Friday, April 21, 2017

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws


Thursday, April 20, 2017 Swati Khandelwal



Bad news for consumers with Linksys routers: Cybersecurity researchers have disclosed the existence of nearly a dozen of unpatched security flaws in Linksys routers, affecting 25 different Linksys Smart Wi-Fi Routers models widely used today.

IOActive's senior security consultant Tao Sauvage and independent security researcher Antide Petit published a blog post on Wednesday, revealing that they discovered 10 bugs late last year in 25 different Linksys router models.

Out of 10 security issues (ranging from moderate to critical), six can be exploited remotely by unauthenticated attackers.

According to the researchers, when exploited, the flaws could allow an attacker to overload the router, force a reboot by creating DoS conditions, deny legitimate user access, leak sensitive data, change restricted settings and even plant backdoors.



Many of the active Linksys devices exposed on the internet scanned by Shodan were using default credentials, making them susceptible to the takeover.

Researchers found more than 7,000 devices impacted by the security flaws at the time of the scan, though this does not include routers protected by firewalls or other network protections.

"We performed a mass-scan of the ~7,000 devices to identify the affected models," IOActive says. "We found that 11% of the ~7000 exposed devices were using default credentials and therefore could be rooted by attackers."IOActive made Linksys aware of the issues in January this year and is working "closely and cooperatively" with the company ever since to validate and address the vulnerabilities.


Here's How critical are these Flaws:
The researchers did not reveal more details about the vulnerabilities until the patch is made available to users, although they said two of the flaws could be used for denial-of-service attacks on routers, making them unresponsive or reboot by sending fraudulent requests to a specific API.

Other flaws could allow attackers to bypass CGI scripts to collect sensitive data such as firmware versions, Linux kernel versions, running processes, connected USB devices, Wi-Fi WPS pins, firewall configurations, FTP settings, and SMB server settings.

CGI, or Common Gateway Interface, is a standard protocol which tells the web server how to pass data to and from an application.



Researchers also warned that attackers those have managed to gain authentication on the devices can inject and execute malicious code on the device's operating system with root privileges.

With these capabilities in hands, attackers can create backdoor accounts for persistent access that are even invisible in the router smart management console and so to legitimate administrators.

However, researchers did not find an authentication bypass that can allow an attacker to exploit this flaw.


List of Vulnerable Linksys Router Models:
Here's the list of Linksys router models affected by the flaws:

EA2700, EA2750, EA3500, EA4500v3, EA6100, EA6200, EA6300, EA6350v2, EA6350v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500, WRT1200AC, WRT1900AC, WRT1900ACS, and WRT3200ACM.

The majority of the exposed devices (nearly 69%) are located in in the United States, and others are spotted in countries including Canada (almost 10%), Hong Kong (nearly 1.8%), Chile (~1.5%), and the Netherlands (~1.4%).

A small percentage of vulnerable Linksys routers have also been spotted in Argentina, Russia, Sweden, Norway, China, India, UK, and Australia.


Here's How you can Mitigate Attacks originating from these Flaws:
As temporary mitigation, Linksys recommended its customers to disable the Guest Network feature on any of its affected products to avoid any attempts at the malicious activity.

The company also advised customers to change the password in the default account in order to protect themselves until a new firmware update is made available to patch the problems.

Linksys is working to release patches for reported vulnerabilities with next firmware update for all affected devices. So users with Smart Wi-Fi devices should turn ON the automatically update feature to get the latest firmware as soon as the new versions arrive.

Hackers Steal Payment Card Data From Over 1,150 InterContinental Hotels


Wednesday, April 19, 2017 Swati Khandelwal



InterContinental Hotels Group (IHG) is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on payment card systems at 1,174 franchise hotels in the United States.

It's the second data breach that U.K.-based IHG, which owns Holiday Inn and Crowne Plaza, has disclosed this year. The multinational hotel conglomerate confirmed a credit card breach in February which affected 12 of its hotels and restaurants.

What happened?
IHG identified malware accessing payment data from cards used at front desk systems between September 29 and December 29, 2016, but the malware was erased after the investigation got completed in March 2017.

"Many IHG-branded locations are independently owned and operated franchises and certain of these franchisee operated locations in the Americas were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately used at their locations," read the notice published to IHG’s site on Friday.What type of information?
The malware obtained credit card data, such as cardholders' names, credit card numbers, expiration dates and internal verification codes, from the card's magnetic stripe, although the company said there is no evidence of any unauthorized access to payment card data after late December.



