The security flaw, discovered by Peter Winter-Smith from NCC Group, allows a hacker to bypass the authentication process on the servers and gain access to the system without having to enter a password.

An attacker can do this by sending the SSH server “SSH2_MSG_USERAUTH_SUCCESS” message instead of the “SSH2_MSG_USERAUTH_REQUEST” message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate.

The libssh system will treat this message to mean the authentication has already taken place and allow the attacker access to the server. The flaw (CVE-2018-10933) was released in January 2014 in release 0.6.0.

It’s estimated that the vulnerability currently affects at least 3000 servers, however this is based on a small search and the scale of the problem is not yet known. There were concerns that the popular version control site for developers to work collaboratively on projects, GitHub, was affected but they have released a statement denying this. Github claims the way they use libssh means they are not vulnerable to this exploit.

“We use a custom version of libssh; SSH2_MSG_USERAUTH_SUCCESS with the libssh server is not relied upon for pubkey-based auth, which is what we use the library for,”

a GitHub security official said on twitter

While we use libssh, we can confirm that https://t.co/0iKPk21RVu and GitHub Enterprise are unaffected by CVE-2018-10933 due to how we use the library.

— GitHub Security (@GitHubSecurity) October 16, 2018

The security flaw is only on the server side, meaning users who have a libssh based SSH client installed on their computer will be safe from potential attackers looking to exploit this vulnerability.

While there are currently no public exploits available for the vulnerability, they are easy to put together so these are likely to pop up online in the coming days and weeks.

The team at libssh released versions 0.8.4 and 0.7.6 yesterday to handle this bug.

The post Libssh Security Flaw leaves thousands of servers vulnerable to hijacking appeared first on Hack Ware News.

Tenable researcher, Jacob Baines, has discovered multiple vulnerabilities in the Mikrotik routers; four separate security flaws that are vulnerable to hacking attacks. Mikrotik made it into the news in September after it was discovered routers had been hijacked using a security flaw on the RouterOS, and attackers we able to spy on users.

RouterOS, Mikrotik’s operating system was found to have around four security flaws. This includes a remote code execution vulnerability (CVE-2018-1156), File upload memory exhaustion flaw (CVE-2018-1157), recursive JSON parsing stack exhaustion (CVE-2018-1158), and www memory corruption (CVE-2018-1159).

While these are separate vulnerabilities, they all require legitimate user credentials before being able to exploit. These vulnerabilities are particularly dangerous, allowing an attacker to gain full control of the system, by remote attacks.

This security vulnerability has been exploited in the past, memorably the hacking of 7500 routers for intercepting user’s traffic and the cryptojacking campaign in which routers were exploited for cryptocurrency mining.

According the Tenable the multiple vulnerabilities affected RouterOS versions 6.42.6 and 6.40.8. Tanable contacted MikroTik in May 2018 to inform them about the flaws, after which Mikrotik released patches to fix the issue. However, not everyone is vigilant with patching their router when these flaws become known, and Jacob Baines has estimated that around 200,000 routers across the world may still be open to this exploit.

We second Tenable’s statement in encouraging users to update their system to the latest patch at the earliest possible time to help protect against these security vulnerabilities.

The post Several vulnerabilities found in RouterOS that Affected MikroTik Routers appeared first on Hack Ware News.

The servers are designed in the US by an American company called Super Micro, and do not include the chip in their designs. It is thought the chip must have been added in China, during the manufacturing process for the servers. The chip is an example of a “hardware hack” where hardware is modified to perform functions that wasn’t originally intended in the design. It is suspected the purpose of the chip is to spy on American companies and their users.

The lengthy publication by Bloomberg reports that Apple and Amazon were among those companies affected, but both companies refute the claim. An Apple spokesperson told Bloomberg that they had no history of finding malicious chips or hardware manipulations in any of its servers. Apple no longer used Super Micro servers after ending their contract with them in 2016.

Amazon also disputes the claims about their servers containing malicious chips and says they have not worked with the FBI to investigate malicious hardware within the company. Super Micro join Apple and Amazon in denying the claims about its servers.

In response to the allegations, China’s Ministry of Foreign Affairs released a statement saying “China is a resolute defender of cybersecurity. It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit. Supply chain safety in cyberspace is an issue of common concern, and China is also a victim. China, Russia, and other member states of the Shanghai Cooperation Organization proposed an “International code of conduct for information security” to the United Nations as early as 2011. It included a pledge to ensure the supply chain security of information and communications technology products and services, in order to prevent other states from using their advantages in resources and technologies to undermine the interest of other countries. We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Chinese Spying Chips Found Hidden on US companies’ servers appeared first on Hack Ware News.

