Dub 25

AppLocker Vulnerability Creates Enterprise Malware Threats

Source: bitcoin

Bitcoinist_Security Vulnerability

Several versions of Microsoft Windows had an extra feature – called AppLocker – for business-minded users to blacklist or whitelist particular applications. This should reduce the risk of being infected with malware or virii, but the feature can rather easily be bypassed by the look of things.

Also read: Industry Report: Kraken, Others Receive Large Investments

Bypassing Windows AppLocker With Relative Ease

Windows is often targeted by Internet criminals all over the world, as it is the most popular operating systems across computers and some tablets. Given the recent increase in crypto-ransomware threats, it only seems normal most of these malware infections occur when Windows machines are involved, and it looks like the threat is far from over.

The AppLocker security features found in business-focused versions of Microsoft Windows can easily be disabled by making a small change to the computer register. Although most enterprises use this feature to restrict application usage and access in an attempt to prevent malware infections, it looks like they will have to find alternative solutions.

A recent study by security researcher Casey Smith shows how AppLocker is vulnerable to an exploit that will actually disable this checking procedure. Granted, the computer itself would need to have modifications made by Regsvr32, so it points to a remotely hosted file, but doing so would let systems run just about any application in the world.

Unfortunately, there is no patch to address this vulnerability just yet, although Windows users can rest assured Microsoft is well aware of this situation. One temporary solution enterprises could make use of is by letting Windows Firewall block Regsvr32, preventing it from accessing any online file. For companies dealing with dozens of computer son their network, this is far from a perfect solution, though.

Until this AppLocker flaw can be fixed, hackers and Internet criminals will be able to exploit this vulnerability and target enterprises with all kinds of malware. It is not unlikely we will see more crypto-ransomware infections in the coming weeks. Given the stealthy nature of this alteration to Regsvr32, there is hardly a way to detect these changes either, as no administrator access is required to do so.

Are you using AppLocker, and if so, are you concerned about this vulnerability? Let us know in the comments below!

Source: Engadget

Images courtesy of Microsoft Windows, Shutterstock

The post AppLocker Vulnerability Creates Enterprise Malware Threats appeared first on Bitcoinist.net.

AppLocker Vulnerability Creates Enterprise Malware Threats

Share
Dub 22

Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware

Source: bitcoin

Bitcoinist_Nuclear Exploit Kit

The topic of crypto-ransomware is still fresh in the minds of consumers and enterprises all over the world. Security experts have revealed the inner workings of the Nuclear exploit kit, which keeps making waves despite attempts to shut down its original servers. It appears the creators of this kit prefer to use DigitalOcean to spread their malware to unsuspecting users.

Also read: BitFury Group To Develop Blockchain-based Land Titling Project in Georgia

What Makes The Nuclear Exploit Kit Tick?

As most people are well aware of, most types of crypto-ransomware are spread to computers through so-called exploit kits. Although Angler is the most common EK in that regard, Nuclear is well worth keeping an eye on as well. In fact, this particular exploit kit is rather hard to eliminate, despite the hosting company taking down the servers spreading this malware.

This is where things get fascinating, as it turns out DigitalOcean is the place-to-be for the Nuclear exploit kit creators. By deploying cheap instances serving websites with malicious code to spread the malware, these internet criminals have been successful in their attempts to spread Locky and other types of crypto-ransomware in the past few months.

Unfortunately, the server shutdown by DigitalOcean did not do much in the end, as the Nuclear operators set up new instances of their servers in mere hours. What makes their approach so brilliant in its simplicity is how they use coupon codes, which grant an x number of free hours of running a DigitalOcean instance. All it takes is a random email address and a coupon, effectively giving users a way to bypass traditional payment solutions.

Setting up the exploit kit servers is just one aspect of this story, though. The Nuclear exploit kit itself packs quite the punch under the hood, as there is a multi-tier server architecture. One master server provides automatic “updates” to console servers, which are used by paying clients to customize and distribute their payload of malware and crypto-ransomware.  Every console server manages several landing page servers, which is where the real magic happens.

