Archive for December 30, 2015

Mainland China behind targeting Taiwanese politicians ahead of election

FireEye security researchers have found a new threat that is being called Advanced Persistent Threat  that is being linked to mainland china , targeting Taiwanese politicians and members of the media,  weeks before elections in Taiwan  . 

First attack were recorded on November 26, against members of Taiwan's Democratic Progressive Party (DPP) 


DDP, is  the main opposition party and was expected to easily win against the Kuomintang (KMT) party, which promotes more friendly policies with China . Members of DDP and pro media outlets were attacked .


According to the technical analysis done by FireEye, target were sent email email that were related to "DPP's Contact Information Update " as to lure them to  open the email thus leading to the download and installation of ELMER backdoor trojan. 


Vulnerabilities that have been used were : Microsoft Office (CVE - 2015-2545) and Windows (CVE-2015-2546) and third Windows local privilege escalation vulnerabilty (CVE-2015-1701).


This type of booby trapped Word documents was never encountered ."Chinese government would able to predict results , additional intelligence on polirics, activists and others who interact with journalists " confirmed Ryann Winters , of FireEye threat intelligence.

Bahamian accused of hacking celebrities e-mail accounts


A man from Bahamas has been accused by Federal prosecutors of hacking around 130 accounts of celebrities.

Twenty three years-old, Alonzo Knowles from Freeport was arrested on Monday (December 21) after he allegedly boasted to undercover agents of possessing dossiers on at least 130 accounts of stars in entertainment, sport and the media. He also claimed to own a sex tape too.

After the arrest, he offered to sell the undercover agent about 15 TV and movie scripts for $80,000.
He was held without bail on criminal copyright infringement and identity theft charges after appearing in New York’s court.

Prosecutors told the court that Knowles owned an actor's passport and the social security numbers for three professional athletes while gaining simultaneous access to unreleased tracks from a singer-songwriters upcoming album and an explicit video from a radio host’s email account.

Though the victims were not identified but prosecutor Kristy Greenberg told the judge that several people were traumatized by the theft of their personal information. 

The investigation began earlier this month Department of Homeland Security investigators was contacted by a popular radio show’s executive producer when the host informed him of an offer received by someone selling scripts for the next season of a popular TV drama.

Authorities followed that offer to Knowles who called himself Jeff Moxey and claimed to have exclusive content worth hundreds of thousands of dollars.

Knowles claimed to hack into celebrity accounts by sending either a computer virus or a false warning that the target’s account had been compromised and using that information he changed the account’s email settings so that he could maintain ongoing access.

The case comes at a time when security is a sensitive subject in Hollywood.

Hackers broke into Sony Pictures Entertainment computers last year and released a number of emails, documents, Social Security numbers and other personal information.

Last year, hackers also broke into female celebrities' personal Apple accounts, stole nude photos and posted them on the web.


Actresses Jennifer Lawrence and Mary Elizabeth Winstead were among the victims. 

Bahamian accused of hacking celebrities e-mail accounts


A man from Bahamas has been accused by Federal prosecutors of hacking around 130 accounts of celebrities.

Twenty three years-old, Alonzo Knowles from Freeport was arrested on Monday (December 21) after he allegedly boasted to undercover agents of possessing dossiers on at least 130 accounts of stars in entertainment, sport and the media. He also claimed to own a sex tape too.

After the arrest, he offered to sell the undercover agent about 15 TV and movie scripts for $80,000.
He was held without bail on criminal copyright infringement and identity theft charges after appearing in New York’s court.

Prosecutors told the court that Knowles owned an actor's passport and the social security numbers for three professional athletes while gaining simultaneous access to unreleased tracks from a singer-songwriters upcoming album and an explicit video from a radio host’s email account.

Though the victims were not identified but prosecutor Kristy Greenberg told the judge that several people were traumatized by the theft of their personal information. 

The investigation began earlier this month Department of Homeland Security investigators was contacted by a popular radio show’s executive producer when the host informed him of an offer received by someone selling scripts for the next season of a popular TV drama.

Authorities followed that offer to Knowles who called himself Jeff Moxey and claimed to have exclusive content worth hundreds of thousands of dollars.

Knowles claimed to hack into celebrity accounts by sending either a computer virus or a false warning that the target’s account had been compromised and using that information he changed the account’s email settings so that he could maintain ongoing access.

The case comes at a time when security is a sensitive subject in Hollywood.

Hackers broke into Sony Pictures Entertainment computers last year and released a number of emails, documents, Social Security numbers and other personal information.

Last year, hackers also broke into female celebrities' personal Apple accounts, stole nude photos and posted them on the web.


Actresses Jennifer Lawrence and Mary Elizabeth Winstead were among the victims. 

Critical vulnerabilities patched in Juniper

Juniper has released a patch for critical vulnerabilities in devices running ScreenOS® software.

While reviewing code, Juniper  found an unauthorized code in ScreenOS that could allow hackers to have administrative access to NetScreen® devices and decrypt VPN connections.

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS”, Bob Worrall, SVP Chief Information Officer, wrote on their website.

These vulnerabilities has affected all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20,

According to website, they haven’t received any reports of exploitation of these vulnerabilities. But, they strongly recommend users to update their systems, and apply the new patched releases.

“Juniper is committed to maintaining the integrity and security of our products. Consistent with industry best practices, this means releasing patches for products in a timely manner to maintain customer security. We believed that it was in our customers’ best interest to issue these patched releases with the highest priority. We strongly recommend that all customers update their systems and apply these patched releases as soon as possible”, says  Bob.

The company has eased  its users that they are taking this matter seriously, and anyone who finds difficulty in  applying this update to systems  can e-mail them at sirt@juniper.net or visit their website http://advisory.juniper.net.

Severe flaw detected in FireEye

Analysts working on the Google's Project Zero security team have found a severe flaw in the FireEye kit that is capable to allow the attackers to spam corporate networks by the help of a single email. 


(pc-google images)
The flaw which has been named as "666", due to its origin from the Project Zero vulnerability number, is a passive monitoring hole that is with respect to hacker Tavis Ormandy description is a "nightmare scenario". Patches have been made and launched for FireEye's NX, FX and AX boxes.

Ormandy along with Google box popper Natalie Silvanovich discovered the hole as part of tideous vulnerability research for major security software flaws. He credits the security firm for fixing the breach in two days. The patch completely neutralises the effect of the attacks. The exploit is very severe, as all of the kit above are vulnerable in their classic, primitive state. FireEye is reportedly providing support to the customers with expired contracts as well.

Earlier, Ormandy stated that "For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,". "This would mean an attacker would only have to send an email to a user to gain access to a persistent network tap - the recipient wouldn’t even have to read the email, just receiving it would be enough ... an attacker can send an email to a user or get them to click a link, and completely compromise one of the most privileged machines on the network."

Corporations without the patched boxes are at higher risk of confidential data theft, traffic tampering, persistent root-kits, attackers moving lateral through networks and, Ormandy believes, "even self-propagating internet worms" will be out at large.

More details on the vulnerability can be found here.