

As Malware Surges, U.S. Remains Biggest Source of Attacks

The country leads others in malicious IP, URLs and phishing sites.

Wi-Fi security software chokes on network names, opens potential hole for hackers

The Wi-Fi security software "wpa_supplicant," found in Android amongst many other places, has a potentially hackable security hole...

Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks

At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.

As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

"The result is an attacker with any valid certificate can eavesdrop on or modify an SSL session initiated by an app with this flawed library," Nate Lawson, the founder of security analytics startup SourceDNA, told Ars. "The flaw is that the domain name is not checked in the cert, even though the cert is checked to be sure it was issued by a valid CA. For example, I can pretend to be 'microsoft.com' just by presenting a valid cert for 'sourcedna.com.'"

Read 8 remaining paragraphs | Comments

Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks

At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.

As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

"The result is an attacker with any valid certificate can eavesdrop on or modify an SSL session initiated by an app with this flawed library," Nate Lawson, the founder of security analytics startup SourceDNA, told Ars. "The flaw is that the domain name is not checked in the cert, even though the cert is checked to be sure it was issued by a valid CA. For example, I can pretend to be 'microsoft.com' just by presenting a valid cert for 'sourcedna.com.'"

Read 8 remaining paragraphs | Comments

Defense Secretary Outlines New Cybersecurity Strategy

Russian hackers were caught infiltrating unclassified military networks earlier this year, he said.

Op-Ed: In defense of Tor routers

A recent Ars Technica Op-Ed post by Nicholas Weaver took a harsh view on Tor routers, calling their basic premise flawed. We acknowledge that Tor routers are not a privacy silver bullet; we’ve been vocal about the need for people to use privacy add-ons with their web browsers. But I feel Weaver's article was one-sided and overstated the case against Tor routers; many of the arguments he made against them could be applied to VPNs as well.

Some of Weaver's points of contention were:

  • If you want protection from your ISP, you should use a VPN;
  • A personal VPN hosted on Amazon EC2 is a reasonable choice;
  • VPN providers offer “better performance and equal privacy”;
  • Many Tor exit nodes are malicious (implying that some VPN providers aren’t);
  • Browser fingerprinting can break the anonymity of Tor without the Tor Browser Bundle; and
  • Tor router makers are money-grabbing scumbags.

I'll address each of these in turn; some of them are good points, others not as much. I may be biased because we make a Tor router, and  I think we’ve made a pretty good device. But I’ve tried to be as fair as I can here, and acknowledge the limits of Tor routers.

Read 17 remaining paragraphs | Comments

Potent, in-the-wild exploits imperil customers of 100,000 e-commerce sites

Criminals are exploiting an extremely critical vulnerability found on almost 100,000 e-commerce websites in a wave of attacks that puts the personal information for millions of people at risk of theft.

The remote code-execution hole resides in the community and enterprise editions of Magento, the Internet's No. 1 content management system for e-commerce sites. Engineers from eBay, which owns the e-commerce platform, released a patch in February that closes the vulnerability, but as of earlier this week, more than 98,000 online merchants still hadn't installed it, according to researchers with Byte, a Netherlands-based company that hosts Magento-using websites. Now, the consequences of that inaction are beginning to be felt, as attackers from Russia and China launch exploits that allow them to gain complete control over vulnerable sites.

"The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the Web server," Netanel Rubin, a malware and vulnerability researcher with security firm Checkpoint, wrote in a recent blog post. "The attacker bypasses all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system."

Read 7 remaining paragraphs | Comments

SSCC 195.5 – Did Google really say, “No more Android malware?” [PODCAST]

From "joined up security" to the suggestion that Google proclaimed the end of malware on Android, find out what's happening at RSA 2015!

‘Aaron’s Law’ back in Congress to bring “long overdue” fix of US hacking law

The proposed overhaul of the infamous Computer Fraud and Abuse Act would focus penalties on malicious computer crime.

#1337day Apple iOS 8.0.2 Authentication Bypass Vulnerability [remote #exploits #Vulnerability #0day #Exploit]

#1337day Netgear WNR2000v4 Abuse / XSS / Command Injection Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]

#1337day MooPlayer 1.3.0 m3u SEH Buffer Overflow Exploit [remote #exploits #0day #Exploit]

From The RSA Keynote Stage, Day Two

A 9-year-old CEO hacker, a record-breaking swimmer, and a variety of ideas about data-driven security hit the RSA stage.

