An aggregate of all of GoVanguard’s InfoSec & Cybersecurity related Posts, News, Threats and Data Feeds.

image
Teleshadow3- Advanced Telegram Desktop Session Hijacker! Download Click HERE to download the latest version! Stealing desktop telegrams has never been so easy! Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use the session file? Just put tdata and telegram.exe in the same directory and open telegram.exe What features does it have? Bypass new security mechanisms Bypass Two-step verification! Bypass Inherent identity and need 5-digit verification code! Support SMTP Transport Support Telegram API Transport (With Proxy) Support FakeMessage Support Custom Icons Bypass A.V (Comming soon…) NOTE: Only official telegram desktops currently supported Download TeleShadow3

image
Keeping track of user names and passwords sounds easy, but it is not. In a world where protected network resources are accessed by employees on mobile devices, outside contractors, web applications and internet of things (IoT) devices – passwords just don’t cut it anymore. The stakes are high: Eighty-one percent of confirmed data breaches in 2018 involved a compromised identity, according the Verizon Data Breach Investigations Report. Accordingly, breaches, attacks and increased complexities around these issues are spurring the emergence of a broad range of discussions around using identity- and access-management (IAM) solutions. Earlier this week for instance, the OMB announced plans to harden its identity-, credential- and access-management policies. The move, similar to those in the private sector, is recognition that while traditional security approaches remain important, a new growing risk lies in poorly managed digital identities. “While hardening the perimeter is important, agencies must shift from simply managing access inside and outside of the perimeter to using identity as the underpinning for managing the risk posed by attempts to access federal resources made by users and information systems,” wrote Russell Vought, director of the White House’s Office of Management and Budget (OMB) on Tuesday (PDF). This IAM area of security is evolving fast, and sometimes hard to navigate — key players are using a mix of different definitions and acronyms to describe mostly the same thing. For example, the White House calls it Identity, Credential and Access Management (ICAM), Forrester Research calls it Identity Management and Governance (IMG), Gartner calls it Privileged Access Management (PAM) and still others refer to the area as Identity-as-a-Service (IDaaS). Here is a brief primer to help parse the space a bit better. (Upcoming Webinar: Exploring Identity and Access Management: In this webinar Threatpost editor Tom Spring moderates a panel of experts from CyberArk, Forrester Research and Okta to explore the future of Identity Management. When: May 29 at 2 p.m. ET Learn More and Register…) All Encompassing Term Identity- and access-management (IAM) refers to a framework of policies and technologies for ensuring that the proper people, applications and non-human devices both within an enterprise and outside of it have the appropriate access and access rights to technology resources. IAM systems identify, authenticate and authorize individuals who will be utilizing IT resources. Increasingly, IAM also pertains to the cloud services, mobile and web applications and IoT systems that connect to those resources as well. Warning Signs A recent SailPoint Identity Report estimates that 54 percent of organizations have an identity program in place. Yet the same study found that 88 percent of companies are not properly managing access to data behind corporate firewalls, such as office-related files. In fact, only one in 10 organizations told SailPoint that they monitored user access to those files, leaving the majority without oversight in organizations. Trends Shaping Identity Management What’s driving the IAM market? “For today’s digital businesses, identity management and governance (IMG) involves more than just provisioning and enforcing employee access to corporate apps and data,” wrote Forrester Research in a recent report on drivers of the technology. “Security pros must now govern and secure access across a hybrid application environment and myriad of IoT devices for a variety of populations — employees, partners, and customers — all without hurting user experience.” Passwords Don’t Cut It An IAM approach strives to streamline access management via a single user sign-on tied to multiple services and based on predefined user roles. An IAM framework grants users access to only the resources they need and are authorized to access. Management is centralized either on- or off-premise; this centralized nature of the process allows for faster onboarding, off-boarding and provisioning of employees. Into the Cloud As platforms and infrastructure move to the cloud, so do IAM services. Google and Amazon offer pre-integrated tools, and a host of companies are offering IDaaS for management and provisioning. Features support token exchange, token validation, authorization and authentication. Non-Human Identities By 2022 there will be an estimated 29 billion connected devices, of which 18 billion will be related to IoT, according to a recent report by telecommunications firm Ericsson. Many of those connected things, plus the mobile apps and autonomous processes that drive them, will need new IAM solutions. “Identity and access management can depend on a lot of different things,” said Noam Liran, director of customer success at CyberArk. “It used to be just based on [the question of], does that identity have a password. Now, companies need to manage identities of microservices, cloud containers and mobile apps seeking access to privileged data in the cloud.” Liran added that even a website with a simple chat system needs access management. “A customer-service chatbot can be another form of identity to manage,” he said. “We have customers who are using a chatbot to grab tracking numbers from UPS or FedEx deliveries and then push the shipping data into a database.” Each one of those interactions requires a privileged relationship. It’s worth noting that businesses are taking notice: The global market for IAM systems grew from $4.5 billion in 2012 to $7.1 billion in 2018. By 2021, according to MarketsAndMarkets, it is expected to reach $14.82 billion. Want to know more about Identity Management and navigating the shift beyond passwords? Don’t miss our Threatpost webinar on May 29 at 2 p.m. ET. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow.

