8.4.16

Researchers in Israel have come across a new way of exploiting Stagefright vulnerability


Researchers in Israel have come across a new way of exploiting the Stagefright vulnerability that was uncovered last year, and which affects the library that Android uses to analyze multimedia files.
To recap, cybercriminals can execute malicious code through a harmful or compromised website – or a specially designed MMS – to steal information. There is, however, a free tool capable of detecting if the device is vulnerable to Stagefright.
But that’s not all. A recent paper by Hanan Be’er, a researcher with NorthBit, has found that an exploit known as ‘Metaphor’ can go further to take advantage of the vulnerability in Stagefright. He suggests that millions of Android devices are vulnerable to this exploit, which dodges their defense mechanisms. This threat operates on Android 2.2 to 4.0 and 5.0 to 5.1. On top of this, in the latest versions, it can evade the ASLR. This is ‘address space layout randomization’, used to hamper the proper operation of exploits preventing buffer overflow attacks.
As stated in The Register, the process is made up of various stages. Firstly, the victim lands on a malicious website. This then sends a video to the device, which crashes the multimedia server of the operating system in order to reset its internal state. JavaScript on the page waits for mediaserver to restart, and then sends information about the device over the internet to the attacker’s private server.
“When processed by Stagefright, the following video created by the attacker begins executing a payload which carries all the privileges it needs to spy on the user.”
This server then creates a custom video file which is sent to the device, which exploits Stagefright to reveal more information about the device’s internal state. When processed by Stagefright, the following video created by the attacker begins executing a payload which carries all the privileges it needs to spy on the user.
The exploit attacks the CVE-2015-3864 bug – even without the user having to ‘play’ or view the video. It starts working when the web browser searches and analyzes the file. Stagefright is the native media player for Android devices.
“Our exploit works best on Nexus 5 devices. It was also tested on HTC One, LG G3, and Samsung S5 devices, although the exploit was slightly different on these brands. We will need to make a few adjustments”, concludes the analysis.
In any event, what we have to remember is that these exploits generated in test environments often present themselves as extremely critical problems, but we subsequently see that their actual scope is limited in highly specific scenarios. This attack also requires the execution of JavaScript over a web browser. As researchers have found, this type of code has a number of limitations.
This shows that there is no need to panic. Users should just keep up to date with the latest news and download patches when released by the provider.


6.4.16

Buying Ray-Bans? Don’t fall for this Facebook scam


Recently, we’ve observed a new wave of scams on Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops and buy heavily discounted sunglasses there. Victims’ payment card details are at risk. The spam ads are spread via hacked Facebook accounts that attackers have taken control of using malware and social engineering tactics. Subsequently, without the owner’s consent, they post pictures promoting fake Ray-Ban sunglasses with discounts as high as 90%.
On top of the possibility of losing few dollars on counterfeit goods, victims’ payment card details are at risk. Also, the transactions run directly on the bogus sites, not via a secure payment portal, allowing the payment card’s details to travel unencrypted across the internet.
 Images are also uploaded to the user’s gallery which is shared with the public. To keep a low profile and avoid suspicion, attackers usually tag only 4 to 6 friends from the friend’s list on each of the fake ads.We have seen these fraudulent websites in different language mutations, but most of them use English. Attackers target users in various countries such as the Slovak Republic, the Czech Republic, Chile, France, Spain, the United Kingdom and China. We have also discovered that many of these newly created domains use a similar design. Most of them are situated in China and were registered this year.
After searching for their favorite models, users should realize that something fishy is going on since all of the Ray-Ban sunglasses on the scam e-shops offer the same 90% discount. If the victim misses the red flags and decides to order a pair of the displayed sunglasses, he/she will be asked to proceed with their credit card payment. However, these fake e-shops are not secure and don’t use an SSL certificate to encrypt communication between client and server. Customer credit card details therefore, are sent to the attacker’s server in plain text and can be misused in the future.
With the high number of similar looking e-shops offering huge discounts, there is also the probability that customers will neither receive the sunglasses they ordered, nor get their money back.
How it works
Many people tempted to buy these “discounted” sunglasses are aware of similar scams. Hence, they try to contact the official Ray-Ban Facebook fan page to verify whether the pages they have seen in the ads are genuine or fake. Official brand representatives are working hard to react to all of these inquires and confirm most of the reported Chinese pages as bogus.
 Already posted images on Facebook?
If you are one of the victims and have found an image similar to those we’ve described above, posted on your wall (without your consent), we advise you to follow these steps:
1.     Change your Facebook password immediately (Settings -> General -> Password).
2.     Remove all suspicious Apps from your Facebook that can automatically post content on the Facebook wall without user knowledge (Settings -> Apps).
3.     Scan your computer with an up-to-date antivirus software.
If the user still has doubts, he can always view his previous account activity by going to Settings -> Activity Log. There he/she can check for activities possibly caused by malware or the attackers, such as posting or sharing images, or making unwanted friend requests and likes.
Paid for sunglasses?
If you already got tricked and bought sunglasses via these fake websites, we advise you to call your bank and cancel the money transfer immediately. Credit cards used to buy the counterfeit goods can be compromised as well, and should also be reported to the bank.
Prevention
If you don’t want to spread bogus ads amongst your Facebook friends unknowingly, you can review posts and pictures your friends tagged you in, before they appear on your timeline. You can activate this feature by going to Settings -> Timeline and Tagging -> Review posts friends tag you in before they appear on your timeline? -> Enable.
 Don’t trust bogus extremely low price ads and certainly don’t click or order the goods displayed. If the price offered seems too good to be true, it probably is…
Scam websites

