Bug Found in The Division That Lets Players do Unlimited Damage

Tom Clancy’s The Division has enjoyed enormous popularity since its release, despite the almost constant existence of issues that have plagued players. Now, a new exploit has been found in the shooter that effectively breaks the game by allowing players to do potentially unlimited damage, making PvE trivial and destroying the PvP ‘Dark Zone’ areas.

The bug is based around the use of the “competent” talent, which boosts damage output after another ability is triggered. This can be found on a number of weapons, but can most easily be gotten from a high-end AK-74 purchasable at a special gear vendor at the Base of Operations. With this (or another qualifying weapon) all you have to do is switch back and forth between the gun and any other weapon for some time causing competent’s DPS boost to stack on each switch. After switching the weapons for a number of minutes, the damage boost becomes enormous, capable of temporarily boosting damage by as much as 10 times over, with Youtuber Simplified showing his weapon going from 10,000 damage per shot to 100,000 with the talent active.

This bug has enormous potential for abuse in both PvE and PvP, with players able to kill difficult bosses with relative ease and effortlessly kill any player who crosses them with a single shot. While PvE uses of the exploit have relatively low impact on other players, this bug may drive many out of the PvP Dark Zone areas for fear they will be killed with ease by users of the exploit. It isn’t just the competent talent with the issue either, with players reporting a number of other pieces of equipment are able to stack their talent activations by swapping it on and off making players able to earn millions of credits for a single headshot, amongst other things.

It is reasonable to assume that Ubisoft will be giving abusers of this exploit the same treatment as in the past, with many people likely to face a ban should they have been found to be using the glitch. How long it will remain unpatched though still remains to be seen, but there may be a distinct drop off in players in the PvP zones until a hotfix is released.

FBI Doesn’t Want To Tell How It Tracked People Across The Tor Network

The FBI are known for their digital prowess, although they may require some help when it comes to breaking into an iPhone. One of their most recent successes was the tracking of people using the Tor network, but after a judge ruled that the defendants representatives needed to know how he was identified the FBI has declined to say how they tracked people across the Tor network.

The ruling was provided by the Judge overlooking the case and was provided so that the defendants experts could check that the method used to identify the client was both within the FBI’s authority and also properly identified the client amongst the thousands of users of the Tor network.

The Tor network is a system (also known as the Onion Router) which people can use to hide their true identity by encrypting their traffic and bouncing it around the world in a series of steps. The network is also known for hiding a selection of “secret” websites that can only be accessed from within the network.

The FBI claim that they have already provided enough details for the defence to figure out if they went beyond their authority. FBI Agent Daniel Alfin, states in the court papers filed by the DOJ in the case, as saying “knowing how someone unlocked the front door provides no information about what that person did after entering the house”. While a valid argument, one would also argue that if someone breaks into your house, stealing something from your house and gaining access were both things you need to be made aware, not just one of the two.

Stagefright Vulnerability Now a Serious Threat to Android Devices

 

The Stagefright vulnerability in Android is nothing new, however for a long time it was (mostly) harmless due to difficulties in reliably using the flaw for malicious purposes Unfortunately for Google and Android users, researchers at Isreali cyber-security firm NorthBit have developed a proof-of-concept exploit, named Metaphor, based on Stagefright that is able to reliably compromise Android devices.

The Metaphor exploit uses a set of back-and-forth communications that allow attackers to probe the defenses of a target device before attempting the compromise. When a victim visits a website that has a malicious MPEG-4 file embedded in it, it will cause Android’s built-in media server to crash, and send data on the device’s hardware to the attacker, it will then send another video file, capture additional data and finally deliver a video file that is able to compromise the device. The procedure may seem long and complicated, but in reality, Metaphor was found to be able to break into most devices within 20 seconds. Unfortunately for fans of stock Android, the attack was found to be most effectual on Nexus 5 devices running their stock firmware, but the customized versions of Android found on phones from HTC, LG and Samsung are not safe.

While this attack may pose a threat to the 275 million Android phones running versions 2.2 all the way to 5.1, devices that are running the most up-to-date version, 6.0 Marshmallow are safe. Additionally, the attack needs to be tailored to a specific set of Android hardware, so it is likely that only those running the most popular devices would be targeted for the attack, as well as many of them having already received patches specifically to defend against Stagefright. As a result, those with older Android devices may want to be careful or think about a new handset, lest they remain vulnerable to this exploit if it enters the wild.

Two Year Old Java Vulnerability Reappeared Thanks to Broken Patch

Back in 2013, Oracle released a patch for a critical security flaw in Java. Now it has been found that this patch was ineffectual and easily bypassed, once again making PCs and servers running even the latest version of Java vulnerable to it.

The tracking code for this flaw in the Common Vulnerabilities and Exposures (CVE) database was CVE-2013-5838 and managed to be rated at 9.3 out of 10 by Oracle according to the Common Vulnerability Scoring System (CVSS). This vulnerability allows attackers to escape from the Java security sandbox that usually limits the code that can be run in a Java virtual machine using the Java Runtime Environment. Able to be utilized remotely without authentication allows attackers to totally compromise a target system.

Now, researchers at Security Explorations discovered that the patch used to fix the vulnerability was majorly flawed, with the proof-of-concept code from 2013 requiring a change of only 4 characters in order to bypass it. The full details of the ability to bypass the patch were documented in a full technical report released by Security Explorations.

The versions of Java affected by this flaw include all of the latest versions: Java SE 7 Update 97, Java SE 8 Update 74 and Java SE 9 Early Access Build 108. Additionally, Oracle’s original advisory stating that CVE-2013-5838 only affected client deployments of Java and is exploited through “sandboxed Java Web Start applications and sandboxed Java applets.” Security Explorations CEO Adam Gowdiak explained that this was incorrect, stating that “We verified that it could be successfully exploited in a server environment as well as in Google App Engine for Java.”

While attackers would still require an additional vulnerability in order to bypass the security prompts that feature in newer versions of Java, it is easily possible that victims could be convinced to allow the malicious applet to run.

Unlike many firms, Security Explorations did not report the issue to Oracle prior to releasing it publicly. Gowdiak stated that “We do not tolerate broken fixes any more,” and that there would be full public releases whenever broken vulnerability fixes are found. Oracle are yet to respond to the report, with it currently unknown if an emergency update will occur to patch the issue, or whether it will remain in place until the next quarterly Critical Patch Update, on April 19.

ASUS Agrees to Regular Security Audits

ASUS are a well-known brand for technology, creating everything from laptops to gaming mice. One thing people may not realise is that ASUS are also a maker of wireless technology, something that has unfortunately gotten them into trouble in the past.

ASUS, a Taiwanese manufacturer of hardware, once stated that their devices could “protect computers from any unauthorized access, hacking and virus attacks”. This is something you should never say, for anything, especially computer security. As a result of this, the FTC (Federal Trade Commission) found several flaws in their routers security, some of which were described as critical.

Using the security flaws, it would have been possible that people could gain unauthorised access to the web based control panels, granting you access to information regarding the wireless network and the possibility to even install viruses or malware directly to the router.

This history of bad security should change now though with ASUS agreeing to the FTC’s condition that it subject itself to biannually security audits of its software, while also notifying its users when the latest update is available. It will also cost them in the future if they decide to make another “promise” which turns out to be false, with each violation costing them a staggering $16,000.

TMZ Falls Victim to Malvertising Campaign

Malicious online activity in the form of hacks, malware and viruses have seen an exponential increase over the past 5 years, the rise in the number of consumers online coupled with a lax understanding concerning the dangers of the many cyber threats has led to more and more victims. Malvertising is one such example of how online advertisements could be hijacked and used to spread Malware through Malicious ads.

This technique has now found a new victim after online gossip site TMZ was found to be harbouring malicious online advertisements. For those who are unfamiliar with the site, TMZ is a hugely popular website that features expose, gossip and general breaking news concerning the world of celeb, the site pulls in over 30 million visitors a month and is a major attraction for online revenue, below is a summary of the attack.

