Apple has patched a total of nine vulnerabilities with the release of QuickTime 7.7.8 for Windows.

According to an advisory published by Apple last week, the update addresses a series of memory corruption issues that can lead to the unexpected termination of the application or arbitrary code execution.

Ryan Pentney and Richard Johnson of Cisco Talos, a researcher known as "WalkerFuz," experts from Fortinet's FortiGuard Labs, and Apple's own security team have been credited for finding the vulnerabilities. The following CVE identifiers have been assigned to the flaws: CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5779, CVE-2015-5785, CVE-2015-5786.

The vulnerabilities found by Apple, WalkerFuz, and five of the six issues identified by Cisco were also patched on August 13 in the OS X version of QuickTime 7.

An advisory published by Cisco reveals that the issues reported by Talos researchers are denial-of-service (DoS) flaws that can be exploited with the aid of specially crafted .MOV files.

The security bugs are caused by invalid URL atom size, invalid 3GPP stsd sample description entry size, invalid mhdv atom size, esds atom descriptor type length mismatch, mdat corruption, and tkhd atom matrix corruption.

"Several memory corruption vulnerabilities exist in Apple Quicktime and can manifest themselves due to improper handling of objects in memory. An adversary who crafts a specifically formatted .MOV file can cause Quicktime to terminate unexpectedly, creating a local denial of service condition," Cisco's Talos group wrote in a blog post.

Earlier this month, Apple patched well over 100 vulnerabilities with the release of updates for OS X, OS X Server, iOS and Safari. Shortly after the updates were made available, an Italian researcher revealed the existence of a new local privilege escalation zero-day vulnerability that affects all versions of OS X Yosemite.

The expert had not informed Apple before publishing a proof-of-concept (PoC) exploit, but the vendor might be aware of the issue considering that it has been patched in the beta version of OS X 10.11, dubbed El Capitan.

Local privilege escalation vulnerabilities in OS X can be very dangerous. One of the flaws fixed earlier this month with the release of OS X 10.10.5 had been exploited in the wild to install adware on Macs after a researcher disclosed its existence before Apple could release a patch.

Malicious actors can exploit vulnerabilities in BitTorrent, the popular peer-to-peer (P2P) file sharing protocol, to launch distributed reflective denial-of-service (DRDoS) attacks, researchers warned at the recent USENIX conference.

According to researchers, attackers can abuse BitTorrent protocols such as Micro Transport Protocol (uTP), Distributed Hash Table (DHT), and Message Stream Encryption (MSE), and the BitTorrent Sync tool to reflect and amplify traffic.

BitTorrent and BTSync use UDP protocols, which are not designed to prevent the spoofing of source IP addresses. This allows an attacker to send small packets to amplifiers using the victim's IP, which results in the amplifiers sending larger packets to the victim.

Potential amplifiers can be identified using peer discovery techniques such as DHT, Peer Exchange (PEX) and trackers. These techniques allow attackers to collect millions of amplifiers, experts said.

This type of DRDoS attack has three main advantages: the attacker can hide his identity, a distributed attack can be initiated from a single computer, and the attack's impact is increased by the amplifiers.

"The impact of a DRDoS attack is proportional to the adoption of the protocol that it is exploiting, as wide adoption makes it easier to find and scale-out the amplifier population," the researchers wrote in a paper.

Experiments conducted by the researchers revealed that attackers can obtain an amplification factor of up to 50 in the case of BitTorrent clients and an amplification factor of up to 120 in the case of BTSync.

According to experts, the most vulnerable BitTorrent clients are the most popular ones; namely uTorrent, Mainline and Vuze.

Attacks that abuse DNS and NTP for reflection can be the easily blocked using a stateful packet inspection (SPI) firewall because DNS and NTP use known ports. However, attacks leveraging BitTorrent protocols can only be mitigated using deep packet inspection (DPI) firewalls that can detect certain strings in the handshake. Attacks that exploit MSE cannot be blocked even with DPI because the handshake is completely random, researchers noted.

"We think a working countermeasure must follow two parallel ways: global ISP coordination to prevent IP spoofing and protocol defense mechanism to avoid protocol exploitation," experts said in their paper.

DRDoS attacks can be very damaging. In February 2014, content delivery network (CDN) CloudFlare reported that one of its customers was targeted in an NTP-based attack that peaked at 400Gbps.