sk-rb.com; rb-sk.org; rbbuy-sk.com; rayban-sk.com; rbs-sk.com; cz-rb.com; rb-rr.com; rbstore-no.com; rb-be.org; rbeus.co; rbius.co; rb-nb.com; rbsave-fr.com; salesunglasses07.pw; rb-ff.com;  rbcet.com; ok-rb.top; rbfr-rbs.com; frrbsrbs.com; rbese.com; rb-as.com; rbs-chile.com; rayban-brand.com; spain-rb.com; rbshop-il.com; ukrb-uk.com; esnrb.com; vt-rbs.com; rbbuy-se.com; rbstoreonline.org; glasses-sale.com; rb-cz.com; rb-sk.com;  rbbuy-se.com; rbnes.com; 2015goodsunglasses.com; rbstore-cl.com; cheapsunglasses.cn; rbwap.com; br-rbso.com

5.4.16

US and Canada issue a ransomware alert


A ransomware alert has been issued by the US and Canada to ensure that individuals and organizations are aware of the threat posed by this type of malicious software.

The alert, from the Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre (CCIRC), comes on the back of what seems to be a proliferation of ransomware attacks. They said that it is now apparent to cybercriminals that this particular approach is remarkably “profitable”, resulting in not only a general increase in the number of attacks, but also in the number of ransomware variants.

“In 2013, more destructive and lucrative ransomware variants were introduced, including Xorist, CryptorBit, and CryptoLocker,” the official statement highlighted. “Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives. “These variants are considered destructive because they encrypt users’ and organizations’ files, and render them useless until criminals receive a ransom.”

Both security organizations drew attention to Locky – recently analyzed by ESET’s Diego Perez – which has been especially prolific as of late. This variant, described as “destructive”, is delivered through spam emails, which include corrupted Microsoft Office documents (as an attachment). Once downloaded, the trojan gets to work, encrypting files without the victim at first being aware. It is only when they receive a demand for a ransom that they realise what has happened.

“Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist,” stated the DHS and CCIRC in their alert.
In spite of this, their advice is to never pay, something that WeLiveSecurity’s editor in chief, Raphael Labaca Castro, has previously noted.

Speaking last year, the information security expert explained that in doing so, you are, in effect, “supporting cybercrime activities”. Additionally, there is no guarantee that files or devices will be decrypted. “Remember, this is not a service, they are cybercriminals,” he went on to say. “[And] even if you pay, you are not going to be ‘whitelisted’ so you could get infected again so it’s not a real solution for the future either. “Prevention is the most important tool against Ransomware, since the infection can be usually cleaned afterwards but not always the information restored.”




InterSystems HealthShare obtient un score élevé dans  l’enquête KLAS sur les technologies d’avenir pour le partage des données patient 

InterSystems, leader mondial en logiciel pour les  soins de santé, communique qu’InterSystems HealthShare®  a obtenu, en ce qui concerne l’appréciation des clients, le score le plus élevé pour sa technologie qui s’utilise indépendamment des systèmes EMR (Electronical Medical Record). Cette évaluation est présentée dans le rapport “HIE 2016: Shifts in Vendor Performance and Provider Outlook”, publié récemment.   

