Crash iPhones by a specific text message

A new bug has been discovered in the Messages app, allowing a string of characters sent to a person via iMessage or SMS to crash an iPhone and cause the Messages app to crash after being opened. The bug, which requires a specific string of symbols and Arabic characters to be sent.

The bug is related to the Messages app and the notification system used by iPhone and iPad devices and appears to work only if there is iPhone to iPhone communication.When the user receives the message, he is not able to reopen the Messages app without reboot the mobile device. The only way to stop the problem is to get the sender of the malicious text message to send another message or wait for someone else to send a new one.

Since the string of characters is so specific, most users are unlikely to stumble across the bug.The sting that crashes the iPhone is" Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗.
However, there are several workarounds that can undo the damage. The effect can be undone by sending another message (any normal text) to the person who sent you the malicious string, canceling out the initial strand.
Another option is to send the person who sent the the string a message using the share sheet by simply pressing the "share" button in other apps, or send yourself a message via Siri, or ask Siri to "send a message" to whoever sent it.

Phishing Awareness Quiz

Phishing' is a common form of Internet piracy. It is deployed to steal users personal and confidential information like bank account numbers, net banking passwords, credit card numbers, personal identity details etc. Later the perpetrators may use the information for siphoning money from the victim's account or run up bills on victim's credit cards. In the worst case one could also become the victim of identity theft.

Phishing emails have gotten so convincing that even the experts can be taken in by a well-crafted fake. Cyber criminals are employing a number of different types of phishing email attacks. Usually mimicking a trusted business or personal sender, they’ll either try to get users to click to a website they’ve created to trick them into entering personal information such as user IDs and passwords or credit card information, or even using a link that, once clicked, unknowingly installs malware on the user’s PC.
You can protect yourself against phishing by understanding the points given in http://infosecaffairs.blogspot.in/2014/11/protection-and-report-phishing.html
These days, fake emails are getting more sophisticated, so it can be tough to know whether an email is real or not.We have put together 10 emails, some real, some fake. They test your knowledge, and also help educate you on how to protect yourself against it. You can test your knowledge by giving quiz from http://infosecaffairs.blogspot.in/p/blog-page_24.html

Decrypt locked files with Ransomware rescue kit

A security researcher has made a Ransomware Removal Kit available online with the hope that it will help security professionals and system administrators alike in responding to instances of ransomware infection
The toolkit is useful for decrypting variants of CryptoLocker, TeslaCrypt, and CoinVault which are three of the nastiest and most popular ransomwares in circulation.

Instead of paying the ransom, security professionals and system administrators should remove the infected system from a network in order to prevent the infection from spreading. They can then attempt to identify which strain of ransomware has infected their systems, at which point they can determine how best to remove the malware from the infected unit.
Cyrus also recommends creating a copy of the ransomware for future analysis, as it may be needed to decrypt affected files.
It is critical that the right tool is used to decrypt files. If not, there is a possibility that files will become corrupt or overwritten -- rendering them useless. If possible, restore points and backups should also be used to return systems to a safe state before the infection surfaced -- and after the threat is removed.
To prevent yourself becoming a victim of ransomware, remain wary of emails sent by unverified senders, keep systems up-to-date and fully patched, and consider using antivirus software to stop infection in its tracks.

Logjam: A new encryption vulnerability

Researchers just discovered an online vulnerability currently being called LogJam - and it's believed to be affecting 8% of the world's biggest websites. What makes it so severe, however, is that the vulnerability stems from the type of technology most websites use to keep our personal information safe as it travels throughout the Web.

The bug affects an algorithm called the “Diffie-Hellman key exchange” which allows protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key and create a secure connection.
Attack can only be possible if the attacker is sharing the same Wi-Fi network as you, it's extremely difficult to perform this attack unless your part of a large-scale surveillance program backed by millions of dollars.
All the same, the ramifications are still palpable. LogJam creates the sort of encryption backdoor at which state sponsored surveillance rings would salivate.
You can check whether your browser is vulnerable by clicking here. At the time of writing, some major browsers are still vulnerable to the Logjam attack. However, Google security team is already working to increase the SSL requirement in Chrome to 1024 bit.
So what to do? If you're an admin or the owner of a web or mail server, you'll want to check the researchers' guide to fixing it, which involves changing Diffie-Hellman cipher settings. If you just want to surf safely, check that you have the latest version of your browser installed -- Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Apple Safari are all releasing patches.

Millions of routers and other embedded devices are affected by Critical flaw in NetUSB driver

According to researcher Stefan Viehbock from SEC Consult Vulnerability Lab, the vulnerability, CVE-2015-3036, allows for an unauthenticated attacker on a local network to trigger a kernel stack buffer overflow which causes denial-of-service or permits remote code execution. In addition, some router configurations may allow remote attacks.

The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more.
NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network.
NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet.
We are recommending to disable the service (if supported by the vendor) and block port 20005 with a firewall. For Netgear devices there is no workaround according to the vendor – there is no possibility to disable the service or block the port with an integrated firewall. Hence an additional firewall would be needed
You should keep an eye out for patches too and update your devices as soon as patches are made available in order to prevent any possibility of NetUSB exploits.