Among the security vulnerabilities Nuclear attempts to exploit are Flash security flaws, as well as a Javascript weakness targeting Internet Explorer 10 and 11 users specifically. Moreover, a VBScript vulnerability is being looped in as well, which is – according to the security experts – most likely used to execute phishing attacks.

It is also interesting to note the Nuclear exploit kit is mostly used to target Spanish speakers, for some unknown reason. It appears as if a large portion of the traffic visiting these exploit pages were coming from a Spanish ad for adult webcams. That is not the most worrying part, however, as one particular server saw as much as 60,000 unique IP addresses accessing the platform in a single day.

At this time, it looks all but impossible for the Nuclear exploit kit to go away entirely. Disrupting the DigitalOcean servers has done absolutely nothing other than buying a small amount of time. Both Cisco and Check Point are stepping up their security to try and identify these landing pages and exploit attacks, but it will be an uphill battle, to say the least.  

What are your thoughts on the inner workings of the Nuclear exploit kit? Let us know in the comments below!

Source: Ars Technica

Images courtesy of Shutterstock

The post Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware appeared first on Bitcoinist.net.

Inner Workings of Nuclear Exploit Kit Spreading Crypto-ransomware

Share
Led 16

Ongoing OS X Gatekeeper Vulnerability Puts Bitcoin Users At Risk

Source: bitcoin

Ongoing OS X Gatekeeper Vulnerability Puts Bitcoin Users At Risk

Computer users operating on the Mac OS X platform are safer from harm compared to their Windows-using counterparts. With a much smaller market share, hackers are not targeting OS X users as often as they could, although that doesn’t mean the platform is completely secure. Security tool Gatekeeper is still vulnerable, despite a recent patch released by Apple. Bitcoin users are advised to remain careful when installing new applications until this security flaw has been patched properly.

Also read: Carl Force’s Lawyer is Pessimistic about Ulbricht’s Appeal

Apple Fails To Make Gatekeeper Secure Again

It is not the first time OS X’s Gatekeeper is coming under fire from security experts. At one point in 2015, researchers had discovered a major vulnerability in this security protocol that puts all Mac users at risk.  This tool is designed to check the certification of every executable file during an installation.

However, Gatekeeper in its pre-patch form was not doing an adequate job, as the software only checked the certification validity of the first executable. As a result, hackers could easily bypass this security protocol by infecting a legitimate install file with other tools being executed once the certification check had passed.

Keeping in mind Gatekeeper was created to prevent these things from happening, Apple was scrambling to release a security patch to fix the problem. Even though that patch has been released, the protocol is still not as secure as it should be. Assailants can still execute arbitrary code as part of improper certification checks, which is a cause of great concern.

Although it is not confirmed, one security researcher feels how Apple has attempted to fix the issue by blacklisting priority executables based on a list provided by himself. However, if this were to be the case, the vulnerability itself is still present in Gatekeeper, and it took the researchers roughly thirty seconds to bypass the newly implemented security checks.

For the time being, OS X users remain vulnerable to attacks and computer hijacking when installing new applications. Downloading any executable from a website rather than the App Store should be avoided at all costs until Gatekeeper is properly secured again. Apple has already indicated a major patch will be coming soon, although no official date has been released.

Bitcoin Users Remain Vulnerable

It goes without saying this Gatekeeper vulnerability is a major threat to Bitcoin users on the OS X platform. If they were to install a new application, there is always a chance of additional software being installed behind the scenes. As Bitcoin become more popular, hackers all over the world will do their best to steal user wallets, regardless of operating system.

OS X users are advised not to install any new applications on their systems – other than those in the App Store – to avoid Bitcoins being stolen. Even though the risk may seem small right now, it only takes one mistake to lose money in the Bitcoin world, and chargebacks do not exist in the digital currency ecosystem.

What are your thoughts on the Gatekeeper vulnerability? Will it affect bitcoin users in the long run? Let us know in the comments below!

Source: Tweakers

Images courtesy of Gatekeeper, Apple, Shutterstock

The post Ongoing OS X Gatekeeper Vulnerability Puts Bitcoin Users At Risk appeared first on Bitcoinist.net.

Ongoing OS X Gatekeeper Vulnerability Puts Bitcoin Users At Risk

Share