ROOM ZKE
Translation Page | USAComment.com
USAComment.com
Zicutake USA Comment | Search Articles



#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
 Smiley face
PROXY LIST
 Smiley face
Zicutake BROWSER
 Smiley face Encryption Text and HTML  Smiley face Conversion to JavaScript 
 Smiley face Mining Satoshi | Payment speed 
 Smiley face
CREATE ADDRESS BITCOIN
Online BitTorrent Magnet Link Generator
JOURNAL WORLD:

SEARCH +8 MILLIONS OF LINKS ZICUTAKE STATE

#Security

#Security


Counterfeit Code-Signing certificates even more popular, but still too expensive

Posted: 25 Feb 2018 07:10 AM PST

Code-signing certificates are precious commodities in the criminal underground, they are used by vxers to sign malware code to evade detection.

Other precious commodities in the criminal underground are code-signing certificates, they allow vxers to sign the code for malware to evade detection. Operators of the major black markets in the darknets buy and sell code-signing certificates, but according to an interesting research conducted by threat intelligence firm Recorded Future, the prices for them are too expensive for most hackers.

Cybercriminals would use the Dark Web for selling high-grade code certificates -which they have obtained from trusted certificate authorities- to anyone that is interested in purchasing them.

Sales of code signing certificates have increased considerably since 2015 when experts from IBM X-Force researchers provided some best practice guides on checking for trusted certificates.

Digital certificates allow companies to trust the source code of a software and to check its integrity, The certificates are issued by the certificate authorities (CAs) and are granted to companies that generate code, protocols or software so they can sign their code and indicate its legitimacy and originality.

Using signing certificates is similar to the hologram seal used on software packages, assuring they are genuine and issued from a trusted publisher. Users would receive alerts in an attempt to install files that are not accompanied by a valid certificate. This is why cybercriminals aim to use certificates for legitimizing the malware code they make.

According to Andrei Barysevich, Director of Advanced Collection at Recorded Future, most of the code-signing certificates are obtained by hackers due to fraud and not from security breaches suffered by the CAs.

“Recorded Future's Insikt Group investigated the criminal underground and identified vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates.” states the report published by Recorded Future.

“Contrary to a common belief that the security certificates circulating in the criminal underground are stolen from legitimate owners prior to being used in nefarious campaigns, we confirmed with a high degree of certainty that the certificates are created for a specific buyer per request only and are registered using stolen corporate identities, making traditional network security appliances less effective.”

Cybercriminals offer the precious commodity via online shops, when buyers place an order the shop’s operators used stolen identities from a legitimate company and its employees to request the certificate for a fake app or website to the CAs (i.e. Comodo, Thawte, and Symantec).  The certificates are used to encrypt HTTPS traffic or sign apps.

Recorded Future's Insikt Group investigated the criminal ecosystem and identified vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates.

The researchers identified four well-known vendors operating since 2011, only two vendors are currently still active in Russian-speaking crime forums.

“One of the first vendors to offer counterfeit code signing certificates was known as C@T, a member of a prolific hacking messaging board.” continues the report. “In March 2015, C@T offered for sale a Microsoft Authenticode capable of signing 32/64b versions of various executable files, as well as Microsoft Office, Microsoft VBA, Netscape Object Signing, and Marimba Channel Signing documents, and supported Silverlight 4 applications. Additionally, Apple code signing certificates were also available.”

code-signing-certificates

Prices for code-signing certificates range from $299 to $1,799, most expensive items are the fully authenticated domains with EV SSL encryption and code signing capabilities.

“Standard code signing certificates issued by Comodo that do not include SmartScreen reputation rating cost $295. A buyer interested in the most trusted version of an EV certificate issued by Symantec would have to pay $1,599, a 230 percent premium compared to the price of the authentic certificate.” continues the report.

“For those seeking to purchase in bulk, fully authenticated domains with EV SSL encryption and code signing capabilities could also be arranged for $1,799”

code-signing certificates offer

 

According to recorded future, code signing certificates are not widespread among malware developers due to the high price.

