Thursday, 22 June 2017

OpenVPN Patches Remotely Exploitable Vulnerabilities





OpenVPN this week patched several vulnerabilities impacting various branches, including flaws that could be exploited remotely.

Four of the bugs were found by researcher Guido Vranken through fuzzing, after recent audits found a single severe bug in OpenVPN. While analyzing OpenVPN 2.4.2, the researcher found and reported four security issues that were addressed in the OpenVPN 2.4.3 and OpenVPN 2.3.17 releases this week.read more

Wednesday, 21 June 2017

Mostly Smartphone Apps share Your Data With Third-Party Services


Most of Smartphone app share your personal data with third-party comapnies like google Analytics, the facebook graph API or etc  , this is data privacy issue.

When people install a new  Android or iOS app, it asks the user's permission before accessing personal information. afthar that these app are collect the information from your phone as like contact number,message and etc.

and it can share your data with anyone the app's developer wants to -- letting third-party companies track where you are, how fast you are moving and what you are doing.
To get a picture of what data are being collected and transmitted from people's smartphones, the researchers from IMDEA Networks Institute in Spain developed a free Android app of their own, called the Lumen Privacy Monitor.

Because Lumen is about transparency, a phone user can see the information installed apps collect in real time and with whom they share these data.
"We try to show the details of apps' hidden behaviour in an easy-to-understand way. It's about research, too, so we ask users if they'll allow us to collect some data about what Lumen observes their apps are doing - but that doesn't include any personal or privacy-sensitive data," the researchers said in a statement released by the institute.

"We discovered 598 internet sites likely to be tracking users for advertising purposes, including social media services like Facebook, large internet companies like Google and Yahoo, and online marketing companies under the umbrella of internet service providers like Verizon Wireless," the study said.


Mobile App Protection

Your mobile applications can present material organizational risk, including intellectual property theft, operational disruption, software piracy, and data loss. Below are some examples.

1.Mobile apps may be modified with malware and placed on the public app marketplace.
2.Mobile apps proprietary business logic can be inspected and/or copied.
3.Mobile apps security and license checks may be circumvented.
4.Debugging mobile apps may allow access to sensitive data such as personally identifiable or regulated information.
5.Reverse engineering mobile apps can readily expose potential vulnerabilities and unlock otherwise secure access to high-value services.

Tuesday, 20 June 2017

Securityweek:Cisco Releases Open Source Malware Signature Generator


Cisco’s Talos intelligence and research group announced on Monday the availability of a new open source framework designed for automatically generating antivirus signatures from malware.
read more

Monday, 19 June 2017

Advertising Program:Facebook chases TV’s US$70b stash with its own video series













Facbook will statrt TV advertising market in its sights,the creation of video series that will begin to appear on the world’s largest social network later this year.

Facebook is closing deals for its first batch of shows, including two that the Hollywood Reporter unveiled earlier this week — reality competition series Last State Standing and a second season of comedy Loosely Exactly Nicole, which first appeared on MTV. The shows will be available via a new video tab on Facebook that hasn’t been released.

Facebook isn’t trying to compete with the highest end of that market — paid services Netflix, HBO and Showtime. It has its sights set on cable networks and advertising-supported online services with young viewers.
“Funding video is a way for Facebook to figure out its greater advertising program,” said Matthew Segal, chief executive officer of ATTN, a digital media company that publishes video to Facebook. “It’s clear they want to be a bigger player in the space; they want to eclipse TV.”

Facebook’s interest in funding video tantalises Hollywood, where producers drool at the thought of another deep-pocketed patron alongside fellow tech giants Amazon.com Inc, Apple Inc and Alphabet Inc. Other new players, like Verizon Communications Inc, have had a harder time, often committing less money to less ambitious shows.

With two billion people checking their news feed every month, Facebook reaches more people than any TV network. “Not only do nearly 100 per cent of people under 35 have an account, but they are spending over 1,000 minutes a month on Facebook,” said ATTN’s Segal.

Facebook is also developing a second tab that will be devoted to the more high-end programming, the people said. Facebook prefers not to put details of the video product in writing and will only discuss it by phone, according to people who have dealt with the company. Facebook has also rankled some potential partners by insisting on selling advertising itself and inserting ads into the middle of live broadcasts, the people said.

Facebook has a small staff handling original programming, not enough to manage a robust operation. Facebook would rather share money from advertising sales than pay for content in the long term.
“The sustainable model is some sort of revenue sharing,” Fidji Simo, Facebook’s head of video product, said in an interview. “The goal is really to get a lot of different partners to come to Facebook share their content and find success. It’s very hard to find that over the long-term by funding.”
 

Sunday, 18 June 2017

Canada: Hackers Targeted Country's 2015 Election, May Try Again in 2019












Canada’s electronic agency says hackers tried to influence the 2015 election that brought Justin Trudeau to power and may try again in 2019.

In a report, the Communications Security Establishment (CSE) said hacktivists and cybercriminals had leaked sensitive government documents, and attempted to smear candidates and spread disinformation and propaganda ahead of the 2015 vote. read more



Wednesday, 14 June 2017

FBI Warns of North Korea's 'Hidden Cobra' Attacks



The Hidden Cobra group(North Korean government hackers) has been busy targeting victims for the last eight years. they are use Malicious tool as like DDos botent , keyloggers, RATs(remote access tool) and wiper malware.
The group tends to target old runing machine  and unsupported versions of microshoft windows. It has also exploited Adobe Flash Player vulnerabilities and Microsoft Silverlight to get a toehold in environments. Organizations are advised to update to the newest version and patch level; if Flash and Silverlight are no longer needed, then push them to the curb and get those apps is off the of systems.

The FBI investigate and found , the 663 IP addresses listed in the IOC are being used by Hidden Cobra for network exploitation. DHS and FBI want network administrators to add those source and destination IPs to their watchlists to determine if there has been malicious activity within their organizations. The alert also includes YARA rules and network signatures created through a “comprehensive vetting process.”

                                                         Read full news article

  

Thursday, 25 May 2017

Android warning: Newly-discovered Android exploit" Cloak & Dagger" that can show users a fake screen

The discovery was made by researchers at Georgia Institute of Technology (Georgia Tech), who has tested the vulnerability in closed environments.

How to Avoid that Attack 
The exploit depends primarily on Android’s SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”) to draw interactive elements over real apps.

The first permission, known as "draw on top," is a legitimate overlay feature that allows apps to overlap on a device's screen and top of other apps(Settings>Apps>”Gear symbol”>Special access>Draw over other apps)

1.  New attack found to start with Android users downloading infected apps
2.Hackers overlay screen with false information to gather data without being seen
3.They are able to do this by combining permissions for two certain features 
4.Features involved are very useful in mapping, chat or password manager apps

The two features involved are very useful in mapping, chat or password manager apps, so preventing their misuse will require users to trade convenience for security. 
The attack, dubbed 'Cloak and Dagger', enables cyberthieves to control handsets by overlaying the interface with false information to hide malicious activities being performed underneath

                                                                          @@@Hackerinfoindia@@@