Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Submission + - Zero-Day Exploits Leaked in Hacking Team Breach->

wiredmikey writes: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team.

Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as “the most beautiful Flash bug for the last four years since CVE-2010-2161.” In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched.

Adobe told SecurityWeek that it’s aware of the reports and expects to release a patch on Wednesday.

Link to Original Source

Submission + - Facebook Names New Security Chief->

wiredmikey writes: Yahoo! Chief Information Security Officer (CISO) Alex Stamos said on Wednesday night that he will be leaving the iconic Internet company to take on the role of Chief Security Officer (CSO) at Facebook. Stamos took to Twitter and Facebook to announce the move, which comes just over a year after accepting his role of VP of Information Security and CISO at Yahoo in March 2014.

Stamos, who will officially join Facebook as CSO on Monday, June 29. He replaces former CSO Joe Sullivan who left the social media giant in April to take the role of CSO at Uber.

Stamos is a strong advocate of Internet privacy and security, and was a driving force behind TrustyCon, a rival event organized alongside the 2014 RSA Conference in protest of allegations that RSA accepted a $10 million payment from the NSA several years ago to use a weak number generating algorithm by default in its BSAFE toolkits.

Link to Original Source

Submission + - Silk Road Creator Ross Ulbricht Gets Life in Prison->

wiredmikey writes: The mastermind behind criminal website Silk Road, which sold $200 million worth of drugs to customers worldwide, was sentenced to life in prison by a federal judge in New York Friday.

Judge Katherine Forrest imposed two life sentences against Ross Ulbricht, 31, for narcotics distribution and criminal enterprise.

Forrest told Ulbricht that he will never be eligible for parole. "What you did in Silk Road was terribly destructive to our social fabric," said the judge, calling him a criminal whose graduate school education made his actions less explicable than a common drug dealer.

Link to Original Source

Submission + - ISIL Leader Abu Sayyaf Killed in Raid ->

wiredmikey writes: The White House on Saturday said that an ISIL senior leader known as Abu Sayyaf was killed in an operation in eastern Syria conducted by U.S. forces. Sayyaf, who was ordered to be captured, along with his wife Umm Sayyaf, was killed when he engaged U.S. forces, Secretary of Defense Ash Carter said in a statement.

According to the White House, Abu Sayyaf was a senior ISIL leader who, among other things, had a senior role in overseeing ISIL’s illicit oil and gas operations – a key source of revenue that enables the terrorist organization to carry out their brutal tactics and oppress thousands of innocent civilians. He was also involved with the group’s military operations.

Link to Original Source

Submission + - Google let root certificate for Gmail expire->

Gr8Apes writes: The certificate for Google's intermediate certificate authority expired Saturday The certificate was used to issue Gmail's certificate for SMTP, and the expiration at 11:55am EDT caused many e-mail clients to stop receiving Gmail messages. While the problem affected most Gmail users using PC and mobile mail clients, Web access to Gmail was unaffected. Guess Google Calendar failed to notify someone.
Link to Original Source

Submission + - Uber Lures Facebook Security Chief to be Its CSO->

wiredmikey writes: Uber on Thursday said that it has hired former Facebook security chief Joe Sullivan as its first ever Chief Security Officer. Sullivan, who will take the position as CSO at Uber in late April, joins the company after 5 years at Facebook in a similar role, and nearly 7 years at eBay and PayPal prior to that.

The appointment of Sullivan as CSO comes just weeks after the company disclosed that a data breach may have allowed malicious actors to gain access to the driver’s license numbers of roughly 50,000 of its drivers.

Link to Original Source

Submission + - Massive Power Outage Paralyzes Turkey->

wiredmikey writes: A massive power outage caused chaos and shut down public transport across Turkey on Tuesday, with the government refusing to rule out that the electricity system had been the victim of an attack. The nationwide power cut, the worst in 15 years, began shortly after 10:30 am (0730 GMT) in Istanbul, the state-run Anatolia news agency quoted the Turkey Electricity Transmission Company (TEIAS) as saying.

Energy Minister Taner Yildiz said the authorities were investigating whether the power outage was due to a technical failure or cyber-attack. "It is too early to say now if it is because of a technical reason, a manipulation, a faultplay, an operational mistake, or a cyber (attack). We are looking into it... We cannot say they are excluded possibilities."

Link to Original Source

Submission + - Hackers Using PowerShell, WMI to Evade Detection->

wiredmikey writes: Attackers are doing a better job at hiding by using relatively obscure built in components of Microsoft Windows, according to a new report from Mandiant.

In its M-Trends report, the breach investigations company found that more often than before, APT groups are using Windows Management Instrumentation (WMI) and PowerShell to move laterally, harvest credentials, and search for useful information within Windows environments.