VENOM (CVE-2015-3456):Security Vulnerability in Virtual Floppy Drive Code

VENOM, stands for Virtualized Environment Neglected Operations Manipulation, is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks.

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.

 According to the security advisory, the attackers can trigger the VENOM vulnerability by sending commands and specially crafted parameter data from the guest system to the vulnerable Floppy Disk Controller to cause the data buffer overflow and execute arbitrary code in the context of the host’s hypervisor process. The flaw is very dangerous because attackers could exploit it against a wide array of virtual machines, it is triggerable on default configurations, and would allow the arbitrary code execution.When considering on Linux guest machine, an attacker would need to have either root access or elevated privilege. However on Windows guest, practically anyone would have sufficient permissions to access the FDC.

Experts consider VENOM different from other vulnerabilities in the past that effect virtualized environments, since it exists in the hypervisor’s codebase it is independent from the specific host operating system (Linux, Windows, Mac OS, etc.).

The experts urge the administrators of a system running Xen, KVM, or the native QEMU client, to assess their system and apply the latest patches provided by their vendors. It is important to operate following the instructions provided by vendors verifying the application for the last VENOM patch.

Million WordPress user vulnerable to DOM-based XSS

Million WordPress user vulnerable to DOM-based XSS

Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. JetPack and TwentyFifteen Vulnerable to DOM-based XSS. 

DOM XSS

DOM Based XSS simply means a Cross-site scripting vulnerability that appears in the DOM (Document Object Model) instead of part of the HTML. DOM XSS is a type of cross site scripting attack which relies on inappropriate handling, in the HTML page, of the data from its associated DOM. Among the objects in the DOM, there are several which the attacker can manipulate in order to generate the XSS condition, and the most popular, from this perspective, are the document.url, document.location and document.referrer objects.

Any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Fortunately, the fix for this one is pretty straight forward. Remove the unnecessary genericons/example.html file or make sure you have a WAF or IDS that is blocking access to it.

Skype vulnerable to "Redirect to SMB"

Skype vulnerable to "Redirect to SMB"

Skype has discovered to be vulnerable via redirecting to SMB from within its ads interface.As Skype uses Internet Explorer to display ads, a malicious attacker can redirect you unwittingly to SMB. Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man in the middle attacks, then sending them to malicious SMB servers that force them to split out the victim username, domain and password.

The best way to protect yourself from this vulnerability is to block ad serving from Skype ad servers. yo can block these servers by appending the following to your host file,

1. 127.0.0.1 rad.msn.com
2. 127.0.0.1 live.rads.msn.com
3. 127.0.0.1 ads1.msn.com
4. 127.0.0.1 static.2mdn.net
5. 127.0.0.1 g.msn.com
6. 127.0.0.1 a.ads2.msads.net
7. 127.0.0.1 b.ads2.msads.net
8. 127.0.0.1 ac3.msn.com

USBKill: Clean Your Computer

 USBKill: Clean Your Computer

"USBKill" is a script that turns an innocent-looking thumb drive into a kill switch that, when unplugged, forces computers to shut down.
usbkill waits for a bend in the region of your usb ports, later rapidly kills your computer.

In encounter the police comes busting in, or steals your laptop from you gone you are at a public library . The police will use a mouse jiggler'  to retain the screensaver and nap mode from activating. If this happens you would after that your computer to shut plus to snappishly. Additionally, you may use a cord to add going on a usb key to your wrist. Then adjoin happening occurring the key into your computer and commencement usbkill. If they furthermore steal your computer, the usb will be removed and the computer shuts down suddenly.

The self-described developer of 'software for freedom' says USBKill will be updated as soon as adding commands and capabilities, but notes it functions properly in its current make a clean breast.
The tool could be very in force if control concerning virtual machines that would vaporise re reboot.
Enemies of the state running permanent operating systems however need not bother using the tool if they do not already run full disk encryption.

You can download the USBkill from here https://github.com/hephaest0s/usbkill.

MessenPass: Recover Passwords from Instant Messaging applications

MessenPass: Recover Passwords from Instant Messaging applications

MessenPass is a sustain software expected to notice users recover their passwords from various instant messaging facilities.
MessenPass supports password recovery for the behind IM apps:

• MSN Messenger
• Windows Messenger (In Windows XP)
• Windows Live Messenger (In Windows XP/Vista/7)
• Yahoo Messenger (Versions 5.x and 6.x)
• Google Talk
• ICQ Lite 4.x/5.x/2003
• AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
• Trillian
• Trillian Astra
• Miranda
• GAIM/Pidgin
• MySpace IM
• PaltalkScene
• Digsby

This software recovers passwords for users who are currently logged-in and for those who click as regards the order of Remember Password in any of the supported IM facilities. It’s not expected to bypass passwords of new users of the computer.
MessenPass provides users curt results together amid the account reveal and password, which can be copied to a clipboard or saved as an Excel or text file.
All in all, MessenPass is a omnipotent unmovable if you don't recall your messenger password anymore and back it's delivered as a the complete spacious package, it's every worth a attempt if you locate yourself in a spot of hardship because of a aimless IM passphrase.