Category Archives: Latest Article

Cyber Security Have Been Taken Seriously Around The Globe

4750_cyber_security-website

It had been seen that there is dramatic increase in the attention that boards and executives are paying to cyber security risk management, according to new global study that were developed by the Georgia tech Information Security Center (GTISC).
According to survey results, it has been indicated that since 2008, boards and executives have been making some concerted efforts to address all the cyber risks.

Some of Highlights of this report are as follows:-

  • Cyber security has risen to become one of the top boardrooms issues, with nearly two-thirds as 63% of the survey that respondents actively addressing computer and information security, from 33% in 2012.
  • Most of the boards as 53% have established a risk Committee that were separate from Audit Committee, up from 8% in 2008, which now had been overtaken responsibility for oversight of cyber risk from the Audit Committee.
  • Hence, boards today are paying a great deal more attention to cyber insurance coverage ie. 48% of the respondents said that their boards were focusing on cyber insurance, up from 28% in 2012.

security-incidents-cagr_400-PWC

Boards are also placing a much higher value on risk and security experience when recruiting board directors, that is 59% of respondents said their board had a new director with risk expertise, and nearly a quarter (23%) had one with cyber security expertise.

“Its excellent to see that corporate executives are dramatically increasing efforts to manage cyber risks. Hence, establishing an appropriate dialogue between technical experts and the executives who will prioritize resources is essential to effectively secure an organization. However, this increased attention must be coupled with appropriate action to apply the right combination of people, technology and processes to secure computing environments. It starts with establishing a breach prevention mindset. This study provides a basis for organization around the globe to start having more discussions on just how to achieve this”,  said Ryan Gills Vice President of Cyber Security Strategy and Global Policy at Palo Alto Networks.

Therefore, the report compares survey results across critical infrastructure sectors and geographic regions indicates that all the industry sectors increased attention to cyber issues at the board and executives levels.

cyber security

Key points includes:-

  • The financial sectors exceeded far from other industry sectors with 86%, having a board Risk Committee, followed by the IT/Telecom sector at 43%.
  • North American and European boards are paying significantly more attention to cyber risks(85% and 58% respectively, up from the 40% and 19%), while Asian Boards showed no increase in attention to these issues (38% in 2012 and 2015).
  • North American board attention to cyber insurance doubled from 2012 (70% in 2015 vs 35% in 2012). hence, European Boards had a 26% increase, whereas Asian boards showed a 3% increase.
  • Most Asians boards (98%) have a Risk Committee, whereas only 43% of European boards and 42% of North American boards have one.
  • The Industrial and Financial sectors showed the largest increase in attention to cyber issues, and all sectors showed marked improvements in engaging in best practice activities to manage cyber risks.

images

There is still some space for improvement, hence further study shows key challenges that remain intact in some critical areas:-

  • It is still common for CISOs to report to CIOs (40%), even though that reporting structure can create segregation of duties issues.
  • While 63% of respondents said their board regularly or occasionally reviewed their annual security program, only 45% occasionally reviewed their annual security program, only 46% said they had participated in a test scenario of the plan.
  • Boards need to ensure that their organization’s security teams have the resources necessary to protect their digital assets, only 50% of the respondent boards are reviewing security budgets.

Thus, the survey polled board directors and executives from Forbes Global 2000 companies, and the report compares survey results from three previous surveys that were conducted in 2008, 2010 and 2012

Android Lollipop Lockscreen Bypassed Even With Password

article1

Security bug means Android smartphone running Android Lollipop can be broken into by simple entering a very long password which causing the lock screen to crash.

Any Android Lollipop device that is not using the latest build of the mobile operating system is vulnerable to having its lock screen bypasses by inputting a long string of characters as password. It was discovered by researchers from Texas University, which can be applied to any Android 5 device that does not have the security updates.

Research Report :-

“A vulnerability exists in Android 5.x that is 5.1.1 that allows an attacker to crash the lock screen ans gain full access to a locked device, even if encrypts is enabled on the device”- written by Researcher on the Blog of Texas University.

John Gordon from Texas University also said:- By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lock screen , causing it to crash to the home screen. “

article2

The attacker need only enter through text into the password field to overwhelm the lock screen and cause its crash, revealing the home screen and giving full access to the device, whether encrypted or not.