However, the company can not confirm that the malware was removed until February and March 2017, when it began its investigation around the data breach.

How many victims?
The total number of affected customers is not revealed by the company, although customers can use a lookup tool IHG has posted on its website to search for hotels by city and state.

The company says this most recent breach mostly affects guests from U.S-based hotels, who stayed between September 29 and December 29, 2016. The 1,174 hotels breached in the US include, 163 in Texas, 64 in California, 61 in Florida, 53 in Indiana, 50 in Ohio, 45 in New York, 42 in Michigan, 39 in Illinois, among others.

Only one hotel in Puerto Rico, a Holiday Inn Express in San Juan, is the non-U.S. hotel that was hit by malware.

Who are not affected by the breach?
Those franchise hotel locations that had implemented IHG's Secure Payment Solution (SPS) – a point-to-point encryption payment acceptance solution – before 29th September 2016 were not affected by this data breach.

IHG is advising all franchise hotels to implement SPS in order to protect themselves from such malware attacks, though the company also said, many more properties implemented SPS after September 29, 2016, which ended the malware’s ability to find payment card data.



What is the IHG doing?
IHG has already notified law enforcement of the recent data breach.

Moreover, on behalf of franchisees, the company has been working closely with the payment card networks and the cyber security firm to confirm that the malware has been removed and evaluate ways for franchisees to enhance security measures.

What should IHG customers do?
Users are advised to review their payment card statements carefully and to report any unauthorized bank transactions.

You should also consider requesting a replacement card if you visited any of the affected properties during that three months duration when the breach was active.

"The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take," the company says.IHG became the latest hotel chain to report a potential customer data breach in past few years, following the data breach in Hyatt, Hilton, Mandarin Oriental, Starwood, White Lodging and the Trump Collection that acknowledged finding malware in their payment systems.

This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera


Monday, April 17, 2017 Mohit Kumar





A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.

He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.

What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?



Okay, then before going to the in-depth details, first have a look at this demo web page (note: you may experience downtime due to high traffic on demo server), set up by Chinese security researcher Xudong Zheng, who discovered the attack.

“It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL or SSL certificate.” Xudong Zheng said in a blog post.If your web browser is displaying "apple.com" in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.

There is another proof-of-concept website created by security experts from Wordfence to demonstrate this browsers' vulnerability. It spoof "epic.com" domain.

Homograph attack has been known since 2001, but browser vendors have struggled to fix the problem. It’s a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters.

Many Unicode characters, which represents alphabets like Greek, Cyrillic, and Armenian in internationalised domain names, look the same as Latin letters to the casual eye but are treated differently by computers with the completely different web address.

For example, Cyrillic "а" (U+0430) and Latin "a" (U+0041) both are treated different by browsers but are displayed "a" in the browser address.


Punycode Phishing Attacks
By default, many web browsers use ‘Punycode’ encoding to represent unicode characters in the URL to defend against Homograph phishing attacks. Punycode is a special encoding used by the web browser to convert unicode characters to the limited character set of ASCII (A-Z, 0-9), supported by International Domain Names (IDNs) system.

For example, the Chinese domain "短.co" is represented in Punycode as "xn--s7y.co".

According to Zheng, the loophole relies on the fact that if someone chooses all characters for a domain name from a single foreign language character set, resembling exactly same as the targeted domain, then browsers will render it in the same language, instead of Punycode format.



This loophole allowed the researcher to register a domain name xn--80ak6aa92e.com and bypass protection, which appears as “apple.com” by all vulnerable web browsers, including Chrome, Firefox, and Opera, though Internet Explorer, Microsoft Edge, Apple Safari, Brave, and Vivaldi are not vulnerable.

Here, xn-- prefix is known as an ‘ASCII compatible encoding’ prefix, which indicates web browser that the domain uses ‘punycode’ encoding to represent Unicode characters, and Because Zheng uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041), the defence approach implemented by web browser fails.

Zheng has reported this issue to the affected browser vendors, including Google and Mozilla in January.


Fake Page (top) and Original Apple.com (bottom), but exactly same URL
While Mozilla is currently still discussing a fix, Google has already patched the vulnerability in its experimental Chrome Canary 59 and will come up with a permanent fix with the release of Chrome Stable 58, set to be launched later this month.

Meanwhile, millions of Internet users who are at risk of this sophisticated hard-to-detect phishing attack are recommended to disable Punycode support in their web browsers in order to temporarily mitigate this attack and identify such phishing domains.


