#Security |
- Project Kalamata – Apple will replace Intel processors in Macs with its custom designed chips
- Google to banish cryptocurrency mining extensions from official Chrome Web Store
- Grindr shared people’ HIV status with other companies
- Fin7 hackers stole 5 Million payment card data from Saks Fifth Avenue and Lord & Taylor Stores
- 70% of VPN Chrome Extensions Leak Your DNS
| Project Kalamata – Apple will replace Intel processors in Macs with its custom designed chips Posted: 03 Apr 2018 06:59 AM PDT In the wake of the discovery of severe flaws in Intel chips, so-called Meltdown andSpectre vulnerabilities, Apple announced it plans to use custom-designed ARM chips in Mac computers starting as early as 2020.The move aims to replace the Intel processors running on its desktop and laptop systems like done for its own A-series custom chips that are used for iPhones and iPads. “Apple Inc. is planning to use its own chips in Mac computers beginning as early as 2020, replacing processors from Intel Corp., according to people familiar with the plans.” states a report published by Bloomberg. “The initiative, code named Kalamata, is still in the early developmental stages, but comes as part of a larger strategy to make all of Apple's devices — including Macs, iPhones, and iPads — work more similarly and seamlessly together, said the people, who asked not to be identified discussing private information.” According to Bloomberg, the Apple’s initiative was codenamed ‘Kalamata’ that was launched with the primary goal to have a uniform architecture across all of its product. According to Bloomberg, the move is part of a larger initiative internally dubbed Marzipan to make Macs work more like iPhones and make iOS apps interoperable on Apple devices.
Currently, Apple shares 5% of its annual revenue with Intel and pay for exclusive deals to offer to its customers, the changeover would allow the company to improve performance for its systems and keep secret its projects. According to Bloomberg, the new models of Mac Pro laptops arriving next year will include a chip designed by Apple. After the publication of the Bloomberg report, Intel's stock price took a hit and dropped by 9.2 percent. “Apple plans to add that chip to a new version of its Mac Pro, to be released by next year, and new Mac laptops this year, according to a person familiar with the matter.” added Bloomberg. “Intel shares dropped as much as 9.2 percent, the biggest intraday drop in more than two years, on the news. They were down 6.4 percent at $48.75 at 3:30 p.m. in New York.” Both companies, Apple and Intel, did not yet comment the Bloomberg report. (Security Affairs – Project Kalamata, Intel)
The post Project Kalamata – Apple will replace Intel processors in Macs with its custom designed chips appeared first on Security Affairs. | ||
| Google to banish cryptocurrency mining extensions from official Chrome Web Store Posted: 03 Apr 2018 05:48 AM PDT Google will ban cryptocurrency mining extensions from the official Chrome Web Store after finding many of them abusing users’ resources without consent.The number of malicious extensions is rapidly increased over the past few months, especially those related to mining activities. The company has introduced a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. “Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension's single purpose, and the user is adequately informedabout the mining behavior.” reads a blog post published by Google. “Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.” “Starting today, Chrome Web Store will no longer accept extensions that mine cryptocurrency,” Until now, Google only allowed those cryptocurrency mining extensions that explicitly informed users about their mining activities. The Mountain View firm announced it will block all mining extensions that are not in compliance and secretly mine cryptocurrency using devices’ resources.
