Category Archives: DataBreach

  • -

Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

Category : CyberSecurity , DataBreach

Researchers at Synacktiv have found that the Cisco Jabber
client is vulnerable to a STARTTLS downgrade attack. The vulnerability
manifests due to a failure to validate if a XMPP connection has been
established over TLS. A man-in-the-middle attacker could exploit this
flaw and tamper with the XMPP connection to avoid TLS negotiation,
causing the client to establish a XMPP connection over cleartext. Cisco
has released a security advisory and updated software to address this

Article; Cisco

  • -

Google says Chinese Great Cannon shows need to encrypt web

Category : CyberCrime , DataBreach

Summary:The large DDoS attack on GitHub and Greatfire that occurred over March and April would not have been possible with encrypted web traffic, Google has said.

For a month and a half, China’s new Great Cannon attack injected HTML and JavaScript aimed at flooding GitHub and servers into web requests to popular Chinese search engine Baidu.

Described at the time as a significant escalation of state-level information control and a censorship tool powered by weaponising users, Google said on the weekend that the attack would not have been possible if the web had embraced moves to encrypt its transport layers.

“This provides further motivation for transitioning the web to encrypted and integrity-protected communication,” Google security engineer Niels Provos said in a blog post. “Unfortunately, defending against such an attack is not easy for website operators.”

According to Google, on March 25, the attack switched from Greatfire to Github.

“The attack against GitHub seems to have stopped on April 7th, 2015, and marks the last time we saw injections during our measurement period,” Provos said.

During the attack, 19 different JavaScript replacement payloads were detected, and although Google said it was unable to determine a number for different HTML attacks, the payloads were similar.

Provos said that although Google’s Safe Browsing analysis was limited to HTTP, and therefore could not be pinned on anyone, it showed that hiding such attacks is difficult.

“Another hope is that the external visibility of this attack will serve as a deterrent in the future,” he said.

Article: ZDNET

  • -

FBI Warns of Potential for Cyber Attacks from Iranian Group

In a confidential report to US businesses, the FBI warned of techniques
that have been used by an Iranian group believed to be responsible for
attacks against computer networks at defense contractors, energy
companies, and colleges and universities around the world. The warning
follows a report from Cylance about Operation Cleaver, the name for the
group’s activity.

This might be the group responsible for worldwide attacking CA’s.

Article: The Register

  • -

Apple to Stop Using SSL 3.0 for Push Notifications

Apple plans to stop using the Secure Sockets Layer 3.0 (SSL 3.0)
encryption standard for its Apple Push Notification service following
the disclosure of a vulnerability. Developers have until October 29 to
update their apps.

Article: ZDNet

  • -

SSL 3.0 discovered to be insecure to a man-in-the-middle attack

SSL v3.0 has been found to be insecure to a
man-in-the-middle attack, allowing the plaintext of secure connections
to be calculated by a network attacker.

SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Innovice-IT is partner of KeyTalk ( KeyTalk prevents man in the middle attacks at a very smart way with Device DNA and short living certificates. This prevents a load of key management for your helpdesk and keeps the login’s safe. We are able to facilitate a proof of concept for your company. Please contact us for more information.

  • -

Shellshock Flaw is Being Actively Exploited

There are reports that attackers have already begun exploiting this flaw
to infect vulnerable servers around the world.

Article: Wired

  • -

Bash Shellshock Flaw

Category : CyberSecurity , DataBreach

A serious flaw in a software component called Bash is said to be more
serious that the Heartbleed vulnerability that was disclosed earlier
this year. The flaw, which is being called Shellshock, can be exploited
to remotely take control of vulnerable systems. It affects an estimated
500 million UNIX and LINUX machines. Bash, or the GNU Bourne Again
Shell, is a command prompt on many Unix systems. The US Computer
Emergency Response Team (US-CERT) has issued a warning and is urging
admins to patch the flaw. Others have expressed concern that the patches
that have been made available are incomplete.

Article: CSmonitor

  • -

Innovice-IT starts cooperation with KeyTalk

Man-in-the-Middle intrusions, and highly sensitive data transmission requirements

KeyTalk has been designed to protect against Man-in-the-Middle intrusions without becoming a tough nut to crack in regard to client usage or management.

Man-in-the-Middle is considered one of the toughest intrusions to defend against. It is frequently used by technologically advanced malicious parties such as black-hat hackers and rogue states to obtain digitally transmitted sensitive information.

KeyTalk uses an innovative secure communication channel over any untrusted Internet connection, over which it provides your user with a short lived client side certificate in a fully automated secure manner. The corresponding key-pair strength ranges from 2048 up to 4096 bit RSA encryption and changes with each renewed certificate.
With the client certificate being totally transparent to the end-user, a secure Man-in-the-Middle intrusion proof connection can be established using standard server configurations.

Innovice-IT will cooperate with KeyTalk via Secure Managed Hosting in the Netherlands.

More about KeyTalk: Keytalk

  • -

Breached Test Server Was Still Using Default Password

Category : DataBreach

The test server breached earlier this summer was still
using its default password. US-CERT Team Director Ann Barron-DiCamillo
told the House Oversight and Government Reform Committee that the breach
did not compromise any patient data “due to the segmentation of the
network.” The intruders used the access to harness the server’s
resources to launch attacks against other websites.

Article: NextGov

  • -

Attackers Launched Cross-Site Scripting Attack on eBay Auction Page

Category : CyberCrime , DataBreach

Some eBay users were victims of an attack that caused some users who
clicked on links on the site to be taken to duplicated, malicious pages
where account access credentials were stolen. The attack affected users
who were viewing certain iPhone auctions.

Article: SCMagazine


Innovice-IT on Twitter

  1. Bas Eikelenboom
    Bas Eikelenboom: RT @POL_Korpschef: „De lokale verankering is essentieel voor het politiewerk. Die verankering moeten we koesteren, want die staat onder dru…

  2. Bas Eikelenboom
    Bas Eikelenboom: RT @teamcymru: #Tor browser fixes bug that allows #JavaScript to run when disabled

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @opensourceac: The Open Source Academy March Meetup has been cancelled. See you next time!

  4. Bas Eikelenboom

  5. Bas Eikelenboom
    Bas Eikelenboom: RT @Miltenburg_14: Sinterklaas helpen gestolen pakjes naar de kinderen terug te brengen #Sinterklaas #dankbaar #blijekinderen @PolitieUtrec