How to Prevent Against Homograph Phishing AttacksFirefox users can follow below-mentioned steps to manually apply temporarily mitigation:

Type about:config in address bar and press enter.
Type Punycode in the search bar.
Browser settings will show parameter titled: network.IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to True.Unfortunately, there is no similar setting available in Chrome or Opera to disable Punycode URL conversions manually, so Chrome users have to wait for next few weeks to get patched Stable 58 release.

Although, there are some third-party Chrome extensions/add-ons available on App Store that users can install to get alerts every time they came across any website with Unicode characters in the domain.

Meanwhile, one of the best ways to protect yourself from homograph attacks is to use a good password manager that comes with browser extensions, which automatically enter in your login credentials for the actual domains to which they are linked.

So, whenever you came across any domain which looks like legitimate "apple.com" or "amazon.com" but actually is not, your password manager software will detect it and will not automatically authenticate you to that phishing site.

Moreover, Internet users are always advised to manually type website URLs in the address bar for important sites like Gmail, Facebook, Twitter, Yahoo or banking websites, instead of clicking any link mentioned on some website or email, to prevent against such attacks.

Russian Hacker Selling Cheap Ransomware-as-a-Service On Dark Web

Tuesday, April 18, 2017 Swati Khandelwal


Ransomware has been around for a few years, but it has become an albatross around everyone's neck, targeting businesses, hospitals, financial institutions and individuals worldwide and extorting millions of dollars.

Forget about developing sophisticated banking trojans and malware to steal money out of people and organizations. Today, one of the easiest ways that can help cyber criminals get paid effortlessly is Ransomware.

This threat became even worse after the arrival of ransomware as a service (RaaS) – a variant of ransomware designed to be so user-friendly that anyone with little or no technical knowledge can also easily deploy them to make money.

Now, security researchers have uncovered an easy-to-use ransomware service that promises profit with just one successful infection.



Dubbed Karmen, the RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.

Like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.

This new variant of ransomware-as-a-service (RaaS) provides buyers access to a web-based control panel hosted on the Dark Web with a user-friendly graphical dashboard that allows buyers to configure a personalised version of the Karmen ransomware.

The dashboard lets buyers keep a running tally of the number of infections and their profit in real time, allowing anyone with very minimal technical knowledge to deploy Karmen, threat intelligence firm Recorded Future said in a blog post published today.


Hacker: Don't Mess with my Malware; otherwise, Your Files are Gone!
Once infected, the Karmen ransomware encrypts the victim's files and shows a popup window with a threatening message warning users not to interfere with the malware; otherwise, they might lose all their files.



What's more interesting? Karmen automatically deletes its decryptor if a sandbox environment or analysis software is detected on the victim's computer to make security researchers away from investigating the threat.

Initial Karmen infections were reported in December 2016 by victims in Germany and the United States, while the sale in underground forums began in March 2017.

So far, 20 users have purchased copies of Karmen malware from DevBitox, according to Recorded Future, while three of those buyers have left positive reviews on their profile.

You can also watch a YouTube video demonstration which shows the RaaS in action.

How to Protect Yourself from Ransomware Threat?

Here are some important steps that should be considered safeguarding against ransomware infection:


Always keep regular backups of your important data.
Make sure you run an active anti-virus security suite of tools on your system.
Do not open email attachments from unknown sources.
Most importantly, always browse the Internet safely.