Google pointed out that the ban on cryptocurrency mining extensions will not affect blockchain-related extensions such as Bitcoin price checkers and cryptocurrency wallet managers. “Existing extensions that mine cryptocurrency will be delisted from the Chrome Web Store in late June. Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store.” continues the blog post. Google ban is another step to protect its users from hidden risks, it follows the recent announcement to ban advertisements related to cryptocurrency. “This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.” concluded Google. Google is not the unique media firm that imposed a ban on cryptocurrency-related abuses, Twitter recently announced the ban for cryptocurrency-related ads on its platform, in January, Facebook banned all ads promoting cryptocurrency-related initiatives, including Bitcoin and ICOs. (Security Affairs – Chrome Web Store, cryptocurrency mining extensions)
The post Google to banish cryptocurrency mining extensions from official Chrome Web Store appeared first on Security Affairs. | ||
| Grindr shared people’ HIV status with other companies Posted: 03 Apr 2018 03:15 AM PDT An analysis conducted by the Norwegian research nonprofit SINTEF revealed that the popular Grindr gay dating app is sharing its users' HIV status with two other companies.Grindr gay-dating app made the headlines again, a few days ago an NBC report revealed that the app was affected by 2 security issues (now patched) that could have exposed the information of its more than 3 million daily users. An attacker could have exploited the feature to access location data, private messages to other users, and profile information, even if they'd opted out of sharing such information. The security issues were identified by Trever Faden, CEO of the property management startup Atlas Lane, while he was working at his website C*ckblocked that allowed users to see who blocked them on Grindr. Faden discovered that once a Grindr logged in his service, it was possible to access to a huge quantity of data related to their Grindr account, including unread messages, email addresses, and deleted photos. While the media were sharing the news, another disconcerting revelation was made by BuzzFeed and the Norwegian research nonprofit SINTEF, BuzzFeed and the Norwegian research nonprofit SINTEF.BuzzFeed and the Norwegian research nonprofit SINTEF.BuzzFeed and the Norwegian research nonprofit SINTEF, Grindr has been sharing data on whether its users have HIV with two outside companies, according to BuzzFeed and the Norwegian research nonprofit SINTEF. “SVT and SINTEF conducted an experiment the 7th of February 2018 to analyse privacy leaks in the dating application Grindr. This was realised for the Sweedish TV program “Plus granskar“, that you may watch online.” reported SINTEF. “We discovered that Grindr contains many trackers, and shares personal information with various third parties directly from the application.”
Profiles include sensitive information such as HIV status, when is the last time a user got tested, and whether they're taking HIV treatment or the HIV-preventing pill PrEP. “It is unnecessary for Grindr to track its users HIV Status using third-parties services. Moreover, these third-parties are not necessarily certified to host medical data, and Grindr’s users may not be aware that they are sharing such data with them.” added SINTEF. The disconcerting aspect of this revelation is that Grindr has been sharing users’ HIV statuses and test dates with two companies that help optimize the app, called Apptimize and Localytics. “The two companies — Apptimize and Localytics, which help optimize apps — receive some of the information that Grindr users choose to include in their profiles, including their HIV status and "last tested date." BuzzFeed reports “Because the HIV information is sent together with users' GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue.” In some cases, this data was not protected by encryption. Hours after BuzzFeed's report, Grindr told Axios that it had made a change to stop sharing users' HIV status. The company's security chief, Bryce Case, told Axios that he felt the company was being "unfairly … singled out" in light of Facebook's Cambridge Analytica scandal and said that the company's practices didn't deviate from the industry norm. Grindr's chief technology officer, Scott Chen, pointed out that data was shared "under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy." Anyway, Grindr doesn't sell user data to third parties. In a statement released Monday afternoon, Grindr confirmed that it would stop sharing the HIV data. The company also confirmed to CNNMoney that it has already deleted HIV data from Apptimize, and is in the process of removing it from Localytics. (Security Affairs – mobile app, privacy)
The post Grindr shared people’ HIV status with other companies appeared first on Security Affairs. | ||
| Fin7 hackers stole 5 Million payment card data from Saks Fifth Avenue and Lord & Taylor Stores Posted: 03 Apr 2018 12:50 AM PDT FIN7 hackers stole credit and debit card information from millions of consumers who have purchased goods at Saks Fifth Avenue and Lord & Taylor stores.A new data breach made the headlines, the victim is Saks Fifth Avenue and Lord & Taylor stores. According to the parent company Hudson’s Bay Company (HBC), the security breach exposed customer payment card data, customer payment card data at certain Saks Fifth Avenue, the discount store brand Saks Off 5TH and Lord & Taylor stores in North America are impacted. “We recently became aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America. We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores.” reads the official statement issued by Lord & Taylor. “While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms,” The hackers did not compromise the HBC's e-commerce or other digital platforms, the company promptly informed authorities and hired security investigators to "We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing. We also are coordinating with law enforcement authorities and the payment card companies," continues the announcement. The HBC issued the following statement: "HBC has identified the issue, and has taken steps to contain it," the company said in a statement. "Once the Company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring. HBC encourages customers to review their account statements and contact their card issuers immediately if they identify activity or transactions they do not recognize." The data breach was first reported by threat intelligence firm Gemini Advisory, which noticed the offer for sale of over five million stolen credit and debit cards on a cybercrime marketplace called JokerStash.
