ICT Security-Sécurité PC et Internet

The team behind Exim revealed that a bug in its email server software is currently exposing millions of email servers around the world to potential attacks. Exim is a mail transfer agent (MTA) that runs in the background of email servers. It aids in the sending and receiving of email messages and helps servers act as relays for other users’ emails. All versions of Exim up to and including version 4.92.1 are affected.

The Exim team said in a recent advisory that anyone who is currently running Exim over TLS connections is vulnerable. According to the developers, the bug is unrelated to the TLS libraries (usually a source of similar bugs), so all Exim email servers are impacted, regardless of the TLS library they use.

If the server uses TLS, then an attacker could send a Server Name Identification (SNI) ending in a backslash-null sequence during the initial TLS handshake. This would allow both local or remote attackers to run malicious code with root privileges.

Exim vulnerability lets attackers run commands as root on remote email servers.

Learn more / En savoir plus / Mehr erfahren:

 https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Exim

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Vulnerabilities

Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu).

Infections have been happening since mid-July, and have intensified in the past two weeks, ZDNet has learned.

Based on current evidence, the Lilocked ransomware appears to target Linux-based systems only.

First reports date to mid-July, after some victims uploaded the Lilocked ransom note/demand on ID Ransomware, a website for identifying the name of the ransomware that infected a victim's system.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=RANSOMWARE

A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. A fix is not available at the time of writing.

The bug was discovered by Dominik "zer0pwn" Penner and impacts the KDE Frameworks package 5.60.0 and below.

The KDE Frameworks software library is at the base of the KDE desktop environment v4 and v5 (Plasma), currently included with several Linux distributions such as Kubuntu, openSUSE, OpenMandriva, Chakra, KaOS, and others.

HOW THE VULNERABILITY WORKS
The vulnerability occurs because of the way the KDesktopFile class (part of KDE Frameworks) handles .desktop or .directory files.

Penner discovered that he could create malicious .desktop and .directory files that could be used to run malicious code on a user's computer.

When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction -- such as running the file.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

Sicherheitsrisiko für Unternehmen und Verbraucher: Bei vielen Servern gibt es eine Sicherheitslücke, über die zum Beispiel Login-Daten abgefischt werden können. Auch Bankkunden könnten betroffen sein.

IT-Sicherheitsexperten haben eine Schwachstelle in oft genutzter Server-Infrastruktur entdeckt, die verdeckte Angriffe auf Unternehmen und Verbraucher erlaubt.

Ein denkbares Szenario sei, dass Hacker Kunden betroffener Banken ausspionieren und deren Bankkonten leerräumen, warnte die Antivirenfirma F-Secure. Hinzu komme, dass die Technik die Aktionen der Hacker unter einigen Umständen nicht protokolliere - so dass danach keine Beweise für einen Angriff vorhanden wären.
Der Anbieter der betroffenen Software veröffentlichte bereits eine Anleitung zur Schließung der Sicherheitslücke. Dafür müssen allerdings Unternehmen, die die Technik einsetzen, jeweils selbst aktiv werden.

F-Secure fand das Problem in einem sogenannten Load Balancer, der die Auslastung in Server-Infrastruktur verteilt. Die Sicherheitslücke stecke direkt in der vom Anbieter F5 Networks verwendeten Programmiersprache.

Angreifer könnten mit Kenntnis der Schwachstelle beliebige Befehle einschleusen und so zum Beispiel auch Login-Daten bei betroffenen Webdiensten abgreifen, betonte F-Secure-Experte Christoffer Jerkeby. "Solange ein Unternehmen keine eingehende technische Prüfung seiner Systeme durchgeführt hat, ist die Wahrscheinlichkeit groß, dass es von der Sicherheitslücke betroffen ist", warnte Jerkeby.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=servers

http://www.scoop.it/t/securite-pc-et-internet/

Microsoft-Experten warnen vor einem Hacker-Angriff über Drucker und Internet-Telefone. Eine mutmaßlich russische Gruppe von Cyberkriminellen dringt über die vernetzten Geräte in Firmen-Netze ein und scannt die IT nach weiteren Schwachstellen.
Mutmaßlich russische Hacker nutzen nach Erkenntnissen der IT-Sicherheitsexperten von Microsoft vernetzte Geräte wie Drucker und Internet-Telefon, um in Firmen-Netze einzudringen. Die entdeckten Angriffe seien dadurch begünstigt worden, dass die Geräte mit unveränderten Standard-Passwörtern oder ohne Sicherheits-Update wurden, erklärten die Forscher zur IT-Sicherheitskonferenz Black Hat in Las Vegas. Nachdem die Hacker über die Geräte ins Netzwerk eingedrungen seien, hätten sie es nach weiteren Schwachstellen abscannen können.

