Monthly Archives: November 2016

Panda Security

Malicious office printers could hijack employees’ cell phones

panda-security-printer

At first glance it is just another printer; one of those big machines that sits against the wall of thousands of offices around the country, turning blank sheets of paper into corporate documentation. And as inoffensive as it may seem, just another piece of office furniture, it can become a threat to your company’s confidentiality. While your printers and networks can become one your most vulnerable security holes, the one created by the ‘hacker’ Julian Oliver is quite simply a spy.

Every time you make a call on your cell phone, the device connects to the nearest phone antenna. What Oliver has managed to do is to camouflage a similar antenna inside an everyday office printer.

In this way, the device can intercept all calls made or received from an office, thereby allowing an attacker to spy on conversations or read SMS messages.

In this case, however, there is nothing to be afraid of. This has simply been an experiment through which Oliver has tried to draw attention to the importance of using communication tools with end-to-end encryption, such as the Signal messaging app recommended by Edward Snowden himself.

Yet the fact that is only a demo shouldn’t detract from the lesson to be learnt. In the strategy used by Oliver, every time a phone connects to the antenna camouflaged in the printer, the device sends an SMS. If the recipient responds to any of these messages from an unknown number, the printer prints the SMS message and the ‘victim’s’ phone number, thereby revealing the scam.

What’s more, the printer is programmed to make calls to the phones that connect to its antenna. If someone answers, all they will hear is a Stevie Wonder song. A practical joke that lasts some five minutes; after this time, the printer disconnects the phone from the antenna, allowing it to connect to the genuine mobile network. In the event of a real attack however, the consequences won’t be as entertaining, nor the scare so brief.

Oliver’s experiment serves to remind us of the fragility and vulnerability of the communication networks we use every day. A simple Raspberry Pi motherboard and two GSM antennas would be enough to enable an attacker to camouflage an antenna in a printer and spy on all of a company’s phone conversations and steal confidential corporate information.

The post Malicious office printers could hijack employees’ cell phones appeared first on Panda Security Mediacenter.

Ubuntu

USN-3136-1: LXC vulnerability

Ubuntu Security Notice USN-3136-1

23rd November, 2016

lxc vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

LXC could be made to allow containers to access to the host filesystem.

Software description

  • lxc
    – Linux Containers userspace tools

Details

Roman Fiedler discovered a directory traversal flaw in lxc-attach. An
attacker with access to an LXC container could exploit this flaw to access
files outside of the container.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
lxc1

2.0.5-0ubuntu1.2
liblxc1

2.0.5-0ubuntu1.2
Ubuntu 16.04 LTS:
lxc1

2.0.5-0ubuntu1~ubuntu16.04.3
liblxc1

2.0.5-0ubuntu1~ubuntu16.04.3
Ubuntu 14.04 LTS:
lxc

1.0.8-0ubuntu0.4
liblxc1

1.0.8-0ubuntu0.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-8649

Ubuntu

USN-3137-1: MoinMoin vulnerabilities

Ubuntu Security Notice USN-3137-1

23rd November, 2016

moin vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in MoinMoin.

Software description

  • moin
    – Collaborative hypertext environment

Details

It was discovered that MoinMoin did not properly sanitize certain inputs,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
python-moinmoin

1.9.8-1ubuntu1.16.10.1
Ubuntu 16.04 LTS:
python-moinmoin

1.9.8-1ubuntu1.16.04.1
Ubuntu 14.04 LTS:
python-moinmoin

1.9.7-1ubuntu2.1
Ubuntu 12.04 LTS:
python-moinmoin

1.9.3-1ubuntu2.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-7146,

CVE-2016-7148,

CVE-2016-9119

Hackers News

FBI Hacked into 8,000 Computers in 120 Countries Using A Single Warrant

The FBI hacked into more than 8,000 computers in 120 different countries with just a single warrant during an investigation into a dark web child pornography website, according to a newly published court filings.

This FBI’s mass hacking campaign is related to the high-profile child pornography Playpen case and represents the largest law enforcement hacking campaign known to date.

The warrant

Apache

iPhone da 249 Euro – PC GAMING & PRO

Non vedi il contenuto di questa Email?
Clicca Quì
http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=b09a31a8-0772-45a9-8253-cb6c24840046
Greetings!

Inotra questa email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1126502617111





Questa mail è stata inviata a [email protected],
da parte di [email protected]

Aggiorna profilo/indirizzo e-mail
https://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=b09a31a8-0772-45a9-8253-cb6c24840046


Rimozione istantanea con SafeUnsubscribe(TM)
https://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=b09a31a8-0772-45a9-8253-cb6c24840046


Informativa sulla privacy:
http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp





Online Marketing by
Constant Contact(R)
www.constantcontact.com



Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy