Security News

Malware Advisory - OTP-based 2FA Breach

ArsTechnica has reported a recent phishing campaign targeted US government officials, activists, and journalists that has succeeded in bypassing the two-factor authentication protections offered by Gmail and Yahoo Mail. The 2FA authentication technique bypassed was SMS-based OTPs which has been considered more or less secure owing to the fact that the OTP is sent to the user’s mobile which is in possession of the user.
The report alleges that attackers working on behalf of the Iranian government collected detailed information on targeted individuals and then sent them spear-phishing emails containing a hidden image that alerted the attackers in real time when targets viewed the messages. This enabled the attackers to present false login pages that collected user-supplied credentials and used them on the real login page in real time to compromise their email accounts.

Weekly Security Bulletin

This advisory captures some of the critical threats, vulnerabilities and key cyber security headlines in news during the week that might require immediate attention.The specific critical threats / vulnerabilities are:

Vulnerability Details

  • Zero-Day Bug Fixed by Microsoft
  • Adobe Acrobat Reader DC text field remote code execution vulnerability

Malware Campaign

  • Satan Ransomware Variant – Impacts Linux and Windows
  • Shamoon 3 Targets Oil and Gas Organization
  • Dear Joohn: The Sofacy Group’s Global Campaign

Popular Security News

Information for Auditors and Assessors

To increase trust in the application of PKI technology, the CA/Browser Forum has mandated that a CA, in order to issue Publicly-Trusted Certificates, obtain an audit report under a qualified audit scheme performed by a qualified auditor.

In order to issue SSL certificates, most CAs will need to complete an approved independent third-party audit. There are three alternatives. The first is an audit against WebTrust for Certification Authorities criteria, issued by the WebTrust for Certification Authorities Task Force-a joint task force of the American Institute of Certified Public Accountants and the Chartered Professional Accountants of Canada (CPA Canada).  Specifically, WebTrust for Certification Authorities vs 2.0 and WebTrust for Certification Authorities – SSL Baseline Requirements Audit Criteria have been developed to meet the CA/Browser Forums Baseline SSL Requirements.

June 2018 Microsoft Security Update Addresses Fifty Vulnerabilities

Key Takeaways

  • On June 12, 2018, Microsoft released its June 2018 security patch updates addressing a total of fifty vulnerabilities. These vulnerabilities, affecting a wide range of products such as Edge, Internet Explorer, Office, SharePoint, Windows, and Windows Servers, may potentially be leveraged to execute arbitrary code, bypass certain security features, gain elevated privileges, obtain potentially sensitive information, or cause denial-of-service (DoS) conditions.
  • CVE-2018-0982, had its proof-of-concept (POC) with technical information released to the public, via Google Project Zero. Technical details and POC code for other vulnerabilities are expected to become publicly available in the coming days.

Background

Basic Concdepts OF SSL/TLS Handshake

Basic Concdepts OF SSL/TLS Handshake

The SSL and TLS protocols enable two parties to identify and authenticate each other and communicate with confidentiality and data integrity. The SSL and TLS protocols provide communications security over the internet and allow client/server applications to communicate in a way that is confidential and reliable. 

The protocols have two layers: a Record Protocol and a Handshake Protocol, and these are layered above a transport protocol such as TCP/IP. They both use asymmetric and symmetric cryptography techniques.

An SSL or TLS connection is initiated by an application, which becomes the SSL or TLS client. The application which receives the connection becomes the SSL or TLS server. Every new session begins with a handshake, as defined by the SSL or TLS protocols.

TCS' WannaCry Ransomware Advisory

WannaCry Ransomware Advisory - Tata Consultancy Services (TCS)

A widespread ransomware campaign is affecting enterprises globally with reports of tens of thousands of infections spreading rapidly. Tata Consultancy Services (TCS) is aware of the outbreak of “WannaCry” ransomware and proactively taking all necessary measures including working with our customers globally to address this outbreak on their systems. A ransomware is a malicious code that encrypts files and locks devices like computer, tablet or smartphone and subsequently demands a ransom to unlock it. Understanding the consequences of this malware attack, TCS has proactively communicated information related to this outbreak and implementing various necessary measures to protect its customers and itself across the globe.

We are advising all our customers and partners globally to exercise caution in their online activities. We are also ensuring that our customers keep their systems updated and take a proactive approach to security rather than a reactive one.

A Note on WannaCry/WanaCrypt0r Ransomware

Ransomware is a malicious software that encrypts the files and locks device, such as a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a dangerous ransomware named 'Wannacry' has been affecting the computers worldwide creating the biggest ransomware attack the world has ever seen. This has affected computers in India also.
 
About the Wanacrypt0r Ransomware
 
Wanacrypt0r is a ransomware that infects windows systems by exploiting a vulnerability called EternalBlue.  The exploit allows access to a remote machine via SMBV1 protocol. Microsoft patched this flaw in March as MS17-010. Wanacryptor is also known as “wannacry, wcry and wannacrypt.
 
How does Wanacrypt0r work?
 

Android Trojan Targeting Over 420 Banking Apps Worldwide Found On Google Play Store

How Android Banking Trojan Works

BankBot is mobile banking malware that looks like a simple app and once installed, allows users to watch funny videos, but in the background, the app can intercept SMS and display overlays to steal banking information. Mobile banking trojan often disguises itself as a plugin app, like Flash, or an adult content app, but this app made its way to Google Play Store by disguising itself as any other regular Android app. Once downloaded, the app persistently requests administrative rights, and if granted, the banking malware can control everything that's happening on an infected smartphone.
 

Win a Career in TCS Cyber Security Team

Win a Career in TCS Cyber Security Team

Win a Career in TCS’ Cyber Security Team and grab a chance to be associated with the history of the contest as the Winner of the Inaugural Edition.

Welcome to HackQuest, TCS Ethical Hacking Contest for students passing out in 2017.
 
Eligibility Criteria: Open for Technical UG, PG & BCA students of 2017 batch with specialization in Computer Science, IT and Circuit Branches (Electronics & Electrical Engineering, Electronics & Communication, Electronics & Telecommunication, Electrical, Electronics, Electronics & Instrumentation and Instrumentation)
 
Why should you participate?
 

Pages

Subscribe to RSS - Security News