Vxers prefer to pay less for other AV evasion tools, such as crypters (readily available at $10-$30)that represent an excellent compromise between cost and effectiveness

“Unlike ordinary crypting services readily available at $10-$30 per each encryption, we do not anticipate counterfeit certificates to become a mainstream staple of cybercrime due to its prohibitive cost.” concluded the report. “However, undoubtedly, more sophisticated actors and nation-state actors who are engaged in less widespread and more targeted attacks will continue using fake code signing and SSL certificates in their operations”

Pierluigi Paganini

(Security Affairs –  code signing certificates, cybercrime)

The post Counterfeit Code-Signing certificates even more popular, but still too expensive appeared first on Security Affairs.

Czech President wants Russian hacker Yevgeni Nikulin extradited to Russia instead of US

Posted: 25 Feb 2018 05:14 AM PST

Czech President Milos Zeman wants the Russian hacker Yevgeni Nikulin to be extradited to Russia instead of the US, he is charged with hacking against social networks and frauds.

Yevgeni Nikulin (29) was requested by the US for alleged cyber attacks on social networks and by the Russian authorities that charged him with frauds.

According to US authorities, the man targeted LinkedIn and Formspring and hacked into the file hosting service Dropbox.

The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI.

The case in the middle of an arm wrestling between Moscow and Washington, the US Government are accusing Russia to have interfered with 2016 Presidential election through hacking.

In May, a Czech court ruled that Nikulin can be extradited to either Russia or the United States, leaving the final decision to the Justice Minister Robert Pelikan.

“It is true there have been two meetings this year where the president asked me not to extradite a Russian citizen to the United States but to Russia,” the website of the weekly newspaper Respekt quoted Pelikan as saying.

In 2016, Pelikan did not allow to extradite two Lebanese citizens charged by US court with several crimes, including the sale of ground-to-air missiles and cocaine trafficking.

“Respekt also quoted Babis, who professes a strong pro-EU and NATO stance, as saying earlier this month he would prefer Nikulin to be sent to the United States, but had no power over the decision. His spokeswoman declined comment.” reported the New York Times.

Zeman was re-elected in January, he is known for his pro-Russian line and its opposition to Western sanctions imposed on Russia over its 2014 annexation of Crimea.

The Respekt site said last week Pelikan received Vratislav Mynar, the head of Zeman’s office.

“It’s none of your business, but I have handed the minister a letter from the detained Nikulin’s mother,” Mynar told aktualne.cz.

Nikulin’s lawyer Martin Sadilek told AFP that Nikulin alleges that FBI investigators had tried twice to persuade him to confess to cyberattacks on the DNC.

Pierluigi Paganini

(Security Affairs – Yevgeni Nikulin, cybercrime)

The post Czech President wants Russian hacker Yevgeni Nikulin extradited to Russia instead of US appeared first on Security Affairs.

Security Affairs newsletter Round 151 – News of the week

Posted: 25 Feb 2018 01:49 AM PST

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Once again thank you!

·      COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign
·      Germanys defense minister: Cyber security is going to be the main focus of this decade.
·      JenkinsMiner made $3.4 million in a few months by compromising Jenkins servers
·      90 days have passed, Google discloses unpatched flaw in the Microsoft Edge browser
·      An APFS Filesystem flaw could lead macOS losing data under certain conditions
·      City Union Bank is the last victim of a cyber attack that used SWIFT to transfer funds
·      SIM Hijacking – T-Mobile customers were victims an info disclosure exploit
·      A new multi-stage attack deploys a password stealer without using macros
·      Coldroot RAT cross-platform malware targets MacOS without being detected
·      Cyberattacks cost the United States between $57 billion and $109 billion in 2016
·      RubyGems 2.7.6 addresses several flaws and implements some improvements
·      Control Flow Integrity, a fun and innovative Javascript Evasion Technique
·      Intel releases Spectre patches for Skylake, Kaby Lake, Coffee Lake
·      North Korean APT Group tracked as APT37 broadens its horizons
·      Russia-linked Sofacy APT group shift focus from NATO members to towards the Middle East and Central Asia
·      Google white hackers disclosed critical vulnerabilities in uTorrent clients
·      Hackers compromised a Tesla Internal Servers with a Cryptocurrency miner
·      The Global cost of cybercrime jumped up to $600 Billion
·      Chaos backdoor, a malicious code that returns from the past targets Linux servers
·      Cybersecurity – Tips to Protect Small Business from Cyber Attacks
·      Drupal addressed several vulnerabilities in Drupal 8 and 7
·      Meltdown patch for OpenBSD is available … lets wait for feedbacks
·      OMG botnet, the first Mirai variant that sets up proxy servers on vulnerable devices
·      2,000 Computers at Colorado DOT were infected with the SamSam Ransomware
·      FBI warns of spike in phishing campaigns to gather W-2 information
·      Iran-linked group OilRig used a new Trojan called OopsIE in recent attacks
·      Paypal issue allows disclosure of account balance and recent transactions

