Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

+ - Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

Submitted by wiredmikey
wiredmikey (1824622) writes "Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise.

While not mentioning Sony by name in its advisory, instead referring to the victim as a “major entertainment company,” US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks.

According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool.

US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations."

+ - FBI Says North Korea Behind Sony Hack->

Submitted by wiredmikey
wiredmikey (1824622) writes "North Korea was responsible for a "destructive" cyber attack on Sony Pictures, the FBI said Friday, warning it would hunt down the perpetrators and make them pay. "Such acts of intimidation fall outside the bounds of acceptable state behavior," the FBI said in a statement, adding it would "identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or US interests.

The FBI said the attack involves the use of malware and rendered thousands of Sony Pictures computers "inoperable," forcing the company to take its entire network offline. "The FBI now has enough information to conclude that the North Korean government is responsible for these actions," it said.

As Jeffrey Carr points out in a recent blog, you should always demand proof before believing the U.S. Government on North Korea and Sony: "Demand to see the evidence, not scrubbed "indicators of compromise" that can't be validated," Carr said. "Be aware that the FBI, Secret Service, NSA, CIA, and DHS rarely agree with each other, that commercial cyber security companies are in the business of competing with each other, and that "cyber intelligence" is frequently the world's biggest oxymoron.""

Link to Original Source

+ - Hackers Breach Payment Systems of Major Parking Garage Operator->

Submitted by wiredmikey
wiredmikey (1824622) writes "Parking garage operator SP+ said on Friday that an unauthorized attacker gained access to its payment processing systems and was able to access customer names and payment card information. The company, which operates roughly 4,200 parking facilities in hundreds of cities across North America, said the attack affected 17 SP+ parking facilities.

According to the company, an unauthorized person had used a remote access tool to connect to the payment processing systems to install malware which searched for payment card data that was being routed through the computers that accept payments made at the parking facilities.

Parking facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach, though a majority of the locations affected were located in Chicago.

SP+ did not say what type of malware was found on the systems. Earlier this week, a new strain of point-of-sale malware targeting e-kiosks and ticket vending machines was uncovered by intelligence firm IntelCrawler. Dubbed 'd4re|dev1|', the malware is hitting mass transit systems, and acts a backdoor that gives attackers remote administration capabilities."

Link to Original Source

+ - Court Shuts Down Alleged $120M Tech Support Scam->

Submitted by wiredmikey
wiredmikey (1824622) writes "A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than $120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines.

According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between $29 and $49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as $500, the FTC stated."

Link to Original Source

+ - Entrepreneur Injects Bitcoin Wallets into Hands

Submitted by wiredmikey
wiredmikey (1824622) writes "A Dutch entrepreneur has had two microchips containing Bitcoin injected into his hands to help him make contactless payments. The chips, enclosed in a 2mm by 12mm capsule of "biocompatible" glass, were injected using a special syringe and can communicate with devices such as Android smartphones or tablets via NFC.

"What's stored on the microchips should be seen as a savings account rather than a current account," Martijn Wismeijer, co-founder of MrBitcoin said. "The payment device remains the smartphone, but you transfer funds from the chips."

The chips are available on the Internet, sold with a syringe for $99, but Wismeijer suggested individuals should find a specialist to handle the injection to avoid infections."

+ - U.S. Justice Department Using Fake Towers on Planes to Gather Data from Phones

Submitted by Tyketto
Tyketto (97265) writes "The US Department of Justice has been using fake communications towers installed in airplanes to acquire cellular phone data for tracking down criminals, reports The Wall Street Journal. Using fix-wing Cessnas outfitted with DRT boxes produced by Boeing, the devices mimic cellular towers, fooling cellphones into reporting "unique registration information" to track down "individuals under investigation." The program, used by the U.S. Marshalls Service, has been in use since 2007 and deployed around at least five major metropolitan areas, with a flying range that can cover most of the US population. As cellphones are designed to connect to the strongest cell tower signal available, the devices identify themselves as the strongest signal, allowing for the gathering of information on thousands of phones during a single flight. Not even having encryption on one's phone, like found in Apple's iPhone 6, prevents this interception.

While the Justice Department would not confirm or deny the existence of such a program, Verizon denies any involvement in this program, and DRT (a subsidiary of Boeing), AT&T, and Sprint have all declined to comment."

+ - Popular Smartphones Hacked at Mobile Pwn2Own 2014->

Submitted by wiredmikey
wiredmikey (1824622) writes "Researchers have hacked several popular smartphones during the Mobile Pwn2Own 2014 competition that took place alongside the PacSec Applied Security Conference in Tokyo this week.

The competition, organized by HP's Zero Day Initiative (ZDI) targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5.

Using various attacks, some Mobile Pwn2Own 2014 Pwnage Included: Apple's iPhone 5s hacked via the Safari Web browser achieving a full sandbox escape; Samsung's Galaxy S5 hacked multiple times using near-field communications (NFC) attacks; Web browser exploited used to break the Web browser on the Amazon Fire Phone; Partial hacks using a Browser attack against Windows Phone, and a Wi-Fi attack against a Nexus 5, which failed to elevate privileges.

All the exploits were disclosed privately to the affected companies. HP promised to reveal details in the upcoming weeks."

