Twitter's bug could expose contact numbers of users

Micro-blogging website, Twitter had squashed its password recovery bug on Wednesday (February 17) which had affected its password recovery systems last week.

The bug which had affected the systems for about 24 hours had the intensity to extract a user’s personal information including the e-mail address and contact number.  

The company has notified affected users, though it’s believed to have impacted fewer than 10,000 of Twitter’s more than 320 million monthly active users.

If a user has no received a mail, then it implies that there account is safe.

The company would also call on law enforcement officials to investigate any users who they find exploited the security bug to access someone else’s account information.

The issue reminds of the practice what the company refers to as “good security hygiene,” including double authentication.

While the issue did not impact user security, it illustrates the trouble users face with protecting their own data. 

While users could have strong passwords, use two-factor authentication, and employ other security techniques but if a company’s network is hacked, there’s little customers can do but watch their information fall into the hands of malicious parties.

Banks face new APT style robbery attacks

A year after Kaspersky Lab researchers warned that cyber-criminals would start to adopt sophisticated tactics and techniques from APT groups for use in bank robberies, the company has confirmed the return of Carbanak as Carbanak 2.0 and uncovered two more groups working in the same style: Metel and GCMAN who attack financial organizations use covert APT-style reconnaissance and customized malware along with legitimate software and new, innovative schemes to cash out.

The Metel cyber-criminal group gains control over machines inside a bank that have access to money transactions. The gang can automate the rollback of ATM transactions which shows that the balance in debit card remains same regardless of number of ATM restrictions.

The group of these criminals steals money by driving around cities in Russia at night and emptying ATM machines belonging to a number of banks, repeatedly using the same debit cards issued by the compromised bank.

The researchers also uncovered that the Metel operators achieve their initial infection through specially crafted spear-phishing emails with malicious attachments, and through the Niteris exploit pack, targeting vulnerabilities in the victim’s browser. After they cross the network, the cybercriminals use legitimate and pentesting tools to move laterally, hijacking the local domain controller and eventually locating and gaining control over computers used by the bank’s employees responsible for payment card processing.

Investigation is on to know further details. So far no attacks outside Russia have been identified.

The three gangs identified are shifting toward the use of malware accompanied by legitimate software in their fraudulent operations.

Meanwhile, GCMAN successfully attacks an organization without the use of any malware, running legitimate and pentesting tools only. Kaspersky Lab experts have investigated, we saw GCMAN using Putty, VNC, and Meterpreter utilities to move laterally through the network till the attackers reached a machine which could be used to transfer money to e-currency services without alerting other banking systems.

In one attack observed by Kaspersky Lab, the cybercriminals stayed in the network for one-and-a-half years before activating the theft. Money was being transferred in sums of about $200, the upper limit for anonymous payments in Russia.

Founded in 1947, Kaspersky Lab products has released crucial Indicators of Compromise (IOC) and other data to help organizations search for traces of these attack groups in their corporate networks.

Security flaw in Trend Micro unveiled by Google security Researcher

Google security researcher, Tavis Ormandy has found bugs in Password Manager of global security software company, Trend Micro.

Password Manager is a component installed by default with Trend Micro’s Premium Security and Maximum Security home products.

Ormandy informed Trend Micro about his findings on January 05.

The bug which is primarily written in JavaScript with node.js could allow remote code execution by any website and steal all passwords of a user. He also noted that it was also possible to bypass Internet Explorer’s Mark of the web (MOTW) security feature and execute commands without letting the victim receive any notification.

Ormandy took 30 seconds to identify an API that could be leveraged for remote code execution (RCE).  Overall, Ormandy found over 70 APIs exposed to the Internet.

Exploiting a vulnerability can give an attacker deep access to a computer.

Several serious vulnerabilities have been found in the last seven months in antivirus products from vendors including Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.

Security bug in most popular antivirus softwares

Three most popular antivirus softwares  were  detected with the serious security flaws that could allow hackers to infiltrate the Windows computer via antivirus itself.

enSilo a security researchers have discovered  that AVG, McAfee, and Kaspersky have a common security bug.

This year in March, the security researchers at  enSilo found a security flaw in antivirus engine AVG Internet Security 2015. The security bug creates a memory space with full RWX (read-write-execute) privileges in the predictable address space that a hacker could easily force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).

enSilo informed the AVG employees about the security flaw, and they fixed the issue within two days.

With the seriousness of the bug enSilo decided to tests the other commonly used antivirus software’s. They found the same bug in Intel Security's McAfee Virusscan Enterprise version 8.8 and Kaspersky Total Security 2015 - 15.x.

enSilo notified each company about the security bug.

"Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers' claims and took action to develop and distribute a solution addressing it," an Intel Security representative told Softpedia.

Keeping the possible widespread nature of the problem in mind, enSilo has created a free checking utility called AVulnerabilityChecker, and advised every user to check that they have all the latest updates.

"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post.

"Given that this is a repetitive coding issue amongst Anti-Virus – an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."

Dell says "sorry" for installing vulnerable digital certificate

Dell has apologized as it confirmed via a blog post that a certificate (eDellRoot), installed on its PCs that introduced a security vulnerability.

It is said that the certificate allows attackers to cryptographically impersonate HTTPS-protected websites. However, the company has issued a software tool that removes the transport layer security credential from affected machines.

The certificate will not reinstall itself, once it is properly removed using the recommended Dell process.

“The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it,” the company said in the blog post.

According to the blog post, Dell’s customers, Hanno Böck, Joe Nord and Kevin Hicks, aka rotorcowboy, informed the company about the presence of such certificate on its PC.

Dell has claimed that the certificate was not a malware but was there to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service their customers.

“We have posted instructions to permanently remove the certificate from your system here. We will also push a software update starting on November 24 that will check for the certificate, and if detected remove it. Commercial customers who reimaged their systems without Dell Foundation Services are not affected by this issue. Additionally, the certificate will be removed from all Dell systems moving forward,” the company added. 

A Security bug in MetroPCS could allow hackers to access customer data

A critical security bug in MetroPCS could allow anyone who knew your phone number access your personal details from the website including your home address, phone’s model and serial number .

It was revealed in a report by Motherboard that a pair of researchers discovered a bug that left the customer’s personal data exposed to cybercriminals.

With the personal details in hand, cybercriminals could easily move on to identity theft and accessing bank accounts.

 Eric Taylor and Blake Welsh found the flaw on MetroPCS's payment page in mid-October. Motherboard independently verified the flaw and reached out to T-Mobile, which owns MetroPCS, on October 22.

Well-known researchers have claimed it as a pretty nasty bug and a serious privacy exposure.  MetroPCS was unaware of the problem before being contacted by Motherboard prior to their published report. A spokesperson for T-Mobile told Motherboard that the flaw was fixed and the data is not exposed anymore.

But the thing that raised eyebrows was that the hacker won’t even need someone's phone number. An attacker could just run an automated script and obtain the personal data of many MetroPCS customers.