Tag Archives: google

All HTTP websites to soon be marked as “not secure” by Google Chrome

If you’re still running a website that is still using insecure HTTP then it’s time to wake up and drink the coffee. Because unless you take action soon, you’re going to find many of your visitors are going to distrust your website.

The post All HTTP websites to soon be marked as “not secure” by Google Chrome appeared first on WeLiveSecurity

Read More

Critical Flaw in All Blizzard Games Could Let Hackers Hijack Millions of PCs

dns-rebinding-attack-hacking-exploit

A Google security researcher has discovered a severe vulnerability in Blizzard games that could allow remote attackers to run malicious code on gamers’ computers.

Played every month by half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone and Starcraft II are popular online games created by Blizzard Entertainment.

To play Blizzard games online using web browsers, users need to install a game client application, called ‘Blizzard Update Agent,’ onto their systems that run JSON-RPC server over HTTP protocol on port 1120, and “accepts commands to install, uninstall, change settings, update and other maintenance related options.

Google’s Project Zero team researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the “DNS Rebinding” attack that allows any website to act as a bridge between the external server and your localhost.

Just last week, Ormandy revealed a similar vulnerability in a popular Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users’ computers and take control of them.

By simply creating a DNS entry to bind any attacker-controlled web page with localhost (127.0.0.1) and tricking users into visiting it, hackers can easily send privileged commands to the Blizzard Update Agent using JavaScript code.

Although a random website running in a web browser usually cannot make requests to a hostname other than its own, the local Blizzard updater service does not validate what hostname the client was requesting and responds to such requests.

Blizzard DNS Rebinding Attack — Proof of Concept Exploit

Ormandy has also published a proof-of-concept exploit that executes DNS rebinding attack against Blizzard clients and could be modified to allow exploitation using network drives, or setting destination to “downloads” and making the browser install malicious DLLs, data files, etc.

Ormandy responsibly reported Blizzard of the issue in December to get it patched before hackers could take advantage of it to target hundreds of millions of gamers.

However, after initially communication, Blizzard inappropriately stopped responding to Ormandy’s emails and silently applied partial mitigation in the client version 5996.

“Blizzard was replying to emails but stopped communicating on December 22nd. Blizzard is no longer replying to any enquiries, and it looks like in version 5996 the Agent now has been silently patched with a bizarre solution,” Ormandy says.

“Their solution appears to be to query the client command line, get the 32-bit FNV-1a string hash of the exename and then check if it’s in a blacklist. I proposed they whitelist Hostnames, but apparently, that solution was too elegant and simple. I’m not pleased that Blizzard pushed this patch without notifying me, or consulted me on this.”

After the Ormandy’s report went public, Blizzard contacted and informed him that a more robust Host header whitelist fix to address the issue entirely is currently being developed for deployment.

Ormandy is also checking other big games vendors with a user base of over 100 Million to see if the problem can be replicated.

Facebook Password Stealing Apps Found on Android Play Store

facebook-password-hacking

Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store.

Security researchers have now discovered a new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users.

Discovered independently by two cybersecurity firms, Trend Micro and Avast, the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps.

Like most malware apps, these Android apps themselves don’t contain any malicious code, which is why they managed to end up on Google’s official Play Store.

Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to gain persistence on the device.

facebook-account-hacking

“The downloader app collects information about the device, such as unique device ID, location, language and display parameters,” Avast said. “The device’s location is obtained from the IP address that is used when contacting online services that offer geolocation information for IPs.”

How Android Malware Steals Your Facebook Account Password

As soon as users open their Facebook app, the malware immediately prompts them to re-verify their account by logging into Facebook. Instead of exploiting any system or application vulnerabilities, the malware uses a classic phishing scheme in order to get the job done.

These fake apps simply launch a WebView component with Facebook look-alike login page and ask users to log-in. Apparently, WebView code steals the victim’s Facebook username and password and sends them to a remote hacker-controlled server.

“This is most likely due to developers using embedded web browsers (WebView, WebChromeClient) in their apps, instead of opening the webpage in a browser,” Avast said.

Trend Micro researchers warn that these stolen Facebook credentials can later be repurposed to deliver “far more damaging malware” or “amass a zombie social media army” to spread fake news or generate cryptocurrency-mining malware.

Stolen Facebook accounts can also expose “a wealth of other financial and personally identifiable information,” which can then be sold in the underground markets.

Security firms believe that GhostTeam has been developed and uploaded to the Play Store by a Vietnamese developer due to considerable use of Vietnamese language in the code.

According to the researchers, the most users affected by the GhostTeam malware reportedly resides in India, Indonesia, Brazil, Vietnam, and the Philippines.

Besides stealing Facebook credentials, the GhostTeam malware also displays pop up adverts aggressively by always keeping the infected device awake by showing unwanted ads in the background.

android-malware

All the apps have since been removed by Google from the Play Store after researchers reported them to the company. However, users who have already installed one such app on their devices should make sure they have Google Play Protect enabled.

Play Protect security feature uses machine learning and app usage analysis to remove (i.e. uninstall) malicious apps from users Android smartphones in an effort to prevent any further harm.

Although malicious apps floating on the official app store is a never-ending concern, the best way to protect yourself is always to be vigilant when downloading apps, and always verify app permissions and reviews before you download one.

Moreover, you are strongly advised to keep a good antivirus app on your mobile device that can detect and block such threat before they infect your device, and most importantly, always keep your device and apps up-to-date.

Google Chrome Once Again Target of Malicious Extensions

Researchers at network security vendor ICEBRG recently discovered four malicious extensions in the official Google Chrome Web Store with a combined user count of more than 500,000, and as with past incidents, the implications are serious for both consumers and enterprises. ICEBRG notified Google and three of the extensions have since been removed from the […]

Read More

What’s the game plan with AI? Limits and opportunities in AI

What’s the game plan with AI? Limits and opportunities in AI - KI, IA

Artificial intelligence-powered computers can already beat the best mankind has to offer when it comes to chess and Go. But how did it get that way? And what can’t the best of AI do? Taking a look at how AI has developed its game-playing prowess can give us a few clues as to the next […]

The post What’s the game plan with AI? Limits and opportunities in AI appeared first on Avira Blog.

Read More