Monthly Archives: February 2017

When you connect a new disk drive to your PC, Windows automatically assigns the next available drive letter. C is already taken, of course, by the system drive. So your external backup drive or USB thumb drive could end up as D, E, or F, depending on how many drive letters are already in use.

But what if you’d prefer a different drive letter? You might want to assign M to the drive that contains your digital music files, or H for your File History drive, or X for your top-secret X-Files.

No problem. Start by ensuring that the drive you want to work with isn’t in use and that no files from that drive are open. Next, open the Disk Management console (Diskmgmt.msc) and right-click the volume that has the drive letter you want to change. Click Change Drive Letter And Paths and then click the Change button, where you can choose from a list of available drive letters. (Don’t use A or B, which have historically been reserved for floppy drives and can confuse older software.)

You might have to restart to make the change, but once it’s complete, your new drive letter should be assigned permanently to your chosen device.

An unidentified hacker reportedly breached the XBOX 360 and PlayStation Portable ISO forums compromising 2.5 million gamer accounts.

The breaches occurred approximately around September 2015 and compromised email addresses, account passwords and IP addresses, according to independent researcher Troy Hunt.

Gamers who use the accounts are advised to reset the passwords for all of their gaming accounts. Although the breaches may have affected a great deal of gamers, some researchers believe the gaming community may not be hit as hard as by the breach as some would think.

Xbox and PSP users are pretty tech savvy bunch with accounts for many different services, Jonathan Sander, vice president at Lieberman Software, told SC Media.

With all of the breaches that have plagued the gaming platforms, Sander said, if the Xbox and PSP crew haven’t learned that they can’t use the same email and password on every service by now, then likely it’s game over for their personal data.

“As breach after breach has shown that using the same username and password for multiple sites is a bad idea, you would have to imagine this group would have gotten that message by now,” Sander said. “When you see a dump of passwords hit a much less techie site, you can be sure that huge number of the victims are going to have to go around changing their credentials on the many sites where they foolishly used the same details over and over.”

Some researchers aren’t as optimistic and believe the breaches just serve as another example of consumers needing to practice safer habits with their information. 

Unfortunately the damage may have already been done, Jeff Hill, Prevalent Director, Product Management at the security firm, Prevalent told SC Media.

“Like rushing to close the barn door after most of the horses have escaped, changing the passwords at the time of an announcement of a breach may provide some comfort but precious little protection,” Hill said. “The initial breach occurred in September 2015, giving the attackers 17 months to operate undetected, more than enough time to find and exfiltrate enough data to profit greatly from their efforts.”

Hill added that at this point its not even clear that the breaches were detected rather than the attacker milked the stolen information for what it was worth and rendered the rest useless. Other researchers weren’t as pessimistic as Hill but expressed a similar lack of optimism for those affected by the breaches.

“While this site is mostly used to distribute pirated copies of games, DVD’s and BluRays, consumers who use the forums need to make sure that they are vigilant, NuData Security Vice President of Business Development Robert Capps told SC Media. “Keep alert to any phishing scams that may appear in email as a result of this hack, changing passwords on any site where the passwords or usernames used on these sites are used.”

He went on to say that they data will likely be sold on the dark web and used for future cybercrime and that it’s a good reminder for users to choose unique passwords on all sites that require registration.

SC Media attempted to reach out to Sony for comment but they have yet to respond and Microsoft has declined to comment.

via:  scmagazine

A research paper from a team of academics reports on serious flaws in a number of printers that could allow remote attackers to gain access and siphon out documents, according to a report on ZDNet.

Internet-connected printers from a number of manufacturers – including Dell, HP, Lexmark, Brother and Samsung – were shown to contain security vulnerabilities that could enable remote attackers to steal passwords, gain control of the printers, as well as lift printed documents stored in the device’s memory.

The paper, authored by Jens Müller, Vladislav Mladenov and Juraj Somorovsky of Ruhr-University Bochum in Germany, described six security flaws that could enable attackers to tether to a printer and usurp control of any of three common printer languages, such as PostScript and PJL. Although previously detected, the flaws remain unpatched.

The team worked for a year to develop a Python toolkit they named Printer Exploitation Toolkit (or “PRET”), which can help pentesters locate vulnerable devices. The toolkit simply seeks a valid target, such as an IP address of a vulnerable printer, the report stated.

The flaws could allow a remote attacker to search a printer’s memory for a company’s proprietary information, such as contracts or patient health data. Additionally, because of the unpatched bugs, attackers could also read a target printer’s network credentials, which could grant access to the company’s entire network, the team said.

All of the manufacturers of affected devices were notified in October, but the report claimed that only Dell responded – albeit the researchers said the company did not follow up.

The team’s research will be presented in May at a security conference produced by Ruhr University.

via:  scmagazine

Many NHS trusts are failing to scan internal apps for security-related defects or scan web perimeter apps regularly, potentially exposing patient data to cyber breaches

Nearly half of NHS trusts scan internal apps for security-related defects only once a year, a freedom of information (FoI) request by code scanning firm Veracode has revealed.