A bug has been found which allows anyone in possession of an Android smart phone running Lollipop to unlock the device by passing the lock screen with a very long password. It can be unlocked with a simple hack, a security researcher from the University of Texas has claimed.

Demonstration of Bypassing of Lock screen with Long password:-

The researcher, John Gordon, has demonstrated how the lock screen password on a Nexus Smart phone can be bypassed.

In a nutshell, the attack is triggered by overloading the password field with characters while the camera is active- this cause the lock screen to crash and revert to an unprotected home screen. After the attack has taken place, the hacker has full access to your apps, settings and any data stored on the device.

article4

Hence, its worth nothing that for this hack to work, the attacker needs to have the smart phone in his hands and the it needs to be using a password, rather than a pattern or PIN code. If the Android device meets the criteria, it is possible to gain access to the device by opening the emergency dial keypad and filling the input field with a slew of random characters, like asterisks.

After copying the overly-long assortment of characters, the hacker must return to the lock screen and swipe to open the camera. Another swipe from the top of the display exposes the Quick Settings menu. Clicking on the settings button, in the right of this drop-down will try to launch the full Settings app.

Android will then ask for a password before displaying the window, which is when the copied password should be pasted. After characters are pasted in the field the Window reboots to the camera. This camera then sits idly focusing for a staggering system, which contained a fix for the bug CVE02015- 3860.

article3

Hence, the US search giant described the glitch as a “moderate” severity issue. Texas University researcher John Gordon first reported the bug to Google and received a $500 reward for his trouble. This bug has since become public knowledge and could theoretically now be used by any attacker on Nexus device that has yet to be patched.

Security researcher MR Gordon only tested the attack on a Nexus device running Android Lollipop, but speculated other Android devices running the same OS version could be vulnerable to the method until Samsung , HTC or other manufacturers roll out the Google patch.

Conclusion:-

The vulnerability. Discovered by researchers at Texas University in Austin, potentially affects 21% of Android devices in use and requires the attacker to simply overhead the lock screen with text. The bug affects only those users with smart phones running Google’s Android Lollipop using a password to protect their devices- Pin or pattern unlock are not affected.

Google released a fix for the security hole for its line of Nexus devices, describing the bug as of “moderate” severity , but that it was not actively being exploited by attackers according to the company’s knowledge.

The researcher demonstrated the attack on Google Nexus 4, and required the attacker to use the emergency call function to copy hundreds of characters to the clipboard. By using the camera, the settings pull down menu and prompting the password to entry screen the long text string could be pasted into the password box causing it to crash.

article11

The Guardian could not replicate the bug on a Google Nexus 6 or a Motorola Moto G- and entering that much text proved difficult and time consuming. About 20% of the billion or so Android devices across the World run Google’s latest version called Lollipop, including new devices from Samsung, LG and Sony.

These devices will requires physical access to the smart phone, and cannot be performed remotely. Users worriedly by the attack can change their lock screen preferences to a pattern unlock or Pin Code, which can be up to 16 characters long, instead of a password.
After the Stage fright Security Vulnerability. Google, Samsung, LG and other Android Smart phone manufacturers recently pledged to release monthly security updates for their latest devices, in an attempt to help prevent this kind of attack being used.

Sophisticated CAPTCHA Bypassing Malware Found In Google Play

Android-Malware

A sophisticated CAPTCHA-bypassing Android malware  has been found in Google Play apps that were seeking to covertly subscribe thousands of users to premium-rate services.According to report, researchers have found modernized Android malware that had been hiding in mixed apps for an extended time in a central Google Play Store, though it is unclear that how much damage does this malware caused.

Liviu Arsene, a senior e-threat researcher for Romania- based antimalware organization Bitdefender, said -” A malware identified by Bitdefender as Android.Trojan.Mkero. A – it was worldly adequate to bypass CAPTCHA tests by regulating a human powered, online, image to text approval service, Antigate.com, and afterwards allow users to premium rate services.”

Mobile-malware-virus-security-Shutterstock-Julien-Tromeur-600x606

This malware seems to have somehow found its way into legitimate apps hosted on the Play store and simultaneously evaded detection by Google Bouncer, the Tech giant’s vetting system. The purpose of the malware is to subscribe mobile users to premium SMS services without the victims noticing. At first, Mkero bypasses the CAPTCHA systems that most of these SMS services use in an effort to prevent fraud.

