1. Move over WannaCry, this easy-to-exploit ‘Samba’ flaw could be about to wreak havoc:
“Many home and corporate network storage systems run Samba and it is frequently installed by default on many Linux systems, making it possible that some users are running Samba without realizing it,” the cybersecurity firm said in a blog post. “Netgear, the networking firm, has released patches for a number of its products as they use Samba version 3. The bug was found in “Samba”, a networking utility that enables systems to share files with Microsoft Windows, and impacts versions going back seven years. “The firm found more than 104,000 internet-linked machines running vulnerable Samba versions, with 92,570 machines having “no direct patch” yet available. The firm “strongly recommends” all users download the firmware updates and stressed it is “not responsible for any consequences” if fixes are ignored. “Given how easy it is to enable Samba on Linux endpoints, even devices requiring it to be manually enabled will not necessarily be in the clear. Both home and corporate networks with Samba, since 2010, have been at risk to remote code execution, used by hackers to completely take over computers. In an advisory released this week, Samba’s developers wrote: “Vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. Rapid7, a cybersecurity firm analyzing the incident, asserted: “There’s a lot of potential for it to get pretty nasty.
2. Google Chrome bug allows sites to spy on you by secretly recording audio and video:
A new Google Chrome bug has been uncovered, which reportedly allows websites to record audio and video, without alerting the user or providing any visual indicators. Although the bug requires users to grant it permission to access audio and video features, according to the security researcher who discovered the flaw, it could potentially be weaponized and used for spying on targets. The researcher argued that users are likely to click on permissions without properly reading and or understanding what they are agreeing to and once a user has granted permission, hackers could potentially launch more sophisticated attacks. Instead, the bug allowed the researcher the ability to launch a headless Chrome pop-up where he could commence recording audio and video, without the red circle and dot. When audio or video is usually recorded on Chrome, a “red circle and dot” generally appears on the tab to indicate that the streaming is live. However, Bar-Zik discovered that the code that allows recording doesn’t always need to run on the Chrome tab where the permission was granted. Although Google refused to consider this as one security vulnerability, it did agree to find ways to “improve the situation. Google may be justified in not treating this as security vulnerability, given that the red circle and dot icon is not available in all Chrome versions. To stay safe, users must be vigilant when granting permissions to websites. However, Google said that it doesn’t consider the issue to be valid security vulnerability, indicating that there is no quick fix on the way.
3. Shadow Brokers post new message on upcoming NSA monthly dumps and clean out their auction account:
As the proceeds didn’t really amount to much and the auction was eventually abandoned. The hacker group then leaked a second set of NSA exploits for free in April. The mysterious hacker group made headlines last year after claiming to have stolen a cache of NSA hacking tools, which they promptly put up for auction in September 2016. Shadow Brokers is yet to mention what exploits it intends to leak. The hacker group also posted a message on Twitter detailing how to subscribe to their monthly NSA exploit dump scheme. “The hacker group is asking interested parties to make payments using ZCash, a bitcoin transaction service that promises to “fully protect the privacy of transactions using zero-knowledge cryptography. The group recently announced that it intended to leak further exploits in batches, on a monthly basis starting June. Motherboard reported that the nearly $24,000 in their NSA exploit auction’s bitcoin address has now been cleaned out. “The Shadow Brokers is not deciding yet,” the group wrote in its message, an attempt probably to further mystify the nature of contents they may potentially release soon. A bitcoin address linked to their auction last year has reportedly been cleared out, marking the first sign of activity in the account. The Shadow Brokers may finally be getting their pay cheque.
4. Chipotle hack-Mexican fast food chain admits nationwide cyberattack hit ‘most’ US stores:
An investigation, initially detailed on 25 April, found malware designed to “access payment card data from point-of-sale (PoS) devices” at most Chipotle restaurants, the firm said in a security advisory. Avivah Litan, a vice president at Gartner specializing in security, told Reuters: “In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach. We are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring. The security team wrote: “It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. In some cases, the stolen information contained the cardholder’s name in additional to card number, expiration date and internal verification code. “We removed the malware, and we continue to work with cybersecurity firms to evaluate ways to enhance our security measures. Experts concluded the malware could search for “track data” read from the magnetic stripe of a payment card as it was being routed through the PoS device. Mexican fast food chain Chipotle is once again warning its customers across the US to be on the lookout for credit card fraud after a cyberattack hit its payment systems nationwide between 24 March and 19 April this year. “The firm is yet to release any statement on the subject of financial penalty. You can search for the impacted Chipotle branches here.
5. ‘Friendly hackers’ hijack UK shopping centre billboard with a hilarious security message:
Liverpool One shopping centre in the UK has been forced to shut down a slew of digital billboards after an unknown hacker tampered with the signage this week. “As soon as the apparent hacked message appeared on the screen, Liverpool One immediately closed it down. The hack came over the Memorial Day weekend in 2016, with signs altered to state “Party Hardy Y’all” by the pranksters. “Almost a year to the day, a series of road signs in the US were targeted by a politically-motivated hacker and made to display messages referencing Donald Trump and Bernie Sanders.” Liverpool One has more than 170 stores, bars and restaurants, a 14- screen cinema, an indoor adventure golf course, it says on its website. ” The hackers message was signed “#JFT96” which is often used as an abbreviation of “Justice for the 96″ following the Hillsborough football disaster in 1989.”We can confirm an incident occurred over the weekend on one of the 18 screens we operate at Liverpool One,” a spokesman for Elonex, the UK firm which produces the LED displays, told the BBC. Sincerely, your friendly neighbourhood hackers,” a message on the Elonex-branded billboard read. “Our screens are operated by an external company which is currently investigating what happened as a matter of urgency,” a Liverpool One spokesperson said. University of Surrey professor Alan Woodward told the BBC in a statement: “You might not think it matters, after all it’s just an advertising billboard, but who knows what else this system is linked to.
