News & Updates

Google is taking special steps to let Google Play users know they can’t download Fortnite to their Android device through the centralized app store. When users search for “fortnite” on Google Play, they’re now presented with a special message reading “Fortnite Battle Royale by Epic Games, Inc is not available on Google Play.”

The message appears to be new and unique to Fortnite searches—looking for other popular titles that aren’t available on Google Play and/or Android phones doesn’t result in the same warning. The warning also does not appear when searching the Google Play store through a Web browser.

The top result of the “fortnite” search on Google Play remains the competing battle-royale game PUBG Mobile, as it was before Fortnite‘s Android release. This is likely the result of the algorithmically derived similarity between the games and not a specific, manually inserted dig at Epic’s similar game.

Read 3 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely?

Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there’s nothing you can do if any of them has a backdoor built-in—even if you’re careful about avoiding sketchy apps.

That’s exactly what security researchers from mobile


Source: http://feeds.feedburner.com/TheHackersNews

By Waqas

Kiss goodbye to crucial evidence. Body cameras used by the law enforcement nowadays have already remained controversial but no one has, so far, attempted to assess the credibility of the device itself. But, at Defcon 2018, police body cameras became an object of discussion when a researcher Josh Mitchell identified these cameras to be vulnerable […]

This is a post from HackRead.com Read the original post: Hackers can manipulate Police body cam footages

Source: https://www.hackread.com/feed/

Last week Oracle disclosed a critical vulnerability in its Oracle Database product, the issue tracked as CVE-2018-3110 has received a CVSS score of 9.9,

On Friday, Oracle released security patches to address a critical vulnerability affecting its Database product, the company is urging install them as soon as possible.

The vulnerability resides in the Java VM component of Oracle Database Server, a remote authenticated attacker can exploit it take complete control of the product and establish a shell access to the underlying server.

The vulnerability, tracked as CVE-2018-3110, affects Oracle Database 11.2.0.4, 12.2.0.1, 12.1.0.2 on Windows and 12.1.0.2 running on Unix or Linux.

“Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18.” reads the security advisory published by Oracle “Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. “

Oracle CVE-2018-3110

The Version 12.1.0.2 on both Windows and Unix/Linux systems was already addressed with the Oracle July 2018 CPU.

“Due to the nature of this vulnerability, Oracle recommends that customers apply these patches as soon as possible.” reads the blog post published by Oracle.

“This means that:

  • Customers running Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows should apply the patches provided by the Security Alert.
  • Customers running version 12.1.0.2 on Windows or any version of the database on Linux or Unix should apply the July 2018 Critical Patch Update if they have not already done so.”

Oracle “strongly recommends that customers take action without delay.”

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – CVE-2018-3110, Oracle Database)


The post Oracle warns of CVE-2018-3110 Critical Vulnerability in Oracle Database product, patch it now! appeared first on Security Affairs.

Source: Security affairs

Patrick Wardle, the popular white hat hacker, has discovered a zero-day vulnerability that could allow attackers to carry out synthetic mouse-click attacks

Patrick Wardle, the popular white hat hacker and chief research officer at Digita Security, has discovered a zero-day vulnerability that could allow attackers to mimic mouse-clicks for kernel access.

Wardle presented his discovery during the Def Con 2018 conference in Las Vegas, he explained that by using two lines of code he found an Apple zero-day in the High Sierra operating system that could allow a local attacker to virtually “click” a security prompt and thus load a kernel extension.

Once obtained the Kernel access on a Mac, the attack can fully compromise the system.

Apple has already in place security measures to prevent attackers from mimicking mouse-clicks for approving security prompts presented to the user when attempting to perform tasks that can potentially expose to risks the system.

Patrick Wardle has discovered a flaw that allows attackers to bypass such kind of security measures through Synthetic Mouse-Click attacks.

Wardle recently demonstrated that a local, privileged attacker could leverage vulnerabilities in third-party kernel extensions to bypass Apple’s kernel code-signing requirements.

Malware developers and hackers have started using synthetic mouse-click attacks to bypass this security mechanism and emulate human behavior in approving security warnings.

Apple mitigated the attack devised by Wardle by implementing a new security feature dubbed “User Assisted Kernel Extension Loading,” a measure that force users to manually approve the loading of any kernel extension by clicking the “allow” button in the security settings UI.

The latest macOS versions, including High Sierra introduced a filtering mechanism to ignore synthetic events.

“Before an attacker can load a (signed) kernel extension, the user has to click an ‘allow’ button. This recent security mechanism is designed to prevent rogue attacks from loading code into the kernel. If this mechanism is bypassed it’s game over,” Wardle explained.

Synthetic Mouse-Click attacks

Wardle discovered that is it possible to deceive macOS by using two consecutive synthetic mouse “down” events because the operating system wrongly interprets them as a manual approval.