Current Capabilities:-

This is the malware’s first occurrence in the official Google Play Store, suggesting its developers to found new ways pf packing it into seemingly legitimate apps that can bypass Google Bouncer – the Google’s vetting system. To Bypass CAPTCHA authentication systems, the Trojan redirects the requests to an online image -to-text recognition service, Antigate.com. Since the online service relies on actual individuals to recognize its images, requests are sent back to the malware within seconds so that it can proceed with the convert subscription process.

AndroidMalwareJuly2012

After receiving the sent back request the Trojan interacts with a Command and Control ( C&C) infrastructure which loads its code on the target link, parses an SMS code for an activation , and ultimately subscribe the user to the premium service.

The subscription procedure involves the following steps:-

Loading a target website received from C&C server.
Extracting CAPTCHA image and sending it for image-to-text recognition.
Loading this code on the targeted website.
Parsing SMS code for activation link.
Loading activation link.
Sending confirmation SMS.
Loading website with SMS code.

sophisticated-capcha-bypassing-malware-found-in-google-play-according-to-bitdefender-researchers-2

To further complicate analysis of the malware, its developers used confidence tools to hide classes, functions and C&C servers from where it receives commands and instructions.

Google Play has been notified at least seven apps that exhibit this type of behavior, two of which have been download between 100,000 and 500,00 times.

Google-Play-Store-May-Be-Exposed-to-Malware-938x535

“ The total financial losses could amount to a staggering $250,000 purely from the minimum $0.50 charge by subscribed SMS messages, “ Bitdefender’s researcher say.

In order for the malware to discreetly subscribe users to a premium SMS services, it requires administration privileges to block notifications to the victim’s device. Users are therefore requested to read the permissions of each app they have downloaded carefully, as well as consider downloading a mobile antivirus solution to scan their devices for malware.

Further analysis of Report as made by Liviu Arsene – a Bitdefender Researcher:-

According to Arsene, a malware was initially detected in late 2014, being distributed by third-party Android app stores and around social networks in Eastern Europe. Bitdefender found a malware in apps listed in Google Play store recently, and a malware was found in prior iterations of some of apps going behind as many as 5 versions.The apps were meant to bypass Google’s Bouncer confidence tool, that automatically scans Android apps submitted to a Google Play Store for famous malware. But Bitdefender researcher said that the findings were not reported to Google. Google pronounced in a matter to Tech Target that malware in a Google Play Store is really rare.

download (2)

“Over 1 billion inclination are stable with Google Play, that conducts 200 million confidence scans of inclination per day.” Google pronounced in a initial Android Security Report, “Fewer than 1% of Android inclination had a Potentially Harmful App commissioned in 2014, and fewer than 0.15% of inclination that usually implement from Google Play had a Potentially Harmful App Installed.”

Since that time, Google has removed the infected apps from a Play Store Google pronounced that when malicious apps are found, it has a capability to remotely invalidate or disable them on user devices. Aresene found that some of malicious apps had between 100,000 and 500,000 installs, according to a Google Play Store statistics, though it is misleading how many of those downloads enclosed a malware and how many installs stayed on user devices.

Google also confirmed that another confidence member of Google Play services, Safety Net, should have been means to constraint and retard unapproved communications between a malware and authority and control servers. He told Tech Target that he gives the benefit of the doubt to a malware developers.

images (5)

“It’s protected to assume that a developer tested a malware before uploading it to Google Play, in sequence to make certain that it will fly underneath a radar from Google’s vetting Tools,” Bitdefender researcher said. “As formerly mentioned, given a malware has been found in a furious given late 2014, its expected that until now, it has been found under development. So that it could now safely stretch Google Play.”

WordPress 4.3 Automatically Generates Secure Password

WordPress-4.3

With the introduction of version 4.3, the developers of popular Content Management System (CMS), announced some changes in the way the passwords are chosen and changed, and added new features for both website administrators and developers, along with significant security improvements.

