Businesses

Symantec: Hacking Group Black Vine Behind Anthem Breach 18 18

itwbennett writes: Symantec said in a report that the hacking group Black Vine, which has been active since 2012 and has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, is behind the hack against Anthem. The Black Vine malware Mivast was used in the Anthem breach, according to Symantec.
Security

Air-Gapped Computer Hacked (Again) 80 80

An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers using only a simple cellphone. According to Yuval Elovici, head of the University’s Cyber Security Research Center, the air gap exploit works because of the fundamental way that computers put out low levels of electromagnetic radiation. The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.
Security

Using HTML5 To Hide Malware 56 56

New submitter Jordan13 writes: SecurityWeek reports on the findings of a group of Italian researchers about web malware. They developed three new obfuscation techniques that can be used to obfuscate exploits like the one usually leveraged in drive-by download malware attacks. These techniques use some functionalities of the HTML5 standard, and can be leveraged through the various JavaScript-based HTML5 APIs. The research also contains recommendations about some of the steps that can be taken to counter these obfuscation techniques.
OS X

A Tweet-Sized Exploit Can Get Root On OS X 10.10 129 129

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."
Advertising

Smartphone Apps Fraudulently Collecting Revenue From Invisible Ads 129 129

JoeyRox writes: Thousands of mobile applications are downloading ads that are never presented to users but which collected an estimated $850 million in fraudulent revenue from advertisers per year. The downloading of these invisible ads can slow down users' phones and consume up to 2GB of bandwidth per day. Forensiq, an online technology firm fighting fraud for advertisers, found over 5,000 apps displayed unseen ads on both Apple and Android devices. "The sheer amount of activity generated by apps with fake ads was what initially exposed the scam. Forensiq noticed that some apps were calling up ads at such a high frequency that the intended audience couldn't possibly be actual humans."
Security

What Non-Experts Can Learn From Experts About Real Online Security 112 112

An anonymous reader writes: Google researchers have asked 231 security experts and 294 web-users who aren't security experts about their security best practices, and the list of top ones for each group differs considerably. Experts recognize the benefits of updates, while non-experts are concerned about the potential risks of software updates. Non-experts are less likely to use password managers: some find them difficult to use, some don't realize how helpful they can be, and others are simply reluctant to (as they see it) "write" passwords down. Another interesting thing to point out is that non-experts love and use antivirus software.
Android

Hacking Team's RCS Android May Be the Most Sophisticated Android Malware Ever Exposed 91 91

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.
Privacy

Free Tools For Detecting Hacking Team Malware In Your Systems 62 62

An anonymous reader writes: Worried that you might have been targeted with Hacking Team spyware, but don't know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system. Facebook has also offered a way to discover if your Mac(s) have been compromised by Hacking Team malware: they have provided a specific query pack for its open source OS analysis tool osquery.
Piracy

Popular Torrent Site Disappears From Google After Penalty 165 165

An anonymous reader writes: Following what appears to be a severe penalty, the popular torrent site KickassTorrents has become pretty much unfindable in Google. Meanwhile, the top search result in many locations points to a scam site that's serving malware to its visitors. For now, only DuckDuckGo presents the real site as a main result. With millions of visitors per day, KickassTorrents is arguably the most visited torrent site on the Internet, and has gained new users during the moments when the notorious Pirate Bay has been offline.
Crime

FBI, International Law Units Smash Infamous Hacker Bazaar Darkode 56 56

coondoggie writes: The FBI in concert with Interpol and other worldwide law enforcement teams say they have taken down the international cybercriminal site marketplace Darkode and arrested 70 people involved with the site. Darkode was an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share malware, ransomware, information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices, the FBI said.
Cellphones

Ask Slashdot: Measuring (and Constraining) Mobile Data Use? 129 129

An anonymous reader writes: I've carried a smart phone for several years, but for much of that time it's been (and I suspect this is true for anyone for whom money is an object) kept pretty dumb — at least for anything more data-intensive than Twitter and the occasional map checking. I've been using more of the smart features lately (Google Drive and Keep are seductive.) Since the data package can be expensive, though, and even though data is cheaper than it used to be, that means I don't check Facebook often, or upload pictures to friends by email, unless I'm in Wi-Fi zone (like home, or a coffee shop, etc). Even so, it seems I'm using more data than I realized, and I'd like to keep it under the 2GB allotment I'm paying for. I used to think half a gig was generous, but now I'm getting close to that 2GB I've paid for, most months.