Die Microsoft-Experten vermuten hinter den Attacken eine Hacker-Gruppe, die sie Strontium nennen. Sie wird in der Branche dem russischen Militäraufklärungsdienst GRU zugeordnet und ist auch unter den Namen APT28, Fancy Bear und Sofacy bekannt. Dieser Hackergruppe wird unter anderem auch der schwerwiegende Cyberangriff auf die IT-Systeme des Deutschen Bundestages im Jahr 2015 zugeschrieben.

Die Microsoft-Experten warnten, dass die vernetzten Geräte in Firmen-Netzwerken stärker abgesichert werden müssten, weil sie mit zunehmender Ausbreitung zu einem Einfallstor für Hacker werden könnten.

Learn more / En savoir plus / Mehr erfahren: 

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=printer

Sicherheitslücken in Beatmungsgeräten

Über das Krankenhausnetzwerk lassen sich Befehle an Anästhesie- und Beatmungsgeräte des Herstellers GE senden. Eine Sicherheitslücke ermöglicht unter anderem, Dosierung und Typ des Narkosemittels zu ändern.

An die Anästhesie- und Beatmungsgeräte Aestiva und Aespire der Firma GE lassen sich unauthentifiziert Befehle schicken, sofern die Geräte an das Krankenhausnetzwerk angeschlossen wurden. Beispielsweise lassen sich Alarme aus der Ferne abschalten oder die Gaszusammensetzung bei der Beatmung ändern. Entdeckt wurde die Lücke von der Sicherheitsfirma Cybermdx. Das Department of Homeland Security (DHS) warnt vor der Sicherheitslücke, der Hersteller GE sieht hingegen keine Gefahr für die Patienten.

Sind die betroffenen Versionen 7100 und 7900 von Aestiva und Aespire über einen Terminal-Server an das Krankenhaus-Netzwerk angeschlossen, können Angreifer Befehle an die Geräte senden.

Zum Einsatz kommt laut Cybermdx ein proprietäres Protokoll, dessen Befehle sich leicht herausfinden lassen. Mit einem dieser Befehle lassen sich die Geräte dazu bringen, eine ältere Version des Protokolls zu verwenden, das aus Gründen der Kompatibilität immer noch vorhanden ist. Eine Authentifizierung, um die Befehle abzusetzen, gibt es nicht.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Medicine

Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency -- including one for deanonymizing Tor traffic.

The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance.

Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling."

Hackers posted screenshots of the company's servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor.

This second hacker group shared the stolen files in greater detail on their Twitter account, on Thursday, July 18, and with Russian journalists afterward.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=TOR

Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector.

Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University.

An academic team at BU uncovered the flaws, which exist in the periodically changing, randomized device addressing mechanism that many new-model Bluetooth Low Energy (BLE) devices incorporate to prevent passive tracking. A paper on the issues (PDF) was presented Wednesday at the 19th Privacy Enhancing Technologies Symposium.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Bluetooth

A professional hacker discovered what he considered a fairly simple way to seize control of any Instagram user's account. Fortunately for the site's 500 million active daily users, he told Instagram exactly how it could be done.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Instagram

Three quarters of mobile applications have vulnerabilities relating to insecure data storage, leaving both Android and Apple iOS users open to cyberattacks that could allow hackers to steal sensitive information.

Managing the influx of Apple devices into the workplace
Insecure data storage is just one of a number of vulnerabilities that a security company's researchers said they have found after conducting security assessments of a number of mobile applications for both iPhones and and Google Android devices.

The findings have been outlined in the Vulnerabilities and Threats in Mobile Applications 2019 report from Positive Technologies.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Apps

Hacker haben ungefähr 500 MByte an Daten aus dem Netzwerk des Jet Propulsion Laboratory (JPL) der Nasa erbeutet, indem sie einen Raspberry Pi als Einstiegspunkt nutzten. Der Bastelrechner war ohne Autorisierung in das Netzwerk eingebunden und entsprechend nicht ausreichend gesichert.

