ICT Security-Sécurité PC et Internet

Sind VPNs legal? Verständlich erklärt

More than two million IoT devices, possibly more, are using a vulnerable P2P firmware component that allows hackers to locate and take over impacted systems.

Vulnerable devices include IP cameras, baby monitors, smart doorbells, DVRs, and many others, manufactured and sold by multiple vendors under hundreds of brands, such as HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM, just to name a few.

What all these devices have in common is that they use iLnkP2P, a firmware component that allows the device to talk to vendors' servers via the P2P (peer-to-peer) protocol.

Earlier this year, security researcher Paul Marrapese discovered two vulnerabilities in this component --tracked under the CVE-2019-11219 and CVE-2019-11220 identifiers.

According to Marrapese, the first "allows attackers to rapidly discover devices that are online," while the second "allows attackers to intercept connections to devices and perform man-in-the-middle attacks" and "to steal the password to a device and take control of it."

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things

https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot

Jeden Tag hören Mitarbeiter Tausende aufgezeichnete Gespräche ab, die die Kunden mit Amazons Assistenzsoftware Alexa geführt haben. Die Begründung des US-Konzerns für diese bislang verschwiegene Maßnahme klingt abenteuerlich.
30

Nutzer von Amazons Assistenzsoftware Alexa sollten sich zweimal überlegen, worüber sie sprechen: Der US-Internetriese lässt zum Teil Mitarbeiter aufgezeichnete Befehle von Nutzern an Alexa anhören und abtippen, um die Spracherkennung zu verbessern.

Der Konzern bestätigte die Vorgehensweise am Donnerstag dem Finanzdienst Bloomberg. „Wir versehen nur eine sehr geringe Auswahl an Alexa-Sprachaufnahmen mit Kommentaren, um das Kundenerlebnis zu verbessern.“

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Alexa

A team of researchers has earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser at the Pwn2Own 2019 competition that took place this week in Vancouver, Canada.

The third day of the event was dedicated to automotive hacking. Two teams signed up initially, but one of them withdrew just hours before the start of the third day.

Amat Cama and Richard Zhu of team Fluoroacetate, who were the only ones to take a crack at hacking a Tesla, managed to display a message on the car’s web browser by exploiting a just-in-time (JIT) bug in the renderer component. The duo earned $35,000 for their exploit, along with the Tesla they hacked.

This was the first time Pwn2Own had an automotive hacking category. Team Fluoroacetate targeted the Tesla’s infotainment system, but the rewards were much higher for components such as the modem or tuner, Wi-Fi or Bluetooth, key fobs (including the phone used as a key), and the autopilot. The highest reward, up to $250,000, was offered for hacking the gateway, autopilot or security system.

Cama and Zhu won a total of $375,000 in cash at Pwn2Own 2019 for demonstrating exploit chains against Safari, Oracle VirtualBox, VMware Workstation, Firefox, and Microsoft Edge.

Other participants hacked Firefox, Edge, Safari and Oracle VirtualBox. In total, organizers of the contest paid out $545,000 for 19 bugs.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Pwn20wn

Hacker groups in Asia have weaponized the networking and pentesting tools in a series of attacks first identified in March 2018, as well as the high-profile SingHealth attack.

Hackers are leveraging Termite and EarthWorm, packet relay tools written by an employee of Beijing-based security research firm 360Netlab, to create a botnet of Internet of Things (IoT) devices, according to a report by AT&T Cybersecurity (formerly AlienVault).

Termite is capable of functioning as a SOCKS proxy, as well as a simple backdoor for file transfer and executing shell commands. Termite is capable of running on a wide variety of architectures, including x86, x86-64, ARM, MIPS(EL), SH-4, PowerPC, SPARC, and M68k, making it a particularly versatile tool for attackers to deploy on low-power IoT devices. Likewise, the small size (200-600 KB) makes it ideal for deployment on these devices, which often have meager internal storage.

Weaponization of these, which were intended as networking and penetration testing utilities, is a recent phenomenon. Kaspersky Lab noted briefly last year that Earthworm, the predecessor to Termite, was used as part of an attack involving the theft of a driver signing certificate of a Chinese IT company.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Botnet

The IT security researchers at Check Point have identified a new malware called SpeakUp targeting Linux and macOS – The new findings prove that there has been a surge in malware attacks against Linux and Apple devices.

SpeakUp is a new backdoor Trojan that is being distributed by cybercriminals through a malicious new campaign designed to target servers running six different Linux versions and macOS systems. The malware manages to target multiple previously identified security flaws and can evade antivirus programs effectively.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto+malware

It took 24 hours to notice but on the 5th January 2019, Ethereum Classic (ETC), better known as Ethereum’s (ETH) little brother, was hacked using a rare 51% attack.