6. UK reportedly set to enforce anti-encryption proposals in wake of Manchester attack:
In an interview with Sky News after the Manchester terror attack, former UK national security adviser Lord Ricketts said law enforcement need more access to encrypted communications. He said: “Our core concern is that using Technical Capability Notices to force companies to limit or bypass encryption or otherwise weaken the security of their products will put all of us at greater risk. Technology firms currently use strong encryption, known as “end-to-end”, in chat applications including WhatsApp, Skype and iMessage to protect user’s privacy and bolster security. Ministers will ask Parliament to sweep in new orders – dubbed Technical Capability Notices (TCNs) – as soon as the election is over, according to The Sun newspaper. There must have been a lot of communication going on between various people in the network and the authorities need it. British politicians will reportedly seek to rush through anti-encryption powers in the wake of the Manchester terror attack, forcing technology firms in the UK to break their own security in order to comply with compel notices issued by police and intelligence services. With thousands of people to follow the security authorities can’t be on top of all of them. “We urge politicians to take a detailed and considered look at TCNs and the use of vulnerabilities, to ensure that the consequences of their use can be properly evaluated and challenged. Encryption must not be defined as a zero sum game encryption. Changes to technology at companies merely need to be ‘feasible’ rather than ‘safe’ or ‘sensible’ for users or providers.
7. London Bridge attacks: Theresa May wants to ‘deprive the extremists of their safe spaces online’:
May said that Britain had “far too much tolerance of extremism” and that this attitude needed to be “stamped out” across society. “May accused tech giants that provide internet services as having allowed online extremism to spread and provided extremism “the safe space it needs to breed. “We need to do everything we can at home to reduce the risks of extremism online,” Britain’s prime minister said in a statement. “As the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up,” she said. And we need to do everything we can at home to reduce the risks of extremism online,” May said. However, those plans may now once again be considered as May’s battle against terrorism brings technology to the forefront, in the wake of the third terror attack Britain has suffered in 2017. May called for new cyberspace rules that would “deprive the extremists of their safe spaces online. “As the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up. “We need to work with allied democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremist and terrorism planning.
8. Samsung S8 ‘eye security’ fooled by photo:
The iris-scanner can be used to unlock the phone simply by looking at it, which Samsung says provides “airtight security”. Samsung’s eye-scanning security technology, used on the new Galaxy S8 smartphone, has been fooled with a photograph and a contact lens. The researchers first set up the phone’s security by registering a volunteer’s eyes using the S8 iris scanner. If you must have iris unlock, please walk everywhere with your eyes closed, so your iris can’t be photographed. “Galaxy S8 owners have the option of using a password or secret number to unlock their phone, instead of using the iris scanner. Your fingers are already holding your phone, so why not use prints rather than wave your phone in front of your face. Samsung said its iris-scanning technology had been through “rigorous testing” to “prevent attempts to compromise its security. “Personally, I prefer fingerprints to iris unlock. The team posted a video showing the S8 smartphone unlocking itself when it saw the false eye. They then took a photograph of one of the volunteer’s eyes, using a digital camera with an infra-red night vision setting. The team posted a video showing the S8 smartphone unlocking itself when it saw the false eye.
9. App maker’s code stolen in malware attack:
The FBI is investigating the incident and Panic has been working with Apple to make sure that no malicious or fake versions of the apps get into the App Store. Users have been warned to download Panic’s apps only from its website or the Apple App Store. Panic founder Steven Frank admitted in a blog post that it happened after he downloaded an infected copy of the video encoding tool Handbrake. “he attacker then used his password to access other private files and copy the source code for several of Panic’s products stored on the infected computer. ‘Entirely compromised’ On 2 May Handbrake was hacked, with the Mac version of the app on one of the site’s download servers replaced by a malicious copy. In what Mr. Frank called “a case of extraordinarily bad luck”, he downloaded the malicious version of Handbrake and launched it “without stopping to wonder why Handbrake would need admin privileges… when it hadn’t before. The Mac and iOS software developer Panic has had the source code for several of its apps stolen. Panic is the creator of web editing and files transfer apps Coda and Transmit, and co-published the video game Firewatch with developers Campo Santo. Ransom demand the theft was confirmed when Panic received an email containing some of the files and demanding a ransom for the return of the complete code. “I feel like a monumental idiot for having fallen for this,” Mr. Frank admitted.
10. Subtitling systems contain ‘widespread’ security threat:
The players expect subtitle files to contain text only, so most do not look to see if anything malicious has been inserted instead, said the security firm. In addition, the recommendation systems of the subtitle file stores could be manipulated, allowing attackers to ensure booby-trapped versions would be picked ahead of legitimate files, Checkpoint said. Attackers who exploited the vulnerabilities found in the subtitling ecosystem would more than likely be able to completely take over a PC, tablet or smart TV, said Checkpoint. All four makers of the media players Checkpoint analyzed have produced updated versions that do a better job of policing subtitle files. Poor checking of subtitle files, the different formats they use and problems with the websites that store the files all introduced weaknesses, it said. Checkpoint Software found loopholes in the way four popular media players handle subtitles. Film fans could be vulnerable to attack by hackers who hide malicious code inside files that provide subtitles, a security firm has warned. io media players handle subtitle files. Checkpoint said it had reported the bugs it found to media player makers. Typically, media players are programmed to automatically look online for files that can provide subtitles.