Apple has long been considered a safer option for mobile users, the company designs its products with advanced security in mind and has been known to continually remove and ban apps from the app store that aren’t secure enough. However, with the release of iOS 12 and iOS 12.1 beta, Apple has come under scrutiny after it was discovered that a security flaw allows a user to bypass the passcode to gain access to the photos and contacts of the locked iPhone.

How does this exploit work?

There is a several step process to get into a locked iPhone running iOS12, and this isn’t something you’re likely to do by accident. Firstly, it’s important that FaceID is disabled. Even so, below is how it works step by step:

1. Use Siri to enable voice over.
2. Call the phone you want to get into so that the call screen appears
3. Click on the “Message” button on the call screen and select “custom”
4. Click on the + icon in the corner, and then send a message to the phone to get a notification, before double tapping the + icon. This should cause the screen to go white.
5. Swipe randomly on the screen until you here a “cancel” option
6. Double tap on the screen to bring up the message again and select numbers, this will bring up all of the contacts.

The process to get into photos also works through voiceover, and only allows you access to one photo at a time, that you can’t view before you select it as a contact photo. Getting into the phone would allow an attacker to steal contact information, or change contact information within the phone, as well as seeing restricted photos. Apple have not yet responded to the news, but it is expected that they will release a patch to fix the issue shortly.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post IOS 12 allows Passcode Bypass appeared first on Hack Ware News.

Telegram Messenger’s main selling point is security, allowing users to create encrypted chats and phone calls. However, it was revealed on Friday 29 September that a default configuration within the app allows it to leak a user’s IP address when making a call. The default setting causes the IP address of the person you are calling to appear in the console logs when Peer-to-Peer (P2P) calling. Not all versions of the app have a console log, for example researchers didn’t find the console log included in tests with Windows but did for the Linux version.

Users on mobile can disable Peer-To-Peer calling, in turn disabling the sharing of their IP address, doing this causes the user’s calls to be routed instead through Telegram’s servers, providing anonymity. The drawback of this is that users will experience a small decrease in audio quality when making calls.

The security flaw is more significant for desktop users. Security researcher Dhiraj found that the desktop Telegram app doesn’t offer the ability to disable P2P calls, meaning their IP would be leaked whenever they use Telegram to make a call.  Dhirai alerted the flaw to Telegram, highlighting it was a security concern that desktop users were not able to disable P2P calling. Telegram awarded him €2000 for his efforts. Telegram also released a fix in response to the issue, and users on versions 1.3.17 and 1.4.0 can now disable P2P calls on Desktop.

As to why Telegram allowed P2P calls in the first place when they knew it could leak the IP addresses of their security conscious user base, we don’t know.

Photo by Christian Wiediger on Unsplash

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Secure Messenger app, Telegram, leaking users IP addresses appeared first on Hack Ware News.

The teen told the court he hacked into Apple’s server’s multiple times, over the course of a year, between 2015 and 2017. His presence was eventually detected on the servers, leading to him being blocked and the Federal Bureau of Investigation (FBI) contacted to conduct an investigation. The FBI enlisted the help of the Australian Federal Police (AFP), who located the teen and raided his home to arrest him. The AFP seized several Apple products from his home, including 2 laptops, a mobile phone, and a hard drive harbouring a suspicious file, aptly name “Hacky Hack Hack Methods Exclude”. The data they seized was found to be sensitive from a commercial point of view.

The court heard that the teen used a virtual private network (VPN) in order to remotely connect to Apple’s systems and steal data. He did this by installing a malicious script, designed to access the systems and bypass the security and firewall features, eventually leading them to the right places, where they could download the data.

In response to this attack, Apple has released a statement assuring customers that no personal information was gained from the attack. The lenient sentence has meant that the unnamed boy can now move on with this life and go to university, where he intends to study criminology and cyber safety.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Teen who hacked Apple gets no Jail Time appeared first on Hack Ware News.

The vulnerability is a use-after-free (UAF) attack, which works by exploiting the cache invalidation bug in the Linux memory management system, allowing an attack root access to the target system. UAF vulnerabilities are a type of memory-based corruption bug. Once attackers gain access to the system, they can cause system crashes, alter or corrupt data, and gain privileged user access.