Der Angriff erfolgte bereits im April 2018 und blieb ein Jahr lang unentdeckt, wie Zdnet unter Berufung auf einen Bericht der Nasa schreibt. Der Zwischenfall ist unter anderem Thema eines Sicherheitsberichtes des Office of Inspector General (OIG) der Nasa, das firmeninterne Untersuchungen durchführt.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Samy+KAMKAR

http://www.scoop.it/t/securite-pc-et-internet/?tag=Raspberry+PI

Smart-TVs beobachten Sie mehr, als Sie denken. Ein bestimmtes Modell sogar sehr genau, wie ein Entwickler entdeckt hat.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

HiddenWasp is unique for Linux-based malware in that it targets systems to remotely control them.

A new strain of malware targeting Linux systems has been identified by researchers. The malware, dubbed HiddenWasp, is believed to be used as part of a second-stage attack against already-compromised systems and is composed of a rootkit, trojan and deployment script.

“The ratio of Linux treats has increased significantly over the years” said Nacho Sanmillan, a security researcher at Intezer Labs who analyzed the malware. “However, the majority of [Linux] malware is either tied to IoT, DDoS bots or cryptominers.”

Sanmillan said what’s unique about HiddenWasp is some of the evasion techniques implemented in the malware and that it contains rootkit used to hide the main trojan implant. “Rootkits are not artifacts commonly seen deploy along simple Linux malware.”

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

Security researchers have found another instance of a malware strain abusing the Windows Background Intelligent Transfer Service (BITS).

The malware appears to be the work of a state-sponsored cyber-espionage group that researchers have been tracking for years under the name of Stealth Falcon.

The first and only report on this hacking group has been published in 2016 by Citizen Lab, a non-profit organization focusing on security and human rights.

According to the Citizen Lab report, the Stealth Falcon group has been in operation since 2012 and was seen targeting United Arab Emirates (UAE) dissidents. Previous tools included a very stealthy backdoor written in PowerShell.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Cyberespionage

The developers of the Metasploit penetration testing framework have released today a weaponized exploit for the BlueKeep Windows vulnerability.

While other security researchers have released defanged BlueKeep proof-of-concept code in the past, this exploit is advanced enough to achieve code execution on remote systems, infosec experts who reviewed the Metasploit module have told ZDNet.

WHAT IS BLUEKEEP?

BlueKeep, also known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service in older versions of the Windows operating system (Windows XP, Windows 2003, Windows 7, Windows Server 2008, and Windows Server 2008 R2).

Microsoft patched BlueKeep in the May 2019 Patch Tuesday security fixes released on May 14, and warned users to apply the patches as soon as possible.

At the time, to spur users into patching faster, the OS maker described BlueKeep as a "wormable" vulnerability that can self-propagate in a similar manner similar to how the EternalBlue exploit helped the WannaCry ransomware propagate to millions of computers in 2017.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Metasploit

You've heard about wardriving, but what about warshipping? Researchers at IBM X-Force Red have detailed a new tactic that they say can break into victims' Wi-Fi networks from far.

The company calls the technique warshipping, and it is a more efficient evolution of wardriving, a popular technique among hackers seeking access to any wireless network they can find. Whereas wardrivers drive around a wide area with a directional antenna looking for wireless networks to crack, IBM's researchers took a more targeted approach.

Speaking at Black Hat USA, IBM researchers explained how they used off-the-shelf components costing under $100 to create a single-board computer with Wi-Fi and 3G capability. This enables it to connect to a Wi-Fi network to harvest data locally and then send it to a remote location using its cellular connection. The small device runs on a cell phone battery and easily fits into a small package.

Attackers can then send the device to a company via regular mail, where it will probably languish in a mail room for a while. During this time, it can connect to any Wi-Fi networks it finds in the building and harvest data – typically a hashed network access code. It sends this back to the attacker, who can then use their own resources (or a cloud-based cracking service) to extract the original access code. At this point, they have access to the company's Wi-Fi network.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Warshipping

Black Hat IBM's X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it "warshipping," Big Blue's eggheads suggested earlier today.

To demonstrate this approach, the X-Force team built a low-power gizmo consisting of a $100 single-board computer with built-in 3G and Wi-Fi connectivity and GPS. It's smaller than the palm of your hand, and can be hidden in a package sent out for delivery to a target's business or home.

Once it arrives, it can be activated remotely over the internet, or when it detects it is near its destination using GPS. It can be instructed to scan for vulnerable networks to infiltrate – a la the TJX wireless hacking in the mid-2000s – or spoof nearby legit wireless networks to harvest passphrases from those connecting, or get up to other mischief over the air.

Any obtained information can be relayed back to base, over the internet, and it can be commanded to drill further into any networks it is able to break into, installing spyware as it goes. This widget is potentially potent as it passes through a business on its way to someone's desk.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Warshipping