Monthly Archives: September 2015
AirDrop vulnerability is an easy avenue for hackers to exploit Apple devices
Do you own an Apple device? A recent vulnerability discovered within AirDrop could pose as a risk to your files. (Photo via aayush.me)
Recently, an alarming vulnerability has cropped up on iOS devices. This security loophole allows an attacker to overwrite arbitrary files on a targeted device and, when used in combination with other procedures, install a signed app that devices will trust without presenting a warning notification to users.
In a recent article published on Threatpost, it’s noted that the vulnerability is located in a library that lies within both iOS and OS X. In this case, the library in question is AirDrop, the tool featured on Apple devices that allows users to directly send files to fellow Apple device quickly and effortlessly. The problem lies within the fact that Airdrop doesn’t use a sandboxing mechanism in the same way that many other iOS applications do. When making use of a sandbox, every application has its own container for files that it can’t get beyond the so-called “walls“ of.
AirDrop gives users to the choice to accept file transfers either from only their own contacts or anyone who sends them a request to send files. In the case that a user can receive files from anyone, it’s quite easy for an attacker to exploit their device on their locked iOS device. What’s more, the attacker can even make the attack without the user agreeing to accept a file transferred using AirDrop.
Directory traversal attacks make the exploitation of this vulnerability possible
Mark Dowd, the security researcher who discovered the vulnerability, has been able to repeatedly and reliably exploit the security flaw. The vulnerability allows the attacker to execute a directory traversal attack, in which the attacker attempts to access files that are not intended to be accessed. Thus, the attackers are capable of writing files to any location they choose on the file system.
Since sandboxing rules weren’t being strictly enforced on AirDrop, Dowd was able to read/write hidden system resources in combination with his own directory traversal attack. In doing so, he was able to upload his own application into the system and make it appear as trusted.
This bug has been reported to Apple, but a full patch has not yet been released for the recently-launched iOS 9. Therefore, if you’re the owner of one or more Apple devices, make sure that your AirDrop sharing options are set to private and that you’re only able to receive files from your contact list.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
Collaboration between the Dutch police and Kaspersky Lab leads to the arrest of suspects behind the CoinVault ransomware attacks
The Trojan Games: Odlanor malware cheats at poker
Every now and again, ESET comes across an attack that “stands out”. Odlanor malware fits that bill – this unique trojan targets players of online poker.
The post The Trojan Games: Odlanor malware cheats at poker appeared first on We Live Security.
iOS AirDrop vulnerability allows for malware installation on Apple devices
A security expert has found a vulnerability on iOS devices that allows malware to be installed via AirDrop.
The post iOS AirDrop vulnerability allows for malware installation on Apple devices appeared first on We Live Security.
Important security notice regarding signing key and distribution of Red Hat Ceph Storage on Ubuntu and CentOS
Last week, Red Hat investigated an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com), which were hosted on a computer system outside of Red Hat infrastructure.
download.inktank.com provided releases of the Red Hat Ceph product for Ubuntu and CentOS operating systems. Those product versions were signed with an Inktank signing key (id 5438C7019DCEEEAD). ceph.com provided the upstream packages for the Ceph community versions signed with a Ceph signing key (id 7EBFDD5D17ED316D). While the investigation into the intrusion is ongoing, our initial focus was on the integrity of the software and distribution channel for both sites.
To date, our investigation has not discovered any compromised code available for download on these sites. We can not not fully rule out the possibility that some compromised code was available for download at some point in the past.
For download.inktank.com, all builds were verified matching known good builds from a clean system. However, we can no longer trust the integrity of the Inktank signing key, and therefore have re-signed these versions of the Red Hat Ceph Storage products with the standard Red Hat release key. Customers of Red Hat Ceph Storage products should only use versions signed by the Red Hat release key.
For ceph.com, the Ceph community has created a new signing key (id E84AC2C0460F3994) for verifying their downloads. See ceph.com for more details.
Customer data was not stored on the compromised system. The system did have usernames and hashes of the fixed passwords we supplied to customers to authenticate downloads.
To reiterate, based on our investigation to date, the customers of the CentOS and Ubuntu versions of Red Hat Ceph Storage should take action as a precautionary measure to download the rebuilt and newly-signed product versions. We have identified and notified those customers directly.
Customers using Red Hat Ceph Storage products for Red Hat Enterprise Linux are not affected by this issue. Other Red Hat products are also not affected.
Customers who have any questions or need help moving to the new builds should contact Red Hat support or their Technical Account Manager.
AVG kicks off free on demand training series for partners
Opportunities for business growth are often right in front of us but taking advantage of them and succeeding may require specific knowledge or experience. This is why we have established the AVG Business Accelerator Partner Academy to help support your growth and equip you to win in your markets.
Through the Academy, we offer you and your team free online technical training in six modules as well as business transformation training in three different modules. We’ve worked with industry leaders and MSPs to design the curriculum specifically to help AVG Business partners grow and succeed rolling out Managed Workplace to your customers.
We know your time is limited and very valuable. The tracks we’ve put together are based on what you have told us you need, designed to help give you a competitive advantage. We want to equip you for success in your market and help in any way we can to accelerate your growth.
Beginning this month, the Business Transformation training kicks off and includes:
- September: Sales & Marketing Transformation
- October: Business Transformation
- November & December: Service Transformation
The technical training, which will include six modules split into several short videos covering Installation through to Reporting, will be available in October.
These ‘live’ sessions will include open Q&A sessions so that you can learn from our specialists and other MSPs in real-time. After each scheduled training session, these will be available for viewing on demand via our Partner Portal (sessions available for viewing October 1 and after).
Taking the Academy curriculum will help you:
- Build your leads inflow and pipeline for business.
- Leverage professional services automation to increase efficiency and profitability.
- Work in partnership with your account manager to seize new revenue opportunities.
- Use metrics to better manage sales, marketing and operations.
- Better represent your expertise with customers and potential clients.
I encourage you to attend and let us know what you think. We’re listening.
To find more information and sign up for free training, visit AVG Business Accelerator Partner Academy.
Second Russian pleads guilty in record US data breach
A second Russian man has admitted that he was part of a group of cybercriminals that carried out the largest data breach in US history.
The post Second Russian pleads guilty in record US data breach appeared first on We Live Security.
VMware Releases Security Update
Original release date: September 17, 2015
VMware has released a security update to address a Lightweight Directory Access Protocol (LDAP) certificate validation vulnerability in vCenter Server. Exploitation of this vulnerability may allow an attacker to obtain sensitive information.
Available updates include:
- VMware vCenter Server version 6.0 update 1
- VMware vCenter Server version 5.5 update 3
Users and administrators are encouraged to review VMware security advisory VSMA-2015-0006 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Original release date: September 17, 2015
Cisco has released updates to address vulnerabilities in Prime Collaboration Assurance, Prime Collaboration Provisioning, and TelePresence Server software. Exploitation of these vulnerabilities could allow a remote attacker to escalate privileges, obtain sensitive information, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Cisco advisories cisco-sa-20150916-pca, cisco-sa-20150916-pcp, cisco-sa-20150916-tps and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.