 

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 151 – News of the week appeared first on Security Affairs.

Dozen vulnerabilities discovered in Trend Micro Linux-based Email Encryption Gateway

Posted: 25 Feb 2018 12:29 AM PST

Security researchers at Core Security have discovered a dozen vulnerabilities in Trend Micro  Linux-based Email Encryption Gateway.

Security researchers at Core Security have discovered a dozen flaws in Trend Micro  Linux-based Email Encryption Gateway, some of them have been rated as critical and high severity. The flaws received the CVE identification numbers CVE-2018-6219 through CVE-2018-6230.

The most severe flaw could be exploited by a local or remote attacker with access to the targeted system to execute arbitrary commands with root privileges.

“Encryption for Email Gateway [1] is a Linux-based software solution providing the ability to perform the encryption and decryption of email at the corporate gateway, regardless of the email client, and the platform from which it originated. The encryption and decryption of email on the TMEEG client is controlled by a Policy Manager that enables an administrator to configure policies based on various parameters, such as sender and recipient email addresses,” states Core Security.

“Multiple vulnerabilities were found in the Trend Micro Email Encryption Gateway web console that would allow a remote unauthenticated attacker to gain command execution as root.”

Trend Micro Email Encryption Gateway

The most serious vulnerability is CVE-2018-6223, it is related to missing authentication for appliance registration. Administrators can configure the virtual appliance running Email Encryption Gateway during the deployment process upon deployment via a registration endpoint.

The researchers discovered that attackers can access the endpoint without authentication to set administrator credentials and make other changes to the configuration.

“The registration endpoint is provided for system administrators to configure the virtual appliance upon deployment. However, this endpoint remains accessible without authentication even after the appliance is configured, which would allow attackers to set configuration parameters such as the administrator username and password.” continues the analysis.

The experts also discovered two high severity cross-site scripting (XSS) vulnerabilities, an arbitrary file write issue that can lead to command execution, am arbitrary log file locations leading command execution, and unvalidated software updates.

Remaining flaws discovered by the researchers include SQL and XML external entity (XXE) injections.

Affected Packages are Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) and earlier, Trend Micro addressed ten of the vulnerabilities with the version 5.5 build 1129.

According to the report timeline, Trend Micro spent more than six months to issue the patches.

  • 2017-06-05: Core Security sent an initial notification to Trend Micro, including a draft advisory.
  • 2017-11-13: Core Security asked again (4th time) for an ETA for the official fix. We stated we need a release date or a thorough explanation on why after five months there is still no date defined. If there is no such answer we will be forced to publish the advisory.
  • 2018-02-21: Advisory CORE-2017-0006 published.

Trend Micro confirmed that a medium severity CSRF issue and a low severity SQL injection vulnerability have not been patched due to the difficulties of implementing a fix.

Pierluigi Paganini

(Security Affairs – Trend Micro Email Encryption Gateway, hacking)

The post Dozen vulnerabilities discovered in Trend Micro Linux-based Email Encryption Gateway appeared first on Security Affairs.