The digitalization of our homes continues to grow, and with it the number of vulnerabilities your household devices can suffer from. We’re surrounded with many specialized minicomputers (which we usually fail to consider computers) that are subject to the same problems as the desktops or laptops. But, because of a psychological barrier, we’re unable to see them this way. Almost nobody thinks of their big TV as a computer and the same is true of phones, but there are many smaller, almost invisible devices like intelligent disk arrays (NAS) or routers, which are nothing else but ‘computers without the keyboards’. It was published in the past – it’s possible to hack/exploit/misuse such devices – there are exploits for printers, desk phones, Samsung TVs, all of these devices contain bugs which, when exploited by the bad guys, could run executable code which suits bad guys’ needs.

Read more…

Through a collaboration with Eric Romang (@eromang), independent security researcher we can confirm that the watering hole campaigns are still ongoing and are targeting multiple targets, including as an example a major Hong Kong political party website.

This website is actually using the new version of the original Internet Explorer (CVE-2012-4792) vulnerability attack, but right now it’s also using the latest Java (CVE-2013-0422) vulnerability.

Chinese language version of the web site is doing a remote javascript inclusion to “http://www.[REDACTED].org/board/data/m/m.js”.

This website is a legitimate compromised website used for hosting the exploit files, hosted in South Korea.

Read more…

While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.

The hacked legitimate websites contain on their main pages a hidden iframe.

Read more…

It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?

Read more…

Few years back a group of bad guys from Estonia had neat idea how to get between you and the sites you want to visit on internet. They created malware which was named by AV companies DnsChanger. The main purpose of the malware was to change DNS servers your computer uses for the name to ip address translation to the servers operated by the criminals. This way they can intercept your traffic and eventually monetize it. The gang was later arrested and the servers confiscated by FBI. And there lies the problem, because FBI was ordered by the court that they must turn off these servers on Monday July 9th 2012. There are still about 300 000 computers around which are using the wrong DNS servers, so although the probability you’re one of them is quite low, it’s better to be safe than sorry and check if it may concern you.

Read more…

Yesterday, password databases from two popular websites were leaked in an underground forum popular with computer hackers.  6.5 million passwords from LinkedIn and a further 1.5 million passwords from internet dating site eHarmony were divulged following attacks on these sites.

LinkedIn has already acknowledged the leak, and have said they are changing the algorithm for storing sensitive data and will  email users instructions on how to reset  password.

eHarmony has also admitted a hack and has said it members will receive an email with instructions on how to reset their passwords. Read more…

A few days ago we blogged about another trick in PDF parsing. We got there a comment from a person recommending that we read specifications, which we (as AV guys, not pdf-reader-writing guys) usually don’t do to the full extent, because most of the specifications we’ve seen have been misleading at best. Read more…

Honestly, I don’t know, but according to my tastes he shouldn’t get it for his latest movie, it was a bit boring. I was commenting on it to a colleague, and because it’s late night here I wasn’t able to remember the movie name; I just remembered that George Clooney was nominated for leading actor Oscar for this movie. So I simply put “clooney oscar” in my Firefox address bar, which is the simplest way to get the search results for Google. But I wasn’t exactly “Feeling lucky” about the result I got. Read more…