Source

image
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent cyberattacks indicate that the majority of Shade ransomware executables are targeting users outside of Russia. “In fact, our research shows that the top five countries affected by Shade ransomware are not Russia or nations of the former Soviet Union; they are the United States, Japan, India, Thailand, and Canada,” said Brad Duncan, researcher with Palo Alto Networks’ Unit 42 group in a Wednesday analysis. Meanwhile, “Russia only occurs at number seven, and the only other country we found in the top ten where Russian is an official language is Kazakhstan, at number 10. The top industries attacked in these countries were high-tech, wholesale and education.” Ransomware Campaigns The Shade ransomware is spread through malspam emails. In a recent February 2019 campaign for instance, the emails touted a link to an archive, archive attachment or attached PDF with a link to an archive, disguised as an invoice or bill. These links and attachments lead to a Javascript or other script-based file that is designed to retrieve the Shade executable file. Interestingly, the payload remains “remarkably consistent” since its discovery in 2014, researchers said. “When a Windows host is infected with Shade ransomware, its desktop background announces the infection, and 10 text files appear on the desktop, named README1.txt through README10.txt,” researchers said. The desktop background message reads: “Attention! All the important files on your disks were encrypted. The details can be found in README.txt files which you can find on any of your disks.” All of the README.txt files say the same thing: That is, asking users to send a code to an email address, which would then instruct them on how to make the payments. New Targets Recent malicious Shade emails are being sent to various countries other than Russia, indicating that the ransomware developers are looking to expand the breadth of their victim sets. Researchers conducted a deeper analysis between January through March 2019, tracking attempted deliveries of the Shade ransomware executable during an infection chain, focusing on packed executable (PE) files sent through a URL over TCP port 80. Researchers found that the U.S. saw the most number of attempts to inject systems with Shade (outpacing Japan, India and Thailand). “The top country with Shade ransomware infection attempts among our customer base was the United States,” according to Palo Alto. “The vast majority of these URLs hosting Shade ransomware executables were reported from customer devices outside of Russia and Russian-language countries.” Meanwhile, the most common targets for Shade ransomware infection attempts were organizations in the high-tech category. Wholesale and retail, along with education and telecommunications, were also popular targets. While researchers acknowledged that their results may be skewed towards English due to Palo Alto’s customer base from which it gathers its telemetry, “the analysis still “indicates Shade ransomware is very active outside of Russia and possibly targeting more English-speaking victims than Russian.” Want to know more about Identity Management and navigating the shift beyond passwords? Don’t miss our Threatpost webinar on May 29 at 2 p.m. ET. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow.