Ce rapport reprend les interviews de 332 prestataires de soins effectués dans le cadre d’une étude de KLAS, un organisme de recherche indépendant spécialisé en IT pour le secteur des soins de santé. KLAS a étudié la situation actuelle sur le marché  HIE (Health Information Technology – Technologie de l’information dans le secteur des soins de santé), la recherche de solutions fiables et pertinentes ainsi que les moyens de transition. InterSystems Healthshare a obtenu un score de 87,1. Comparé aux autres évaluations dans l’ensemble de l’étude, ce score place InterSystems en deuxième position et en première position dans la catégorie des systèmes indépendants de l’EMR.  Ainsi, les participants à l’enquête ont donné un signal fort tant au niveau des prestations actuelles qu’en ce qui concerne les besoins futurs. 

Selon KLAS, l’interopérabilité est la clef du succès pour les initiatives en matière de soins des populations soutenant la transition vers les soins orientés résultats. Les  auteurs déclarent : « Sans la possibilité de partager l’information des patients et de permettre la transformation des processus de soins, les prestataires de soins ne peuvent ni s’attendre à ce que la qualité de leurs prestations augmente ni à ce qu’ils puissent éviter d’éventuelles conséquences financières défavorables. »

 A la question posée par KLAS aux prestataires de soins quant à savoir si leurs fournisseurs de technologie peuvent répondre à leur demande en fonctionnalités d’interopérabilité dans les années à venir, InterSystems faisait partie de ceux qui avaient les meilleurs scores : « Neuf clients sur dix déclarent que pour les trois prochaines années InterSystems peut répondre à leurs besoins. Ils s’attendent à ce qu’InterSystems réagisse positivement à chaque modification du paysage technologique. »  

D’autres remarques de clients reprises dans le rapport HealthShare : 

·        “Un point fort d’InterSystems est qu’ils nous offrent une plate-forme stratégique avec laquelle nous pouvons réellement faire tout ce que nous voulons.”

·        “InterSystems est vraiment  bien à l’écoute de ses clients.  Nous avons un dialogue permanent avec nos contacts chez InterSystems. Les collaborateurs de leur helpdesk sont très serviables et les membres de l’équipe client pensent de manière proactive avec nous. ” 

  • · “Le rapportage d’incidents cliniques d’InterSystems est très bon. Ceci est important pour les départements de notre organisation où les programmes sont orientés vers l’analyse et le repérage des risques actuels. Ainsi, ils peuvent réduire le nombre de fautes probables. Les départements peuvent s’abonner aux rapports et cela leur permet de réagir  immédiatement, dès que leurs patients apparaissent dans les états récapitulatifs.” 


·        “J’apprécie particulièrement la façon dont HealthShare Information Exchange fonctionne car il peut traiter des messages de différentes structures. Le produit est très flexible, et les fonctionnalités d’analyse sont impressionnantes.”

·        “Dans les trois prochaines années, l’interopérabilité prendra d’autres formes et ceux qui sont concernés devront s’y plier. Les connexions se feront d’une toute autre façon qu’aujourd’hui. Les standards FHIR font que les dossiers électroniques des patients échangeront des données sans être chapeautés par une architecture HIE. Un registre de localisation précise des fichiers de données n’est pas repris dans le standard FHIR. InterSystems prépare déjà sa plate-forme afin de traiter de telles demandes. C’est ainsi qu’ils préparent notre stratégie d’avenir.”

“Les classements de KLAS sont très fiables car ils sont générés par les préférences des prestataires de soins et ne sont pas le résultat d’observations subjectives. Nous sommes très fiers de l’excellente évaluation faite par nos clients dans le rapport de technologie HIE. Nous voulons continuer à leur fournir une plate-forme avec laquelle ils pourront atteindre leurs objectifs à long terme,” déclare Joe DeSantis, vice-président plate-forme HealthShare chez InterSystems.


Pour plus d’information concernant le rapport KLAS, visitez "HIE 2016: Shifts in Vendor Performance and Provider Outlook," et KLAS en ligne  www.KLASresearch.com/reports.