Breaking News »

Latest Hacking News

Three suspects arrested in china for spreading WireLurker malware


Now a days, any mention of malware and Macs in the same setting generally conjures up images of WireLurker. It was notable as a new family of malware specifically targeting iOS devices via USB and is able to penetrate the iPhone's strict software controls.

WireLurker has been in action in China for the past six months, first infecting Macs by inserting Trojan software through repackaged OS X apps, then moving on to iOS devices. The firm claims that it is the first to automate generation of malicious iOS apps by implementing a binary file replacement attack.

Security experts at Palo Alto Networks traced WireLurker in a research paper saying "It is the biggest in scale we have ever seen! “. WireLurker can jump from a Mac onto an iPhone running a vanilla version of Apple's operating system by leveraging Apple's enterprise provisioning assets.

The WireLurker attackers "probably aren't people who do this often," says Ryan Olson, intelligence director of Palo Alto Networks' Unit 42. They are "clearly very skilled MacOS or iOS developers," but they definitely are not very experienced in writing malware.

With Apple's global smart phone market share continues to rise, so do the number of attempts to surreptitiously harvest data from unsuspecting consumers. As for who created WireLurker, Palo Alto's best guess is that this is one individual or a small group of individuals operating within China, independently of any nation-state. They could be a startup malware house in the new financially motivated, politically independent cybercrime underground growing behind the Great Wall.

Taking advantage of an app provisioning vulnerability, WireLurker lays dormant on a user's computer in an infected OS X app. The malware monitors for new iOS devices and installs malicious apps downloaded from an off-site server or generated autonomously on-device. From there, the program can access user information like contacts, read iMessages and perform other functions determined by the command-and-control server.

So far, 467 OS X apps have been infected and distributed through China's third-party Maiyadi App Store, with downloads totaling over 356,104 possibly impacting "hundreds of thousands of users."

While many publications have dubbed WireLurker “a new brand of threat,” it seems that the majority of users have nothing to worry about. It’s relies on a USB connection for delivery—a practice that has gone by the wayside for most folks in recent years.

On November 14, the Beijing Municipal Public Security Bureau announced it had arrested three people in connection with the WireLurker malware which brought a sense of relief among Apple users of China.

The police received a tip from the Chinese technology company Qihoo 360 and subsequently arrested three individuals, respectively surnamed Chen, Li, and Wang.

The third-party app store that had been serving WireLurker, Maiyadi, was also shut down. Apple has already taken steps to block infected programs but the rest of the work rests on users.

Author:
Medha Anand

Cape May-Lewes Ferry Confirms Credit Card Data Breach


The Cape May – Lewes Ferry has confirmed its payment data systems were infiltrated by hackers who took payment card data on certain systems at the Cape May-Lewes Ferry’s terminals and vessels.

Delaware River and Bay Authority(DRBA) that operates the Cape May – Lewes Ferry learned of a possible data breach on July 30 - The same day Jimmy John's learned of the data breach.

The organization with the help of third-party cyber forensic experts has determined that its card processing systems relating to food, beverage , and retail sales only were compromised.

Credit and Debit card data of individuals who have made purchases from September 20, 2013 through August 7, 2014 at the Cape May – Lewes Ferry ’s terminals and vessels at risk.

The malware planted by the cyber criminals has been eliminated.  The card data accessed by the malware includes card numbers, cardholder's names and/or card expiration dates.

DRBA is offering free identity protection services, including credit monitoring to affected customers.

PHP has fixed several vulnerabilities allowing remote code execution


The PHP development team has released new versions in order to fix three security vulnerabilities -one of them is said to be a critical one and leads to remote code execution.

The vulnerability identified as "CVE-2014-3669" can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.

In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).

These vulnerabilities were discovered by the Research lab of IT security company High-Tech Bridge.

The new versions 5.6.2,5.5.18 and 5.4.34 address these three vulnerabilities.

Critical SQL Injection vulnerability in Drupal 7.x

Security researchers from SektionEins have discovered a critical SQL Injection vulnerability in Drupal CMS that leaves a large number of websites that uses Drupal at risk.

Drupal introduced a database abstraction API in version 7.  The purpose of this API is to prevent SQL Injection attacks by sanitizing SQL Queries.

But, this API itself introduced a new and critical SQL Injection vulnerability.  The vulnerability enables attackers to run malicious SQL queries, PHP code on vulnerable websites.  A successful exploitation allows hackers to take complete control of the site.

This vulnerability can be exploited by a non-authenticated user and has been classified as "Highly Critical" one.

SektionEins didn't release the POC but released an advisory with technical details.

The vulnerability exists in the expandArguments function which is used for expanding arrays to handle SQL queries with "IN" Operator. 

The vulnerability affects Drupal core 7.x versions prior.  Users of 7.x versions are advised to update their CMS immediately.

You can also directly modify the "includes/database.inc" file to patch this vulnerability; Change the "foreach ($data as $i => $value) {"  with "foreach (array_values($data) as $i => $value) {"  in 739 line.

A proof of Concept has been released online that allows anyone to change the password of admin account.  So, better Hurry UP! Update your Drupal CMS.

One of the reddit user "fyukyuk" posted a HTTP post request that exploits this vulnerability.

The following python Code changes the admin password of vulnerable Drupal to 'admin' (Tested with Drupal versions 7.21,7.31).


Vulnerability »

Malware Report »

Defacements »

Spam Report »