Richard Mu

Hidden Backdoor Found In WordPress Captcha

December 20, 2017 by Richard Mu Leave a Comment

It was recently discovered that a popular Captch WordPress plugin that was sold to an undisclosed buyer, has been modified and had a backdoor installed. The backdoor allows the plugin author to remotely gain administrative access to the WordPress websites. WordFence and WordPress teamed up to patch the affected version of the Captcha plug-in as well as preventing the author to publish further updates. It is advised and recommended that website administrators are replacing their Captcha plugin with the latest version.

https://thehackernews.com/2017/12/wordpress-security-plugin.html

Ai.type Keyboard Collecting Data

December 5, 2017 by Richard Mu 1 Comment

In a recently online leaked database, it has been discovered that the popular keyboard app, Ai.type, has been collecting a large amount of sensitive details on users. The information that has been collected was not necessary for the app to run and ranged from contact information, GPS location to information linked through social media. It was also revealed that user’s contact books from names to phone numbers were being collected.

https://thehackernews.com/2017/12/keyboard-data-breach.html

Android Spyware That Spies On Whatsapp and Skype Calls

November 28, 2017 by Richard Mu 2 Comments

Recently discovered by Google Play Protect, a machine learning and app usage analysis, helped researchers at Google identify an Android spyware that was stealing information on users. The targeted devices were mostly in African countries. Infected apps with Tizi, an Android backdoor with rooting capabilities, were being advertised on social media and 3rd party app stores.

https://thehackernews.com/2017/11/android-spying-app.html

Backdoor Found In OnePlus

November 14, 2017 by Richard Mu Leave a Comment

It was discovered that all OnePlus devices that are running OxygenOS have a backdoor that allows anyone to gain root access. The application left available to be accessed is known as EngineerMode. A diagnostic testing application by Quacomm, EngineerMode was made to test hardware components of devices. It was designed to diagnose with GPS, root status, and various tests.

https://thehackernews.com/2017/11/oneplus-root-exploit.html

IEEE P1735 Encryption Broken

November 7, 2017 by Richard Mu 1 Comment

Security researchers have found weakness “in the Institute of Electrical and Electronics Engineers (IEEE) P1735 cryptography standard that can be exploited to unlock, modify or steal encrypted system-on-chip blueprints.” IEEE P1735 was designed to encrypt electronic-design intellectual property (IP) in the hardware and software. Most mobile and embedded devices include a System-on-Chip (SoC), a circuit that consists of multiple IPS that range from radio-frequency receiver to cryptographic engine from different vendors.

Published by the Department of Homeland Security’s US-CERT, IEEE P1735 is flawed. It was discovered that there was seven vulnerabilities that were found.

Vendors have already been alerted and contacted.

https://thehackernews.com/2017/11/ieee-p1735-ip-encryption.html

Hackers Recover Encryption Key With DUHK

October 24, 2017 by Richard Mu 1 Comment

Don’t use hard-coded keys (DUHK), a new cryptographic vulnerability that allows attackers to recover encryption keys from VPN sessions and web browsers, has been reported from KRACK Wi-Fi attack. The vulnerability affects vendor’s devices that rely on ANSI X9.31 RNG and “in conjunction with a hard-coded seed key.” ANSI x9.31 RNG is an algorithym that was commonly used to generate cryptographic keys in order to secure VPN connections and web browsers.

The DUHK vulnerability could allow a “state recovery attack, allows man-in-the-middle attackers, who already know the seed value, to recover the current state value after observing some outputs.”

https://duhkattack.com

https://thehackernews.com/2017/10/crack-prng-encryption-keys.html

Flash Zero Day Exploit used to Distribute FinSpy

October 16, 2017 by Richard Mu 1 Comment

Finspy, a spyware that was being sold to government agencies, has been found infecting targets using an Adobe Flash zero-day exploit through Microsoft Office documents that was started by BackOasis. Security researchers from Kaspersky Labs found the Adobe Flash zero-day exploit, tracked as CVE-2017-11292, is a vulnerability that can lead to code execution through Flash Player 21.0.0.226 for all major OS. It has been found that the FinSpy payload exploits the Flash Zero-day vulnerability.

https://thehackernews.com/2017/10/flash-player-zero-day.html

Uber App Feature to Record iPhone Screen

October 10, 2017 by Richard Mu 2 Comments

Security researcher, Will Strafach had found that the Uber app has been selectively allowed to use its screen recording API on Apple Watch in order to improve its performance. The screen recording API that has been implemented into Uber’s app, allows it to “record user’s screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen.” If Uber’s permissions were to be compromised, the data would be vulnerable to hackers. After it has been disclosed, Uber has announced that it would remove the “entitlement code” in its iPhone app codebase.

https://thehackernews.com/2017/10/uber-screen-record-iphone.html

Windows Defender Tricked Into Running Malicious Code

October 3, 2017 by Richard Mu Leave a Comment

Cyber security resarchers at CyberArk created an attack which they call Illusion Attack. In developing their own custom SMB server, they were able to trick Windows Defender into scanning a benign file and executing a malicious malware instead. The Illusion Attack begins with an attacker tricking the victim into executing an exploit that is hosted on the malicious SMB share. The attacker would serve different files into the Windows PE Loader and Windows Defender. Whenever Windows Defender would scan the file, it is given a benign file which would be read as clean, while the PE loader would load the malicious file.

Microsoft responded in saying that it isn’t believed to be a security issue, but may be a feature request in the future.

Article: https://threatpost.com/windows-defender-bypass-tricks-os-into-running-malicious-code/128179/

Car Tracking Devices Leaked

September 25, 2017 by Richard Mu 2 Comments

Similar to the Viacom leaked that happened earlier this week, Kromtech Security Center discovered a misconfigured Amazon Web Server (AWS) S3 cloud storage that was left accessible to the public. The AWS contained a cached that belonged to SVR, Stolen Vehicle Records. The SVR Tracking service provided its costumers a way to “track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location.” The leaked cache contained around 540,000 SVR accounts that included email addresses, passwords, and vehicle data.

The leaked data also contained information exact information of which the physical tracking unit was located.

“Since the leaked passwords were stored using SHA-1, a 20-years-old weak cryptographic hash function that was designed by the US National Security Agency (NSA), which can be cracked with ease.”

Due to the monitoring of the SVR’s car tracking device, anyone that had access to SVR users’ login credentials would be able to track a vehicle as well as create a detailed log of locations that the vehicle has visited. With the given habits of people, the attacked could’ve stole the vehicle or intrude on someone’s home when they were away.

Since Kromtech has alerted the company, the AWS S3 cloud storage bucket has been secured.

Article: http://thehackernews.com/2017/09/hacker-track-car.html