Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
August 29, 2017 – Hack Naked News #138
#1
https://securityweekly.com/2017/08/29/au...-news-138/       HACK NAKED NEWS

August 29, 2017 – Hack Naked News #138

 Paul Asadoorian August, Backdoors, CIA, Intel chips, Microsoft, Paladin Security, patches, SMS August 29, 2017      Sparring government agencies, Microsoft patches a patch of a patch, Intel chips and backdoors, SMS authentication begone, and more. Jason Wood of Paladin Security discusses scaling back data demand on this episode of Hack Naked News!

News
CIA Created Bogus Software Upgrade To Steal Data From NSA, FBI – The data-stealing Trojan was created as part of a CIA project called ExpressLane, a piece of software installed by CIA Office of Technical Service (OTS) agents under the guise of upgrading the CIA’s biometric collection system. This biometric system is installed at the ‘liaison services’ or partners such as the NSA, Department of Homeland Security, and the FBI, according to WikiLeaks, which released the ExpressLane documents as part of its Vault 7 collection. and so: It’s unlikely this specific version of ExpressLane is still supported given the documents are dated 2009 and describe functionality for Windows XP. I’m certain none of this activity is still happening today though….
Microsoft yanks buggy patch of a buggy patch, KB 4039884 – There’s no official confirmation, and no explanation of course, but overnight Microsoft pulled a patch that was supposed to fix the main problems in this month’s Windows 7 security updates. Turns out the patch removes a DLL used by other software, such as the Dell Support Assistant, which you probably don’t want to run anyhow, so I would call this patch a success! Still, the lack of details from Microsoft is very Apple like, so cut that out.
SAP point-of-sale systems were totally hackable with $25 kit – Point-of-Sale systems from SAP had a vulnerability that allowed them to be hacked using a $25 Raspberry Pi or similar device, according to research unveiled at the Hack in the Box conference in Singapore last week. Critical vulnerabilities in SAP’s POS – since resolved – created a means for hackers not only to steal customers’ card data but to gain unfettered control over the server, enabling them to change prices of goods with the help of a simple device, according to ERPScan. Good news is, this has been fixed, well at the least the patch is available, bad news: Point-of-Sale systems from SAP had a vulnerability that allowed them to be hacked using a $25 Raspberry Pi or similar device, according to research unveiled at the Hack in the Box conference in Singapore last week.
CVS App Sends Your Location To Outside Servers, Researchers Say – Thanks to a coding error with the CVS app, the massive US retail pharmacy has been inadvertently sharing users’ locations with more than 40 web servers, privacy experts say. Basically this app sends you location data to other destinations other than CVS. This App is horrible, btw and I am not surprised by this finding. Being a user of this app makes me want to cry, and I can tell the development team was not top-notch. CVS also declined to comment, which also does not surprise me.
Secret NSA Code In Intel Chips Opens Backdoor To Computers – It seems some government customers can request Intel’s always-on Management Engine (ME) ‘master controller’ for its CPUs to be disabled.That’s not an option for the general public, but researchers at Russian security firm Positive Technologies have found a way to use these government-only privileges to disable ME. Yea, so not cool implementing features, even if its disabling features as a feature, to only select customers.
FTC to Issue Refunds Following Tech Support Scam – The Federal Trade Commission (FTC) is notifying victims of a tech support scheme who are eligible for partial refunds, the commission announced today. Hundreds of thousands of people were deceived in an operation that ran from April 2012 to November 2014. Love this positive news and there is a $10 million dollar pool of money to pay back to the victims.
Telnet Credential Leak Reinforces Bleak State of IoT Security – This is not new, but a testament to this problem having no solution. JOhannes comments: “It remains to be seen if legislation is needed to secure these devices, or some form of certification that would be reflected in a simple to identify logo,” he added. “But I do think we may end up with some kind of legislation that may prohibit the sale of devices that are not considered safe, similar to what we have for food or electrical appliances.”
WireX DDoS Botnet: An Army of Thousands of Hacked Android SmartPhones – A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones. Dubbed WireX, detected as “Android Clicker,” the botnet network primarily includes infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is designed to conduct massive application layer DDoS attacks. Google has removed the offending apps, but two things 1) Google HAS to come up with a better way to improve the integrity of the Android app store and 2) its only a matter of time before ransomeware on Android becomes more widespread and forces Google’s hand.
Google wants you to bid farewell to SMS authentication
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Unread Content Mark site read Home News Security & Privacy News Fortune 5 Bjyda 0 3,832 03-07-2021 , 12:13 AM
Last Post: Bjyda
  Unread Content Mark site read Home News Security & Privacy News AWS: Sola Bjyda 0 961 02-26-2021 , 11:07 PM
Last Post: Bjyda
  APT28, Gmail, Game of Thrones leak, and WannaCry - Hack Naked News #136 baziroll 0 1,797 08-17-2017 , 12:27 AM
Last Post: baziroll
  The Week in Ransomware - August 11th 2017 - GlobeImposter & CryptoMix tarekma7 0 1,816 08-13-2017 , 08:17 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)