Remember the days when security awareness programs only had to warn employees about website spoofing? Unfortunately, cyber-attack methods have advanced to the point where even trusted, well-known websites can silently infect users via drive-by download attacks. Last year's NBC.com incident is a good example of this growing Internet threat.

The surge in spear-phishing as the top method used by cybercriminals to gain unauthorized access to sensitive data has led to widespread implementation of end user awareness programs.

To minimize cyber risks it is essential that every employee within an organization understand that they are both an asset and a potential security liability. After instituting these programs, odds are high that most employees will know not to open the email attachment from the Nigerian lawyer who claims they are the beneficiary of a large fortune or click on an email link purporting to be from their bank, asking them to confirm their access credentials.

In the past, security awareness programs were simply required to focus on email phishing and website spoofing threats, while providing best practices, such as:

• Don't open attachments from people you don't know;

• Don't open attachments from people you know, but from whom you are not expecting to receive a particular type of file;

• Don't follow website links from unknown email senders; and

• Check the naming convention of website links to assure that they are directing you to a legitimate site.

Unfortunately, the attack on a variety of NBC websites last year proves that employees are no longer safe from drive-by malware threats when visiting reputable websites. In case of the NBC attack, cybercriminals had embedded invisible malicious elements across different websites belonging to the broadcaster. To avoid detection, these elements where periodically rotated. When a user clicked on them, it called on a RedKit to target the computer with up to three different exploit kits, including the Citadel crime ware toolkit, which is designed to steal financial information. The RedKit initially checked whether the user was running outdated versions of software or browser plug-ins. If it detected any outdated software, the vulnerability was exploited to install malicious software on the user's computer.

These type of drive-by attacks are flourishing because exploit kits that allow cybercriminals to compromise websites are readily accessible on the black market. They are very sophisticated and automated, which makes it easy for cybercriminals to scale their attacks across as many web servers as possible. Furthermore, the growing complexity of browser environments adds to the spread of drive-by downloads. As the number of plug-ins, add-ons, and browser versions grow, there are more weaknesses for hackers to exploit and add to their kit.

As a result, users who are simply surfing the Internet can unknowingly stumble upon a compromised website, which may look completely normal. As a matter of fact, cyber-attackers often specifically target well-known and popular websites, since users trust that these websites are being kept free from malware.

In addition, many drive-by attacks are launched following the release of new security patches for common applications such as Acrobat and those than run on the Java platform. Once vendors release a patch, hackers use the information to reverse-engineer the fix, uncovering the underlying vulnerability, which they then target. As a consequence, users who don't quickly update their software remain highly vulnerable to having their computer compromised by malware. This can of course lead to their personal identifiable information being stolen, activities recorded, and their computer becoming part of a botnet. Since many users fail to update the Java runtime environment installed on their computers, Java bugs remain quite popular and effective with cybercriminals.

Earlier this year, cybercriminals took drive-by attacks to the next level by front-ending their attack with robocalls. These automated phone calls urged victims to visit a leading North American wireless phone provider's website to earn hundreds of dollars in rewards. Since the website had been compromised, even cautious users were victimized, leading to stolen access credentials and subsequently account takeovers.

So what can be done to minimize the risk of these new attack techniques?

Obviously, the fundamental best practices are to keep software on endpoints up to date and also disable Java, which is one of the most popular attack vector for many cybercriminals. Beyond these essential steps, organizations should extend their diagnostic efforts. The NBC hack proved that traditional perimeter security measures often do not protect against drive-by attacks. Post-mortem analysis of the attack showed that the particular version of Citadel which was used, was only recognized by three of the 46 antivirus programs available at the time on virustotal.com.

To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking. By doing so, however, it is possible to detect early indicators of an ongoing attack and take steps to mitigate the threat. Since drive-by attacks are only one of many attack techniques, payload data monitoring should be part of an organization's continuous diagnostics program.

This implies an increased frequency of data assessments and requires security data automation by aggregating and normalizing data from a variety of sources such as security information and event management (SIEM), asset management, threat feeds, and vulnerability scanners. In turn, organizations can reduce costs by unifying solutions, streamlining processes, creating situational awareness to expose exploits and threats in a timely manner, and gathering historic trend data, which can assist in predictive security.

Responding to allegations from anonymous ex-employees, security firm Kaspersky Lab has denied planting misleading information in its public virus reports as a way to foil competitors.

"Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," reads an email statement from the company. "Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false."

On Friday, the Reuters news service ran a report charging that the security company had been deliberately classifying routine system files as malware, possibly causing such files to be flagged or deleted on user machines by competing anti-virus software.