With 45% scanning only once a year and less than 8% doing so on a daily basis, NHS trust are potentially left with outdated software, putting patient data at risk due to an increased likelihood of cyber attack.

The findings were drawn from 27 responses to FoI requests sent to 36 NHS.

The responses also revealed that half of health trusts scan web perimeter apps only once a year, leaving patient data at risk of cyber attacks through legacy websites and third-party plugins.

However, the responses revealed that 12% of trusts do scan web application perimeters daily, demonstrating a growing awareness of the role application security plays in protecting patient data. 

The recent Veracode State of Software Security report revealed that the healthcare industry once again has the lowest vulnerability fix rate globally.

The healthcare industry also has the highest prevalence of cryptographic and credentials management issues and the second-lowest pass rate when checked against the top 10 most critical web application security risks identified by the Open Web Application Security Project (Owasp).

The software security report presented metrics drawn from code-level analysis of billions of lines of code across 300,000 assessments performed over the past 18 months, revealing that two-thirds of healthcare applications failed Owasp policy compliance.

First time application scans revealed the prevalence of high profile vulnerabilities such as cross-site scripting (XSS) (45.4%) and SQL Injection (28.4%).

The NHS was also one of the worst performing sectors in terms of the number of data breaches reported to the Information Commissioner’s Office (ICO) in 2016, contributing to 64% of the total figure in the April 2015-March 2016 period.

The health secretary Jeremy Hunt recently announced that data from approved health apps will now feed directly into personal health records and that the NHS website will soon allow patients to book appointments, access medical records and order prescriptions.

In January 2013, Hunt called for the NHS in England to be paperless by 2018.

“In light of recent ransomware and other cyberattacks on healthcare organisations, the industry’s low scores on these application security benchmarks is troubling,” said Paul Farrington, manager of Europe, Middle East and Africa solution architects at Veracode.

“Our research certainly raises fresh concerns regarding the safety of patient information in the UK, as well as across the globe.

“There appears to be a lack of emphasis on application and web app scanning in the NHS, which could put trusts at an increased risk of losing patient data to hackers,” he said.

While hospitals demand rigorous sterilisation of surgical instruments and cleanliness from staff to fight the risk of infections spreading, Farrington said many are not doing the same to ensure digital cleanliness to defend against the growing – and changing – threat of cyber attackers.

In June 2016, a survey revealed that IT and security professionals are at odds over application security.

The main differences are around frequency of security updates, time taken to tune application security systems and the size of vulnerability backlogs.

While half of IT professionals update applications once a month, 50% of security professionals feel they need to update applications at least once per day, if not multiple times a day, revealed the survey report by application security firm Prevoty.

The report notes that according to Verizon’s 2016 Data Breach Investigation Report, web applications are linked to the most breaches, accounting for more than 40% of breaches in 2015.

via:  computerweekly

Dr. Web researchers spotted a Linux trojan, dubbed Linux.Proxy.10 that has been used to infect thousands of Linux devices.

The trojan infiltrates computers and devices that etiher have standard settings or are already infected by a  Linux malware and is  distributed by the threat actor logging into the vulnerable devices via the SSH protocol, according to a Jan. 24 blog post.

Researchers said the malware is designed to run a SOCKS5 proxy server on the infected device on the basis of the freeware source code of the Satanic Socks Serve, contains BackDoor.Teamviewer spyware, and allows the cybercriminals to remain anonymous online.

To prevent infection, Linux admins are instructed to ensure to remotely scan their devices on a daily basis, change security settings from standard to advance, monitor new logins, encrypt data communication, use Linux security extensions, lock user accounts after login failures, disable root login, and configure logging and auditing to collect all hacking attempts.

via:  scmagazine

It’s time to update your firmware. An exploit that affects a number of Netgear routers can easily give hackers access to your wireless admin password which could lead to router lock-out or, worse, illicit use of your Internet.

The exploit, which Netgear firmly patched, used a bug found in 2014 to expose admin passwords in plain text.

A researcher for Trustwave, Simon Kenin, first uncovered the problem a year ago when he lost his administration password. He tried to hack his own router, eventually uncovering a secret feature designed to allow password recovery.

He wrote:

I woke up the next morning excited by the discovery, I thought to myself: “3 routers with same issue… Coincidence? I think not”. Luckily, I had another, older NETGEAR router laying around; I tested it and bam! Exploited.

I started asking people I knew if they have NETGEAR equipment so I could test further to see the scope of the issue. In order to make life easier for non-technical people I wrote a python script called netgore, similar to wnroast, to test for this issue.

I am not a great programmer. I am aware of that and that is why I don’t work as a full time programmer. As it turned out, I had an error in my code where it didn’t correctly take the number from unauth.cgi and passed gibberish to passwordrecovered.cgi instead, but somehow it still managed to get the credentials!

“Wait… what is going on here?” I thought to myself. After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is totally new bug that I haven’t seen anywhere else. When I tested both bugs on different NETGEAR models, I found that my second bug works on a much wider range of models.

The exploit affects the following models:

If you have any of these check your admin panel for a firmware update to ensure nefarious sniffers don’t break into your router and wreak havoc.

via:  techcrunch