It has been observed that the attack has the same ad chain pattern; this is from “ContextWeb (PulsePoint) to Smarty Ads and eventually various rogue advertisers”. The latter is leveraging CloudFlare’s infrastructure with the aim of hiding the servers location as well as encrypting the advertisement delivery to consumers via the website.

 

 

The malicious ad is pretty cheap to deliver when you consider it costs “$0.19 (£0.12) for one thousand user impressions (CPM)” 

These attacks are designed to be as cheap as possible with the aim of targeting high impact traffic targets, on a side note, many websites try to discourage users from using popular ad blockers when accessing their sites, perhaps malicious advertisements leading to exploit kits is not the best deterrent.

Images courtesy of malwarebytes and nickcannon

Fully Patched Adobe Flash Hit by New Zero-Day Update

Just as day follows night, and just as UbiSoft thinks up new and amazing game elements to strip away and charge microtransactions for, another zero-day exploit has been discovered for Adobe Flash. But this isn’t any old zero-day exploit, it’s an exploit found in the fully patched version of Flash.

The vulnerability, discovered by Trend Micro yesterday, allows attackers to secretly install malware on computers that carry Flash versions 19.0.0.185 and 19.0.0.207, and possibly earlier versions, too. Attacks exploiting the vulnerability have so far only targeted government agencies, undertaken as part of cyber-espionage initiative Operation Pawn Storm. The researchers from Trend Micro wrote:

In this most recent campaign of Pawn Storm, several Ministries of Foreign Affairs received spear phishing e-mails. These contain links to sites that supposedly contain information about current events, but in reality, these URLs hosted the exploit. In this wave of attacks, the emails were about the following topics:

“Suicide car bomb targets NATO troop convoy Kabul”

“Syrian troops make gains as Putin defends air strikes”

“Israel launches airstrikes on targets in Gaza”

“Russia warns of response to reported US nuke buildup in Turkey, Europe”

“US military reports 75 US-trained rebels return Syria”

It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.

Operation Pawn Storm has hit a number of foreign agencies over the last few months, including politicians and journalists in Russia and iOS devices used by Western governments and news outlets.

Oh, and don’t use Flash.

Thank you Ars Technica for providing us with this information.

Image courtesy of Wikimedia.

WinRAR at Risk of Huge New Zero Day Vulnerability

WinRAR has a base of some 500 million users worldwide, those same users might want to take a look at a new Zero Day Vulnerability which has been detected within the newest version of the software. According to Mohammad Reza Espargham, who is a security researcher at Vulnerability – Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to a “remote code execution (RCE) flaw”. Let’s digest this flaw by breaking it down and having a closer look.

The vulnerability works by being implemented by an attacker with the aim of inserting a malicious HTML code inside the “Text to display in SFX window” section when the user is creating a new SFX file. Below is a video which conveys a test that proves the existence of this flaw, albeit in a controlled environment.

The annoying flaw with SFX files is they will start auto functioning the moment a user clicks on them, therefore, consumers cannot identify or verify if the compressed .exe file is a genuine WinRAR module or a malicious one. As of writing, there is yet to be a patch released for this flaw and Windows users are advised to refrain from clicking on any files from unknown sources. If you wish to protect yourself further, then by all means use an alternative archiving product or use strict authentication methods to secure your system.

The knock on effect of any exploit can be harmful to users, especially when a product has a consumer base which is substantial in size.

Thank you thehackernews for providing us with this information.

Image courtesy of tecnoandroid

Android Lollipop Lock Screen Can be Bypassed Using Really Long Password

Any Android Lollipop device that is not using the latest build of the mobile operating system is vulnerable to having its lock screen bypassed by inputting a long string of characters as password. The bypass was discovered by researchers from the University of Texas this week and can be applied to any Android 5 device that does not have the latest security updates, released last week.

“A vulnerability exists in Android 5.x <= 5.1.1 (before build LMY48M) that allows an attacker to crash the lockscreen and gain full access to a locked device, even if encryption is enabled on the device,” the researchers wrote on the University of Texas blog. “By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen.”

The Texas researchers also included a proof-of-concept video, tested using a Nexus 4 with an Android 5.1.1 factory image:

Google has patched the flaw, but in the meantime it is advised that Android Lollipop users that do not have the latest updates use either a PIN or pattern lock, since neither are vulnerable to the above exploit.

