Microsoft may announce its biggest layoffs ever… July 17, 2014

Source: www.infoworld.com

Microsoft reportedly will announce the biggest round of layoffs in its history today as massive changes wrought by new CEO Satya Nadella start to take hold at the struggling IT giant.

The layoffs, which have been expected amid Nadella’s calls for transformation at Microsoft, will dwarf the 5,800 job cuts it announced in 2009, The New York Times reported Wednesday, citing unnamed sources briefed on the decision. It said human resources managers have reserved conference rooms for most of Thursday, presumably to meet with laid-off employees.

Most but not all of the cuts will be from businesses Microsoft took on through its acquisition of Nokia earlier this year, which added about 25,000 workers, the Times reported. Microsoft, founded in 1975 and based in Redmond, Washington, has about 130,000 employees.

In a long memo sent to employees last week and published online, Nadella said he would lead major changes in Microsoft’s culture. “Nothing is off the table,” he wrote. The company is set to announce its latest financial results on July 22.

Microsoft has floundered in recent years as it tries to shift from a reliance on its declining PC software business to mobile and other categories. Former CEO Steve Ballmer announced a reorganization around “devices and services” in 2012 before giving up his seat to Nadella in February. Microsoft had taken months to choose Ballmer’s successor.

Microsoft spokesman Frank Shaw said the company would not comment on the rumors.

Critical design flaw in Active Directory could allow for a password change

Source: www.infoworld.com

Microsoft’s widely used software for brokering network access has a critical design flaw, an Israeli security firm said, but Microsoft contends the issue has been long-known and defenses are in place.

Aorato used public information to craft a proof-of-concept attack that shows how an attacker can change a person’s network password, potentially allowing access to other sensitive systems, said Tal Be’ery, its vice president of research.

“The dire consequences we are discussing — that an attacker can change the password — was definitely not known,” said Be’ery in a phone interview Tuesday.

About 95 percent of Fortune 500 companies use Active Directory, making the problem “highly sensitive,” Aorato wrote [3] on its blog.

The company’s research focuses on NTLM, an authentication protocol that Microsoft has been trying to phase out for years. All Windows versions older than Windows XP SP3 used NTLM as a default, and newer Windows versions are compatible with it in combination with its successor, Kerberos.

NTLM is vulnerable to a so-called “pass-the-hash” attack in which an attacker obtains the login credentials for a computer and can use the mathematical representation of those credentials — called a hash — to access other services or computers.

It’s one of the most popular kinds of attacks since a computer that may not be valuable for the data it stores on its own could enable access to a more sensitive system. U.S.-based retailer Target fell victim to this kind of lateral movement that led to a data breach after hackers gained access to its network via a supplier.

The pass-the-hash attack is a long-known weakness around single sign-on systems (SSO), since the hash must be stored somewhere on a system for some amount of time. Other operating systems that accommodate SSO are also affected by the threat.

Disabling SSO would solve the problem, but it would also mean that users on a network would have to repeatedly enter their password in order to access other systems, which is inconvenient.

“It’s a trade-off,” Be’ery said.

Aorato contends that an attacker can snatch an NTLM hash using publicly available penetration testing tools such as WCE or Mimikatz. It built a proof-of-concept tool that shows how attackers can then change a user’s password to an arbitrary one and access other services such as RDP (remote desktop protocol) or the Outlook web application.

Although some enterprises try to limit the use of the NTLM protocol in favor of Kerberos, an attacker can force a client to authenticate to Active Directory using a weaker encryption protocol, RC4-HMAC, that uses the NTLM hash. That NTLM hash is then accepted by Kerberos, which issues a fresh authentication ticket.

Microsoft implemented Kerberos in order to move away from some of NTLM’s security issues, but Kerberos works with RC4-HMAC to allow for compatibility with older systems.

The company couldn’t immediately be reached for comment, but it acknowledged weaknesses in NTLM in a 2012 technical paper [4].

In May, Microsoft released a patch [5] which contained improvements that make it harder to steal NTLM hashes. The company has also suggested that organizations use smart cards or disable Kerberos RC4-HMAC support on all domain controllers, but it is possible that could break some functionality.