This makes me a little paranoid, which leads to my first question: How accurate are carriers' own internal tools for measuring use, and do you recommend any third-party apps for keeping track of data use? Ideally, I'd like a detailed breakdown by app, over time: I don't think I'm at risk for data-stealing malware on my phone (the apps I use are either built-in, or plain-vanilla ones from Google's store, like Instagram, Twitter's official client, etc.), but of course really well-crafted malware would be tough to guard against or to spot. And even if they can be defeated, more and more sites (Facebook, for one) now play video just because I've rolled over a thumbnail.
Read on for second part of the question.
Security

Australian Cops and Anti-Corruption Agencies Keen On Hacking Team Malware 27 27

Bismillah writes: Although they've denied it in the past, Australia's federal and state police are very interested in Hacking Team's law enforcement spyware. There has also been recent interest from the Victoria state anti-corruption agency IBAC, leaked HT emails show. ITNews reports: "Emails leaked by attackers who infiltrated the systems of spyware provider Hacking Team this week reveal the Australian Federal Police was not the only local agency interested in the firm's suite of surveillance tools. Analysis of the leaked emails by iTnews reveals a number of agencies - including ASIO, IBAC and two local police forces - were also interested in the company's spyware."
Crime

The Mob's IT Department 104 104

An anonymous reader writes: An article at Bloomberg relates the story of two IT professionals who reluctantly teamed up with an organized criminal network in building a sophisticated drug smuggling operation. "[The criminals were] clever, recruiting Van De Moere and Maertens the way a spymaster develops a double agent. By the time they understood what they were involved in, they were already implicated." The pair were threatened, and afraid to go to the police. They were asked to help with deploying malware and building "pwnies" — small computers capable of intercepting network traffic that could be disguised as power strips and routers. In 2012, authorities lucked into some evidence that led them to investigate the operation. "Technicians found a bunch of surveillance devices on [the network of large shipping company MSC]. There were two pwnies and a number of Wi-Fi keyloggers—small devices installed in USB ports of computers to record keystrokes—that the hackers were using as backups to the pwnies. MSC hired a private investigator, who called PricewaterhouseCoopers' digital forensics team, which learned that computer hackers were intercepting network traffic to steal PIN codes and hijack MSC's containers."
Security

Click-Fraud Trojan Politely Updates Flash On Compromised Computers 66 66

jfruh writes: Kotver is in many ways a typical clickfraud trojan: it hijacks the user's browser process to create false clicks on banner ads, defrauding advertisers and ad networks. But one aspect of it is unusual: it updates the victim's installation of Flash to the most recent version, ensuring that similar malware can't get in.
Firefox

Firefox 39 Released, Bringing Security Improvements and Social Sharing 172 172

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.
Security

Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving 36 36

msm1267 writes: Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths to evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing page, requests for a Flash exploit, and requests for the Cryptowall 3.0 payload. Traffic patterns as of yesterday are almost unrecognizable compared to those of as recent as three weeks ago.
Security

Malwarebytes Offers Pirates Its Premium Antimalware Product For Free 111 111

An anonymous reader writes: If you have a cracked or pirated version of Malwarebytes Anti-Malware (MBAM) product the company has debuted an Amnesty program for you. Venturebeat reports: "If you pirated Malwarebytes Anti-Malware, purchased a counterfeit version of the software, or are having problems with your key in general, the company is offering a free replacement key." CEO Marcin Kleczynski explained the program and his statement reads in part: "When I started Malwarebytes, I absolutely had no idea how successful we would be today. I am extremely grateful for all of the support from everyone and how fast we’ve grown. That being said, I picked a very insecure license key algorithm and as such, generating a pirated key was, and is, very simple.

The problem with pirated keys is that they may collide with a legitimate key just by the sheer numbers. For example, Larry may generate a pirated key that matches the exact key that I already bought. Yes, this is silly, and yes, this is literally the first thing a professional software company thinks of when building license key generation, but when you think you’re building a product for just a few people you don’t hash out these details.

Now we’ve grown up, and we’ve got a new licensing system that we’ve rolled out in stages. The only problem is that we have millions of users that we’ve sold keys to, or a reseller has sold keys to, or we’ve given out keys to without keeping track. It is a mess, and you as a consumer have every right to be upset.
Windows

Ask Slashdot: Are Post-Install Windows Slowdowns Inevitable? 517 517

blackest_k writes: I recently reinstalled Windows 7 Home on a laptop. A factory restore (minus the shovelware), all the Windows updates, and it was reasonably snappy. Four weeks later it's running like a slug, and now 34 more updates to install. The system is clear of malware (there are very few additional programs other than chrome browser). It appears that Windows slows down Windows! Has anyone benchmarked Windows 7 as installed and then again as updated? Even better has anybody identified any Windows update that put the slug into sluggish? Related: an anonymous reader asks: Our organization's PCs are growing ever slower, with direct hard-drive encryption in place, and with anti-malware scans running ever more frequently. The security team says that SSDs are the only solution, but the org won't approve SSD purchases. It seems most disk scanning could take place after hours and/or under a lower CPU priority, but the security team doesn't care about optimization, summarily blaming sluggishness on lack of SSDs. Are they blowing smoke?
Yahoo!

The Next Java Update Could Make Yahoo Your Default Search Provider 328 328

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.