The story draws heavily from interviews with two ex-employees, quoted anonymously, who were reportedly familiar with the operation. They had charged that in at least some of the instances, Kaspersky Lab cofounder, Eugene Kaspersky, personally directed planting the file names in the company's virus reports.

Anti-virus companies, including Kaspersky competitors AVG Technologies and Microsoft, will routinely share information about new attacks they find, such as through the Google-owned service for aggregating virus reports, VirusTotal. This practice helps get word out more quickly about emerging threats.

Kaspersky felt that other companies were just copying his work, without offering any contributions of their own, the ex-employees charged.

In 2010, Kaspersky had publicly complained of copycat anti-virus companies. To illustrate his point, his company submitted to VirusTotal the names of 20 benign files, marking them as malicious.

Within a week and a half, the files were marked as malicious by at least 14 security firms, Reuters reported.

While the 2010 operation, which the Lab characterized as an experiment, was public knowledge, the company planted similar false positives unbeknownst by others in the security industry for more than 10 years, especially between the years of 2009 and 2013, the Reuters sources charged.

Kaspersky Lab has denied deliberately planting any other misleading virus information.

SO YOU FINALLY INSTALLED WINDOWS 10 AND JOINED THE RANKS OF THE OTHER 67 MILLION USERS. YOU OPEN YOUR BROWSER TO SEARCH FOR A PLACE TO GRAB LUNCH, AND BING ALREADY KNOWS YOUR LOCATION. YOU NOTICE THAT ALL THE BANNER ADS ARE GEARED TOWARD YOUR SECRET KNITTING HOBBY. AND WHEN YOU OPEN CORTANA TO ASK WHAT'S GOING ON, SHE KNOWS YOUR NAME AND THE EMBARRASSING NICKNAME YOUR MOTHER CALLS YOU.

This may seems like a stretch, but you'd be surprised by the amount of personal information Windows 10 collects from its users—information including phone numbers, GPS location, credit card numbers, and even video and audio messages. Of course, Microsoft's privacy statement outlines all the data that is collected, and you agreed to this when you downloaded Windows 10 and checked the terms of service.

In this Age of the Unread Terms of Service Agreement, it's important to, well, read the ToS. It's too easy for our technologies to gather personal information without our realizing it. Microsoft is far from the only perpetrator, but since it just delivered us an exciting new operating system, it's time to dig into those settings.
The Fine Print

In the privacy statement mentioned before, Microsoft goes through three ways it uses personal data: "(1) to operate our business and provide (including improving and personalizing) the services we offer, (2) to send communications, including promotional communications, and (3) to display advertising." If you want to know more about what Microsoft is talking about, I highly encourage you to browse the privacy statement (seriously), but here's the gist of it:

1. "To operate our business...": Many of Microsoft's applications require personal information in order to operate. For example, if you are using the Maps application, it will need your location to function properly. This instance makes sense, but not all applications are quite as direct with their usage of your information. Cortana also uses your location, and the only way to prevent this is to not use Cortana. Microsoft also collects data to understand why certain applications crash in order to improve them, but this also means tracking your usage of these applications. This means that if Microsoft Office crashes while you are using it, Microsoft will be able to see the Excel or Word documents that were open during the crash.

2. "To send communications...": Microsoft gathers contact information to make sure it can reach you if any of its primary means of communication fail. Recall that Microsoft already disclosed in the privacy statement that it collects the phone number, email, and mailing address of its users. But Microsoft mainly disclosed that it uses this information to send promotions. Microsoft does this because it wants you as a loyal customer, but to manage these communications click here if you have a Microsoft account, or here if you do not. It is also important to mention that this information is shared with "Microsoft partners."

3. "To display advertising": It seems like standard internet procedure to track users in order to sell ads. Facebook does it, Google does it, and Microsoft does it. Microsoft generates revenue from ads, and by selling demographic information to third-party advertisers, Microsoft can make even more. This is called interest-based advertising, and Microsoft even gives you your own advertising ID to make things easier. You can opt-out of interest-based ads, by following this link. However, opting-out does not prevent data collection nor does it result in less ads.
Turning Off the Tracking

First things first: Head to your privacy settings. Hit Start, then finding Settings, then clicking Privacy. From the Privacy menu you can alter how your computer uses the information from your location, microphone, camera and so on. While in the Privacy menu, you'll want to click Feedback & Diagnostics and change the Feedback Frequency to "never" and Diagnostic and Usage Data to "basic." Doing this will help prevent Microsoft from gathering random information.
Guard Your Browser History

