How I found 5 ReDOS vulnerabilities in Mod Security CRS

April 23rd, 2019
by The Feeder
submitted by /u/s0md3v
[link] [comments]

Posted in netsec | Comments (0)

Behavioral Analysis of Obfuscated Code

April 23rd, 2019
by The Feeder
submitted by /u/jeandrew
[link] [comments]

Posted in netsec | Comments (0)

Source code of Carbanak trojan found on VirusTotal (ZDNet)

April 23rd, 2019
by The Feeder

Posted in Uncategorized | Comments (0)

ASD Essential Eight cybersecurity controls not essential: Canberra (ZDNet)

April 23rd, 2019
by The Feeder

Posted in Uncategorized | Comments (0)

Windows 10’s “Sets” tabbed windows will never see the light of day

April 23rd, 2019
by The Feeder
Microsoft's inspiration, evidently.

Enlarge / Microsoft's inspiration, evidently. (credit: Jerry / Flickr)

For two periods last year, those using preview builds of Windows 10 could access to a feature called Sets: a tabbed interface that was eventually to allow tabs to be put in the titlebar of just about any window. These tabs would allow both multiple copies of the same application to be combined—a tabbed Explorer or Command Prompt, say—and multiple disparate windows to be grouped—combining, say, a browser window containing research with the Word window. However, both times the feature was enabled only for a few weeks, so Microsoft could gather data, before disabling it. Sets aren't in the Windows 10 May 2019 update.

It seems now that Sets are unlikely to ever materialize. Rich Turner, who oversees Microsoft's revamping of the Windows command-line infrastructure and the Windows Subsystem for Linux tweeted that the interface "is no more." Having everything tabbed everywhere isn't going to happen. Adding tabs specifically for command-line windows is, however, "high on [Microsoft's] to do list."

There was initially some confusion that the tweet might have meant that some other system-wide approach to tabs was going to be used. But Turner clarified today that the command-line tabs will be purpose-built for command-line windows, not a general feature for the entire operating system.

Read 4 remaining paragraphs | Comments

Posted in browser, Chromium, EDGE, microsoft, Open Source, sets, tabs, Tech, user interface, Windows | Comments (0)

Googlers Claim Retaliation, Samsung Delays Fold, and More News

April 22nd, 2019
by The Feeder
Catch up on the most important news today in 2 minutes or less.

Posted in Business, Business / Tech Culture | Comments (0)

FBI: $2.7 billion in Losses to Cyber-Enabled Crimes in 2018

April 22nd, 2019
by The Feeder
Internet Crime Complaint Center (IC3) last year received an average of 900+ reports daily of Internet-enabled theft, fraud, and exploitation.

Posted in Uncategorized | Comments (0)

Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies

April 22nd, 2019
by The Feeder
Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.

Posted in Uncategorized | Comments (0)

Bug in French government’s WhatsApp replacement let anyone join Élysée chats

April 22nd, 2019
by The Feeder
Rows of people in uniform march into a palace.

Enlarge / Around the same time French President was greeting firefighters who saved Notre Dame Cathedral from fire, a security researcher was burning a new "secure" chat application for French government officials intended to keep them off WhatsApp and Telegram. (credit: Christian Böhmer/picture alliance via Getty Images)

On April 17, the French government introduced an Android application meant to be used by government employees as an internal secure channel for communications. Called Tchap, it was touted as a replacement for WhatsApp and Telegram, providing (in theory) both group and private messaging channels to which only people with government email addresses could join.

Tchap is not intended to be a classified communications system—it runs on regular Android phones and uses the public Internet. But as the DINSIC, the French inter-ministry directorate for information systems that runs Tchap put it, Tchap "is an instant messenger allowing government employees to exchange real-time information on everyday professional issues, ensuring that the conversations remain hosted on the national territory." In other words, it's to keep official government business off of Facebook's and Telegram's servers outside France.

Based on the Riot.im chat application from the open source project Matrix, Tchap is officially still in "beta," according to DINSIC. And that beta test is getting off to a rough start. Within two days, French security researcher Baptiste Robert—who goes by the Twitter handle @fs0c131y (aka Elliot Alderson)—had tapped into Tchap and subsequently viewed all of the internal "public" discussion channels hosted by the service.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, Elysée, Emmanuel Macron, France, French, French Government, Macron | Comments (0)

Loose online lips sink hack targeting governments and embassies

April 22nd, 2019
by The Feeder
The word

Enlarge (credit: Frank Lindecke / Flickr)

Security researchers gave mixed grades to a recently discovered hacking campaign targeting government finance authorities and embassies. On the one hand, the attacks used carefully crafted decoy documents to trick carefully selected targets into installing malware that could gain full control of computers. On the other, a developer involved in the operation sometimes discussed the work in public forums.

The campaign has been active since at least 2018 when it sent Excel documents claiming to contain top-secret US data to people inside governments and embassies in Europe, security firm Check Point reported in a post published Monday. Macros in the documents would send a screenshot and user details of the target’s PC to a control server and then install a malicious version of TeamViewer that claimed to offer additional functionality. The trojan would then gain complete control over the infected computer.

A poorly secured control server allowed Check Point researchers to periodically see screenshots that were uploaded from infected computers, at least until the server was locked down. Most of the targets had a connection to public finance and government officials from revenue authorities. Using the intercepted images and telemetry data, Check Point researchers compiled a partial list of countries where targets were located. It included:

Read 5 remaining paragraphs | Comments

Posted in Biz & IT | Comments (0)