“For some unknown reason the two synthetic mouse ‘down’ events confuse the system and the OS sees it as a legitimate click,” Wardle said. “This fully breaks a foundational security mechanism of High Sierra.”

The expert explained that the operating system confuses a sequence of two-down as mouse “down” and “up.” The OS also confuse the “up” event as an internal event and for this reason, it is not filtered and it can be abused to interact with High Sierra’s user interface allowing to load kernel extensions.

Wardle accident discovered the issue by copying and pasting code for a synthetic mouse down twice.

“I was just kind of goofing around with this feature. I copied and pasted the code for a synthetic mouse down twice accidentally – forgetting to change a value of a flag that would indicate a mouse “up” event. Without realizing my ‘mistake,’ I compiled and ran the code, and honestly was rather surprised when it generated an allowed synthetic click!”

“Two lines of code completely break this security mechanism,” he added. “It is truly mind-boggling that such a trivial attack is successful. I’m almost embarrassed to talk about the bug as it’s so simple — though I’m actually more embarrassed for Apple.”

According to Wardle, the issue only affects High Sierra, because it is the using OS version that implements the Apple’s User Assisted Kernel Extension Loading.

The Wardle’s presentation is available at the following URL:

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Patrick%20Wardle/DEFCON-26-Patrick-Wardle-The-Mouse-Is-Mightier-Synthetic0Reality.pdf

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Synthetic Mouse-Click Attacks, macOS)


The post Apple zero-day exposes macOS to Synthetic Mouse-Click attacks appeared first on Security Affairs.

Source: Security affairs

Crooks are targeting DLink DSL modem routers in Brazil to redirect users to fake bank websites by carrying out DNS hijacking.

Crooks are targeting DLink DSL modem routers in Brazil to redirect users to fake bank websites by changing the DNS settings.

With this trick, cybercriminals steal login credentials for bank accounts, Radware researchers reported.

The attackers change the DNS settings pointing the network devices to DNS servers they control, in this campaign the experts observed crooks using two DNS servers, 69.162.89.185 and 198.50.222.136. The two DNS servers resolve the logical address for Banco de Brasil (www.bb.com.br) and Itau Unibanco (hostname www.itau.com.br) to bogus clones.

“The research center has been tracking malicious activity targeting DLink DSL modem routers in Brazil since June 8th. Via old exploits dating from 2015, a malicious agent is attempting to modify the DNS server settings in the routers of Brazilian residents, redirecting all their DNS requests through a malicious DNS server.” reads the analysis published by Radware.

“The malicious DNS server is hijacking requests for the hostname of Banco de Brasil (www.bb.com.br) and redirecting to a fake, cloned website hosted on the same malicious DNS server which has no connection whatsoever to the legitimate Banco de Brasil website.”

Hackers are using old exploits dating from 2015 that work on some models of DLink DSL devices, they only have to run for vulnerable routers online and change their DNS settings.

The experts highlighted that the hijacking is performed without any user interaction.

“The attack is insidious in the sense that a user is completely unaware of the change. The hijacking works without crafting or changing URLs in the user’s browser. A user can use any browser and his/her regular shortcuts, the user can type in the URL manually or even use it from mobile devices, such as a smart phone or tablet.” reads the alert published by Radware.

“The user will still be sent to the malicious website instead of to their requested website and the hijacking effectively works at the gateway level.”

Attackers carried out phishing campaigns with crafted URLs and malvertising campaigns attempting to change the DNS configuration from within the user’s browser. Such kind of attack is not a novelty, hackers are using similar techniques since 2014, in 2016, an exploit tool known as RouterHunterBr 2.0 was published online and used the same malicious URLs, but Radware is not aware of currently of abuse originating from this tool.

Radware has recorded several infections attempts for an old D-Link DSL router exploits since June 12.

DNS hijacking

The malicious URL used in the campaign appear as:

DNS hijacking 2


Several exploits  for multiple DSL routers, mostly D-Link, were available online since February, 2015:

Once the victims visit the fake websites, they will be asked for bank info, including agency number, account number, mobile phone number, card pin, eight-digit pin, and a CABB number.

The experts noticed that the phishing websites used in the campaign are flagged as not secure in the URL address.

Radware reported the campaigns to the financial institutions targeted by the attacks and fake websites have since been taken offline.

“A convenient way for checking DNS servers used by your devices and router is through websites like http://www.whatsmydnsserver.com/.
Only modems and routers that were not updated in the last two years can be exploited. Updates will protect the owner of the device and also prevent devices being enslaved for use in DDoS attacks or used to conceal targeted attacks.” recommends Radware.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – DNS hijacking, hacking)


The post DNS Hijacking targets Brazilian financial institutions appeared first on Security Affairs.

