61686631
submission
wiredmikey writes:
Symantec said on Monday that it has identified malware targeting industrial control systems which could sabotage electric grids, power generators and pipelines. Known as the "Dragonfly group" or 'Energetic Bear', the attackers are believed to have been in operation since at least 2011. Initially, its targets were in the defense and aviation industry in the United States and Canada. In early 2013, it shifted its focus to energy firms in the U.S. and Europe.
The attacks on the energy sector began with malware sent via phishing emails to targeted personnel. Symantec observed the spear phishing attempts hitting organizations in the form of PDF attachments between February 2013 and June 2013, mostly targeting the US and UK. They emails were disguised as messages about administration issues such as delivery problems or issues with an account.
Later on, the group added watering hole attacks into its repertoire by compromising websites likely to be visited by people working in the industry and redirecting them to sites hosting an exploit kit known as Lightsout. The Lightsout kit has been upgraded over time, and eventually became known as the Hello exploit kit.
The third phase of the campaign involved the Trojanizing of legitimate software bundles belonging to three different industrial control system (ICS) equipment manufacturers using malware detected as Backdoor.Oldrea (Havex), according to Symantec's report (PDF). "The Dragonfly group is technically adept and able to think strategically," the researchers noted. "Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies."
61597963
submission
wiredmikey writes:
Human Rights Watch on Friday demanded a clarification from Saudi Arabia over allegations from security researchers that the kingdom is infecting and monitoring dissidents' mobile phones with surveillance malware. The New York-based rights watchdog said surveillance software allegedly made by Italian firm Hacking Team mostly targeted individuals in Qatif district in Eastern Province, which has been the site of sporadic Shiite-led protests since February 2011.
"We have documented how Saudi authorities routinely crack down on online activists who have embraced social media to call out human rights abuses," said Cynthia Wong, HRW's senior Internet researcher. "It seems that authorities may now be hacking into mobile phones, turning digital tools into just another way for the government to intimidate and silence independent voices."
The accusations against the Saudi Government come days after researchers from Kaspersky Lab and Citizen Lab uncovered new details on advanced surveillance tools offered by HackingTeam, including never before seen implants for smartphones running on iOS and Android.
61270959
submission
wiredmikey writes:
Researchers at Dell SecureWorks have uncovered a massive Dogecoin mining operation using Synology Network Attached Storage (NAS) boxes.
The operation is believed to have netted a hacker more than $600,000 in the past two months. The situation came to light in February when users began reporting their Synology Network Attached Storage devices were performing poorly and had a high CPU usage. Eventually, an investigation revealed the situation was being caused by malware that had infected the systems.
In a comedic twist, the malware was stored in a folder named 'PWNED.' According to the researchers, a hacker took advantage of vulnerabilities in the DiskStation Manager (DSM), a custom Linux-based operating system for Synology NAS systems. The vulnerabilities allowed the attacker to breach the system and get administrative privileges.
61156069
submission
wiredmikey writes:
After saying earlier this week that it was investigating reports of a data breach related to payment cards used at its locations, P.F. Chang's China Bistro confirmed on Thursday that credit and debit card data has been stolen from some of its restaurants. What's interesting, and somewhat humorous, is that the company said that it has switched over to manual credit card imprinting systems for all of its restaurants located in the continental United States.
The popular restaurant chain said that on Tuesday, June 10, the United States Secret Services alerted the company about the incident. Admitting that it does not know the extent or current situation and impact of the attack, the company noted in a statement: “All P.F. Chang's China Bistro branded restaurants in the continental U.S. are using manual credit card imprinting devices to handle our credit and debit card transactions,” the company said. “This allows you to use your credit and debit cards safely.”
If it's not obvious, anyone who has visited a P.F. Chang’s and used a payment card in the last several months should monitor their accounts and report any suspected fraudulent activity to their card company.
61087261
submission
wiredmikey writes:
With the FIFA World Cup 2014 kicking off this week in Brazil, cybercriminals and scammers are working hard to take advantage of visitors to the World Cup in Brazil and those following the world soccer tournament online. In recent months, several security vendors have published advisories about the various scams, phishing and malware operations that target Internet users interested in the World Cup. While individuals from all over the world have been targeted, many of the malicious campaigns focus on Brazil and neighboring South American countries.
While news that cybercriminals are zoning in on a large global event is no surprise, the scale and tactics being used is quite wide in scope, ranging from malware distribution and phishing scams, to fraudulent ticket sales, spam and other promising yet fraudulent schemes.For those visiting Brazil to watch the games in person, the cyber threats also include rogue wireless access points, ATMs rigged with card skimmers and Point-of-Sale malware.
