Posted on

Massive Health Care Data Breach in Norway

Cybercriminals have stolen a massive trove of Norway’s healthcare data in a recent data breach, which likely impacts more than half of the nation’s population.

An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million Norwegians out of the country’s total 5.2 million inhabitants.

Health South-East RHA is a healthcare organisation that manages hospitals in Norway’s southeast region, including Østfold, Akershus, Oslo, Hedmark, Oppland, Buskerud, Vestfold, Telemark, Aust-Agder and Vest-Agder.

Read more at https://thehackernews.com/2018/01/healthcare-data-breach.html

Mahesh Balan

Director
Mob:+91 94440 19237

Posted on

Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

A critical remote code execution vulnerability has been reported in

Electron

—a popular web application framework that powers thousands of widely-used desktop applications including Skype, Signal, WordPress and Slack—that allows for remote code execution.

Electron is an open-source framework that is based on Node.js and Chromium Engine and allows app developers to build cross-platform native desktop applications for Windows, macOS and Linux, without knowledge of programming languages used for each platform.

The vulnerability, assigned as the number CVE-2018-1000006, affects only those apps that run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://.

"Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron’s app.setAsDefaultProtocolClient API," Electron says in an advisory published Monday.

The Electron team has also confirmed that applications designed for Apple’s macOS and Linux are not vulnerable to this issue, and neither those (including for Windows) that do not register themselves as the default handler for a protocol like myapp://.

The Electron developers have already released two new versions of their framework, i.e. 1.8.2-beta.4, 1.7.11, and 1.6.16 to address this critical vulnerability.

"If for some reason you are unable to upgrade your Electron version, you can append—as the last argument when calling app.setAsDefaultProtocolClient, which prevents Chromium from parsing further options," the company says.

End users can do nothing about this vulnerability; instead, developers using Electron JS framework have to upgrade their applications immediately to protect their user base.

Much details of the remote code execution vulnerability have not been disclosed yet, neither the advisory named any of the vulnerable apps (that make themselves the default protocol handler) for security reason.

We will update you as soon as any details about the flaw come out.

Read the Full Article here: >The Hacker News [ THN ]

Posted on

Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

A critical remote code execution vulnerability has been reported in

Electron

—a popular web application framework that powers thousands of widely-used desktop applications including Skype, Signal, WordPress and Slack—that allows for remote code execution.

Electron is an open-source framework that is based on Node.js and Chromium Engine and allows app developers to build cross-platform native desktop applications for Windows, macOS and Linux, without knowledge of programming languages used for each platform.

The vulnerability, assigned as the number CVE-2018-1000006, affects only those apps that run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://.

“Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron’s app.setAsDefaultProtocolClient API,” Electron says in an advisory published Monday.

The Electron team has also confirmed that applications designed for Apple’s macOS and Linux are not vulnerable to this issue, and neither those (including for Windows) that do not register themselves as the default handler for a protocol like myapp://.

The Electron developers have already released two new versions of their framework, i.e. 1.8.2-beta.4, 1.7.11, and 1.6.16 to address this critical vulnerability.

“If for some reason you are unable to upgrade your Electron version, you can append—as the last argument when calling app.setAsDefaultProtocolClient, which prevents Chromium from parsing further options,” the company says.

End users can do nothing about this vulnerability; instead, developers using Electron JS framework have to upgrade their applications immediately to protect their user base.

Much details of the remote code execution vulnerability have not been disclosed yet, neither the advisory named any of the vulnerable apps (that make themselves the default protocol handler) for security reason.

We will update you as soon as any details about the flaw come out.

Read the Full Article here: >The Hacker News [ THN ]

Posted on

Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework

A critical remote code execution vulnerability has been reported in

Electron

—a popular web application framework that powers thousands of widely-used desktop applications including Skype, Signal, WordPress and Slack—that allows for remote code execution.