Source

image
A proof-of-concept for a new type of privacy attack, dubbed “calibration fingerprinting,” uses data from Apple iPhone sensors to construct a globally unique fingerprint for any given mobile user. Researchers said that this provides an unusually effective means to track people as they browse across the mobile web and move between apps on their phones. Further, the approach also affects Pixel phones from Google, which run on Android. A research team from the University of Cambridge in the UK released their findings this week, showing that data gathered from the accelerometer, gyroscope and magnetometer sensors found in the smartphones can be used to generate the calibration fingerprint in less than a second – and that it never changes, even after a factory reset. The attack also can be launched by any website a person visits via a mobile browser, or any app, without needing explicit confirmation or consent from the target. In Apple’s case, the issue results from a weakness in iOS 12.1 and earlier, so iPhone users should update to the latest OS version as soon as possible. Google has not yet addressed the problem, according to the researchers. Next-Gen Device Fingerprinting A device fingerprint allows websites to detect return visits or track users, and in its innocuous form, can be used to protect against identity theft or credit-card fraud; advertisers often also rely on this to build a user profile to serve targeted ads. Fingerprints are usually built with pretty basic info: The name and version of your browser, screen size, fonts installed and so on. And browsers are increasingly using blocking mechanisms to thwart such efforts in the name of privacy: On Apple iOS for iPhone for instance, the Mobile Safari browser uses Intelligent Tracking Prevention to restrict the use of cookies, prevent access to unique device settings and eliminate cross-domain tracking. However, any iOS devices with the iOS version below 12.2, including the latest iPhone XS, iPhone XS Max and iPhone XR, it’s possible to get around those protections, by taking advantage of the fact that motion sensors used in modern smartphones use something called microfabrication to emulate the mechanical parts found in traditional sensor devices, according to the paper. “MEMS sensors are usually less accurate than their optical counterparts due to various types of error,” the team said. “In general, these errors can be categorized as deterministic and random. Sensor calibration is the process of identifying and removing the deterministic errors from the sensor.” Websites and apps can access the data from sensors, without any special permission from the users. In analyzing this freely accessible information, the researchers found that it was possible to infer the per-device factory calibration data which manufacturers embed into the firmware of the smartphone to compensate for these systematic manufacturing errors. That calibration data can then be used as the fingerprint, because despite perceived homogeneity, every Apple iPhone is just a little bit different – even if two devices are from the same manufacturing batch. “We found that the gyroscope and magnetometer on iOS devices are factory-calibrated and the calibration data differs from device-to-device,” the researchers said. “Extracting the calibration data typically takes less than one second and does not depend on the position or orientation of the device.” To create a globally unique calibration footprint requires adding in a little more information, however, for instance from traditional fingerprinting sources. “We demonstrated that our approach can produce globally unique fingerprints for iOS devices from an installed app — around 67 bits of entropy for the iPhone 6S,” they said. “Calibration fingerprints generated by a website are less unique (~42 bits of entropy for the iPhone 6S), but they are orthogonal to existing fingerprinting techniques and together they are likely to form a globally unique fingerprint for iOS devices.” A longitudinal study also showed that the calibration fingerprint, which the researchers dubbed “SensorID,” doesn’t change over time or vary with conditions. “We have not observed any change in the SensorID of our test devices in the past half year,” they wrote. “Our dataset includes devices running iOS 9/10/11/12. We have tested compass calibration, factory reset, and updating iOS (up until iOS 12.1); the SensorID always stays the same. We have also tried measuring the sensor data at different locations and under different temperatures; we confirm that these factors do not change the SensorID either.” Widely Exploitable In terms of how applicable the SensorID approach is, the research team found that both mainstream browsers (Safari, Chrome, Firefox and Opera) and privacy-enhanced browsers (Brave and Firefox Focus) are vulnerable to the attack, even with the fingerprinting protection mode turned on. Further, motion sensor data is accessed by 2,653 of the Alexa top 100,000 websites, the research found, including more than 100 websites exfiltrating motion-sensor data to remote servers. “This is troublesome since it is likely that the SensorID can be calculated with exfiltrated data, allowing retrospective device fingerprinting,” the researchers wrote. However, it’s possible to mitigate the calibration fingerprint attack on the vendor side by adding uniformly distributed random noise to the sensor outputs before calibration is applied at the factory level – something Apple did starting with iOS 12.2. “Alternatively, vendors could round the sensor outputs to the nearest multiple of the nominal gain,” the paper said. Privacy-focused mobile browsers meanwhile can add an option to disable the access to motion sensors via JavaScript. “This could help protect Android devices and iOS devices that no longer receive updates from Apple,” according to the paper. Google Pixel Devices Although most of the research focused on iPhone, Apple is not the only vendor affected: The team found that the accelerometer of Google Pixel 2 and Pixel 3 can also be fingerprinted by the approach. That said, the fingerprint has less individual entropy and is unlikely to be globally unique – meaning other kinds of fingerprinting data would also need to be gathered for full device-specific tracking. Also, the paper noted that other Android devices that are also factory calibrated might be vulnerable but were outside the scope of testing. While Apple addressed the issue, Google, which was notified in December about the attack vector, is still in the process of “investigating this issue,” according to the paper. Threatpost has reached out to the internet giant for comment. Want to know more about Identity Management and navigating the shift beyond passwords? Don’t miss our Threatpost webinar on May 29 at 2 p.m. ET. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow.

Source

image
By Ryan De Souza The ‘Persistence of Chaos’ laptop is infected with some of the most dangerous malware including WannaCry. A Samsung’s 11-year old Notebook called the Persistence of Chaos is dubbed the most dangerous PC in the world because it is loaded with six of the most notorious and damaging computer viruses. The computer is now up for […] This is a post from HackRead.com Read the original post: World’s most dangerous laptop ‘Persistence of Chaos’ is up for auction

Source

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Source

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Source

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Source

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Source

In Zoho ManageEngine Application Manager 13.1 Build 13100, the ‘haid’ parameter of the ‘/auditLogAction.do’ module is vulnerable to a Time-based Blind SQL Injection attack.

Source