Thank you The Register for providing us with this information.

Nintendo 3DS YouTube App Exploit to Disable Region Locking

Nintendo has been heavily criticized for region locking the Wii U and 3DS compared to Microsoft and Sony who adopt a region-free policy. Even more absurd, the 3DS’ predecessor played titles from all regions without any modifications. Region locking is inherently anti-consumer and predominately used to control pricing in an unfair manner. Interestingly, a new hack was discovered by Jordan “smealum” Rabet  via Twitter which exploits part of the official YouTube app’s code.

The mod, codenamed “Tubehax” unblocks the 3DS’ protection and grants access to homebrew software, games from any region and custom-desktop themes. Nintendo are known to remove any kind of vulnerabilities through software updates and will be concerned about this latest revelation. For example, Tubehax can run a variety of emulated games which Nintendo are trying to legitimately sell on the eShop.

Rabet released a YouTube video showing the hack in action and began playing Portal! While the install method is currently unknown, Rabet plans to release a guide very soon. I suppose Nintendo only have themselves to blame after implementing such a draconian form of DRM. While the mod can be used for illegal purposes, it will be fantastic for playing imported Japanese games unavailable in PAL and NTSC regions. However, I’m unsure if digital codes will work on a cross-regional basis.

Thank you Wired for providing us with this information. 

Intel Processors Vulnerable to Rootkit Exploit Since 1997

A researcher from the Battelle Memorial Institute has revealed that every Intel x86-based processor – and possibly some AMD processors – since 1997 are vulnerable to a rootkit exploit that could grant hackers access to the low-level firmware of a PC. Christopher Domas revealed the concern at the Black Hat 2015 conference in Las Vegas this week.

The vulnerable component of the chip is the System Management Mode, which is the part responsible for subsystem controls, such as power distribution. The exploit does require full system privileges, but a successful attack allows a hacker to delete a computer’s Extensible Firmware Interface, or even replace it with a rootkit. Such an attack would be completely undetectable by security scanners, and a rootkit would remain in place regardless of what is done to the board’s software of drives.

Since becoming aware of the bug, Intel has been working on a patch, but since the vulnerability has existed for nearly 20 years, it seems a little late. There’s no telling just how many PCs have fallen victim to this exploit, and it remains unlikely that any patch would reach every endangered processor. Thankfully, the difficulty of launching such an attack, both with the level of system privilege and coding skill required to abuse an exposed processor, means there should be few casualties.

Thank you HotHardware for providing us with this information.

US Wont Regulate Hacking Software – For Now

We all know about hackers. They’ve been in the news a lot in the last few years, from the Xbox and Sony Christmas Day hacks to the large databases of customer details being hacked on a nearly monthly basis. One hack was actually targeted on a hacking group, the Hacking Team and ended up with 400GB of their data being taken. This included everything from their hacking tools and the information required to use them to target companies and everyday users. After this, a small piece of legislation was developed and marketed to the US government, a piece of legislation which is now possibly going to be scrapped following concerns from pretty much everybody in the IT security industry.

The Department of Commerce first put the legislation forward and stated that the development and testing of exploits, zero-day and intrusion type software should not only be limited and controlled but also made illegal in some aspects. Say hello to the outcry from professionals who not only deal with writing but also stopping software like this from being used for malicious means, who even stated that not only would it limit and criminalise the research into nasty software, but also mean that all those nasty bugs and exploits that you don’t want people using, would be pushed onto the black market.

While the department of commerce stated that “a second iteration of this regulation will be promulgated”, it’s clear that while they may not be able to get away with vague descriptions and tight control on security software, they will still attempt to get some form of control pushed regarding what they call “weaponised software”.

Thank you Reuters for providing us with this information.

Image courtesy of the Art of Add.

95% of Android Devices Vulnerable to Dangerous Exploit

Researchers from cybersecurity firm Zimperium have discovered a vulnerability within Android that allows hackers to access and control a device remotely, with 95% of smartphones and tablets running the operating system (between versions 2.2 and 5.1) thought to be at risk.

