Telegram Vulnerability, Malware in Nuclear Plant, Anti-Tor Malware and Hotpatching Exploit

Clickjacking Vulnerability in Telegram Web Client

The official Telegram web-client that allows its users to access messenger account over desktop's web browser is vulnerable to clickjacking web application vulnerability.

Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user, including password and the recovery e-mail. [Watch Video Demo]
"Telegram web client is not protecting itself from clickjacking with the typical X-Frame-Options header but uses a JS frame busting technique to prevent the website to be iframed," Mohamed says.
However, by exploiting one of HTML5 Features, Mohamed was able to open the Telegram account's settings page with a sandboxed iframe to prevent redirecting to top window, which also allows him to execute cross-site request forgery (csrf) vulnerability on the web-client.

"I sent [bug report] it to them [Telegram team] but haven't got any reply or even an automated one (4 days ago)," Mohamed told The Hacker News.

German Nuclear Power Plant in Bavaria Infected with Malware

A German nuclear power plant has been found to be infected with several computer viruses that can steal login credentials, allowing a remote attacker to access the infected computers.

The viruses, identified as "W32.Ramnit" and "Conficker", were discovered on office computers and in a computer system used to control the movement of radioactive fuel rods, the station's operator said on Tuesday.

However, the infections appear not to have posed any threat to the nuclear facility's operations because the viruses could not activate, thanks to the computers that are made isolated from the Internet.

Former Tor Developer Created Malware for FBI to Hack Tor Users

Do you know who created malware for the FBI that allowed Feds to unmask Tor users?

It's an insider's job… A former Tor Project developer.

According to an investigation, Matthew J. Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware to hack Tor users in several high-profile cases, including Operation Torpedo and Silk Road.

The Malware exploited vulnerabilities in Adobe Flash Player to reveal Tor users' actual IP address to an FBI servers outside the Tor network.

Child Porn Suspect Held in Jail for 7 Months On Refusing to Decrypt Hard Drives

A Philadelphia man has been in jail for seven months and counting after being refused to comply with a court order forcing him to decrypt two password-protected hard drives seized in connection with a child pornography investigation.

The suspect, Francis Rawls, who is a former Philadelphia Police Department sergeant, has yet not been charged with any child pornography crime because the required evidence is locked in his hard drives using Apple's FileVault encryption software.

Rawls failed to comply with the court order, as the passwords he entered in the initial days of the investigation didn't decrypt his hard drives, and was then taken into indefinite imprisonment by US Marshals on Sept. 30, 2015.

Hacking Group Hijacks Windows Hotpatching to Hide its Malware

The Microsoft's Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique to hide its malware from Antivirus products.

The Hotpatching feature allows system to upgrade applications or the operating system in the running system without having to reboot the computer by inserting the new, updated code into a server.

PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.