Electron is an open-source framework that is based on Node.js and Chromium Engine and allows app developers to build cross-platform native desktop applications for Windows, macOS and Linux, without knowledge of programming languages used for each platform.

The vulnerability, assigned as the number CVE-2018-1000006, affects only those apps that run on Microsoft Windows and register themselves as the default handler for a protocol like myapp://.

“Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron’s app.setAsDefaultProtocolClient API,” Electron says in an advisory published Monday.

The Electron team has also confirmed that applications designed for Apple’s macOS and Linux are not vulnerable to this issue, and neither those (including for Windows) that do not register themselves as the default handler for a protocol like myapp://.

The Electron developers have already released two new versions of their framework, i.e. 1.8.2-beta.4, 1.7.11, and 1.6.16 to address this critical vulnerability.

“If for some reason you are unable to upgrade your Electron version, you can append—as the last argument when calling app.setAsDefaultProtocolClient, which prevents Chromium from parsing further options,” the company says.

End users can do nothing about this vulnerability; instead, developers using Electron JS framework have to upgrade their applications immediately to protect their user base.

Much details of the remote code execution vulnerability have not been disclosed yet, neither the advisory named any of the vulnerable apps (that make themselves the default protocol handler) for security reason.

We will update you as soon as any details about the flaw come out.

Read the Full Article here: >The Hacker News [ THN ]

Posted on

Test your web browser’s cryptojacking protection

by

Martin Brinkmann

on January 23, 2018 in

Internet

– Last Update: January 23, 2018 –

11 comments

Cryptojacking is a relatively new threat on the Internet. It refers to websites abusing computing resources of visitors to mine cryptocurrency.

Internet users notice that something is wrong when the computer they use slows down to a crawl suddenly and when fans speed up in an attempt to cool down components of the device that get hammered.

The main issue with cryptojacking is that it is done behind the backs of users. Sites load cryptomining scripts on load to mine cryptocurrency using the resources of the computer of the user visiting the site. There is no opt-in process or information on what is going on.

Sites run these scripts to generate revenue. One of the advantages of running mining operations in the browser is that it happens in the background. It does not interfere with the site’s layout or content.

Browser extensions may load crypto mining scripts as well. These work in the background just like scripts loaded by sites.

Cryptojacking Test

cryptojacking test

Opera Software was the first browser-making company that implemented anti-crypto mining protections in the browser natively.

While Opera was the first browser, content-blocking lists added cryptomining scripts before Opera did so.

Opera Software engineers created a site that you may visit to test whether you are protected against cryptojacking.

Visit the website and click on the start button on it to run the test. It won’t take longer than a couple of seconds to complete and the result is either that the browser that you are using is protected or unprotected.

Opera Software displays aggregate ratings on the site as well. 73.6% of all users are protected from cryptojackingat the time of writing according to the statistics on the page.

Users who run browsers that are not protected have several options at their disposal to protect their browsers against crypto mining attacks.

  1. Use a browser extension that protects against JavaScript mining scripts.
  2. Use the Opera browser with ad-blocking enabled.
  3. Use a security software that protects against mining scripts.
  4. Install an anti-mining browser extension.
  5. Disable JavaScript on untrusted sites.

Closing Words

Opera tests the protection against a Coin Hive script only which leaves the possibility that the browser is vulnerable to these scripts. It is only a matter of time usually before new scripts or URLs do get blocked though.

Now You: Did you run into cryptomining sites in the past?

Related articles

Summary

Article Name

Test your web browser’s cryptojacking protection

Description

Cryptojacking is a new threat on the Internet. It refers to sites loading scripts that mine cryptocurrency using visitor’s devices. Take the Cryptojacking Test to find out if you are protected.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Read the Full Article here: >Top 100 Network Security Tools

Posted on

USBPcap – USB Packet Capture For Windows

USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.

USBPcap - USB Packet Capture For Windows

Currently, the live capture can be done on “standard input” capture basis: you write a magic command in cmd.exe and you get the Wireshark to capture raw USB traffic on Windows.

