Tag Archives: cyber security

Man drives 3,300 miles to talk to YouTube about deleted video

On Sunday, police in Mountain View, California, where Google is headquartered, arrested a man who drove more than 3,300 miles from Maine to discuss what he thought was the company’s removal of his YouTube account and the one video he’d posted – one about getting rich quick.

It was not, in fact, deleted by YouTube. It turns out, his wife deleted it, concerned as she was about her husband’s mental state. She told BuzzFeed News that the video, created by 33-year-old Kyle Long, was “rambling” and “bizarre.”

According to a press release from the Mountain View police department (MVPD), Iowa State Patrol on Friday gave them a heads-up about Long’s journey. Iowa police spoke to Long twice that day: once when he got into a collision (without injuries) and then again after he vandalized a restroom at a gas station store a short time later.

Employees at the gas station store didn’t want to press charges, and the collision didn’t warrant Long’s detention, so Iowa police let him go.

Three baseball bats and a serious need to chat

Then, on Sunday, the MVPD got another heads-up. This one came from police in Long’s hometown of Waterville, Maine. Waterville police told MV police that they’d been tipped off about Long having made it to California. They’d also gotten a tip that he intended to resort to physical violence if his meeting with Google execs didn’t go well.

MVPD began to look into the matter …and kept an eye out for Long’s arrival. Officers were stationed in and around Googleplex, and monitoring all the major highways around the city in order to intercept Long before he could step foot on Google’s main campus.

On Sunday afternoon, around 1pm, they spotted Long’s car. When they stopped him, they found three baseball bats.

Legislation Introduced in California to Strengthen Data Breach Notification Law

California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) unveiled AB 1130, legislation to strengthen California’s data breach notification law to protect consumers. The bill closes a loophole in the state’s existing data breach notification law by requiring businesses to notify consumers of compromised passport numbers and biometric information.

“Knowledge is power, and all Californians deserve the power to take action if their passport numbers or biometric data have been accessed without authorization,” said Attorney General Becerra. “We are grateful to Assemblymember Levine for introducing this bill to improve our state’s data breach notification law and better protect the personal data of California consumers. AB 1130 closes a gap in California law and ensures that our state remains the nation’s leader in data privacy and protection.”

“There is a real danger when our personal information is not protected by those we trust,” said Assemblymember Levine. “Businesses must do more to protect personal data, and I am proud to stand with Attorney General Becerra in demanding greater disclosure by a company when a data breach has occurred. AB 1130 will increase our efforts to protect consumers from fraud and affirms our commitment to demand the strongest consumer protections in the nation.”

In 2003, California became the first state to pass a data breach notification law requiring companies to disclose breaches of personal information to California consumers whose personal information was, or was reasonably believed to have been, acquired by an unauthorized person. This personal information includes identifiers such as a person’s social security number, driver’s license number, credit card number, and medical and health insurance information. This bill would update that law to include passport numbers as personal information protected under the statute. Passport numbers are unique, government-issued, static identifiers of a person, which makes them valuable to criminals seeking to create or build fake profiles and commit sophisticated identity theft and fraud. AB 1130 would also update the statute to include protection for a person’s unique biometric information, such as a fingerprint, or image of a retina or iris.

The legislation was prompted by the massive data breach of the guest database at Starwood Hotels — recently acquired by Marriott — in 2018. Marriott revealed that the massive breach exposed more than 327 million records containing guests’ names, addresses, and more than 25 million passport numbers, among other things. Though the company did notify consumers of the breach, current law does not require companies to report breaches if only consumers’ passport numbers have been improperly accessed.

Microsoft Edge secretly whitelisted sites running Flash Player for Facebook

Facebook has found itself involved in another controversy, this time a cybersecurity researcher has revealed Microsoft Edge allows Flash Player content to be played on Facebook without notifying the user.

Google Project Zero’s Ivan Fratric came across what is essentially a secret whitelist and reported it on November 26, 2018 and waited the usual 90 days before making his discovery public. In this case, the public disclosure came after Microsoft addressed the issue, CVE-2019-0641, with its February Patch Tuesday rollout. The domains on the list were enabled to play Flash content on Facebook.

What Fratric came across was the binary file C:\Windows\system32\edgehtmlpluginpolicy.bin. This contains the default whitelist of at least domains 58 domains that can bypass Flash click2play and load Flash content without getting user confirmation in Microsoft Edge in Windows 10, he wrote.

The sites that had been whitelisted range from music.microsoft.com to the gaming site www.poptropica.com to www.vudu.com along with two Facebook URLs https://www.facebook.com and https://apps.facebook.com. Post update the list has been whittled down to include only the two Facebook domains.