“Attackers are using built in components of Windows that are extremely powerful but relatively obscure in lieu of a lot of the things where attackers needed to previously use specialized tools or malware,” Ryan Kazanciyan, technical director at Mandiant, told SecurityWeek. “They are not necessarily ways to infect a system from scratch, but they are ways that attackers can remain persistent in an environment and evade detection for a much longer period by using some of these advanced techniques,” he said.

Additionally, Mandiant's report found that free credential-stealing tools have made harvesting passwords and escalating privileges in a Windows environment much easier. Mandiant experts found that attackers typically used two techniques: “Pass-the-hash” to authenticate with stolen NTLM hashes, and using the “Mimikatz” tool to recover plaintext passwords from memory. Concerningly, Mandiant said that it did not see a single instance when a victims’ anti-virus software detected or blocked Mimikatz, despite the tool’s popularity.

Link to Original Source

Submission + - Oracle Releases Massive Security Update->

wiredmikey writes: Oracle has pushed out a massive security update, including critical fixes for Java SE and the Oracle Sun Systems Products Suite. Overall, the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password.
Link to Original Source

Submission + - Researchers Use Siri to Steal Data From iPhones->

wiredmikey writes: Using Apple's voice-activated Siri function, security researchers have managed to steal sensitive information from iOS smartphones in a stealthy manner. Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that malicious actors could use Siri for stealthy data exfiltration by using a method that’s based on steganography, the practice of hiding information.

Dubbed "iStegSiri" by the researchers, the attack can be effective because it doesn’t require the installation of additional software components and it doesn’t need the device’s alteration. On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the modified Siri traffic.

The attack method involves controlling the “shape” of this traffic to embed sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminal mastermind, researchers said in their paper.

Link to Original Source

Submission + - Microsoft Restricts Advanced Notification of Patch Tuesday Updates-> 1 1

wiredmikey writes: Microsoft has decided to ditch its tradition of publicly publishing information about upcoming patches the Thursday before Patch Tuesday. The decision represents a drastic change for the company's Advance Notification Service (ANS), which was created more than a decade ago to communicate information about security updates before they were released. However, Microsoft's "Premier customers" who still want to receive information about upcoming patches will be able to get the information through their Technical Account Manager support representatives, Microsoft said.
Link to Original Source

Submission + - US Slaps Sanctions on North Korea After Sony Cyberattack->

wiredmikey writes: The United States imposed financial sanctions Friday on North Korea and several senior government officials in retaliation for a cyber attack on Sony Pictures. President Obama said he ordered the sanctions because of "the provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014."

The activities "constitute a continuing threat to the national security, foreign policy, and economy of the United States," he added, in a letter to inform congressional leaders of his executive order. The new measures allow the Treasury Department "to apply sanctions against officials of the Government of North Korea and the Workers' Party of Korea, and persons determined to be owned or controlled by, or acting for or on behalf of" these bodies.

Link to Original Source

Submission + - North Korea Calls Barack Obama a 'Monkey'->

wiredmikey writes: North Korea on Saturday called President Barack Obama a "monkey" for inciting cinemas to screen "The Interview", a fictional plot to kill its leader, and blamed Washington for an Internet blackout this week.

"Obama always goes reckless in words and deeds like a monkey in a tropical forest," a spokesman for the NDC's policy department said in a statement published by the North's official KCNA news agency. "If the US persists in American-style arrogant, high-handed and gangster-like arbitrary practices despite (North Korea's) repeated warnings, the US should bear in mind that its failed political affairs will face inescapable deadly blows."

KCNA previously compared Obama to a black "monkey" in a zoo in May, prompting Washington to condemn the comments as "ugly and disrespectful". The North Korean mouthpiece also earlier this year called South Korean President Park Geun-Hye a "prostitute" in thrall to her "pimp" Obama.

Link to Original Source

Submission + - South Korea Says Nuclear Reactors Safe After Cyberattacks->

wiredmikey writes: South Korea on Thursday ruled out the possibility that recent cyber-attacks on nuclear power operator Korea Hydro and Nuclear Power Co (KHNP) could cause a malfunction at any of the country's 23 atomic reactors.

Earlier this week, South Korea heightened security in the wake of the leaks, with the defense ministry's cyber warfare unit increasing its watch-level against attacks from North Korean and other hackers. On Monday, KHNP launched a two-day drill, testing its ability to thwart a cyber attack.

According to Trend Micro, the malware used against KHNP was designed to wipe the master boot records (MBR) of compromised computers and is believed to have infected the targeted systems through a vulnerability in the Hangul Word Processor (HWP), a commonly-used application in South Korea.

Link to Original Source

Submission + - Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

wiredmikey writes: Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise.

While not mentioning Sony by name in its advisory, instead referring to the victim as a “major entertainment company,” US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks.

According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool.

US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

Line Printer paper is strongest at the perforations.

Working...