Breaking News »

Latest Hacking News

Security flaw in Hotel Wi-Fi could allow hackers to infect Guests' system with malware

A security company Cylance, discovered  a vulnerability in ANTlabs InnGate devices, after which they issued a public advisory on March 26 about its system vulnerability (CVE-2015-0932), which provide Wi-Fi access in hotels and convention centers and other places.

In its advisory ANTlabs warns, "An incorrect rsync configuration on certain models of our gateway products allows an external system to obtain unrestricted remote read/write file access.”

Researcher Brian Wallace wrote in a detailed blog post that “Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.”

In his blog Brian Wallace explains that after gaining full read and write access, the attacker could upload a backdoored version  or add an user with root level access and a password known to the attacker. “Once this is done the endpoint is at the mercy of the attacker.”

According to Cylance researchers there are 277 vulnerable devices in 29 countries including the United States, Cuba, Australia and Italy, that could be directly exploited from the Internet.

The Darkhotel APT campaign that specifically targeted  executives via Wi-Fi networks at luxury hotels, was uncovered by Kaspersky Lab researchers last fall. The similar attack  could be leveraged by this vulnerability.

According to the blog post, “The DarkHotel campaign was carried out by an advanced threat actor with a large number of resources, CVE-2015-0932 is a very simple vulnerability with devastating impact. The severity of this issue is escalated by how little sophistication is required for an attacker to exploit it."

Wallace added, “Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems. Given the level of access that this vulnerability offers to attackers, there is seemingly no limit to what they could do.”

When InnGate devices  were integrated into Property Management Systems (PMS),a software application used to coordinate the operational functions, they  stores credentials to the PMS, and an attacker could potentially gain full access to the PMS.

By blocking the unauthenticated RSYNC process from internet access, a TCP-DENY on port 873 on the upstream network device from the affected InnGate device, the vulnerability can  be mitigated.

Slack hacked, over 100k users data compromised


Slack, a team communication tool, has suffered suffered a security breach on its central user database, potentially leaving user's login credentials in the hands of hackers.

Slack was launched in 2013 and its android application has been downloaded by more than 100,000 users so far(according to Google Play store).

The company confirmed the breach in a company blog post. The unauthorized access took place for about 4 days in February.

The database accessed by the intruders included usernames, email IDs, and  passwords(hashed). It also contained optional data added by users such as phone numbers, Skype IDs.

On the bright side, Slack didn't store the passwords in a plain-text format. The passwords have been hashed with a bcrypt and a randomly generated salt.  It does not mean this will thwart hackers from accessing your account, it will just slow down the process and give you a time to take action. And, NO Financial or payment data compromised in this attack.

In the wake of security breach, the company strengths its security for the authentication.  One of them is "2 step authentication" - a verification code in addition to your normal password whenever you sign in to Slack. Let's hope the company also fixes any other vulnerabilities in their website.

Android users worldwide exposed to Malware risks

Network security company, Palo Alto Networks, has confirmed that they have discovered a vulnerability in Google's Android OS application installation procedure, that can leave its users potentially exposed to malware that can seek control of the whole device. They have named the vulnerability, 'Android Installer Hijacking'.

The vulnerability called Time-of-Check to Time-of-Use (TOCTTOU) was discovered by Palo Alto in January last year. In simple words, it hijacks your device while the installation of an application and installs malware instead of the application.

The malware has been linked to people who frequent and download often from third party application stores that download an application you want to install, in the local storage area of your phone, rather than the protected area where the Play Store downloads and installs its applications from.

Google's security team was informed of the vulnerability a month after it was found by Palo Alto. It can be used by hackers to exploit an android running device in various manners, with credit card information of users also being at risk.

The vulnerability has existed for an year according to Palo Alto's Disclosure Timeline and measures like vulnerability scanners have been put in place to mitigate this vulnerability.

Kreditech Suspects Insider In Data Breach

Kreditech, a Germany-based  micro-loan startup is investigating a data breach of personal and financial records of thousands of its online applicants, according to Brian Krebs report.

A Web site accessible via Tor, a software that transfers  Internet traffic  to a global network of relays, included links to countless documents, drivers licenses, national Ids, scanned passports, and credit agreements taken from Kreditech’s servers.

A group of  hackers 'A4' professes to have posted the screen shots of the hundreds of gigabytes documents of Kreditech.

Kreditech head of communications Anna Friedrich said, “There is no access to any customer data. This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share.”

Further adding Friedrich said that Kreditech believes the data was leaked by an insider, can be former or current employee.

Kreditech, has raised $63 million from investors since 2012. The company grant credit to applicants using traditional data scoring and social media, and provide loans  in Spain, the Czech Republic, Poland, Mexico, Australia, Russia,  Peru, the Dominican Republic and Kazakhstan.

Vulnerability »

Malware Report »

Defacements »

Spam Report »