Be’ery said quirks in Active Directory can cause it to downgrade to NTLM, which makes it hard for organizations to shut it off.

“It’s not really a practical solution,” he said.

For example, if a person is trying to access a network resource using its IP address instead of its name, Active Directory will use NTLM even if the organization is on the latest version of Windows, Be’ery said.

Aorato contends that more could be done around logging events that might indicate malicious behavior, such as specifying the encryption algorithm used for a password change.

“Although Windows had created a relatively verbose Kerberos event logging system, it fails to show the pertinent attack information,” the company wrote. “As a result, the logs lack indication of something fishy going on.”

Vulnerability in Adobe Flash Player allows to Hijack a System, UPDATE NOW

Source: http://hackersnewsbulletin.com

Flash Player

Its important for Internet users, as Adobe has released critical security updates for Flash Player, and as we said it is critical because it allows an attacker to full hijack or take control of the systems.

Adobe has identified three vulnerabilities in its Flash Player software and It is highly recommended in the security bulletin to update Flash Player Software.

This is not important here to explore more about the exploit or bug inside Flash Player, but your security is really important for us, so below are some steps how you can update your Flash Player to its new safe version:

Windows 8 or Newer: If you are running windows 8 or Google Chrome on it or Internet Explorer 10 or 11—You are safe as these are all modern browsers which automatically updates them to the newer version.

For Older OS: If you are running any older OS then you have download and install the update manually, in case you are running Windows 7 then you also need to check for manual update.

For All Users: You must be clear about the version you are using is newer or Older, you can test for your system here to see which version you are using.

Affected Version:

All of the version below 14.0.0.145 are vulnerable and if your one below this just click here to go to download center for latest release.

 

Vulnerability in Facebook allows to hack an account in 5 Seconds

Source: http://hackersnewsbulletin.com

 

Facebook hacked in 5 Seconds

Facebook is the largest social networking website on earth, that is being used by every almost every internet user, and Of course if using facebook, then also you are using login with facebook function somewhere on a website or for an app, but now its time to revoke them all now, as they a new vulnerability found in the Facebook SDK that put users’ authentication token at risk.

The Vulnerability allows an attacker to steal users’ authentication token and use them to login in his/her account, and can steal information, post anything on your behalf.

Roll of Facebook Auth Tokens or Login as Facebook:

First, we start from a website somewhere on a web, which has a Login with Facebook function, that many websites have right now, as you can see in the image below:

login with facebook
So, the Login with Facebook function allows third party to login into their app or websites through your information on Facebook and after just you login with facebook an a website or app, then device will store your access token and other information in unencrypted format, which can be easily accessed by an attacker in just 5 seconds.

5 Seconds sound amazing and scary too :)

This Vulnerability found by Security researchers from MetaIntell, the leader in intelligent led Mobile Risk Management (MRM.)

The 5 Second talk was said by researchers in a talk with the hacker news, they said:

With just 5 seconds of USB connectivity, Access token is available on iOS via juice jacking attack, no jailbreak needed and on Android file system, it can be accessed via recovery mode which is tricker and require more time.

If your access tokens and other information stored on your device, so it can be also stolen by other apps that have permission to access your file system.

Researchers also published a video, how they able to steal Facebook Auth Token from VIBER:

 

 

Energy firms hacked by ‘cyber-espionage group Dragonfly

Source www.bbc.com

 

More than 1,000 energy companies in North America and Europe have been compromised in a huge malware attack unearthed by US security firm Symantec.

The hackers are thought to be part of an Eastern European collective known as Dragonfly, which has been in operation since at least 2011.

Targets included energy grid operators and industrial equipment providers.

“Its primary goal appears to be espionage,” Symantec said.

Sabotage operations

Eighty four countries were affected, although most of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

Since 2013 Dragonfly has been targeting organisations that use industrial control systems (ICS) to manage electrical, water, oil, gas and data systems.

Symantec said Dragonfly had accessed computers using a variety of techniques, including attaching malware to third-party programs, emails and websites, giving it “the capability to mount sabotage operations that could have disrupted energy supplies across a number of European countries”.

