Google remove da Play Store malwares com 2,6 milhões de downloads




Ser a plataforma mobile mais usada no mundo tem as suas desvantagens, e a série de problemas com malwares e vírus enfrentados pelo Android é uma prova disso. A mais recente nota nesse imenso caderno de situações incômodas do sistema da Google foi revelada nesta quarta-feira (18), quando a Symantec anunciou que oito aplicativos da Play Store conectavam os dispositivos nos quais estavam instalados a uma botnet.

Durante os testes realizados em laboratório, os pesquisadores descobriram que os aplicativos em questão realizavam uma conexão persistente por meio do protocolo Socket Secure (SOCKS) com um servidor responsável por distribuir anúncios. O app então passa a realizar uma série de requisições de anúncios desses servidores, apesar de não exibir anúncios na tela.

De acordo com a Symantec, essa estrutura permitiria que os dispositivos tivessem seu tráfego transferidos para outros servidores e fossem utilizados para distribuir ataques de negar o serviço, os famigerados DoS capazes de derrubar servidores da web e retirar páginas do ar temporariamente.



Report: 88% of Java Apps Vulnerable to Attacks from Known Security Defects


By Michael Hill

18 OCT 2017

A new report from CA Veracode has exposed the pervasive risks companies face from vulnerable open source components.

In its 2017 State of Software Security Report the firm reviewed application security testing data from scans of its base of 1400 customers, discovering that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.

A cause of the problem, in part, is that fewer than 28% of companies carry out regular analysis to see which components are built into their applications, Veracode claimed.

“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications – making many of them breachable with a single exploit,” said Chris Wysopal, CTO, CA Veracode.

There have been plenty of examples of high-profile Java app breaches caused by vulnerabilities in open source or commercial components in the last year, one such being the ‘Struts-Shock’ flaw affecting the Apache Struts 2 web application framework.






October 17, 2017 , 9:00 am

Security experts are urging Lenovo customers to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices.

On Oct. 5, Lenovo quietly rolled out four patches impacting all of its Android tablets, Vibe and Zuk phones, and the Moto M (XT1663) and Moto E3 (XT1706) model handsets.

According to Imre Rad, an independent security researcher who identified the bugs, the vulnerabilities are tied to the Lenovo Service Framework (LSF), an Android application used by several other Android applications and which is exclusive to Lenovo devices.

According to Lenovo’s description of LSF, it is used to receive push notifications from Lenovo servers such as product promotions for apps, news, notices, surveys and also to facilitate emergency app repairs and upgrades when needed.

However, Rad found that LSF could also be exploited by attackers to facilitate the downloading of code onto devices from an arbitrary server resulting in remote code execution. The four vulnerabilities found by Rad include:

  • CVE-2017-3758 – Improper access controls on several Android components in the LSF application, which can be exploited to enable remote code execution.
  • CVE-2017-3759 – The LSF Android application accepts some responses from the server without proper validation.  This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
  • CVE-2017-3760 – The LSF Android application uses a set of non-secure credentials when performing integrity verification of downloaded applications and/or data.  This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
  • CVE-2017-3761 – The LSF Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection, which, in turn, could lead to remote code execution.


Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices


Swati Khandelwal


If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on…

…we have got another one for you which is even worse.

Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies.

It’s noteworthy that this crypto-related vulnerability (CVE-2017-15361) doesn’t affect elliptic-curve cryptography and the encryption standard itself, rather it resides in the implementation of RSA key pair generation by Infineon’s Trusted Platform Module (TPM).

Infineon’s Trusted Platform Module (TPM) is a widely-used, dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes.



Bill legalizing hacking back introduced in the House

Resultado de imagem para Bill legalizing hacking back introduced in the House

by Doug Olenick, Online Editor

October 13, 2017

Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Az., today introduced the Active Cyber Defense Bill which if passed would give individuals and companies hit with a cyberattack the legal authority to hack back against their assailant.

The bill alters the Computer Fraud and Abuse Act (CFAA) of 1986 and would allow those victimized by a cyberattack to take certain countermeasures. This includes leaving their network to establish who attacked, disrupt cyberattacks without damaging others’ computers, retrieve and destroy stolen files, monitor the behavior of an attacker and utilize beaconing technology, the bill reads.

“While it doesn’t solve every problem, ACDC brings some light into the dark places where cybercriminals operate,” said Rep. Tom Graves. “The certainty the bill provides will empower individuals and companies use new defenses against cybercriminals,” Graves said.

However, not everyone believes it is in the best interest of a company to counterattack.

In November 2016 the United Kingdom announced it would hack back against nation-state attackers, said Israel Barak, CISO at Cybereason, adding that such a maneuver might not be in the victim’s best interest. In particular he noted any retaliatory moves could incur collateral damage and the line between legal and illegal activities could be crossed.


Iran to blame for cyber-attack on MPs’ emails – British intelligence

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

The houses of parliament
Dozens of MPs’ emails were hacked, partly as the result of weak passwords, a spokesman said. Photograph: Xinhua/Barcroft Images

Iran to blame for cyber-attack on MPs’ emails – British intelligence

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

Iran is being blamed for a cyber-attack in June on the email accounts of dozens of MPs, according to an unpublished assessment by British intelligence. Disclosure of the report, first revealed by the Times but independently verified by the Guardian, comes at an awkward juncture. Donald Trump made it clear on Friday that he wants to abandon the Iran nuclear deal. But European leaders, including Theresa May, want to retain it.

Initial suspicion for the attack fell on Russia, but this has now been discounted. The evidence amassed is pinpointing Iran, according to the assessment. A spokesperson for the National Cyber Security Centre, the government body responsible for helping to counter attacks, said: “It would be inappropriate to comment further while inquiries are ongoing.”


US Intelligence Unit Accused Of Illegally Spying On Americans’ Financial Records


The Treasury Department’s Office of Intelligence and Analysis has been illegally rifling through and filing away the private financial records of US citizens, Treasury employees alleged. “This is such an invasion of privacy,” said one official.

The intelligence division at the Treasury Department has repeatedly and systematically violated domestic surveillance laws by snooping on the private financial records of US citizens and companies, according to government sources.

Over the past year, at least a dozen employees in another branch of the Treasury Department, the Financial Crimes Enforcement Network, have warned officials and Congress that US citizens’ and residents’ banking and financial data has been illegally searched and stored. And the breach, some sources said, extended to other intelligence agencies, such as the National Security Agency, whose officers used the Treasury’s intelligence division as an illegal back door to gain access to American citizens’ financial records. The NSA said that any allegations that it “is operating outside of its authorities and knowingly violating U.S. persons’ privacy and civil liberties is categorically false.”