Samsung Galaxy S8 Exynos benchmarked: It still can’t defeat the iPhone 7 Plus

Samsung Galaxy S8 Exynos benchmarked: It still can’t defeat the iPhone 7 Plus

We waited a really long time for this one. And the numbers are finally in. While the Samsung Galaxy S8’s Qualcomm variant did not fair too well against the mighty iPhone 7 Plus, we did have our hopes high, that may the Exynos variant (made by Samsung) would fair better, since it’s newer. Turns out the Samsung Galaxy S8’s (SM-G950F) Exynos variant in our testing showed scores that were similar to its Qualcomm-enabled sibling — the Snapdragon 835 — and could not defeat the 6 month-old Apple iPhone 7 Plus, except in one test.
Before we go ahead with the benchmarks comparison, we would like to inform our readers that benchmark comparisons we conduct are only to test the capability of the smartphone’s hardware and are in no way an indicator of everyday performance which will vary as per usage. These numbers should not be taken as the final verdict on any device.
We observed Samsung’s Exynos 8895 chipset inside the Galaxy S8 that we have received for review, shows a minimal performance difference between the Snapdragon 835 model. While the numbers are higher than the previous 2015 iPhone 6s Plus model and the Snapdragon 835 variant of the S8, they just could not keep up with the Apple iPhone 7 Plus, which was launched six months ago.
BenchmarkSamsung Galaxy S8 (SM-G950F)Apple iPhone 7 PlusApple iPhone 6s Plus
AnTuTu 3D174480187388125319
Geekbench 4
Single202035132559
Multi673059444438
Compute8074120529944
3D Mark (Ice Storm)
Ice Storm Unlimited316603752929532
3D Mark (Sling Shot)
Sling Shot Extreme321220001510
The above scores are just an indicator of raw performance and not everyday usability. Every handset was benchmarked in our office. Scores marked in bold are the highest on the table.
Looking at the scores above, its easy to conclude that the Apple iPhone 7 Plus with its A10 Fusion chipset (which is 7 months old now) still runs circles around Samsung’s top-of-the-line Exynos 8895 chipset.
One detail to note, is that the Galaxy S8’s Exynos chip did do better when it came to the multi-core Geekbench 4 scores and the Sling Shot Extreme test by delivering higher framerates overall.
Now that both the Exynos and Snapdragon variants of the Samsung Galaxy S8 have been benchmarked, it really got us thinking as to what Apple will have in store in its upcoming iPhones 7s, 7s Plus and the exotic iPhone 8/X in September.
Publish date: April 21, 2017 2:08 pm| Modified date: April 21, 2017 3:21 pm

Tesla CEO Elon Musk is on a mission to link human brain with computers in coming four years

Tesla CEO Elon Musk is on a mission to link human brain with computers in coming four years

Image Credits: Reuters
Tesla Inc founder and Chief Executive Elon Musk said his latest company Neuralink Corp is working to link the human brain with a machine interface by creating micron-sized devices. Neuralink is aiming to bring to the market a product that helps with certain severe brain injuries due to stroke, cancer lesion etc, in about four years, Musk said in an interview with website Wait But Why.
“If I were to communicate a concept to you, you would essentially engage in consensual telepathy,” Musk said in the interview published on Thursday. bit.ly/2oWJcMw Artificial intelligence and machine learning will create computers so sophisticated and godlike that humans will need to implant “neural laces” in their brains to keep up, Musk said in a tech conference last year.
“There are a bunch of concepts in your head that then your brain has to try to compress into this incredibly low data rate called speech or typing,” Musk said in the latest interview. “If you have two brain interfaces, you could actually do an uncompressed direct conceptual communication with another person.” The technology could take about eight to 10 years to become usable by people with no disability, which would depend heavily on regulatory approval timing and how well the devices work on people with disabilities, Musk was quoted as saying.
In March, the Wall Street Journal reported that Musk had launched a company through which computers could merge with human brains. Neuralink was registered in California as a “medical research” company last July, and he plans on funding the company mostly by himself.
Reuters
Publish date: April 21, 2017 2:48 pm| Modified date: April 21, 2017 2:48 pm

WhatsApp is working on a lot of minor changes for its Android and iOS apps

WhatsApp is working on a lot of minor changes for its Android and iOS apps

Image: AFP
WhatsApp is not taking it slow with the pace of updates for its Android and iOS apps. The company is working on a number of small tweaks along with new feature additions for both the platforms. The small tweaks are limited to user interface optimisation where the company can streamline and improve the existing interface. These features were uncovered by WABetaInfo, a pretty reliable source for all the new WhatsApp features
We have compiled a list of small changes that the company is working on and categorised them according to the operating system so that it is easier for you check that features that you can expect on your smartphone.
Android
WhatsApp developers have been working on the ‘Live Location sharing’ feature that was reported previously. The company has updated the feature for the location thumbnail to continuously update your location without the need to tap on the message and open the maps interface. The developers also tweaked the previously reported chats ‘Pin’ feature.
Image Credit: WABeta Info
Image Credit: WABeta Info
The app no longer highlights the pinned Chats or Groups. They have improved another feature where if you exit a group that you have pinned on the top, the app will prompt you to unpin the group as you confirm the exit from the group. The interesting thing to note here is that both the features are hidden by default for the Beta users on Android.
Image Credit: WABeta Info
Image Credit: WABeta Info
WhatsApp usually hides some features from the beta users so that the internal group can use the features and verify that the new features do not interfere existing functionalities in the app. The beta app gained a new UI for editing videos before you send the video.
iOS
The developers are working rigorously on revamping parts of the app in terms of UI design to be consistent with the system level apps. The developers have revamped the Contact details screen on WhatsApp to appear consistent with the logos corresponding to the test label of the setting. They have added a new ‘Chat History’ button in the contact details along with ‘Groups in common’ option.
Image Credit: WABeta Info
Image Credit: WABeta Info
The developers have also added the ability for users to view and edit the contact information. This section has also gained shortcuts to quickly send a message, make a video and an audio call from the screen. The Calls section on the app now shows WhatsApp profile pictures along with, call type and a ‘+’ icon on the top right corner that can be used to make audio and video calls. Developers have also added shortcuts to quickly make video and audio calls. The next change allows users to select multiple statuses and forward them or delete them.
Image Credit: WABeta Info
Image Credit: WABeta Info
WhatsApp is also testing a ‘Contact Cards’ section for the users who are not in your contact list. You can check all the contact cards sent in from others in this section. The company has also improved the app’s ability to download media directly from URLs without leaving the app.
Last but not the least, the company has also added new functionality to Siri which allows it to read and reply to your WhatsApp message on your behalf.
Publish date: April 21, 2017 12:44 pm| Modified date: April 21, 2017 12:44 pm