Source: Security affairs

The trailer for General Magic

The story of General Magic, which is chronicled in a new documentary named after this early ’90s Silicon Valley company, has become both a legendary and cautionary tale. Back at a 1989 Aspen Institute event, future founder and CEO Marc Porat essentially unveiled an idea for a smartphone prototype. He called it the Pocket Crystal, but the device eventually came to market as the Sony MagicLink Personal Intelligent Communicator. The concept excited onlookers to the point that Apple helped seed the company, Porat attracted high-profile former Cupertino employees, and outlets like The New York Times soon took notice.

“This was the beginning of the most important company in the history of Silicon Valley that no one ever heard of,” former Apple CEO John Sculley says in the film.

“Since the Mac, we were all looking for the next thing,” adds Joanna Hoffman, Apple’s former marketing lead. “[The Mac] really jaded us to anything else. Other projects fizzled kind of quickly because [they] didn’t have the same grandness of vision, grandness of potential impact. Now what?”

Read 14 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Who’s a hungry frog? (credit: Gnog)

Gnog doesn’t ask much of its players. The pastel puzzler is easy on the eyes and easy on the pocketbook. It doesn’t last long, either. You can knock the whole thing out in a couple of hours or less. Its puzzles consistently capture the satisfaction of fitting a square peg in a square hole without much challenge to speak of. It is, put simply, one hell of a chill time.

Put less simply, Gnog a game about manipulating 3D puzzle boxes in the form of cartoonish floating heads. Each diorama tells a pseudo-story and ends with the constantly changing “face” crooning a little ditty. I found it hard not to bob my head alongside the colorful creatures. That’s especially true when playing in virtual reality. Those faces feel present in VR in a way that 2D screen representations can’t match.

Every head is carved from soft-edged, chalk-bright colors. It’s a friendly, welcoming sort of surrealism that only gets more charming as you peel away each layer. If a tiny being inside a head is sad, odds are your puzzle solving will make them happy. If background music is discordant or an object is out of place, you’ll probably set things right by winning. And the happy little songs at the end of each stage feel like precisely the kind of small, pleasant reward each small, pleasant level should end on.

Just the right touch

That general pleasantness also applies to the manipulation of knobs, dials, switches, buttons, and various other devices that fill out each puzzle. Anyone familiar with The Room games or Amanita Design’s output (like Machinarium and Botanicula) will recognize the objective. You’re presented with things to fiddle with, so you fiddle, constantly, until the guess-and-check methodology makes the correct order of fiddling clear.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Riverfront Ave. in Calgary during the Alberta floods 2013. (credit: Ryan L. C. Quan / Wikimedia)

In June 2013, Keith Musselman was living in the Canadian Rockies when the nearby Bow River flooded. “We were in a valley, so we were stuck for about five days,” Musselman told Ars. “The community was devastated.”

The flood was one of the costliest and most devastating natural disasters in Canada’s history, with five people killed, more than 100,000 evacuated, and extreme property damage. Heavy rainfall falling on late snow in the mountains had overwhelmed rivers and reservoirs, and Musselman, a hydrologist, realized that this kind of rain-on-snow flooding wasn’t properly understood.

“Forecasters have a good handle on what happens when rain falls,” he says. “But when that rain falls in mountains where there’s deep snow, we don’t have a good handle on what the flood volume will be.”

Read 16 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal

20% discount

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      A malware paralyzed TSMC plants where also Apple produces its devices
·      Do Businesses Know When Theyre Using Unethical Data?
·      Russian troll factory suspected to be behind the attack against Italian President Mattarella
·      Salesforce warns of API error that exposed Marketing data
·      Tech Support Scams improved with adoption of Call Optimization Service
·      Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks
·      Fortnite APK is coming soon, but it will not be available on the Google Play Store
·      TCM Bank: website misconfiguration exposed applicant data for 16 months
·      ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis
·      Duo Security created open tools and techniques to identify large Twitter botnet
·      Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges
·      HP releases firmware updates for two critical RCE flaws in Inkjet Printers
·      TSMC Chip Maker confirms its facilities were infected with WannaCry ransomware
·      GitHub started warning users when adopting compromised credentials
·      Hacking WiFi Password in a few steps using a new attack on WPA/WPA2
·      Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black botnet
·      Snapchat source Code leaked after an iOS update exposed it
·      BIND DNS software includes a security feature that could be abused to cause DoS condition
·      DeepLocker – AI-powered malware are already among us
·      Researchers find vulnerabilities in WhatsApp that allow to spread Fake News via group chats
·      Security expert discovered a bug that affects million Kaspersky VPN users
·      Social Mapper – Correlate social media profiles with facial recognition
·      The analysis of the code reuse revealed many links between North Korea malware
·      Experts explained how to hack macs in enterprises through MDM
·      Group-IB: The Shadow Market Is Flooded with Cheap Mining Software
·      Quiet Skies, TSA surveillance program targets Ordinary U.S. Citizens

 

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Newsletter)


The post Security Affairs newsletter Round 175 – News of the week appeared first on Security Affairs.

Source: Security affairs