It has released some great features that you should try by updating your site and fix many issues. It is named as “Billie” in the honor of Jazz Singer Billie Holiday. The latest WordPress 4.3  version introduces a new features for both developers as well as website administrators, with secure password improvements. In this version, the strong passwords generate automatically when admin create a new account. Thus, there is a strong meter that informs that whether they are using strong or weak passwords. In case if user choose a weak password then, they have to check box for the confirmation of weak password.

While there are some interesting few usability features, the WordPress team has released a new security feature that deals with the way passwords are reset. The new and improved approach to managing passwords reset involves sending a password link that has 24 hour expiry window to users who need to reset their passwords as opposed to receiving a password through email and users will also allow receive email notification in the event that an email address or password is changed. By default the generated password is not shown to the admin. When user made any click on the button, the password will be revealed to its administrators, and allow them to send the password generated by WordPress to the user through instant messaging applications. This would prove very helpful for non-email environments. Furthermore, Clear text passwords are no longer emailed to users in order to protect CMS accounts in case the email is compromised.

In the blog spot, CMS developer Brian Krogsgard said that,”That is a relatively minor change to WordPress that will significantly enhance default user behavior for a big security win.”

hackers_4996108_lrg

In addition, when new users are added to the site running 4.3 CMS, will automatically generate a secure password for that user. This means that users start out with a strong password by default and then they have the option to keep it or change it. A password strength meter will help its users measure the strength of their chosen password as well as the option to hide your password from prying eyes while setting it.

While these may seem like minor features, weak passwords continue to be an issue amongst CMS users. With an ever – increasing rate of password guessing attacks targeting the WordPress ecosystem, features that help users create secure passwords and better maintain their accounts security are always welcome.

When a password or email address is changed, an email alert is sent to the user. This way, if the browser session get hijacked by malicious one and email address or password are changed, users will be able to quickly take action. Its developers noted that the email alerts can be disabled by setting send_pass_change_email and send_email_change_email filters to false.

Password

“Although WordPress is not stopping you from choosing terrible passwords, the default in 4.3 is that you get secure passwords, and making them less secure takes a bit of work,”noted Mark Jaquith, a lead CMS core developer.

Hence, it is strongly suggested to stay up to date with the latest WordPress release. It has added some great new features that you should try by updating your sites and fix many issues.

Some of its features are as follows:-

Customizing Menus:- Through this option, one can easily create, edit, and manage menus from the customizers by simply click on Appearance->customize and then click on menu tab. There is still an old way to add navigation menus but WordPress 4.3 makes the process of editing simple and fast for its users.

Favicon Features:-users had to add favicons manually by using different Plugin as there was no option to add favicon or site icon. With CMS, one can add favicon from admin panel easily.

Suggest Strong Password Automatically :- While requesting passwords, CMS will automatically suggest a strong password in password reset field. The main purpose of this feature is to improve password security so that site will be secured and information will not be disclosed to any third party.

Enhancement of Visual Editor:- CMS makes it easy to format content by introducing inline shortcuts that format text as you type automatically. You can see instant changes you applied in the editor.

Improvements on Mobile Device:- It provides a better user experience on mobile devices by improving the list views of WordPress posts, media and comments.

Hence, these are all about salient features of WordPress 4.3. Moreover, in order to protect your CMS accounts, it has stop sending clear text passwords to the users. Furthermore, the links you receive to rest passwords will be valid for 24 hours only.

 

WordPress 4.2.4 Fixes Critical Vulnerabilities

update-424-01-500x281

WordPress  has released version 4.2.4 as its publishing software to fix security bugs, including a potentially and nasty SQL injection flaw. These security updates come less than two weeks after it fixed a critical cross-site scripting flaw that will affect the Content Management system, upon which fifth of the world’s top million websites rely on.

Its only been a couple of weeks since the last security update for CMS, already a new vulnerabilities have been found which could be exploited by malicious hackers to compromise your CMS site. In an advisory , users were advised to “update their sites immediately”.

WordPress has released moments ago version 4.2.4, which contains lots of security fixes addressing a wide rang of issues. After it release, it fixes ten bugs but six of them are of security related and quite dangerous if left unattended.

Among four, three of them are related with cross-site scripting vulnerabilities,  an issue where that attacker can lockout a post from being edited any further and even a potential timing side-channel attack. (form of attack where the hacker analyses the time it look to complete the routine cryptographic operations in CMS.