The fault, branded Stagefright, is within Android’s media library. All it takes to exploit is a fraudulent MMS message that, once received and the media is downloaded, can give hackers full control over an Android device, without the owner’s knowledge. Zimperium intends to present its findings at the Black Hat 2015 and Def Con security conferences, both in August.

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” Zuk Avraham, Zimperium’s Chief Technology Officer, said. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

Though Google has applied patches through its Android Open Source Project, Zimperium still implores Android device owners to check for software updates regularly, and contact their phone carrier if they think that the appropriate update has not been made available to them.

Google has thanked Zimperium for its findings and assured customers that it is proactively fighting to tackle such exploitations of its software:

“The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device. Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.”

Thank you The Trigger for providing us with this information.

Four New Bugs Have Been Found in Internet Explorer

I know most of you don’t even use Internet Explorer and we all know how it was humiliated throughout the years. However, since the new Microsoft Edge might be using some IE code, it’s worth pointing this out anyway.

It looks like security experts have encountered and disclosed four new vulnerabilities in Microsoft’s browser. The researchers have noted the issues through Hewlett-Packard’s Zero Day Initiative, a program which creates detection signatures and also reports them to their respective vendors.

Microsoft has already been notified, however, ZDI gives 120 days to the vendor to fix them. So, since Microsoft is more focused on Windows 10, the issues were not resolved and limited information about them have been released to the public. By limited information, it means that the actual code affected has not been released for the wise guys to figure out an actual working exploit.

However, one of the four exploits seems to have been disclosed in more detail. This is because at one of ZDI’s contest back in November, a hacker used the exploit and provided ZDI with the necessary information on how to take advantage of the vulnerability. If you’re curious, the exploit can be found here.

The remaining vulnerabilities are just theoretical at this point, but Microsoft should look into patching them as soon as possible before someone else manages to find a way to exploit them further.

Thank you PCWorld for providing us with this information

Hacking Team Release Ludicrous Statement

This story is so preposterous that I am going to play a little game called; “who are the hypocrites here.” Hacking Team, who recently fell to a cyber attack have released a statement claiming to be victims and have bluntly claimed that they have “always operated with the law and regulation in an ethical manner.”

You heard it right, when government officials start inventing ludicrous laws which state that hacking citizen’s phones and computers for data is actually legal, you arrive at the juncture where the Italian spyware firm claim that “there was only one Violation of Law in this entire event, and this was “the massive cyber attack on the Hacking Team”

Now I don’t condone hacking, well I do in this case where rival decent hackers exposed nearly 50GB of data, this included internal documents such as internal emails, hacking tools zero day exploits, surveillance tools, source code for Spyware and a spreadsheet listing and every government client with date of purchase and amount paid.

Out of balance and to be fair to Hacking Team, I have viewed their statement and what really stands out is the following few lines.

“The company has always sold strictly within the law and regulation as it applied at the time any sale was made. That is true of reported sales to Ethiopia, Sudan, Russia, South Korea and all other countries”

Well, those are true democracies which really do underpin Hacking Teams morals. The scary thing is, if you give a despot surveillance tools, this could have well led to deaths and suffering of citizens.

There are no winners in these revelations with perceived democratic countries also using these tools along with many dodgy dictators. Hacking Team also state that “there had not been “access to the data collected by company’s clients using purchased spying software, as such information is only stored on the customer’s systems and can’t be accessed by the company itself.”

This is the tip of a seedy and unethical Iceberg, which in the long run, will not protect against every terrorist eventuality, but to only virtually incarcerate the whole world. Anyone who sells spying software to countries which have a habit of executing dissenters is either desperate for cash or completely void of conscious. A sale is possibly within the law, but so is selling a pint of beer to a 16-year-old if bought by an adult with a meal. The only difference is, a pint normally does not result in potential war crimes and more… usually.

Thank you to Hacker News for providing us with this information

Image courtesy of ilquotidianoitaliano

See How Hackers Can Take Control of Your Chrysler Vehicles

I know that there have been a lot of movies where hackers can take control of vehicles and crash them, but can it really be done in real life? Well, a pair of hackers have just demonstrated this with a Chrysler using a zero-day exploit they found.