61052611
submission
wiredmikey writes:
Target Corp. announced on Tuesday that it has hired Brad Maiorino as senior vice president and chief information security officer (CISO). Maiorino will join the retailer on June 16 and will be responsible for the company's information security and technology risk strategy and report to CIO Bob DeRodes who was hired by the company in April.
Maiorino comes to Target from General Motors (GM) where he was the company’s CISO and information technology risk officer. Prior to GM, Maiorino was the chief information security officer at General Electric.
61046177
submission
wiredmikey writes:
A new banking Trojan being promoted in underground forums as an alternative to the popular and widely used Zeus Trojan has the potential to become a pervasive threat, experts have said.
Called Pandemiya, the new Trojan is similar to Zeus in that it allows cyber-criminals to steal form data, login credentials, and files from infected computers, according to RSA’s Fraud Action team. Much like Zeus, Pandemiya also has a modular design, making it quite easy for cyber-criminals to expand and add functionality, Uri Fleyder, cybercrime research lab manager at the RSA Research Group, told SecurityWeek. What sets Pandemiya apart from all other banking Trojans is the fact that it has been written from scratch without sharing any source code with Zeus, Fleyder said.
The developer behind Pandemiya—or a team of developers—spent "close to a year" developing this latest threat, which has more than 25,000 lines of original C code, according to a RSA Fraud Action blog post on Tuesday.
Pandemiya is currently available at prices ranging from $1,500 for the core application to $2,000 for the core application and additional plugins. This places Pandemiya solidly in the expensive category, considering that Zeus is available for mere hundreds of dollars, Fleyder said. The higher price tag would likely limit Pandemiya's spread and popularity as criminals will be deterred from paying so much for what is fairly standard set of capabilities, he said.
60910257
submission
wiredmikey writes:
Microsoft has released a new report that aims to show the technology industry and policymakers how technology, economic, and social policy decisions could influence cyberspace in the next 10 years.
In the report, “Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain”, Microsoft presented three future scenarios that are meant to show governments the relationship between cybersecurity and socio-economic conditions. The potential cyber trends outlined by Microsoft are based on the Cyber 2025 Model, an econometric model that builds on historical data of 80 countries from 1990 through 2012.
“Risks are not just from the commonly recognized sources — such as criminals, malware, or even state-sponsored cyberattacks; they can emerge from policies as well. Societal responses to immigration challenges, education and workforce needs, trade liberalization, as well as international cooperation to resolve cyberconflict, will shape the future of cyberspace for both developed and emerging economies,” Paul Nicholas, senior director at Microsoft Global Security Strategy and Diplomacy, noted in the report.
Earlier this year, a report released by the World Economic Forum during its famous annual meeting, outlined different scenarios for how things could look in 2020 based on the “conceivable value created from innovations in technology” that could be affected by global organizations’ ability to defend against cyber attacks.
60750853
submission
wiredmikey writes:
While most organizations have patched the Heartbleed bug in their OpenSSL installations, a security expert has uncovered new vectors for exploiting the vulnerability, which can impact enterprise wireless networks, Android devices, and other connected devices. Dubbed “Cupid,” the new attack method was recently presented by Portuguese security researcher Luis Grangeia, who debunked theories that Heartbleed could only be exploited over TCP connections, and after the TLS handshake.
Unlike the initial Heartbleed attack, which took place on TLS connections over TCP, the Cupid attack happens on TLS connections over the Extensible Authentication Protocol (EAP), an authentication framework typically used in wireless networks and peer-to-peer connections.
The researcher has confirmed that default installations of wpa_supplicant, hostapd, and freeradius (RADIUS server implementation) can be exploited on Ubuntu if a vulnerable version of OpenSSL is utilized. Mobile devices running Android 4.1.0 and 4.1.1 also use wpa_supplicant to connect to wireless networks, so they’re also affected.
Everything that uses OpenSSL for EAP TLS is susceptible to Cupid attacks. While he hasn’t been able to confirm it, the expert believes iPhones, iPads, OS X, other RADIUS servers besides freeradius, VoIP phones, printers, and various commercial managed wireless solutions could be affected.
60662499
submission
wiredmikey writes:
Google has launched a new game to teach Web application developers how to spot cross-site scripting (XSS) bugs in their code. This game consists of several levels resembling real-world applications which are vulnerable to XSS. The XSS Game, which requires a modern web browser with JavaScript and cookies enabled, is mainly addressed to Web application developers who don’t specialize in security. However, Google believes that while security experts might find the first levels easy, they could also learn a few things.