And one more is treated as SQL injection  that could easily being addressed by its remote hackers and will compromise the entire website.

These Four Bugs are as follows:-

  • WPDB :- When user check the encoding of strings against the database, they should make sure that they are just relying on return value of strings that were sent to the database #32279
  • User should not blindly trust on the output of glob() to be an array. #33093
  • Shortcodes:- User should handle do_shortcode (‘<[ short code]’) edge cases . #33116
  • Shortcodes:- User Should Protect newlines inside of CDATA. #33106.

WordPress-4-2-3-Security-update

As WordPress 4.2.4   release, it addresses six issues, including three cross-site scripting vulnerabilities and one potential SQL injection that are mainly used to completely compromise your site. It is discovered by Marc-Alexander Montpas of Sucuri, Helen Hou-Sandi of the CMS Security team , Netanel Rubin of CheckPoint, and Ivan Grigorov. It also includes a fix for a potential time side channel attack , discovered by Johannes Schmitt of Scruitinizer, and prevents an attacker from locking a post from being edited, as discovered by Mohammed A. Baset.

However, its hackers will uses the obtained data to hamper the CMS site.

These vulnerabilities were discovered by third-party and some members of CMS Core Security system. CMS announcement does not include any technical details on this vulnerability, but according to manages CMS hosting provider WP Engine, the issue is related to how Shortcodes are used in HTML attributes. “Essentially this security issue could enable specially crafted Shortcodes to bypass kses protection by tricking it into dangerous parts , which are a part of valid HTML,” explained by WP Engine’ Dustin Mezza.

“This vulnerability may allow its users without the unfiltered HTML capability, but with publishing rights, to run JavaScript core on the front end of the Website. Thus, these security updates will ensures all shortcodes inside attributes are evaluated and then run both through kses separately and escaped for use in attributes.

Thus, WordPress 4.2.4 patches the vulnerability which were reported by Rubin of CheckPoint Software Technologies. These flaw can be exploited by a user with Subscriber permissions to create a draft through the Quick draft feature.

As Rubin explains, the vulnerability comes down to how CMS handles identifies. This platform uses a model whereby a subscriber has the least privilege, which are then expanded by role, from subscriber to contributer, author, editor, administrator and a super admin.
He also noted “ The road to critical vulnerability is still long, but as its end, we found both SQL and XSS.”

Rubin Overview:-

Netanel rubin , a vulnerability researcher for Check Point software and Credited for properly disclosing a security vulnerability to CMS, published the first in a trilogy of posts that explains how he discovered it. It was discovered during a full audit of CMS’ code base in which he praised th efforts of the CMS development team.

As far as WordPress related bugs go, the ones CMS today in the core platform are rarer and potentially more critical than the many found in third-party plugins, as noted by Rubin.
Some of those bugs that were patched in CMS core in the last two updates were found in an audit of the platform by Check Point.

At last he concludes that the latest CMS updates will fixes those flaws and hence user will secure his system form harmful damage.

In an advisory, the security firm Check Point deemed the SQL injection vulnerability – CVE- 2015-2213- critical in severity, and noted as “Successful Exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

Hence, users are strongly encouraged to run CMS as security release and updates their sites immediately.

How To Update WordPress site?

The Good news is that it comes along with the option of “Automatic Security Updates”, which means less site will be left unfixed that would have been the case in bad old days(since two years). But, its sad to say that some sites are not using automatic updates for their own reasons.

Fortunately, updating CMS manually is just easy.

So, in order to protect your site from being compromised, it is advised that you should update your CMS Website as soon as possible.

Here, you have to follow some of instructions:-

  1. To update your CMS site, at first you have to login in to your CMS dashboard. Then here, you will find a notification regarding available update. Then you have to simply click on a link “Please Update Now”.
  2.  This action will lead you to its Update Pages. Then you have to click on “Update” button and you will go to see update window in your browser.
    Hence, as a precaution you don’t need to forget to make a backup of your CMS site and database before updating. It will help you to revert back if anything went wrong.
    Or, you can manually update your WordPress site, if it demands.

wordpress-4-2-4-fixes-three-xss-vulnerabilities-and-one-potential-sql-injection-488470-2