April 14, Softpedia – (International) Misconfigured DNS servers vulnerable to domain info leak. The U.S. Computer Emergency Readiness Team (US-CERT) released a security statement warning that misconfigured, public-facing domain name system (DNS) servers utilizing Asynchronous Transfer Full Range (AXFR) protocols, are vulnerable to system takeovers, redirects to spoofed addresses, and denial-of-service (DoS) attacks from unauthenticated users via DNS zone transfer requests. Research from Alexa revealed that over 72,000 domains and 48,000 nameservers were affected by the issue. Source
April 14, Help Net Security – (International) 18-year-old bug can be exploited to steal credentials of Windows users. A Cylance researcher identified a new technique for exploiting an 18-year-old flaw in Windows Server Message Block (SMB) in all versions of Windows operating systems (OS) which allows attackers to intercept user credentials by hijacking communications with legitimate Web servers via man-in-the-middle (MitM) attacks that send them to malicious server message block (SMB) servers that reveal victims’ usernames, domains, and hashed passwords. Source
April 14, Help Net Security – (International) Attackers use deceptive tactics to dominate corporate networks. Symantec released research revealing that spear-phishing attacks on corporations increased by 8 percent in 2014, and that email and social media had remained significant attack vectors. Researchers also found that software companies took an average of 59 days to release patches and that 24 zero-day vulnerabilities were discovered in 2014, among other findings. Source
April 13, Help Net Security – (International) Attackers can easily crack Belkin routers’ WPS PINs. A security researcher discovered that 80 percent of Belkin routers tested generated Wi-Fi Protected Setup (WPS) PINs based on the device’s own Mac addresses and serial numbers, leaving it vulnerable to discovery by attackers using unencrypted request/response packets via Wi-Fi probes. Source
April 13, Securityweek – (International) Attacks against SCADA systems doubled in 2014: Dell. Dell revealed in its annual threat report that attacks against supervisory control and data acquisition systems (SCADA) doubled in 2014, including 51,258 attacks in the U.S., and that the attacks tended to be political in nature and targeted operational capabilities within power plants, factories, and refineries primarily in Finland, the U.K., and the U.S. The report found that 25 percent of the attacks witnessed exploited buffer overflow vulnerabilities followed by improper input validation and information exposure. Source
April 14, Securityweek – (International) Alleged creator of Svpeng Android malware arrested in Russia. Russia’s Ministry of Internal Affairs reported April 11 that the suspected developer of the Svpeng Android trojan along with 4 co-conspirators calling themselves “The Fascists” who had allegedly used the trojan to steal money from bank accounts in the U.S. and Europe were arrested. The malware employs a combination of short message service (SMS) hacking, phishing Web pages, credential logging, and ransomware to access victims’ account and access funds. Source
April 13, Threatpost – (New York) Vulnerabilities identified in NY banking vendors. The New York State Department of Financial Services released a report on cyber security in the banking sector April 9 which revealed that one in three New York banks are neglectful of information security relating to third-party vendors and are vulnerable to backdoor access by those looking to steal data as a result. One in three banks interviewed did not require vendors to notify them in the event of a data breach, and only half had strategies prepared for breach scenarios, among other findings. Source