Tesla will recall 53,000 cars globally to fix a parking brake issue

Tesla will recall 53,000 cars globally to fix a parking brake issue

Image Credits: Reuters
Tesla Inc said on Thursday it would recall 53,000 of its Model S and Model X cars globally to fix a parking brake issue. Shares of the U.S. luxury electric car maker were down nearly 1 percent at $302.77 in afternoon trading, following its biggest ever recall.  Tesla’s total production for 2016 was 83,922 vehicles and included both Model S and Model X.
“The electric parking brakes installed on Model S and Model X vehicles built between February and October 2016 may contain a small gear that could have been manufactured improperly by our third-party supplier,” Tesla said in a statement on its website. The car maker said there had been no accidents or injuries due to the issue.
Tesla said less than 5 percent of the vehicles being recalled may be affected and it would take less than 45 minutes to replace the brakes. The company also said it would send an official recall notice to its customers.  Tesla, led by entrepreneur Elon Musk, had said last year it would recall 2,700 Model X sport utility vehicles in the United States due to a faulty locking hinge in third-row seats.
The company said on Thursday it was working with Italian supplier Freni Brembo SpA to get the replacement parts. Brembo did not immediately respond to a request for comment.
Reuters
Publish date: April 21, 2017 8:53 am| Modified date: April 21, 2017 8:53 am

Offensive WhatsApp and Facebook posts can land group administrators in jail

Offensive WhatsApp and Facebook posts can land group administrators in jail

Getty Images
Think twice before becoming administrator of a group on WhatsApp or Facebook as one is liable for prosecution if any rumour or fake news is circulated on it. Social media platforms allow a person to create a group on which members can share views, photographs or videos. Concerns have been raised about social media misuse as fake news, morphed photographs and disturbing videos with fabricated local narratives can easily be circulated that can trigger tension and even communal rift in an area.
In a joint order issued by District Magistrate Yogeshwar Ram Mishra and Senior Superintendent of Police Nitin Tiwari, it has been made clear that any factually incorrect, rumour or misleading information on a social media group could result in an FIR against the group administrator. “There are several groups on social media which are named on news groups and also groups with other names which are propagating news and information which is not authentic. These are being forwarded without cross checking,” it said.
Considering this issue, directives are being issued to social media groups, WhatsApp and Facebook group administrators and members, the order said. There are over 200 million WhatsApp users in India. It directed that social media group administrators should be ready to bear the responsibility and ownership of the groups. The administrator must include only those members who are personally known to him or her. If any statement is made by a group member which is fake, can cause religious disharmony, or rumour, the group admin must deny it on the group and remove the member from the group, the order said.
“In the event of inaction from the group admin, he or she will be considered guilty and action will be taken against the group admin,” it said. Such a post must also be reported to the nearest police station so that action can be taken against the member under the law, it said. The order, issued yesterday, says while freedom of expression on social media is important, it also comes with a responsibility. Varanasi is the Lok Sabha constituency of Prime Minister Narendra Modi.
The administration has directed that no statement or post which can hurt religious sentiments should be forwarded to any other group or person else legal action will be taken. It also directs that case under cyber crime law, Information Technology Act and IPC will be filed in case of violation of these guidelines. The order also makes it clear that orders of the Supreme Court and various high courts will be considered while initiating action. It needs to be seen how Varanasi police which is facing severe staff crunch implements such an order as WhatsApp and social media are not limited to the boundaries of the district.
Publish date: April 21, 2017 8:43 am| Modified date: April 21, 2017 8:51 am

Related Posts Plugin for WordPress, Blogger...