Superfish Root Certificate Used to Sign Malware

The recent issue with the Superfish VisualDiscovery software installing a root certificate on some Windows 8/8.1 systems shipped by Lenovo was generally reported to facilitate man-in-the-middle attacks for SSL connections. The properties of that certificate, however, allow it to be used for any digital-signing purposes, including signing files and malware.

On February 26, McAfee Global Threat Intelligence cloud detection provided coverage for a file carrying a digital certificate claiming to be signed by Microsoft Corporation but that chained to the same Superfish, Inc. root certificate installed on some Lenovo systems:

Superfish 1

The fake Microsoft Corporation file certificate chains directly to the Superfish, Inc. root certificate and is validated if the root certificate is present:

Superfish 2

The Superfish, Inc. certificate is a self-signed root certificate for which the private keys were easily recovered from the installed Superfish files, enabling anyone to recreate their own signed components that would validate to the root certificate.

The Intended Purposes property value of the Superfish root certificate is set to <All>, which means the root certificate can sign anything, including files (code signing), SSL (server authentication), email (secure email), etc., giving this root certificate wide authority on the system containing it.

Superfish 3

On February 22, McAfee released detection and removal of the Superfish VisualDiscovery application and the root certificate it installs in McAfee DAT release 7718.

McAfee is updating detection of this malware signed by the Superfish, Inc. root certificate as Trojan RDN/Downloader.a!ur in the McAfee DAT release 7727.

Details of the VisualDiscovery detection by McAfee can be found on our consumer online Virus Information Library:

The post Superfish Root Certificate Used to Sign Malware appeared first on McAfee.

50,000 Uber driver names, license plate numbers exposed in a data breach

On Friday Uber posted a notice saying that the company had discovered that one of its databases had a point of entry for unauthorized users. On further investigation it found that “a one-time unauthorized access to an Uber database by a third party had occurred on May 13, 2014.” That database reportedly contained driver names and license plates.

“Our investigation determined the unauthorized access impacted approximately 50,000 drivers across multiple states, which is a small percentage of current and former Uber driver partners,” the note by Katherine Tassi, Uber’s Managing Counsel of Data Privacy, stated. The company added that it has not received any reports of identity misuse, although it's unclear whether divers have reported anything since learning about the breach.

Uber said it was alerting affected drivers and will offer them a free one-year membership to an identity-monitoring service. Tassi said that Uber had filed a “John Doe” lawsuit in order to “gather information that may lead to confirmation of the identity of the third party.”

Read 1 remaining paragraphs | Comments

CMSmap – Content Management System Security Scanner

CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal....

Read the full post at

Uber Discloses Data Breach

New age transportation giant Uber said on Friday that a data breach may have allowed malicious actors to gain access to the driver’s license numbers of roughly 50,000 of its drivers.

In a statement posted to the company’s website on Friday, Uber said that it had identified a “one-time access of an Uber database” by an unauthorized third party in May 2014.

read more