Cross-site scripting (CSS) can either be persistent or reflected, and cross-site request forgery (CSRF), where attackers use an authenticated session on one Website to perform unauthorized actions on another site, are also especially dangerous.
The XSS Game is not the first security game from Google. Back in 2010, the company released Gruyere, a small web application designed to teach developers how to identify XSS, CSRF, information disclosure, denial-of-service (DoS), and remote code execution vulnerabilities, and how to protect a website against these types of attacks.
60620961
submission
wiredmikey writes:
Iranian threat actors, using more than a dozen fake personas on popular social networking sites, have been running a wide-spanning cyber espionage operation since 2011, according to a new report. The recently uncovered activity, which iSIGHT Partners calls NEWSCASTER, was a “brazen, complex multi-year cyber-espionage that used a low-tech approach to avoid traditional security defenses–exploiting social media and people who are often the ‘weakest link’ in the security chain.”
Using the fake personas, including at least two (falsified) legitimate identities from leading news organizations, and young, attractive women, the attackers were supported by a fictitious news organization and were successful in connecting or victimizing over 2,000 individuals.
Working undetected since 2011, targets included senior U.S. military and diplomatic personnel, congressional personnel, Washington D.C. area journalists, U.S. think tanks, defense contractors in the U.S. and Israel. “Largely this campaign was about credential harvesting and recon,” Stephen Ward of iSIGHT Partners, told SecurityWeek.
The report from iSIGHT Partners, which has not been publicly released, comes roughly two weeks after a report from FireEye, which suggested that Iranian attackers’ methodologies have “grown more consistent with other advanced persistent threat (APT) actors in and around Iran" following cyber attacks against Iran in the late 2000s.
60543875
submission
wiredmikey writes:
Hector Xavier Monsegur, better known by hacked handle "Sabu", who directed hundreds of cyber attacks on corporations and foreign governments before turning FBI informant walked free Tuesday after being handed a symbolic seven-month sentence.
The original charges could have landed him in prison for decades but the government asked for him to be exempt from even a mandatory minimum sentence given his "extraordinary cooperation."
Before walking out of the US federal court a free man, he told the judge that he would not see him back. "I came a long way I assure you... I am not the same person I was," he said.
In August 2011, Monsegur pleaded guilty to nine counts related to computer hacking, one count of aggravated identity theft, one count of conspiracy to commit bank fraud, and one count related to payment card fraud. He was supposed to be sentenced in August 2012, but the decision has been postponed seven times because of his ongoing collaboration with the government. In addition to helping investigators track down members of the LulzSec hacker group, Monsegur helped law enforcement in preventing cyberattacks. According to FBI estimates, Monsegur helped the agency disrupt or prevent at least 300 separate cyber attacks.
60540485
submission
wiredmikey writes:
An Iranian judge has summoned Facebook founder and CEO Mark Zuckerberg to answer allegations that his company's apps have breached people's privacy, it was reported Tuesday. The court in Fars province ordered that Zuckerberg address unspecified "violation of privacy" claims made by Iranians over the reach of Facebook-owned apps, ISNA news agency reported.
"Based on the judge's verdict, the Zionist manager of Facebook... should report to the prosecutor's office to defend himself and make compensation for damages," Rouhollah Momen-Nasab, a senior Iranian Internet security official, told ISNA.
Access to social networks, including Twitter and Facebook, are routinely blocked by Iranian authorities, as are other websites considered un-Islamic or detrimental to the regime.
60309853
submission
wiredmikey writes:
Silent Circle, a startup providing private encrypted communications solutions, announced on Wednesday that it has raised $30 million in funding and that it was moving its global headquarters from the Caribbean island of Nevis to Switzerland.
According to the company, it will use the new injection of cash to accelerate its growth and momentum in the secure communications market and to meet the “overwhelming demand” for Blackphone – its fully encrypted smartphone designed to thwart snooping governments and other attackers.
"The move to Switzerland is extremely important for us as a company serving a global customer base. Switzerland's strong privacy laws, legendary neutrality, and economic business advantages will allow us the ability to scale to Silent Circle's rapid adoption by businesses, governments and individual pro-sumers around the world," said Vic Hyder, Silent Circle Chief of Revenue.
Last year, Silent Circle shut down its encrypted email service to avoid becoming a target after the US government subpoenaed the records of Lavabit.
SilentCircle was co-founded by former Navy SEAL sniper Mike Janke, and PGP creator Phil Zimmermann, and has created a platform for encrypted text, mobile phone, video teleconferencing and file transfer services through a secure, proprietary network and set of applications.