The hackers apparently demonstrated the hack having Wired’s Andy Greenberg in the actual vehicle. He was not told about the hack, but was warned not to panic. So, as he was travelling down a busy highway, the hackers started slowly taking control, first by turning on the air conditioning system, then the radio and finally the windshields.

As Greenberg drove on, the hackers moved to something more serious. They proceeded to cut the transmission, having Greenberg watch the RPM go up, but the car slowly losing speed. To demonstrate the hack even further, they found an empty car lot, where the hackers were able to show how they can kill the engine, apply brakes or even cut the brakes entirely. The latter apparently sent Greenberg into a ditch, as shown in the pic above.

The attack is really terrifying,since a lot of vehicles out there are vulnerable to the attack. However, the hackers stated that they plan on releasing the exploit on the Internet at the same time they are to give a talk at the Black Hat security conference in Las Vegas next month.

Thank you WIRED for providing us with this information

Security Giant Kaspersky Lab Just Got Hacked

One of the best security experts in the field, the guys over at Kaspersky Lab, got hacked this Wednesday. They say that the method employed was so complex and stealthy that they believe the hackers originate from a government agency.

Kaspersky stated that no services were affected or data compromised prior to the attack, but that does not mean the hack itself is to be taken lightly. They named the attack Duqu 2.0, an upgraded version of the original Duqu attack from September 2011.

The original Duqu attack employed a variety of malware delivered through the so-called Stuxnet worm. The latest attack on Wednesday is also believed to take advantage of some zero-day vulnerabilities found in Microsoft’s operating system.

Kaspersky said that the hackers were interested in proprietary information such as ongoing investigations, detection methods and analytical capabilities. In addition, the company found that that the attackers previously spied on other targets such as participants in the international negotiations on Iran’s nuclear program and people attending the 70th anniversary event of the liberation of the Auschwitz concentration camp.

The investigation is still ongoing, but Kaspersky said it will take only a few weeks to figure out what the purpose of these attacks may be. However, the hackers may not be able to pull this off any longer, since Kaspersky already added a Duqu 2.0 detection tool in its latest update.

Kaspersky has also expressed no interest in getting involved in any political matter, but has notified relevant law enforcement agencies of the attack nevertheless. Also, the company forwarded the zero-day exploit to Microsoft so the company may patch the exploit in future updates.

Thank you Sci-Tech Today for providing us with this information

Cheater Faces In-Game Death Penalty

Guild Wars 2 is a popular massively multiplayer online role-playing game (MMORPG) which is sold over 3 Million copies worldwide. It’s also one of the places where usage of exploits is not tolerated. DarkSide, in-game character faced sweet justice after he was caught playing by unfair means like teleporting, survive coordinated attacks by other players and dominate player-versus-player combat. After other players complained and submitted proof videos, Security lead Chris Cleary executed the character and deleted all the avatars linked to the account. All the other accounts owned by the same player are were shut down.

“We do not need to see it in-game, sometimes good video evidence is enough for me to track down who it was. In this case, the video was enough for me to find out who it was and take action.” said Mr Cleary “Oh yah, he’s also banned” 

YouTuber Shazbawt has posted a video named ‘RIP DarkSide’ showing the last moments of the character. He is stripped in public then waves and kills himself by jumping off a high bridge.

If cheaters are served justice in similar way that comes with Humiliation, some day there won’t be anymore. This move was appreciated by fans as “That’s pretty gangster” on the forums and it is actually pretty cool though. What do you think? Let us know in the comments section.

Thanks BBC for providing us with this information.

Researchers Find iOS Flaw That Can Crash Any Device in Range

Researchers from the security firm Skycure have found a new flaw in the IOS system that effectively allows you to put any iOS 8 device in range into a never-ending boot cycle. The flaw was demonstrated at the RSA security conference in San Francisco, but the good news is that the company didn’t disclose all the details on how to perform the hack and they are working with Apple to fix the issue.

The vulnerability takes advantage of a bug in the SSL system and the researchers showed how they could make iOS devices crash as soon as they connected to a ‘bad’ hotspot. This wouldn’t be so bad as you could choose not to connect to unknown wireless networks and hotspots, that is if it wasn’t for another security issue.