USBPcapDriver has three “hats”:

  • Root Hub (USBPCAP_MAGIC_ROOTHUB
  • Control (USBPCAP_MAGIC_CONTROL)
  • Device (USBPCAP_MAGIC_DEVICE)

What you won’t see using USBPcap

As USBPcap captures URBs passed between functional device object (FDO) and physical device object (PDO) there are some USB communications elements that you will notice only in hardware USB sniffer.

These are:

  • Bus states (Suspended, Power ON, Power OFF, Reset, High Speed Detection Handshake)
  • Packet ID (PID)
  • Split transactions (CSPLIT, SSPLIT)
  • Duration of bus state and time used to transfer packet over the wire
  • Transfer speed (Low Speed, Full Speed, High Speed)

Moreover, you won’t see complete USB enumeration. You will only see the USB control transfer send to device after the device has been assigned its address.

There is also this to check out:

SnoopyPro – Windows USB Sniffer Tool

You can download USBPcap here:

Windows: USBPcapSetup-1.2.0.3.exe
Source: USBPcap-1.2.0.3.zip

Or read more here.

Read the Full Article here: >Darknet – The Darkside

Posted on

Organizations could face up to $19 billion in losses if a cloud provider is hacked

If a hacker were to gain control of a cloud provider for over three days, businesses could face losses up to a whopping $19 billion, with SMBs carrying the largest economic and insurance losses, according to a new report. In partnership with the American Institutes for Research , insurance market Lloyd’s of London is unveiling a new report detailing the financial impact of a cyberattack on a US cloud provider.

Start the conversation, or Read more at BetaNews.

Read the Full Article here: >Computer Security News

Posted on

Canadian university scammed out of $11.8 million

MacEwan University in Edmonton, Alberta, is the latest confirmed victim of scammers.

university scam

“On Wednesday, August 23, MacEwan University discovered it had been the victim of a phishing attack. A series of fraudulent emails convinced university staff to change electronic banking information for one of the university’s major vendors. The fraud resulted in the transfer of [Canadian] $11.8 million to a bank account that staff believed belonged to the vendor,” the Canadian university shared.

After the fraud was discovered, the university conducted an audit of business processes through its internal audit group and with the help of outside experts.

“Preliminary assessment has determined that controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed,” they noted.

Since them, additional controls were put in place to prevent further incidents.

Once the fraud was discovered after the real vendor complained of non-payment, the accounts to which the funds were sent were traced to Canada and Hong Kong, and local law enforcement agencies were contacted.

Corporate security units of banks involved with the e-transfers were also notified, and they managed to freeze the funds. The university is working with legal counsel in Montreal, London and Hong Kong to pursue civil action to recover the money.

No further details about the phishing attack were revealed, but it’s obvious this is a variant of the business email compromise (BEC) scam: the so-called “payment instruction switch” or “the supplier swindle.”

“There is never a good time for something like this to happen,” said university spokesman David Beharry, “but as our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident. Personal and financial information, and all transactions made with the university are secure. We also want to emphasize that we are working to ensure that this incident will not impact our academic or business operations in any way.”

Read the Full Article here: >Help Net Security – News

Posted on

Want To Try Hacking Computers Legally? Here’s How

Have you ever fancied yourself as a computer hacker or penetration tester? Have you ever read about hacking and wondered just how easy or hard it would actually be to achieve?

Of course, hacking someone else’s computer without their permission is illegal pretty much everywhere. And setting up a network of computers yourself, purely to hack them, is time-consuming. But thankfully there’s another way.

Hack The Box is a network of computers which has been set up for you to hack. It’s all legal, and the idea is to allow people to test their technical skills and techniques. It’s also free to use, and good fun. But be aware that it’s aimed at people with a good deal of technical knowledge (or those who think they have it!).  Read More

Read the Full Article here: >Gizmos Freeware Reviews