Link to Original Source

+ - Home Depot Says Hackers Grabbed 53 Million Email Addresses->

Submitted by wiredmikey
wiredmikey (1824622) writes "Home Depot said on Thursday that hackers managed to access 53 million customer email addresses during the massive breach that was disclosed in September when the retail giant announced that 56 million customer payment cards were compromised in a cyber attack. The files containing the stolen email addresses did not contain passwords, payment card information or other sensitive personal information, the company said. The company also said that the hackers acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada."
Link to Original Source

+ - WireLurker Malware Targets Mac OS X, iOS Devices in Single Attack->

Submitted by wiredmikey
wiredmikey (1824622) writes "Researchers have uncovered a new piece of malware dubbed "WireLurker" that can infect even non-jailbroken iOS devices through trojanized and repackaged Mac OS X applications. This first known malware family that can infect installed iOS applications similar to how a traditional virus would, according to Palo Alto Networks.

Currently, the iOS component of WireLurker is only spread through an infected Mac OS X computer via USB and the malware appears to be distributed mostly in China through a popular Apple-related software website called Maiyadi. WireLurker abuses iTunes protocols implemented by the libimobiledevice library to install the malicious apps onto iPhones and iPads. The threat is also the first known piece of malware to automate the generation of malicious iOS programs via binary file replacement, and the first to infect iOS applications similar to a traditional virus.

From May 2014, through September 28, 2014, five different WireLurker files (representing three different versions) were submitted to VirusTotal, and none of the 55 detection engines used by VirusTotal flagged samples as malware, the security firm said.

Palo Alto Networks wrote a Python scrip for Mac OS X systems which can detect known malicious and suspicious files to help spot a WireLurker infection."

Link to Original Source

+ - "AirHopper" Malware Uses Radio Signals to Bypass Air Gap Security->

Submitted by wiredmikey
wiredmikey (1824622) writes "A proof-of-concept malware developed by researchers at the Ben Gurion University in Israel shows that an attacker can transmit sensitive information from isolated computers to nearby mobile phones by using radio signals. Numerous organizations have resorted to what is known as "air gapping" (isolation from the Internet) to secure their most sensitive information. While getting a piece of malware onto isolated computers can be done in various ways, including with removable drives, such as in the case of Stuxnet, the more difficult part is getting malware to remotely transmit sensitive data from the infected computer.

The proof-of-concept malware they have created, dubbed "AirHopper," uses the infected computer's graphics card to emit electromagnetic signals to a nearby mobile phone that's set up to capture the data.

"With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter," the researchers explained. "This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation.""

Link to Original Source

+ - Hackers Breach White House Network->

Submitted by wiredmikey
wiredmikey (1824622) writes "The White House's unclassified computer network was recently breached by intruders, a US official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act.

Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems."

Link to Original Source

+ - ICANN to Escape US Control in 2015->

Submitted by wiredmikey
wiredmikey (1824622) writes "The head of Internet Corporation for Assigned Names and Numbers (ICANN) said on Monday that the group is on course to break free of US oversight late next year. ICANN chief Fadi Chehade expressed his confidence in the move during a press briefing at the opening of the nonprofit organization's meeting this week in Los Angeles.

The timeline for the shift is months rather than years, according to Chehade. While cautioning that there was no strict deadline, he said that substantial progress has been made toward ICANN being answerable to a diverse, global group of "stakeholders" and not the just the US government as has long been the case.

The US government in March of this year announced that it is open to not renewing a contract with ICANN that expires in about 11 months, provided a new oversight system is in place that represents the spectrum of interests and can be counted on to keep the Internet addressing structure reliable."

Link to Original Source

+ - Hackers Leap from Dark Basements to World Stage->

Submitted by wiredmikey
wiredmikey (1824622) writes "In interesting article explores how the basic culture of hacking has changed over the years. Hackers are shaking off their reputations as nerdy, loner basement dwellers and rebranding themselves on the world stage as members of Internet age tribes with offbeat codes of conduct and capricious goals. Clans of hackers such as Anonymous, LulzSec and Lizard Squad have caused havoc — and made news — in recent years, but the legacy of the online community stretches back decades.

"People think of hackers as non-social people who live in the basement; that is not true at all," said Nico Sell, chief executive of the encrypted messaging service Wickr and the longtime organizer of the DEF CON hacking conference.

Hackers often run in groups but tend to be a giving community — as apt to teach visitors to pick locks or create educational games as they are to hack a major firm's network to prove it is flawed. "You don't have the same posturing you do in other societies, because you are judged on your merits," Sell said.

"The rock stars are the ones who have brought great things to everybody — for free.""

Link to Original Source

+ - Kmart Says Its Payment System Was Hacked->

Submitted by wiredmikey
wiredmikey (1824622) writes "Kmart is the latest large U.S. retailer to experience a breach of its payment systems, joining a fast growing club dealing successful hack attacks. The company said that on Thursday, Oct. 9, its IT team detected that its payment data systems had been breached, and that debit and credit card numbers appear to have been compromised.

A company spokesperson told SecurityWeek that they are not able to provide a figure on the number of customers impacted. The spokesperson said that based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by the attackers."

Link to Original Source

You're already carrying the sphere!