Jann Horn, the white hat hacker who discovered the vulnerability says his PoC has been made available to the public and “takes about an hour to run before popping a root shell”. Linux kernel maintainers have responded to the vulnerability rapidly, fixing the issue with a patch in only two days. Linux kernel maintainers fast response has put other Linux distributions under scrutiny after Debian and Ubuntu took over a week to provide updates on the issue.

Two versions, Debian 16.04 and Ubuntu 18.04 have still not been patched as of Wednesday 26 September. Ubuntu have responded to the criticism to announce they will likely be ready to release the patches around October 1.

Researcher Horn warns that although this vulnerability has been patched, attackers may find another way, this is particularly a concern since Linux distributions don’t publish kernel updates regularly. This vulnerability highlights the importance of having a secure kernel configuration and is something users should be vigilant about.

This is the latest in notable discoveries for Jann Horn, who also discovered the Meltdown and Spectre vulnerabilities affecting modern CPUs.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Google’s Project Zero has discovered a major Linux kernel vulnerability appeared first on Hack Ware News.

Some of these apps get removed from the store, however many fly under the radar. It’s estimated that hackers are developing new malware to target Android devices every 17 seconds. There Is increasing pressure on Google and its security measures when it comes to keeping users’ information safe.

An IT researcher at ESET, Lukas Stefanko. Discovered a banking Trojan hidden within an app on the Play Store. The app was downloaded by over 10,000 users and to date has stolen more than €10,000 (£8,916-$11,730). The Trojan works by bypassing the SMS two-factor authentication process and targets users and banks in Poland, Germany and the Czech Republic.

This malicious software can be hidden in a range of different and unsuspecting apps. Stefanko found a version of this Trojan in a QRecorder, an app designed to record your phone calls. After installing, the app would ask the user for permission to use your apps or information on the device to improve the functionality of the app. Rather than improving functionality, it can then collect your data, as well as manipulating what you see on the device, so no suspicions are flagged. The stolen data would then be send to a command and control center (C&C) where attackers can use it.

Android users are encouraged to keep their operating system software up to date and install anti-virus software to stay safe from these kinds of attacks when downloading apps from the Play Store.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Banking Trojan found hidden in apps on the Google Play Store appeared first on Hack Ware News.

The first computers ever created featured meager storage capacities that barely exceeded one megabyte. We’ve come a long way since then; on an individual scale, we can fill up a terabyte of storage or two easily, so unless you have the extra storage to back up your data, you’ll have to go out and buy a new hard drive.

Or not. Cloud storage has become quite affordable and popular if you go beyond the big names like iCloud and Dropbox. In fact, you can buy 3TB of cloud storage space from Degoo Backup for only $64.99.

A Degoo Premium backup plan allows you to securely backup your data to Degoo’s servers with 256-bit AES encryption. Degoo supports all devices running on at least Windows XP, Mac OS X 10.7, iOS 10, and Android 4.1, so you can backup all of your devices, mobile or desktop. You can also easily replicate your backups and send backed up files to friends via email or a generated link. And best of all, your backups will automatically be kept up to date with automatic file change detection.

Degoo Backup offers 2TB and 3TB Premium backup plans for $1,200 and $1,500 respectively. However, you can buy 3TB for only $64.99, or a fraction of the original price.

 

Degoo Premium: Lifetime 2TB Backup Plan – $65.99

See Deal

The post Back Up Your Data for Life for $65 with Degoo Premium appeared first on Hack Ware News.

The vulnerability discovered by Qualys, the cloud-based security provider, could affect all versions of the kernel released between July 2007 and July 2017, covering the Linux, Red Hat, CentOS and Debian operating systems. The vulnerability has been dubbed “Mutagen Astronomy” and has the potential to be very dangerous if exploited successfully.

The vulnerability is an example of a local privilege escalation, wherein the memory tables can be exploited by attackers who have gained access to the system, and then can install malicious software that will gain root access to the system, allowing them to control of the system. The exploit would only work on 64-bit systems, since 32-bit systems do not have a large enough address field to exploit the flaw.

On 31 August 2018 Qualys reported their findings to Red Hat, who assigned it a high severity CVSS score of 7.8. Since the investigation, Red Hat have started to release security updates to target the issue. The Mutagen Astronomy vulnerability also does not affect Red Hat Enterprise Linux 5 installed on the Linux Kernel.

Until a full patch has been released, Red Hat Enterprise Linux users can apply a temporary fix which is available through this customer portal page and are encouraged to do so. (https://access.redhat.com/security/cve/cve-2018-14634)

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Dangerous Linux Vulnerability is discovered by security researchers appeared first on Hack Ware News.