Free Republic

Bad implementation of the low-level code hooking technique by Microsoft and third-party security vendors has left millions of users open to attacks that bypass mitigation measures - some for up to a decade, researchers have found. Hooking is used by different kinds of software to monitor as well as to intercept and change the behaviour of operating system functions, and if needed, to inject code. Security software uses code hooking extensively to check for malicious activity on systems. EnSilo researchers Tomer Bitton and Udi Yavo said they looked at the hooking engines and injection techniques used by more than 15...

A remotely exploitable vulnerability in web application code, first discovered 15 years ago, has returned to haunt server admins who are being urged to take action immediately to avoid being hit. Researchers from New Zealand point of sale software company Vend, Dominic Scheirlink, Richard Rowe, Morgan Pyne and Scott Geary, worked with Red Hat product security staffer Kurt Seifried to document the flaw, which they have nicknamed Httpoxy. On vulnerable applications, the Httpoxy flaw is easily exploitable, the researchers said. Attackers can proxy outgoing HTTP requests and direct the server to open outwards connections to arbitrary IP addresses and transport...

Canonical, the parent company of popular Linux distribution Ubuntu, has disclosed that its user web forums have suffered a major data breach. Over the weekend, Canonical said that it had come across claims that a third party had a copy of the Ubuntu Forums database. The company was able to verify that a breach had taken place, with a database containing details of two million Ubuntu Forums users being leaked. No "active passwords" were copied over, although the attacker downloaded the random, hashed and salted strings generated by Ubuntu Single Sign On that is used for Forum logins. Canonical shut...

There is a common misconception that all things Linux are bulletproof. The fact is, no software is infallible. When news of a Linux vulnerability hits, some Windows and Mac fans like to taunt users of the open source kernel. Sure, it might be in good fun, but it can negatively impact the Linux community's reputation -- a blemish, if you will. Today, Canonical announces that the Ubuntu forums have been hacked. Keep in mind, this does not mean that the operating system has experienced a vulnerability or weakness. The only thing affected are the online forums that people use to...

... Ransomware variants are multiplying like rabbits: while some are more sophisticated and tougher to combat, others are more about scamming than kidnapping. Take the new Ranscam malware discovered by Cisco’s Talos team, a low-tech but highly destructive attack that demands ransom from its victims but never returns them their files because it actually deleted them. Ranscam isn’t the first ransomware variant to destroy files rather than return them after victims pay up—there’s AnonPop and JIGSAW, for example—but it’s a glaring example of how the ransomware scam itself is so lucrative and easy to pull off that less sophisticated attackers...

... Developed by China-based Maxthon International, the browser is available for all major platforms in more than 50 languages. In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption. Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online...

A new piece of sophisticated malware has been discovered on the networks of an unnamed European energy company with what researchers believe is the potential to shut down an energy grid. Endpoint protection firm Sentinel One Labs discovered the malware and dubbed it SFG, revealing it not only collects information on the infected system but opens a backdoor through which a destructive payload could be launched. It affects all versions of Windows and has been produced to overcome next-generation firewalls and anti-virus software. The malware also shuts down when put into a sandboxed environment or a virtual machine to escape...

Why Cleveland Police, Not Outside Officers, Will Be Handling Arrests During RNC CLEVELAND, Ohio -- Thousands of police officers from departments around the country will help Cleveland police provide security during the Republican National Convention, but those police officers won't be arresting anyone. While those officers can detain anyone they feel has broken the law, a Cleveland police officer will actually make the decision whether to make a formal arrest, Deputy Cleveland Police Chief Ed Tomba told cleveland.com Wednesday. Cleveland police will take the lead, partly because it's Cleveland's convention, Tomba said. But it also makes more sense to have...

Microsoft has patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released. Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers. Exploit executes payload under SYSTEM user By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and...

Microsoft has revealed its forthcoming Azure Stack won't run on the hardware of customers' choosing, an about-face on its earlier position that the hybrid cloud product would be vendor-agnostic. The company's senior director of cloud platform marketing Mark Jewett today said Azure Stack would only be initially available with hardware from Microsoft partners Hewlett-Packard Enterprise, Dell and Lenovo. Jewett said Microsoft would "prioritise" Azure Stack delivery via "turnkey integrated systems" in the initial general availability release. "We’ve been working with systems vendors on integrated systems for a while now and see this as the best approach to bring Azure innovation...

Microsoft's July round of patches fixes a vulnerability that could be used to bypass the Secure Boot protection feature if an attacker simply adds a policy to the target Windows systems. Microsoft mandates Secure Boot on newer PCs designed to run Windows. The feature is implemented in the unified extensible firmware interface (UEFI) code that checks the Windows boot loader before it starts up the operating system, to ensure it is digitally signed by Microsoft. Secure Boot can, however, be bypassed completely by applying a Windows group policy, providing attackers with full access to systems thought to be locked down....

Another shooting situation caught on camera — this time in Tampa, after a security guard got into an altercation with a group of men leaving the Ybor City parking garage. Everoy Farqharson, 31, employed by private security firm Farqharson confronted victims about urinating in parking garage Farqharson accused of firing gunshots at people in garage Officers arrested security guard Everoy Farqharson and charged him with two counts of aggravated assault with a firearm and battery. He was also charged with tampering with evidence and burglary of a conveyance for unlawfully entering the victim's car and removing shell casings from the...

The fugitive son of an Imam shot dead by U.S. federal agents Wednesday was arrested Thursday in downtown Windsor and in the custody Canadian border authorities, the FBI said in a statement. Mujahid Carswell, 30, also known as Mujahid Abdullah, was arrested by RCMP officers at about 1 p.m. Thursday without incident after police blocked off a downtown street and surrounded a house with a tactical team. He was witnessed being whisked away in a prisoner transport van and is currently in the custody of the Canada Border Services Agency on immigration violations. Mr. Carswell is the oldest son of...

This week FBI Director James Comey recommended that the Justice Department not prosecute Hillary Clinton or members of her staff on charges of mishandling classified information. This action highlighted two sets of rules regarding national security--one for senior government officials and one for everyone else. Calling the former secretary of state and her staff was “extremely careless” using a private server and private email accounts for Government work and sending and receiving highly classified information. The FBI found that 110 of her emails contained such classified information. The director made his decision shortly after the agency interviewed Clinton in a...

p>Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian.Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."How to respond to ransomware threatsThe message goes on to state that the alleged breach was conducted by a Russian actor, and...

Customers who have eaten at Wendy's restaurant and used a debit or credit card to pay for their food are being encouraged to check their statements and read more information on a cyber breach found at some franchise-owned restaurants. Alabama restaurants include five in Huntsville; two in Madison, and one each in Cullman, Decatur, Evergreen, Greenville, Guntersville, Jasper, Mobile, Rainsville, Scottsboro and Selma. Click for locations near you. Wendy's Company first reported unusual payment card activity in February 2016, and believes the activity may have occurred as early as October 2015. Then, on June 9, 2016, company officials reported that...

Protect yourself with two-factor authentication Salted Hash, a security blog from CSO, recently provided more details about the scam. Hackers first need to acquire a compromised an Apple ID by phishing, social engineering, data breach, or other method: From there, the attacker uses Find My iPhone and places the victim’s device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email...

A malicious, criminal division of an otherwise legitimate Chinese tech company is behind a mobile malware distribution campaign that currently generates around US$300,000 a month, according to security researchers. Check Point this week published an in-depth threat analysis [pdf] following a five-month investigation into malware dubbed HummingBad, which was originally discovered in February. It is known to root Android devices, primarily for the purpose of generating revenue through fake ad clicks and fraudulent app installations. Check Point claims that Yingmob, a Chinese mobile ad server and analytics business, is developing and distributing the malware through a special corporate division of...

A newly discovered malware capable of cyber espionage and remote takeover is targeting Apple Mac computers, delivering its payload by opening up a backdoor connection to a command-and-control web server via the encrypted Tor network. Named Eleanor (or Backdoor.MAC.Eleanor), the malware arrives disguised as a drag-and-drop file conversion application called the EasyDoc Converter. The application is found on many credible third-party sites, according to an analysis from Bitdefender, whose security researchers uncovered the malware. The program is neither verified nor digitally signed by Apple. In reality, the program's true purpose is far more malevolent, granting attackers a backdoor connection that...

Symantec enterprise and Norton security product users are being urged to patch their applications immediately after multiple dangerous vulnerabilities were discovered. The security firm has advised that 17 enterprise security products and nine Norton consumer offerings are affected. Google Project Zero researcher Tavis Ormandy discovered the flaws. The most serious is that the products unpack compressed executables in the operating system kernel to analyse them for malicious code. He said this dangerous practice means the vulnerability can be exploited by simply sending a link or an email - users don't need to do anything to activate an attack.