In essence, a single person was able to control around 60% of the mining power, creating a longer blockchain which gave them the ability to double spend. Something that was picked up by Coinbase and led to the index and others freezing Ethereum Classic from trading. Ethereum Classic is the 18th-largest cryptocurrency, according to CoinMarketCap. 

Understandably people in the industry are worried, so I asked the experts whether more attacks are likely and if so, could a 51% attack hit the larger cryptocurrencies such as Bitcoin?

Not immutable anymore

Nir Kabessa, President of Blockchain at Columbia University, speculates that while difficult, attacks on the larger cryptocurrencies are no longer out of reach.


With both the hash power securing Ethereum Classic and the market cap of its token supply being less than 1/20th that of the Ethereum main chain, it’s not particularly surprising that Classic was successfully 51% attacked.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency

https://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptojacking

Data visualization of the world biggest data breaches, leaks and hacks. Constantly updated. Powered by VizSweet.

A new form of malware is scanning the internet for exposed web services and default passwords in what's thought to be a reconnaissance operation – one which might signal a larger cyberattack is to come.

VirusTotal debuts retro, simplified interface for legacy systems
Researchers at AT&T Alien Labs first spotted the malware in March and have named it Xwo after its primary module name. It's thought that Xwo could be related to two other forms of malicious software – MongoLock ransomware and X Bash, a malware that rolls ransomware, a coinminer, a botnet and a worm into one – due to similarities in the Python-based code.

But unlike MongoLock and Xbash, Xwo doesn't have any ransomware, cryptocurrency mining or any other similar money-making capabilities: it's main focus is scanning for credentials and exposed services and sending information back to its command and control server.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Malware

Sicherheitsexperten haben zwei groß angelegte Malware-Kampagnen im Google Play Store entdeckt. Die schadhaften Anwendungen wurden insgesamt rund 250 Millionen Mal heruntergeladen.

Die Sicherheitsexperten von Check Point haben im Google Play Store zwei große Malware-Kampagnen entdeckt. Insgesamt sind davon 222 Apps betroffen, die weltweit rund 250 Millionen Mal heruntergeladen wurden.

Der erste Schädling wurde mithilfe von 206 verseuchten Apps verteilt und 147 Millionen Mal heruntergeladen. Die meisten der Betroffenen Anwendungen sind sogenannte Simulatorspiele. Die Malware war in der Lage, auch nach Beenden der eigentlichen App Werbung auf den Geräten auszuspielen. Diese erschienen etwa dann, wenn der Nutzer sein Smartphone entsperrt hat.$

Neben der ungefragt angezeigten Produktbewerbung öffnete sich zudem permanent der Google Play Store oder der 9App Store. Damit sollten die Nutzer dazu verleitet werden, eine weitere App herunterzuladen. Außerdem habe sich immer wieder der Browser mit Links der Malware-Urheber geöffnet. Im Hintergrund lud der Schadcode mehrere APK-Dateien herunter und forderte dann den Nutzer dazu auf, dies auch zu installieren. Damit die Malware nicht so einfach entfernt werden konnte, wurde dessen Icon vor den Android-Launchern verborgen.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps

Erneut ist eine riesige Menge gehackter Nutzeraccounts ins Netz gelangt: Nach der Passwort-Sammlung "Collection #1" kursieren nun auch die Collections #2 bis #5.

Diese sind deutlich umfangreicher als Teil 1, einer ersten Einschätzung von heise Security zufolge sind sie insgesamt über 600 GByte groß. Nach Angaben des Hasso-Plattner-Institus kursieren durch die Collections #1 bis #5 nun rund 2,2 Milliarden Mail-Adressen und die dazugehörigen Passwörter.


Treffer, versenkt: Über den HPI Identity Leak Checker findet man heraus, ob sich die eigenen Mail-Adresse in den Collections #1-5 und weiteren Leaks befindet.
Die Daten sind offenbar nicht komplett neu, sondern stammen zu einem einem Großteil aus älteren Leaks. Dennoch dürfte durch die Zusammenstellung und erneute Veröffentlichung die Wahrscheinlichkeit steigern, dass die Zugansdaten von Cyber-Ganoven ausprobiert werden. Zunächst wurden die gigantischen Datenpakete in einem einschlägigen Online-Forum gehandelt, inzwischen sind sie auch über den Hoster Mega öffentlich zugänglich.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES