Tag Archive for: Researcher

Security researcher updates OMG Cables to record user keystrokes

/in


Lightning cable
Credit: Pixabay/CC0 Public Domain

Security researcher Mark Green, (who goes by MG) has revealed to the Vices team at Motherboard that he and his team have upgraded their version of a hacked Lightning cable in a way that allows a hacker to record keystrokes and then to send the data to a designated site. This would allow the device to be used to steal passwords and other sensitive information.

A Lightning cable allows for charging a device such as a smartphone using a computer or laptop instead of a charger. Back in 2019, MG demoed a cable that looked like a Lightning cable but had hacking capabilities built into it. Shortly thereafter, MG reportedly partnered with a cybersecurity vendor called Hak5 and began selling the cables. The idea behind the development of the cable and sales of it were meant not just to highlight, but demonstrate how such simple devices can be altered in minor ways that allow real hackers to take advantage of consumers.

More recently, MG spoke with the team at Motherboard and told them that he has updated the cable to allow it to both record keystrokes and to use an added WiFi chip to broadcast the data it captures to a designated site where hackers could conceivably study the data and use it to their advantage.

MG also told the team at Motherboard that part of the reason he built the new cable was because other experts in the field had claimed that it could not be done due to size and space limitations—there was not enough room inside the connective housing on Type C Lightning cables. MG claims to have proven such experts wrong by adding tiny chips to the cables and then demonstrating that they work in a YouTube of his cable in action. He also told Motherboard that the new cable also has geofencing features that allow for blocking data. Motherboard also tested the cable, and found that it worked as advertised, though admittedly in a close-proximity environment. MG claimed the…

Source…

Security researcher: Criminals use Discord to distribute malware

/in


According to security researchers, the content delivery network (CDN) of the voice and text chat platform Discord is increasingly being misused by criminals to spread malware. The security company Sophos writes that four percent of their malware downloads examined came from Discord in the second quarter of this year. Users can upload and exchange files via Discord. According to Sophos, this has a number of advantages for cyber criminals.

Overall, Sophos found 14,000 malicious files on the Discord CDN and sees an upward trend. So that criminals can place their malicious software there, all they need is a chat room that anyone can set up free of charge. As soon as a file is uploaded, it lands on cdn.discordapp.com. In this Google Cloud Storage, Trojans can then be reached all over the world via a fast CDN.

Files can be called up directly

Discord uploads files to its CDN, but no longer deletes them.

(Image: screenshot)

The special thing about it: You do not need to log in to access the file. If you call up the URL of the uploaded file, the browser asks directly whether the file should be downloaded. If this URL is linked in an email, there is no warning or anything else that could distract from the download.

Even if the message with the file attachment is deleted on Discord, the file itself can still be accessed in the CDN, as heise online found out in a short test. And it gets even better: If you delete the so-called “server” (actually a created, administrative room) on Discord with all messages, channels and users, the file was still available to us in the CDN.

Free malware hosting

The problem is by no means new. According to Sophos, a lot of malicious software landed on Discords CDN last year. Discord has not changed the basic functionality, but relies on reports from users and scans itself for malicious code. However, malware cannot be easily distinguished from non-malicious software without fully analyzing its behavior.

Among the files found by Sophos were some malware families that intercept stored login data or ensure that the attacker can remotely control the affected computer. We therefore recommend that you be…

Source…

Security researcher recommends against LastPass after detailing 7 trackers

/in


A security researcher is recommending against LastPass password manager after detailing seven trackers found in the Android app, The Register reports. Although there is no suggestion that the trackers, which were analyzed by researcher Mike Kuketz, are transferring a user’s actual passwords or usernames, Kuketz says their presence is bad practice for a security-critical app handling such sensitive information.

Responding to the report, a spokesperson from LastPass says the company gathers limited data “about how LastPass is used” to help it “improve and optimize the product.” Importantly, LastPass tells The Register that “no sensitive personally identifiable user data or vault activity could be passed through these trackers,” and users can opt out of the analytics in the Privacy section of the Advanced Settings menu.

LastPass’s trackers include four from Google which handle analytics and crash reporting, as well as one from a company called Segment, which reportedly gathers data for marketing teams. Kuketz analyzed the data being transmitted and found it included information about the smartphone’s make and model, as well as information about whether a user has biometric security enabled. Even if the data transmitted isn’t personally identifiable, just integrating this third-party code in the first place introduces the potential for security vulnerabilities, according to Kuketz.

“If you actually use LastPass, I recommend changing the password manager,” wrote Kuketz (via machine translation). “There are solutions that do not permanently send data to third parties and record user behavior.”

LastPass isn’t the only password manager to include trackers like this, but it appears to have more than many popular competitors. Free alternative Bitwarden has just two according to Exodus Privacy, while RoboForm and Dashlane have four, and 1Password has none.

The report comes on the heels of LastPass’s announcement to severely limit functionality in its free tier. While free users are currently able to store an unlimited number of passwords across devices without limitation, soon they’ll have to pick one…

Source…

Researcher enters servers of 35 tech companies, runs code

/in


According to Bleeping Computer, security researcher Alex Birsan found a security vulnerability that allowed him to run code on those servers in what is touted as a novel software supply chain attack.

New Delhi: A cyber security researcher has utilised a security vulnerability to run code on servers owned by over 35 major tech companies, including Apple, Microsoft, Netflix, Tesla, Uber, Shopify, Yelp and PayPal, the media reported.

According to Bleeping Computer, security researcher Alex Birsan found a security vulnerability that allowed him to run code on those servers in what is touted as a novel software supply chain attack.

Birsan has earned over $130,000 in rewards through bug bounty programmes and pre-approved penetration testing arrangements with these companies.

“I feel that it is important to make it clear that every single organisation targeted during this research has provided permission to have its security tested, either through public bug bounty programs or through private agreements. Please do not attempt this kind of test without authorisation,” Birsan was quoted as saying in the report.

Microsoft awarded him their highest bug bounty amount of $40,000 and released a white paper on this security issue.

The tech giant identified the issue as CVE-2021-24105 for their Azure Artifactory product.

The novel software supply chain attack comprised uploading malware to open source repositories, “which then got distributed downstream automatically into the company’s internal applications”.

The supply chain attack was more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Apple told Bleeping Computer that Birsan will get a reward via its Security Bounty programme for responsibly disclosing this issue.

PayPal has publicly disclosed Birsan’s HackerOne report mentioning the $30,000 bounty amount.

The possibility remains for such attacks to resurface and grow, especially on open-source platforms with no easy solution for dependency confusion, according to the researcher.

“I believe that finding new and clever ways to leak internal package names will expose even more vulnerable systems, and looking into alternate…

Source…