Profile

Cover photo
Verified local business
StarForce
Software Company
Today 10AM–7PM
40 followers|125,495 views
AboutPostsPhotosYouTube

Stream

Pinned

StarForce

Shared publicly  - 
 
Update 2016.5 Released for StarForce Protection Systems

http://www.star-force.com/press/news/index.php?news=2729
1
Add a comment...

StarForce

Shared publicly  - 
 
PHP 7 is affected by an unpatched vulnerability that opens servers running the latest branch of the PHP programming language to attacks.

The vulnerability, yet unpatched is part of a trifecta of bugs disclosed during a presentation by Yannay Livneh, Check Point researcher, at this year's 33rd Chaos Communication Congress.

Vulnerabilities affect PHP 7's unserialize mechanism.

All three bugs affect PHP's unserialize mechanism, the process of converting a stream of bytes back into a PHP object.

The CVE identification markers of the three bugs are CVE-2016-7478, CVE-2016-7479, and CVE-2016-7480.

According to a technical report released by Livneh, the first bug is a Denial of Service (DoS) issue, but which can be exploited remotely and used to cause a PHP server to consume too much memory, hang the website, and even shut down the server process.

The other two bugs are remote code execution (RCE) vulnerabilities that allow an attacker to execute malicious code on the server, which in some scenarios might enable the intruder to take over the entire server.

One bug remains unpatched.

Livneh says he informed the PHP team of the issues in August and September this year. The PHP team pushed a bugfix on October 13, with the release of PHP 7.0.12, and on December 1, with the release of PHP 7.1.0.

The PHP team fixed only two of the three issues at the time of writing, with one bug remaining unpatched. Bleeping Computer has reached out to Stanislav Malyshev, a member of the PHP team, to inquire about the status of the last bug. According to Malyshev, the PHP team doesn't "usually have specific release dates for individual bugs."

"The releases of PHP are done every 4 weeks, with the next one planned on January 5th," Malyshev said. "Once the fix for the particular bug is ready, it is released in the next scheduled release."

Livneh says the three bugs can be exploited using a technique he previously detailed in August. The researcher has not specified which of the three bugs remained unpatched.

Bleeping Computer has reached out to Livneh to inquire if there is evidence that any of the three bugs has been exploited in the wild.

The unending saga of serialize/unserialize issues.

The serialize/unserialize mechanism (transforming data objects into memory bytes and vice-versa) has been a major cause of problems in earlier PHP versions, and it appears that it will be the same for PHP 7.

A bug in the PHP serialize mechanism has previously allowed researchers to hack into PornHub.

Similarly, issues with the unserialize operations also affect Java apps, and a major bug has been used to compromise some PayPal services this year.

Below is Livneh presenting his three issues that affect PHP 7's unserialize mechanism at this year's Chaos Communication Congress.

Source: https://www.bleepingcomputer.com/news/security/unpatched-vulnerability-affecting-php-7-servers/

#PHP7 #Vulnerability 
1
Add a comment...

StarForce

Shared publicly  - 
 
US authorities have indicted a man named Krasimir Nikolov, age 44, of Varna, Bulgaria, for his role in the distribution of the GozNym malware.

GozNym is a relatively new banking trojan that was created by combining the Gozi banking trojan and the Nymaim dropper/ransomware.

GozNym was one of the superstars of the malware scene

The IBM X-Force team first reported on GozNym's attacks in April 2016, but the trojan felt its presence since late 2015 when the first infections took root across the US.

During a very short period of a few months, the trojan evolved rapidly, with the addition of redirection attacks, and spread incredibly fast to a large number of countries, such as Canada, the UK, Japan, Spain, Poland, Brazil, and Germany.

The trojan was known to have targeted 22 different financial institutions in the US alone, from banks to credit unions.

According to US prosecutors, Nikolov used the trojan to collect banking credentials and then attempted to initiate fraudulent transactions.

Among the biggest robberies he tried to pull, authorities mentioned several cases:

Nord-Lock, Inc., a bolt-manufacturing company headquartered in Carnegie, Pa., was the victim of an attempted unauthorized wire transfer of $387,500 from its online account at PNC Bank to an account in Sofia, Bulgaria.

Protech Asphalt Maintenance, Inc., an asphalt and paving business located in New Castle, Pa., was the victim of several attempted unauthorized wire transfers totaling more than $243,000 from its online account at First National Bank.

Foresight Sports, Inc., a company that provided technology-based golf products and was located in San Diego, California, was the victim of attempted unauthorized wire transfers totaling more than $118,000 from its online account at American Express Foreign Exchange Service Payments.

California Furniture Collection, Inc., (DBA Artifacts International) a furniture business located in Chula Vista, California, was the victim of several attempted unauthorized wire transfers totaling more than $737,000 from its online account at CommerceWest Bank.
Surprising news came in September when researchers at Cisco Talos announced they shut down the botnet created with the GozNym malware.