The researchers combined the SSL flaw with an older exploit dubbed WiFiGate. iOS devices are pre-programmed by the carrier to automatically connect to certain networks and there isn’t a thing that you can do about it, except maybe turn your WiFi completely off. For example, AT&T customers will automatic connect to any network called attwifi and there is no way to prevent this.

https://www.youtube.com/watch?v=PmgI0LaFYLA

Using those two flaws in a combination and the researcher could put any iOS device that entered the range of their manipulated hotspot into an endless boot cycle. The only way to stop it and get access back to your phone is to get out of the range of the hotspot. This might just be an annoyance if deployed at a university campus or school, but if such a thing is let lose in a financial district, then it could create some serious havoc.

Thank you Gizmodo for providing us with this information

Simda Botnet Taken Down After Affecting 777,000 PC’s Worldwide

Sidma has been around for the past 6 months, causing pain to PC owners across the world. It infected 128,000 computers each month – a phenomenal rate for a botnet. The bot changed into a new undetectable form every few hours; making it almost impossible to detect with standard antivirus products.It controlled more than 777,000 computers across 190 countries, stealing people’s bank credentials and creating more backdoors to install other malware.

The creators used a variety of methods and utilities to infect targets across the internet. It made use of known vulnerabilities in software including Java, Adobe Flash and Silverlight. The exploits were coded into websites by injecting the code via even more vulnerabilities in their SQL software. Another method called Social Engineering was used, mainly in the form of Spam e-mails.

The US had the most infected machines with around 22% of the botnets infections, closely followed by the UK. Turkey with 5% and Canada and Russia with 4% of the infections.

The bot was surprisingly simple in terms of how it worked. The bot used the computer host file to change where the internet traffic of the infected device went. Normal websites such as Facebook, Google and Twitter’s traffic was being re-directed to servers under control of the hackers. In most cases the infected file remained after antivirus software had removed the infection; this meant that the hackers could still see information being sent to their servers.

The final blow against the creators of the botnet was when the Interpol Global Complex for Innovation co-ordinated  based in Singapore. It involved the FBI, Dutch National High Tech Crime Unit and the Russian Ministry of the interiors crime department. The take down happened all over the globe last Thursday and Friday, resulting in 14 control servers being seized.

If you want to check if you have been infected by the Simda botnet then Kaspersky have a site available here to check.

Thanks to Kaspersky and Artstechnica for this information

Image courtesy of guim.co.uk

Activision Finally Patches Call of Duty: Advanced Warfare ‘XS1 Goliath Scorestreak’ Exploit

Activision has finally released a new update for all Call of Duty: Advanced Warfare platforms that also fixes an exploit where players could have had unlimited health using the XS1 Goliath scorestreak.

Alongside the exploit, the update also patches several other exploits across different multiplayer maps. Users will have the update automatically downloaded once it rolls out. Also, you can view the update’s complete changelog below.

Map Updates:

    • Fixed various out of map exploits across different multiplayer maps.

Game Mode Updates:

    • Players no longer advance more than one gun rank with a multikill in Gun Game.

Scorestreaks:

    • Fixed an exploit where players were able to have infinite health using the XS1 Goliath scorestreak.

Exo Zombies:

    • Fixed various out of map exploits where players could remain in place and not be attacked by zombies.

Thank you DSOGaming for providing us with this information

Battlefield 4 Final Stand Revealed to Come with an Exploit to Catch Cheaters

DICE has recently revealed that the latest DLC for Battlefield 4, Final Stand, has an exploit intentionally left in the game by the development team. The company explained that they inserted the exploit in order to catch cheaters and proceed in banning them from the game.

“With Final Stand, we had that change in there, and there were a significant amount of players hit with the ban hammer, because they were using that cheat we knew about”. – DICE

It looks like DICE is experimenting with their own anti-cheat system in order to catch cheaters, having this be a test run for what’s to come. Though it revealed it to be very effective, “there are cheats out there that we don’t know about — we can’t find them all”. Battlefield 4 currently has two anti-cheat systems, PunkBuster and Fairfight. Despite the heavy anti-cheat protection, cheaters still manage to hide in the game.