It had used Backdoor.Oldrea to gather system information, including the computers’ Outlook address book and a list of files and programs installed, and Trojan.Karagany to upload stolen data, download new files and run them on infected computers, Symantec said.

‘Interesting and concerted’

“The way Dragonfly targeted the companies in question was – while not groundbreaking – interesting and concerted. It appears they clearly mapped out their intended plan of attack,” said Rob Cotton, CEO at global information assurance firm NCC Group.

“The increasing frequency and sophistication of these attacks whilst concerning should not be a cause of alarm for the average consumer – yet. Government departments such as the CPNI (Centre for the Protection of National Infrastructure) provide sound advice to all key components of our society, ensuring the lights stay on and similar core services and functions critical to our way of life are available.”

The attack is similar to the Stuxnet computer worm, which was designed to attack similar industrial controllers in 2010 and reportedly ruined almost 20% of Iran’s nuclear power plants.

Symantec said Dragonfly “bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability”.

Independent computer security analyst Graham Cluley told the BBC that the motivation for the attack was unclear, but agreed that many would suspect the attacks were sponsored by a foreign state, highlighting a new era of online crime:

“There is no doubt that we have entered a new era of cybercrime, where countries are not just fighting the threat – but are also exploiting the internet for their own interests using the same techniques as the criminals.”

Dr Andrew Rogoyski, chair of techUK Cyber Security Group, told the BBC that “on the face of it, the attacks seem much more benign than Stuxnet but time and further analysis will tell.”

Chinese Android smartphone comes with preinstalled Trojan.

Source: http://thehackernews.com

 

chinese malware android
If US has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology due to suspected backdoors, then they are not wrong at all.
A popular Chinese Android Smartphone comes pre-installed with a Trojan that could allow manufacturer to spy onto their users’ comprising their personal data and conversations without any restrictions and users knowledge.
GOOGLE PLAY STORE OR A SPYING APP?
According to the researchers at the German security firm G Data, the Star N9500 smartphone, a popular and cheap handset device in China, comes pre-installed with Uupay.D Trojan horse, disguising as a version of the Google Play Store.
The trojan camouflage as the Google Play Store, so it enables Chinese Company to secretly install malicious apps, which creates the whole spectrum of abuse.
STEALING WITHOUT RESTRICTIONS
The nasty Spyware runs in the background and has capability to steal personal information, copy users’ data, record calls automatically with unlimited time and send costly SMS to premium services, thereby sending all the stolen information to an anonymous server based in China.
The malware is also capable to activate the microphone on users’ smartphone at any time in order to turn users’ smartphone into a bugging device that allows hackers to hear anything you are saying near by the phone.
The spy function is invisible to the user and cannot be deactivated,” reads the blog post published yesterday. “This means that online criminals have full access to the smartphone and all personal data. Logs that could make an access visible to the users are deleted directly.
REMOVAL OF THE TROJAN NOT POSSIBLE
In addition, the malicious software allow preventing security updates from being downloaded and one can not disable the program. “The program also blocks the installation of security updates,” claimed G Data.
Moreover, it is not possible to uninstall the trojan because it is embedded in the firmware of the Star-phone device.
chinese mobile virus
Unfortunately, removing the Trojan is not possible as it is part of the device’s firmware and apps that fall into this category cannot be deleted,” said Christian Geschkat, Product Manager at G Data. “This includes the fake Google Play Store app of the N9500.
CHEAP PRICE ATTRACTS USERS
The Star N9500 ​​is an affordable copy of the Samsung Galaxy S4, which can be easily found at various online retailers such as eBay and Amazon for 130 to 165 euros and is also equipped with a variety of accessories, such as a second battery, car charger adapter and a second cover.
But considering the high technological standard of device, the low price comes as a surprise and the security researchers at G DATA believe that it is the cheap price of the mobile device that has made possible by the subsequent selling of data records stolen from the smartphone owner.
HOW TO CHECK IF YOU’RE AFFECTED
We recommend you to download an up-to-date Mobile Anti-virus software and scan your device for the trojan and if found return the device back from where you purchased.
Avoid buying Chinese and cheap products in order to keep your privacy and personal information away from the hands of cyber criminals and prying eyes.