Edge sends your Internet browsing history to Microsoft in order to "help Cortana personalize your experience." You can turn this off by clicking on the ellipsis button in the top right corner of Edge, then go to Settings > Advanced Settings > View Advanced Settings, and under Privacy and Services turn off "Have Cortana Assist Me in Microsoft Edge." And while you're in the Privacy and Services menu, make sure you turn off "use page prediction to speed up browsing, improve reading, and make my overall experience better" (which is an incredible title for a default setting).
Don't Get Tricked Into Creating a Microsoft Account

Windows 10 also prompts you by default to create a Microsoft account, but you should probably skip this if you are concerned about your private information. Not creating an account will keep your activity and information local to your computer, while having an account will create a link for Microsoft to piece all of the metadata it gathers back to your identity. Before creating a Microsoft account, be sure to read up on its privacy policy.1

In order to delete or manage your Microsoft account go to Settings > Accounts > Your Account.
Exercise Cortana Caution

While Cortana may be one of the most exciting parts of Windows 10, she's a bit intrusive. Microsoft prides itself on Cortana's ability to learn about you and create a more personal experience, but in order to do this Cortana has to gather a lot information from you. This information includes anything from location, contacts, and even speech and handwriting data. Perhaps most significantly, all your interactions with Cortana are stored in the cloud.

All of this is part of Microsoft's attempt to make Windows 10 more personalized, but if that sounds too creepy for you, you can adjust your settings by logging in here. From there you can clear the "interests" data that Cortana and Bing learned about you, as well as clear other Cortana data including "Speech, Inking and Typing" information.

Researchers have successfully carried out a traffic correlation attack against the Tor Network identifying hidden services with 88 percent accuracy.

Researchers from the Massachusetts Institute of Technology (MIT) have discovered a vulnerability inTor which lead the identification of hidden services with up to 88 percent accuracy.

The team of experts composed of researchers from MIT and the Qatar Computing Research Institute (QCRI) will present their work at the next Usenix Security Symposium.

The discovery is disconcerting, the researcher demonstrated how to unmask Tor hidden services in the Tor Network by analyzing the traffic patterns of encrypted data passing through a single machine in the Tor network.

We have explained several times the routing algorithm implemented by the Tor network, “The Onion Router“, it allows to protect traffic by adopting several layers of encryption.

Deep Web Onion_Routing

The routing process needs that machine in the Tor network exchange a large amount of data during the establishment of a connection to a hidden service.

The researchers demonstrated that “simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 per cent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit or a rendezvous-point circuit.”

The team run a traffic correlation attack, a hacking technique discussed several times when facing Tor hacking.

“Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 per cent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 per cent certainty, identify it as the service’s host.” States the MIT’s full press release .

The experts also suggested a method to mitigate the attack by masking the sequences with dummy packers in a way they all look the same.

“We recommend that [the Tor project] mask the sequences so that all the sequences look the same,” said Mashael AlSabah, an assistant professor of computer science at Qatar University, as well as a researcher at QCRI and a visiting scientist at MIT. To defend against that kind of attack, he added, Tor needed to “send dummy packets to make all five types of circuits look similar.”

“For a while, we’ve been aware that circuit fingerprinting is a big issue for hidden services,” said David Goulet, a developer with the Tor project. “This paper showed that it’s possible to do it passively – but it still requires an attacker to have a foot in the network and to gather data for a certain period of time.”

“We are considering their countermeasures as a potential improvement to the hidden service,” he added. “But I think we need more concrete proof that it definitely fixes the issue.”

Which is the comment of the Tor Project?

A spokesman for the Tor Project confirmed to The Register that the attack presented by the boffins is a known issue, anyway it is difficult to carry on.

“It’s is a known issue that hidden service circuits are noticeable in certain situations, but this attack is very difficult to execute. The countermeasures described in the paper are interesting since the authors claim that deploying some of them would neutralize their attack and better defend against hidden service circuit fingerprinting attacks in general.” said the spokesman for the Tor Project. “We need more concrete proof that these measures actually fix the issue,” the spokesman continued, adding: “We encourage peer-reviewed research into both attacks against and defenses of the Tor network.”

 

Page 1 of 2

We use cookies to maintain login sessions, analytics and to improve your experience on our website. By continuing to use our site, you accept our use of cookies, Terms of Use.