“The most common permission flag value (1) indicates that the site is allowed to load Flash content if: the Flash content is hosted on the same domain *OR* The element containing Flash is larger than 398×298 pixels as can be seen in FlashClickToRunHelper::DetermineControlAction,” he said.

Fratric pointed out the security issues involved with the secret whitelist. An XSS vulnerability on any of the domains would allow bypassing click2play policy. Primarily the unpatched XSS vulnerabilities contained within several of these sites and that the list contained HTTP sites which could allow a man in the middle attacker to bypass the click2play policy.

The overall danger contained in such whitelists was pointed out by Mike Bittner, digital security and operations manager at The Media Trust.

“Block/blacklists and allow/whitelists can outlive their usefulness within seconds. As soon as new malware surface — and 285,000 new ones are created every day — a blocklist’s utility takes a dive. It’s important to continuously update such lists not only to keep pace with attacks but also to ensure their accuracy so that harmless, legitimate sites aren’t needlessly blocked, he said.

Adobe announced in July 2017 it will end support for Flash in 2020. The application receives a steady stream of security updates and has been banned from many browsers.

Google Play announces 2019 malicious app crackdown

Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior.

Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post.

“In addition to identifying and stopping bad apps from entering the Play Store, our Google Play Protect system now scans over 50 billion apps on users’ devices each day to make sure apps installed on the device aren’t behaving in harmful ways,” Google said in the post.

“With such protection, apps from Google Play are eight times less likely to harm a user’s device than Android apps from other sources.”

Google also said it will set out to increase developer integrity. The firm said that because 80 percent of severe policy violations are conducted by repeat offenders, it will focus on better screening for those who get booted off and then create new accounts to continue uploading their malicious content.

In addition, Google said it would work to enhance its capabilities to counter adversarial behavior, and strive relentlessly to provide users with a secure and safe app store.

 

Remote Code Execution Vulnerability: What is it and how to stay protected from it?

  • Remote Code Execution (RCE) Vulnerability could allow an attacker to gain full control of a victim’s infected machine.
  • An attacker gaining access to a victim’s machine exploiting the RCE vulnerability can execute system commands, write, modify, delete or read files, and can connect to databases.

Remote code execution vulnerability allows an attacker to gain access to a victim’s machine and make changes, irrespective of where the machine is geographically located. This vulnerability can lead to a full compromise of the infected machine.

RCE vulnerabilities can provide an attacker with the ability to execute malicious code and take complete control of an infected system with the privileges of the victim running the application.

After gaining access to the system, attackers will often attempt to elevate their privileges. Once the attacker remotely executes malicious code on a vulnerable system and gains access to the infected system, he can execute system commands, write, modify, delete or read files, and can connect to databases.

Example of RCE Vulnerability

One example of a Remote Code Execution vulnerability is the CVE-2018-824vulnerability. This vulnerability is also known as ‘Microsoft Excel Remote Code Execution Vulnerability’. This vulnerability could allow an attacker to run malware on a vulnerable computer.

An attacker exploiting this vulnerability could take full control of the victim’s machine when the victim logs on to the machine with administrative user privileges. Once the system is compromised, the attacker could view, modify or delete data, install programs, as well as create new accounts with full user privileges.

According to Microsoft, there can be two delivery methods to exploit this CVE-2018-8248 vulnerability,

  • One delivery method could be in the form of a phishing email with a Microsoft Excel attachment that contains a specially crafted malicious file.
  • Another method is via web-based attack, where an attacker could host a compromised website that accepts or hosts user-provided content containing a malicious file designed to exploit the CVE-2018-8248 vulnerability.

In both the scenarios, malicious email and web-based attack, the attacker has to persuade users to click on the attachment or a link to open the malicious file. This vulnerability has been fixed by Microsoft.

How to protect your computer from RCE Vulnerability?

  • The best way to protect a computer from a remote code execution vulnerabilityis to fix loopholes that could allow an attacker to gain access.
  • To protect a computer from such vulnerability, users must periodically update their software and must keep their system up-to-date.
  • If your organization is using servers that have software which is vulnerable to remote code execution, then the latest software security patch should be applied.
  • Moreover, it is best to automate server patching in order to prevent remote code execution attacks.
  • It is recommended not to open any file or attachment from an anonymous sender.
  • Another best option would be to not use functions such as eval and to not allow anyone to edit the content of files that might be parsed by the respective languages.
  • In order to protect a computer from RCE, you should not allow a user to decide the name and extensions of files.
  • To prevent RCE, you should not sanitize user input and should not pass any user-controlled input inside evaluation functions or callbacks.
  • It is also recommended to not blacklist special characters or function names.