From The RSA Keynote Stage, Day Two

A 9-year-old CEO hacker, a record-breaking swimmer, and a variety of ideas about data-driven security hit the RSA stage.

Costa Coffee Club warns of possible database intrusion

Coffee chain Costa's just sent out a warning about a possible data breach. Only 1 in 5000 accounts were affected, but the Coffee Club is offline for now. A bulk password reset will follow...

Wi-Fi software security bug could leave Android, Windows, Linux open to attack

In an e-mail today to the Open Source Software Security (oss-security) mailing list, the maintainer of wireless network client code used by Android, the Linux and BSD Unix operating systems, and Windows Wi-Fi device drivers sent an urgent fix to a flaw that could allow attackers to crash devices or even potentially inject malicious software into their memory. The flaw could allow these sorts of attacks via a malicious wireless peer-to-peer network name.

The vulnerability was discovered by the security team at Alibaba and reported to wpa_supplicant maintainer Jouni Malinen by the Google security team. The problem, Malinen wrote, is in how wpa_supplicant "uses SSID information parsed from management frames that create or update P2P peer entries" in the list of available networks. The vulnerability is similar in some ways to the Heartbleed vulnerability in that it doesn't properly check the length of transmitted data. But unlike Heartbleed, which let an attacker read contents out of memory from beyond what OpenSSL was supposed to allow, the wpa_supplicant vulnerability works both ways: it could expose contents of memory to an attacker, or allow the attacker to write new data to memory.

That's because the code fails to check the length of incoming SSID information and writes information beyond the valid 32 octets of data to memory beyond the range it was allocated. SSID information "is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets," Malinen wrote, and the code "was not sufficiently verifying the payload length on one of the code paths using the SSID received from a peer device. This can result in copying arbitrary data from an attacker to a fixed length buffer of 32 bytes (i.e., a possible overflow of up to 223 bytes). The overflow can override a couple of variables in the struct, including a pointer that gets freed. In addition, about 150 bytes (the exact length depending on architecture) can be written beyond the end of the heap allocation."

Read 2 remaining paragraphs | Comments

iOS bug sends iPhones into endless crash cycle when exposed to rogue Wi-Fi

There's a bug in Apple's iOS 8 that allows nearby attackers to send apps—and in some cases the iPhone or iPad they run on—into an endless reboot cycle that temporarily renders the devices useless, according to researchers who demonstrated the attack Tuesday.

The exploit uses a standard Wi-Fi network that generates a specially designed secure sockets layer (SSL) certificate to exploit the bug, according to the researchers, who work for Israel-based Skycure. The encrypted communication causes whatever apps happen to be connected to the booby-trapped Wi-Fi network to crash. The vulnerability was introduced in version 8 of the Apple mobile operating system.

After sustained connections to the malicious signal, the OS itself will crash, in some cases in a way that causes the devices it runs on to spiral into a repeatable reboot cycle. Making the attack particularly vexing, even if users know the endless crashes are generated by the Wi-Fi network they're connected to, they can't disconnect because the repeated restarts make it impossible to access the device's user settings, as demonstrated in the following video:

Read 3 remaining paragraphs | Comments

The Rise of Counterintelligence in Malware Investigations

The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious.

Bank Botnets Continue to Thrive One Year After Gameover Zeus takedown

Features on new botnets suggest attackers have learned from the lessons of takedown.

Zero-Day Malvertising Attack Went Undetected For Two Months

Researchers at Malwarebytes tracked stealthy attack campaign that infected some major websites with malicious ads harboring ransomware.

[webapps] – Wolf CMS 0.8.2 Arbitrary File Upload Exploit

Wolf CMS 0.8.2 Arbitrary File Upload Exploit

[webapps] – Open-Letters Remote PHP Code Injection Vulnerability

Open-Letters Remote PHP Code Injection Vulnerability

#1337day Prolink H5004NK Cross Site Request Forgery Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day SevenIT SevDesk 3.10 – Multiple Web Vulnerabilities [webapps #exploits #Vulnerabilities #0day #Exploit]

#1337day Linkus Photo Manager Pro 4.4.0 Code Execution Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Linkus Photo Manager Pro 4.4.0 Local File Inclusion Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Wifi Drive Pro 1.2 Local File Inclusion Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Mobile Drive HD 1.8 Local File Inclusion Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Photo Manager Pro 4.4.0 iOS – Code Execution Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Photo Manager Pro 4.4.0 iOS – File Include Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day GoAutoDial SQL Injection / Command Execution / File Upload Vulnerabilities [#0day #Exploit]