DICE is said to also have a dedicated staff team members looking into the Battlelog, hoping to catch more cheaters and ban them in the near future.

Thank you NextPowerUp for providing us with this information

Jamie Oliver’s Website Hacked and Used as Malware Distributor

The website of celebrity chef Jamie Oliver, which has an average of 10 million visitors per month, has been hacked. The hackers inserted a string of code that redirects visitors to a WordPress site that uses a Flash, Java, or Silverlight exploit to force malware to run on the visitors’ computers.

The hack was discovered by computer security firm Malwarebytes. Jerome Segura, Senior Security Researcher at Malwarebytes, said, “The malicious redirection led to the Fiesta Exploit Kit which had recently integrated a critical zero-day (now patched) in Flash Player. However, as many people do not apply updates on a regular basis, this vulnerability is ripe for mass exploitation.”

Though Malwarebytes has contacted the admins of jamieoliver.com, Jamie Oliver’s press team is yet to issue a response on the matter.

Though anyone with the latest versions of Flash, Java, or Silverlight should be safe, it is advised that users avoid jamieoliver.com until the site has been cleaned.

Source: Forbes

$12,500 for Reporting Facebook Bug That Allowed You To Delete Anyone’s Photos

Researcher Laxman Muthiya discovered that Facebook had extraordinarily simple bug that essentially gave anyone the ability to delete any photo on Facebook. Literally, any photo – this could have given someone the ability to delete every single photo on Facebook.

The bug used Facebook’s Graph API, which basically allows anyone to delete an entire photo album with one command. That of course only applies to the photos that belong to you and are in your account – not photos from other accounts. However, using the mobile version of that API, the following command was all it took to instantly wipe pretty much anyone’s Facebook photos.

Request :-
DELETE /518171421550249 HTTP/1.1
Host :  graph.facebook.com 
Content-Length: 245
access_token= facebook_for_android_access_token

Now there’s quite a few people who would have taken this as quite an opportunity to cause some mayhem. It could have developed into a massive problem for Facebook all over the world, except Muthiya decided against that and did the right thing – he reported it to Facebook. The company kindly gave him $12,500 for his discovery.

Source: The Verge

Yet Another Zero-Day Vulnerability Found In Adobe Flash

Adobe Flash is quickly becoming a liability.

Another zero-day vulnerability (CVE-2015-0313) has been found in Adobe Flash Player, the third such problem this year. This time, Adobe itself has drawn attention to the issue, warning that the CVE-2015-0313 security flaw can be taken advantage of using the Angler Exploit kit, a favourite amongst hackers.

The Adobe website post reads:

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. 

Adobe expects to release an update for Flash Player during the week of February 2.  For more information on updating Flash Player please refer to this post

Adobe considers the risk of this issue as critical. It is advisable for anyone concerned about the vulnerability to disable Flash Player within their chosen browser, at least until Adobe releases a patch for it.

Source: GreatSoftLine

30-Minute Legend Of Zelda Speedrun is a New World Record

A Legend of Zelda player has beaten the game in a record-breaking 30 minutes and 29 seconds. The speedrun was completed by Darkwing_Duck_sda, just 8 seconds faster than his previous best of 30 minutes and 37 seconds.

Darkwing took advantage of a screen scrolling glitch to skip through the game at abnormal speed – according to the website How Long to Beat, an average Zelda playthrough takes approximately 10 hours.

This excerpt, from Speed Demos Archive, explains the glitch and how to take advantage of it:

To clip through a wall (screen scroll glitch), you must stand toward that wall and be a specific amount of pixels away from the wall (either 5 or 7, the amount escapes me at the moment) and then move one frame in a side direction. This will cause Link to turn around, but stay on the same pixel. Then you can move through the wall. You only get to move through a half step of solid wall, but that’s enough to clip through things that are set diagonally, or push you through the screen transition “wall.” Clipping through the edge of the screen sends you to the other side.

The question is, should speedruns using glitch exploits really be considered a true completion of a game?

Source: Kotaku