Banking trojans of this size and complexity don't go down this easy, and so quickly after they've been created.

GozNym was part of the Avalanche malware distribution network

Unknown at the time was that Nikolov's operation was part of the massive Avalanche malware distribution network, which authorities in a few dozen countries were investigating, and brought down at the end of November.

Nikolov was one of the early Avalanche arrests, which were later followed by the arrest of the network's main administrator, a Ukrainian man, and 34 people who bought and launched DDoS attacks via DDoS-for-hire services hosted on Avalanche.

According to an indictment by the US

Department of Justice, Nikolov now faces up to 100 years in jail for his crimes, and a fine up to $3.5 million. Nikolov was already extradited from Bulgaria to the US and appeared yesterday in court.

Source: https://www.bleepingcomputer.com/news/security/goznym-malware-author-faces-up-to-100-years-in-jail/

#hacker #GozNym #jail 
1
Add a comment...

StarForce

Shared publicly  - 
 
StarForce Document Protection Becomes True Multiplatform

http://www.star-force.com/press/news/index.php?news=2732

#macos #pdf #email #documents
1
Add a comment...

StarForce

Shared publicly  - 
1
Add a comment...

StarForce

Shared publicly  - 
 
Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges.

Mobile experts from Anubis Networks discovered the problem this week. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd..

This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.

Researchers say they've discovered the issue after one of their researchers bought a BLU Studio G smartphone from Best Buy.

They say the smartphone used an insecure Over-the-Air update system, powered by the Ragentek firmware, which contacts remote servers via an unencrypted communications channel. The lack of SSL support means an attacker can carry out a basic Man-in-the-Middle attack and fake responses from the OTA server, sending rogue commands to the user's smartphone.

While there are numerous devices and apps that fail to secure client-server communications via HTTPS, Anubis researchers say the issue goes much deeper.

Source: http://www.bleepingcomputer.com/news/security/second-chinese-firm-in-a-week-found-hiding-backdoor-in-firmware-of-android-devices/

#Android #China #smartphone #backdoor
1
Add a comment...

StarForce

Shared publicly  - 
1
Add a comment...

StarForce

Shared publicly  - 
 
A recent string of ransomware attacks on MongoDB databases left roughly 27,000 servers compromised, with the attackers demanding up to 1 Bitcoin in exchange for the stolen data. The attacks were followed by Norwegian developer Niall Merrigan and ethical hacker Victor Gevers, who posted updates on Twitter.

The number of affected servers started out small, with Merrigan noting there were only 13 victims of one attacker on January 6. However, the number soon skyrocketed into the tens of thousands. As reported by ZDNet's Liam Tung, the affected databases were wiped and replaced with empty databases with cheeky names such as "PWNED" or "PLEASE_READ."

In a ransomware attack, data is typically encrypted until the victim pays a ransom in exchange for the data to be decrypted. However, when data is wiped, as was the case with these attacks, it is difficult to determine if paying the ransom will result in the data being returned.

Unfortunately, it seems as though these victims may not be able to get their data back. As Gevers noted in a tweet, only one of the eight attackers actually saved the data from the original database, but it hasn't been determined yet which one that is.

Additionally, Merrigan wrote that much evidence shows that the data wasn't properly exfiltrated, and paying a ransom won't get it back. He recommends potential victims check their logs and the MongoDB journal to see what happened to their data.

The issue with the affected databases was that they were utilizing default configurations, which allowed for unauthorized access. As a response, MongoDB's director of product security Andreas Nilsson penned a blog post detailing actions that users can take to diagnose and respond to an attack.

For more information, Merrigan and Gevers are maintaining a spreadsheet detailing the attacks. There are multiple attackers targeting these databases, with the attacker known as kraken claiming nearly 16,000 victims.

MongoDB is known for its work with NoSQL databases. The company has been detailing its revenue growth, and could be on track for an IPO, but it's not clear if the attacks will impact that growth.

Source: http://www.techrepublic.com/article/massive-ransomware-attack-takes-out-27000-mongodb-servers/

#MongoDB 
1
Add a comment...

StarForce

Shared publicly  - 
 
German politicians have warned that hackers and others acting for the Russian state could undermine Germany's general elections next year.
The German election is at risk from "outside manipulation", said Wolfgang Bosbach, a senior MP in Chancellor Angela Merkel's conservative CDU party.
The warnings came amid a US furore over Russian hackers accused over leaks of sensitive US Democratic Party files.
Russia was blamed for a cyberattack on the German parliament last year.
An unnamed German security official said it was "highly likely" that secret files published by Wikileaks two weeks ago originated from that cyberattack.
The files - dating from early 2014 to January 2015 - came from the parliamentary lower house (Bundestag) committee investigating US National Security Agency (NSA) spying on German politicians.

The massive scale of the NSA's global surveillance was first revealed by former NSA employee Edward Snowden, who fled to Russia.
Russian officials deny the alleged interference in the US presidential election and dismiss Western warnings about disinformation spreading from the Kremlin.

Mr Bosbach, quoted by the German daily Koelner Stadt-Anzeiger, said "there is a general danger - for the Bundestag 2017 election too - of influence-peddling via targeted infiltration from outside, with the goal of manipulating facts or opinions". He was commenting on the US row about alleged Russian manipulation of the US presidential election in favour of Donald Trump.
The foreign affairs spokesman of the Social Democrats (SPD), Rolf Muetzenich, echoed that warning, saying "unfortunately we cannot exclude such activities in Germany, either".
"In the election campaign we'll also have to confront distortions and fake stories."
Stephan Mayer, home affairs spokesman of the conservative CSU - allied to the Christian Democrats (CDU) - said "there is a big danger that hacker attacks on parties and factions, and disinformation campaigns will increase.
"We must grapple with this urgently and arm ourselves with appropriate laws."

Last week the head of Germany's BfV domestic intelligence agency, Hans-Georg Maassen, said: "We detect increasingly aggressive cyber-espionage.
"The indications of attempts to influence the German parliamentary elections next year are intensifying."
The BfV said the hacker group known as "Fancy Bear" or APT28 was especially active - and it is believed to be controlled by the Russian state.
A diplomatic row erupted between Germany and Russia in January over the claim that a 13-year-old girl from a Russian-immigrant family had been abducted and gang-raped in Berlin.
The Russian TV report about "Lisa F" was discredited and German politicians accused Moscow of inflaming far-right conspiracy theories in Germany.

Source: http://www.bbc.com/news/world-europe-38288181

#fancybears #hackers #Russia #Germany #Election2017
1
Add a comment...

StarForce

Shared publicly  - 
 
SFLetter.com, a secure email service, was selected by IT experts for the finals of the Digital Summit Awards in the category
1
Add a comment...

StarForce

Shared publicly  - 
 
The Scotland Yard police in the UK used a low tech approach to gain data from the iPhone of a criminal, Gabriel Yew. Undercover officers trailed the suspect, and robbed the phone from him just as he was making a phone call. Then officers in the squad kept manually swiping the screen to prevent the phone from locking up, till the incriminating data was recovered from the phone. BBC has reported one of the most innovative methods of gaining access to the data in an iPhone by law enforcement authorities.

In the US, Apple and FBI had a big standoff over unlocking an iPhone belonging to a terrorist. Apply CEO Tim Cook said that complying with the request of the FBI to unlock the phone would be bad for America. The FBI eventually got access to the phone with the help of third party researchers which included a piece of hardware meant specifically to bypass the security measures. The FBI apparently paid the researchers a hefty amount to unlock the phone. Although the standoff ended, there were unanswered questions about how the FBI bypass would affect regular users, and what would happen the next time FBI wanted access to a device.

The Cybercrime Unit of the Scotland Yard wanted to avoid lengthy legal wranglings, or having to pay for a bypass method. The legal options available to the police did not include obtaining access to the phone by force, or making the criminal unlock the phone. The police found out that they could mug the criminal to gain access to the phone, and they executed the innovative plan to get access to the contents of a device.

The efforts paid off, with a hundred more suspects uncovered, and incriminating data found on the criminal activities of a network. The criminals were using fake credit cards to purchase luxuey items across Europe. The investigators uncovered a factory with thousands of blank credit cards that could be programmed.

Source: http://tech.firstpost.com/news-analysis/scotland-yard-grabs-a-criminals-iphone-and-keeps-swiping-to-prevent-screen-lock-and-access-data-351353.html

#Apple #encryption #iPhone #privacy #ScotlandYard #UK
1
Add a comment...
Contact Information
Map of the business location
Altufyevskoye sh., 5/2 Moskva, Russia 127106
Altufyevskoye shosse, 5/2RUMoscow127106
+7 495 967-14-50star-force.ru
Software Company, Business Related
Software Company
Business Related
Business Service
Information and Technology Services
Services Companies
Today 10AM–7PM
Tuesday 10AM–7PMWednesday 10AM–7PMThursday 10AM–7PMFriday 10AM–7PMSaturday ClosedSunday ClosedMonday 10AM–7PM
Google+ URL

Street View

Panorama
Write a review
Review Summary
Be the first to review
Photos
Scrapbook photo 2
Scrapbook photo 3
Scrapbook photo 4
Scrapbook photo 5
Scrapbook photo 6
Upload public photo
Your Activity