The researchers linked the security breach to the financially-motivated FIN7 APT group also known as Carbanak or Anunak. The group continuously changed attack techniques and implemented new malware obfuscation methods. The FIN7 group has been active since late 2015, it was highly active since the beginning of 2017. Fin7 was spotted early 2017 when it targeted personnel involved with the United States Securities and Exchange Commission (SEC) filings at various organizations with a new PowerShell backdoor dubbed POWERSOURCE. “On March 28, 2018, a notorious hacking JokerStash syndicate, also known as Fin7 announced the latest breach of yet another major corporation, with more than five million stolen payment cards offered for sale on the dark web. Several large financial institutions have confirmed that all tested records had been used before at Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH, a discounted offset brand of luxury Saks Fifth Avenue stores, as well as Lord & Taylor stores.” the company said in a post. "Several large financial institutions have confirmed that all tested records had been used before at Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH, a discounted offset brand of luxury Saks Fifth Avenue stores, as well as Lord & Taylor stores," As of Sunday, only a small portion of compromised records have been offered for sale, crooks offered roughly 35,000 records for Saks Fifth Avenue and 90,000 records for Lord & Taylor. “As of this writing, approximately 125,000 records have been released for sale, although we expect the entire cache to become available in the following months.” added Gemini. At the time of writing HBC did not provide details on the extent of the security breach, it is still unclear how the hackers have stolen payment card data, experts believe hackers may have compromised point-of-sale systems. “Based on the analysis of records that are currently available, it appears that all Lord & Taylor and 83 US based Saks Fifth Avenue locations have been compromised. In addition, we identified three potentially compromised stores located in Ontario, Canada. However, the majority of stolen credit cards were obtained from New York and New Jersey locations.” concluded Gemini. (Security Affairs – HBC data breach, FIN7 APT)
The post Fin7 hackers stole 5 Million payment card data from Saks Fifth Avenue and Lord & Taylor Stores appeared first on Security Affairs. | ||
| 70% of VPN Chrome Extensions Leak Your DNS Posted: 02 Apr 2018 11:39 PM PDT Researchers John Mason with the help of TheBestVPN.com the ethical hacker File Descriptor from Cure53 tested 15 VPN services and 10 of them were causing DNS leaks through their Chrome browser extensions.IntroGoogle Chrome has a feature called DNS Prefetching(https://www.chromium.org/deve It's a solution to reduce latency delays of DNS resolution time by predicting what websites a user will mostly likely visit next by pre-resolving the domains of those websites. The ProblemWhen using a VPN browser extensions, Chrome provides two modes to configure the proxy connections, fixed_servers and pac_script. In fixed_servers mode, an extension specifies the host of an HTTPS/SOCKS proxy server and later all connections will then go through the proxy server. In pac_script mode on the other hand, an extension provides a PAC script which allows dynamically changing the HTTPS/SOCKS proxy server's host by various conditions. For example, a VPN extension can use a PAC script that determines if a user is visiting Netflix by having a rule that compares the URL and assigns a proxy server that is optimized for streaming. The highly dynamic nature of PAC scripts means the majority of VPN extensions use the mode pac_script over fixed_servers. “Now, the issue is that DNS Prefetching continues to function when pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.” There are 3 scenarios that trigger DNS Prefetching:
The first two allow a malicious adversary to use a specifically crafted web page to force visitors to leak DNS requests. The last one means when a user is typing something in the URL address bar (i.e. the Omnibox), the suggested URLs made by Chrome will be DNS prefetched. This allows ISPs to use a technology called "Transparent DNS proxy" to collect websites the user frequently visits even when using browser VPN extension. Test Your VPN For DNS LeaksTo test if your VPN is vulnerable, do the following test:
If you find a VPN that is not listed, but leaks – please send us a screenshot (john@thebestvpn.com) and we'll update the list. Affected VPNs That We've Tested (2nd of April):
 VPNs That Don't Leak
 Solution/FixUsers who want to protect themselves should follow the remediation:
This research was put together with the help of File Descriptor – ethical hacker from Cure53. P.S. Note that online DNS leak test services like dnsleaktest.com are unable to detect this kind of DNS leak because the DNS requests are only issued under specific circumstances. The Original post is available at here (Security Affairs – Chrome Extensions, hacking)
The post 70% of VPN Chrome Extensions Leak Your DNS appeared first on Security Affairs. |
| You are subscribed to email updates from Security Affairs. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |