We talk about E.U asks for network history, vulnerabilities in Cloud hardware, SIM Swapping attacks, Artificial clicks in MacOs, Apple launches access with ID

Below are the links of the cyber security news.

1.U.S.  WILL REQUEST FIVE YEARS OF SOCIAL NETWORKS TO VISA APPLICANTS

2.THE THEFT OF MONEY BY ATTACKS TO THE SIM GROWS IN AMERICA

3.VULNERABILITIES IN HARDWARE OF CLOUD COMPANIES

4.APPLE LAUNCHES ID´s TO PROTECT ITS USERS

5.VULNERABILITY IN MACoS ALLOWS TO PERFORM “ARTIFICIAL CLICKS”

The post Cyber security Trends|12 June 19 appeared first on Information Security Newspaper | Hacking News.

According to information security experts, the new version includes the updated packages and bug fixes released in the latest version (3.11), this marks the end of the development process and testing of features experienced in previous versions since Parrot 3.9.

Netinstall images are a very useful tool if you want to install only the core of the system or just the software components that you really need, you can also use it to install another desktop environment and create your own system.

Parrot 4.0 also provides Netinstall images, since people are expected to use Parrot not only as a pentest distribution, but also as a framework for building their own work environment with ease.

Experts explain that Docker is the container technology that allows users to download a Parrot template and immediately generate unlimited and isolated Parrot instances on any host operating system. Parrot on Docker grants access to all the Parrot containers you need on Windows, Mac OS or another system supported by Docker, regardless of whether it is your laptop or a full coupler cluster running in a data center.

Regarding Linux Kernel 4.16. Information security professionals comment that the introduction of the new Linux kernel 4.16 is a very important step for distribution, since the new kernels introduce many important new features, wider hardware support and important bug fixes.

Now Sandbox. The Parrot system is safe and isolated thanks to the custom fire layer profiles with the underlying apparmor support. We know that in Parrot 4.0 now the applications of isolated space are stable and reliable.

Also, MATE was updated to version 1.20, with corrections of graphical errors and new features, such as compatibility with HiDPI, or the ability to automatically resize windows by dragging them to the corner of the screen and dividing them into new designs.

If you want to see the complete list of packages that were updated: https://archive1.parrotsec.org/parrot/iso/4.0.1/updated-packages.txt

To actualize. Information security experts say that if you have an earlier version of Parrot and want to update the system, just follow these steps:

Open a terminal window and type the following commands:

sudo apt update

sudo apt purge tomoyo-tools

sudo apt full-upgrade

sudo apt autoremove

The post Parrot Security 4.0 The new tool for Cloud and IoT Pentesting appeared first on Information Security Newspaper | Hacking News.

The first of the vulnerabilities, designated in MITRE’s Common Vulnerabilities and Exposures (CVE) list as CVE-2017-15548, allows an attacker to gain root access to the servers. This would potentially give someone direct access to backups on the server, allowing them to retrieve images of virtual machines, backed-up databases, and other data stored within the affected systems.

The second vulnerability, CVE-2017-15549, makes it possible for an attacker to potentially upload malicious files into “any location on the server file system” without authentication. And the third, CVE-2017-15550, is a privilege escalation bug that could allow someone with low-level authenticated access to access files within the server. The attacker could do this by using a Web request crafted to take advantage of “path traversal”—moving up and down within the directory structure of the file system used by the application.

These attacks require access to the network that the servers run on, so it may not be possible in most cases to execute attacks from the Internet—at least if the backup systems run in a network partitioned from the Internet. But these vulnerabilities could create opportunities for attackers who’ve managed to get a foothold in data centers via other exploits. And, unfortunately, as security researcher Davi Ottenheimer pointed out, there are hundreds of these systems exposed to the Internet—including more than a hundred of them in Ukraine, China, and Russia.

For those familiar with the architecture of these products, the vulnerabilities may not be a surprise—EMC Avamar and the other applications use Apache Tomcat, which was patchedmultiple times last year to address critical security vulnerabilities. However, it’s not clear whether these patches were incorporated into earlier updates of the EMC and VMware products or if any of the bugs just fixed in updates of the EMC/VMware products were Tomcat related.

Source:https://arstechnica.com/information-technology/2018/01/emc-vmware-security-bugs-throw-gasoline-on-cloud-security-fire/

The post EMC, VMware security bugs throw gasoline on cloud security fire appeared first on Information Security Newspaper | Hacking News.

The post Amazon launches single sign-on service for AWS cloud appeared first on Information Security Newspaper | Hacking News.

The photos were famously posted on 4Chan and Reddit in 2014. Collins pleaded guilty to hacking the celebrities’ accounts in May, but he did not plead guilty to posting the images on the Internet. “Investigators have not uncovered any evidence linking Collins to the actual leaks or that Collins shared or uploaded the information he obtained,” the Department of Justice (DOJ) noted.

According to The Guardian, Collins ran a phishing scheme from November 2012 to September 2014, sending celebrities e-mails that appeared to be from Apple and Google, requesting their user names and passwords.

In a press statement, the DOJ wrote that Collins would illegally access respondents’ accounts and search for nude photos and videos. “In some instances, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups,” the DOJ wrote. “In addition, Collins ran a modeling scam in which he tricked his victims into sending him nude photographs.”

Collins apparently accessed at least 50 iCloud accounts and 72 Gmail accounts and stole information from more than 600 victims, not all of whom were celebrities.

The post 36-year-old Pennsylvania man gets 18 months for phishing nude celebrity pics appeared first on Information Security Newspaper | Hacking News.

No organization is immune to the risk of a data breach. Security leaders who want to assume the strongest protection must analyze their security posture from a hacker’s point of view to understand risk, validate security controls, and prioritize resources.

That is the premise behind the SafeBreach Hacker’s Playbook, which was released in its second edition today. The first edition of the playbook, published in January, details enterprise security threats and risky habits from the point-of-view of an attacker.

Researchers at SafeBreach “play the hacker” by deploying simulators that assume the role of a “virtual hacker” across endpoints, network, and the cloud. The new Hacker’s Playbook incorporates a total of 3,985,011 breach methods, all executed between January and September 2016.

SafeBreach’s research team had two main objectives in compiling this playbook, says CTO and co-founder Itzik Kotler.

The first is to take highly publicized breaches such as those at Sony and Target, and to create artificial models so customers can better understand these attacks and how they happen. Researchers also figure out how to attack; they analyze different methods to create simulation events to give users a better idea of the threats they face.

“They’re [the researchers] pushing the envelope in creating new ideas and experimenting with existing ones,” says Kotler. “It’s all to show customers what kind of malicious ideas exist.”

Successful breaches are sorted into three pillars: infiltration, how hackers enter a machine; lateral movement, how they jump from one server to the other, for instance; and exfiltration, how they steal valuable data out of the victim organization.

The top infiltration methods used by attackers, according to the report, involved hiding executable files inside non-executable files. Specifically, executable files embedded within Windows script files, macros, and Visual Basic had great success.

(Image: SafeBreach)

Old exploit kits, many of which have been around for a year or longer, are still considered effective means of delivering malware. These kits challenge endpoint security and secure web gateway products; top picks include Sweet Orange, Neutrino, and Rig Exploit Kit.

 Source:https://www.darkreading.com

The post Executable Files, Old Exploit Kits Top Most Effective Attack Methods appeared first on Information Security Newspaper | Hacking News.

The incident occurred last Monday, but it is only now that Google has decided to explain exactly what happened.

According to a Google blog post, the accidental denial of service happened in Google’s Europe1-West region, sending it offline for around 70 minutes. The blog post says that Google’s engineers activated an additional link with an unnamed network carrier with whom the company already shares many peering links globally.

The majority of the addresses affected by the error were located in eastern Europe and the Middle East, and Google saw its traffic decline 13 percent during that time.

As the link was activated, the peer’s network signalled that it could route traffic to many more destinations than Google engineers had anticipated, and more than the link had capacity for, the blog post reads.

“Google’s network responded accordingly by routing a large volume of traffic to the link. At 11:55, the link saturated and began dropping the majority of its traffic”.

This would not have happened if automation was operational, Google says, adding that it usually is.

“In normal operation, peering links are activated by automation whose safety checks would have detected and rectified this condition. In this case, the automation was not operational due to an unrelated failure, and the link was brought online manually, so the automation’s safety checks did not occur”.

To stop this issue from flaring up again, Google’s network engineers have taken steps to disallow manual link activation.

Source:https://betanews.com/

The post Accidental DDoS takes down Google’s European cloud appeared first on Information Security Newspaper | Hacking News.

BaaS services like Facebook Parse, Amazon Web Services (AWS), and Cloudmine are cloud-based companies that allow mobile app developers to build complex server-side backends for their applications using a simplistic API.

Their role is to simplify the know-how needed to develop complex app features, but also to cut down development time and costs for more astute programmers.

Hardcoded cloud access keys, an old problem that has just got bigger

The research presented by the German developers at the Black Hat Europe 2015 security conference in Amsterdam explains a common problem that affected developers in the past but has since been exacerbated due to the proliferation and the over-simplification of cloud services in general.

The problem is the presence of hardcoded authentication credentials for the backend cloud service, right inside the mobile application’s code.

In spite of the fact that some of the apps may be obfuscated, a large number of apps can be easily decompiled.

This exposes both users, who see their personal data exposed, and developers, who risk having their servers hijacked by other groups and may end up paying for cloud transactions and operations they cannot afford.

Thousands of apps affected, millions of data records exposed

According to the German researchers, the problem of hardcoded cloud authentication credentials is a huge one. To assess the number of affected apps and users, the researchers created a special scanning and analysis framework that they used to analyze over 2 million Android and iOS apps.

Using this tool, they managed to discover over 56 million individual data records exposed in thousands of apps, holding sensitive information on millions of users, like passwords, real names, account preferences, health data, phone numbers, pictures, and more.

In one strange case, the researchers even found data about a malware campaign, a mobile trojan that used a BaaS service for its backend.

Google and Apple were notified about the issues

Because this problem plagued so many different applications, the researchers worked with CERT, who then informed Google and Apple (app store owners) about their research’s results.

Both companies notified developers, but after rerunning their tool a few days before their presentation, the German researchers found that only 4 million individual data records were removed, and now, over 52 million data items are still accessible.

The conclusion is that either the developers don’t care enough about user privacy to protect sensitive data, or they do not know how to do it in the first place.

The latter is the most obvious guess since services like Parse and AWS are usually used by novices in the world of app development, who are still developing their skills and need help implementing more complex features.

“They [BaaS providers] abstract away from backend handling and reduce it to a handful of lines of code that every developer can just copy&paste into his app without further knowledge or consideration,” explain the researchers. “Every additional mandatory step would contradict their own business model of abstraction and simplicity.”

The full (In)Security of Backend-as-a-Service report is available on the Black Hat Europe 2015 website.

Source:https://news.softpedia.com/

The post 56 Million Data Records Exposed via Cloud-Based Mobile App Backends appeared first on Information Security Newspaper | Hacking News.