Archive | January, 2015

No fix in sight for ​Android Wi-Fi Direct vulnerability

Summary:Google and a security company don’t see eye-to-eye over a bug that can cause some Android devices to reboot under a remote attacker’s orders. By Liam Tung | January 28, 2015 — 10:32 GMT (02:32 PST) Some Android security bugs Google won’t fix because it can lead to other difficulties, and some bugs it’s in […]

Over Two Million Cars in the US Can Be Hacked Remotely A device used by Progressive Insurance

By Ionut Ilascu    19 Jan 2015, 10:41 GMT A device used by Progressive Insurance to collect information about their customers’ driving behavior has been found to be insecure and allow remote control of the vehicle. The dongle, called Snapshot, is connected to the OBD II port of the car and tracks the driver’s actions at […]

Canada Bans Installation of Software Updates Without User’s Explicit Consent

By Ionut Ilascu    19 Jan 2015, 13:00 GMT In an effort to limit distribution of malware, the government of Canada has enforced legislation that prohibits businesses to install software on someone else’s computer system without the express accord of the user. The law is part of Canada’s Anti-Spam Legislation (CASL) and applies since January 15. […]

Spear-Fishing Website Hosts Outlook Web App Phishing Page IMPORTANT READ

By Ionut Ilascu    15 Jan 2015, 21:54 GMT The web page looks real, has high chances of success A Russian website designed for spear-fishing activities has been compromised to host a phishing page seeking to capture the log-in details for Outlook Web App. Security researchers who observed the campaign discovered that it was targeted at […]

Hackers Can Use A $10 Wall Charger To Intercept Anything Typed On Wireless Microsoft Keyboards

By Rob Price Jan. 13, 2015 A security researcher claims to have developed a USB wall charger that can eavesdrop on almost any wireless Microsoft keyboard, VentureBeat is reporting — and he’s released instructions on how to build it online. The device, called the KeySweeper, masquerades as a working USB wall charger. However, it secretly […]

Skeleton Key’ malware unlocks corporate networks

By Charlie Osborne for Zero Day | January 13, 2015 The newly-discovered “Skeleton Key” malware is able to circumvent authentication on Active Directory systems, according to Dell researchers. The Dell SecureWorks Counter Threat Unit (CTU) team published their findings in an advisory notice this week. According to the security researchers, the “Skeleton Key” malware allows […]

Almost 1 Billion Android Devices No Longer Receive Critical Security Updates

By Ionut Ilascu    12 Jan 2015 Any security bugs reported for the WebView core component of Android versions prior to KitKat (4.4) are no longer a priority for the Android security team, researchers have learned. At the moment, 60.9%, or almost one billion, of the Android user base still relies on JellyBean (4.3) and lower […]

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers’ installations

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers’ installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. Description XML Entity Injection: Users with authenticated access to the ePO-web application and who are assigned permissions with the ability to […]

New Variant of Vawtrak Banking Trojan Delivered by Chanitor Downloader

By Ionut Ilascu    12 Jan 2015, 15:00 GMT Be Aware The emails claim to deliver important messages, such as voicemails, invoices, and faxes, but the end file is a malicious executable (SCR). A new strain of the Vawtrak banking Trojan has been discovered by security researchers, who observed that it was delivered by malware downloader […]

Netflix Credentials Targeted by Phishing Campaign BE AWARE

By Ionut Ilascu    9 Jan 2015, 00:07 GMT A new malicious email campaign has been observed by security researchers to target customers of Netflix by feeding them a message purporting to be an important notification from the media streaming service. The new phishing attempts may come on the background of recent complaints from some users […]