Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission Summary: 0 pending, 709 declined, 266 accepted (975 total, 27.28% accepted)

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Hackers Using PowerShell, WMI to Evade Detection->

Submitted by wiredmikey
wiredmikey (1824622) writes "Attackers are doing a better job at hiding by using relatively obscure built in components of Microsoft Windows, according to a new report from Mandiant.

In its M-Trends report, the breach investigations company found that more often than before, APT groups are using Windows Management Instrumentation (WMI) and PowerShell to move laterally, harvest credentials, and search for useful information within Windows environments.

“Attackers are using built in components of Windows that are extremely powerful but relatively obscure in lieu of a lot of the things where attackers needed to previously use specialized tools or malware,” Ryan Kazanciyan, technical director at Mandiant, told SecurityWeek. “They are not necessarily ways to infect a system from scratch, but they are ways that attackers can remain persistent in an environment and evade detection for a much longer period by using some of these advanced techniques,” he said.

Additionally, Mandiant's report found that free credential-stealing tools have made harvesting passwords and escalating privileges in a Windows environment much easier. Mandiant experts found that attackers typically used two techniques: “Pass-the-hash” to authenticate with stolen NTLM hashes, and using the “Mimikatz” tool to recover plaintext passwords from memory. Concerningly, Mandiant said that it did not see a single instance when a victims’ anti-virus software detected or blocked Mimikatz, despite the tool’s popularity."

Link to Original Source

+ - Oracle Releases Massive Security Update->

Submitted by wiredmikey
wiredmikey (1824622) writes "Oracle has pushed out a massive security update, including critical fixes for Java SE and the Oracle Sun Systems Products Suite. Overall, the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password."
Link to Original Source

+ - Researchers Use Siri to Steal Data From iPhones->

Submitted by wiredmikey
wiredmikey (1824622) writes "Using Apple's voice-activated Siri function, security researchers have managed to steal sensitive information from iOS smartphones in a stealthy manner. Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that malicious actors could use Siri for stealthy data exfiltration by using a method that’s based on steganography, the practice of hiding information.

Dubbed "iStegSiri" by the researchers, the attack can be effective because it doesn’t require the installation of additional software components and it doesn’t need the device’s alteration. On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the modified Siri traffic.

The attack method involves controlling the “shape” of this traffic to embed sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminal mastermind, researchers said in their paper."

Link to Original Source

+ - Microsoft Restricts Advanced Notification of Patch Tuesday Updates-> 1

Submitted by wiredmikey
wiredmikey (1824622) writes "Microsoft has decided to ditch its tradition of publicly publishing information about upcoming patches the Thursday before Patch Tuesday. The decision represents a drastic change for the company's Advance Notification Service (ANS), which was created more than a decade ago to communicate information about security updates before they were released. However, Microsoft's "Premier customers" who still want to receive information about upcoming patches will be able to get the information through their Technical Account Manager support representatives, Microsoft said."
Link to Original Source

+ - US Slaps Sanctions on North Korea After Sony Cyberattack->

Submitted by wiredmikey
wiredmikey (1824622) writes "The United States imposed financial sanctions Friday on North Korea and several senior government officials in retaliation for a cyber attack on Sony Pictures. President Obama said he ordered the sanctions because of "the provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014."

The activities "constitute a continuing threat to the national security, foreign policy, and economy of the United States," he added, in a letter to inform congressional leaders of his executive order. The new measures allow the Treasury Department "to apply sanctions against officials of the Government of North Korea and the Workers' Party of Korea, and persons determined to be owned or controlled by, or acting for or on behalf of" these bodies."

Link to Original Source

+ - North Korea Calls Barack Obama a 'Monkey'->

Submitted by wiredmikey
wiredmikey (1824622) writes "North Korea on Saturday called President Barack Obama a "monkey" for inciting cinemas to screen "The Interview", a fictional plot to kill its leader, and blamed Washington for an Internet blackout this week.

"Obama always goes reckless in words and deeds like a monkey in a tropical forest," a spokesman for the NDC's policy department said in a statement published by the North's official KCNA news agency. "If the US persists in American-style arrogant, high-handed and gangster-like arbitrary practices despite (North Korea's) repeated warnings, the US should bear in mind that its failed political affairs will face inescapable deadly blows."

KCNA previously compared Obama to a black "monkey" in a zoo in May, prompting Washington to condemn the comments as "ugly and disrespectful". The North Korean mouthpiece also earlier this year called South Korean President Park Geun-Hye a "prostitute" in thrall to her "pimp" Obama."

Link to Original Source

+ - South Korea Says Nuclear Reactors Safe After Cyberattacks->

Submitted by wiredmikey
wiredmikey (1824622) writes "South Korea on Thursday ruled out the possibility that recent cyber-attacks on nuclear power operator Korea Hydro and Nuclear Power Co (KHNP) could cause a malfunction at any of the country's 23 atomic reactors.

Earlier this week, South Korea heightened security in the wake of the leaks, with the defense ministry's cyber warfare unit increasing its watch-level against attacks from North Korean and other hackers. On Monday, KHNP launched a two-day drill, testing its ability to thwart a cyber attack.

According to Trend Micro, the malware used against KHNP was designed to wipe the master boot records (MBR) of compromised computers and is believed to have infected the targeted systems through a vulnerability in the Hangul Word Processor (HWP), a commonly-used application in South Korea."

Link to Original Source

+ - Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

Submitted by wiredmikey
wiredmikey (1824622) writes "Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise.

While not mentioning Sony by name in its advisory, instead referring to the victim as a “major entertainment company,” US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks.

According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool.

US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations."

+ - FBI Says North Korea Behind Sony Hack->

Submitted by wiredmikey
wiredmikey (1824622) writes "North Korea was responsible for a "destructive" cyber attack on Sony Pictures, the FBI said Friday, warning it would hunt down the perpetrators and make them pay. "Such acts of intimidation fall outside the bounds of acceptable state behavior," the FBI said in a statement, adding it would "identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or US interests.

The FBI said the attack involves the use of malware and rendered thousands of Sony Pictures computers "inoperable," forcing the company to take its entire network offline. "The FBI now has enough information to conclude that the North Korean government is responsible for these actions," it said.

As Jeffrey Carr points out in a recent blog, you should always demand proof before believing the U.S. Government on North Korea and Sony: "Demand to see the evidence, not scrubbed "indicators of compromise" that can't be validated," Carr said. "Be aware that the FBI, Secret Service, NSA, CIA, and DHS rarely agree with each other, that commercial cyber security companies are in the business of competing with each other, and that "cyber intelligence" is frequently the world's biggest oxymoron.""

Link to Original Source

+ - Hackers Breach Payment Systems of Major Parking Garage Operator->

Submitted by wiredmikey
wiredmikey (1824622) writes "Parking garage operator SP+ said on Friday that an unauthorized attacker gained access to its payment processing systems and was able to access customer names and payment card information. The company, which operates roughly 4,200 parking facilities in hundreds of cities across North America, said the attack affected 17 SP+ parking facilities.

According to the company, an unauthorized person had used a remote access tool to connect to the payment processing systems to install malware which searched for payment card data that was being routed through the computers that accept payments made at the parking facilities.

Parking facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach, though a majority of the locations affected were located in Chicago.

SP+ did not say what type of malware was found on the systems. Earlier this week, a new strain of point-of-sale malware targeting e-kiosks and ticket vending machines was uncovered by intelligence firm IntelCrawler. Dubbed 'd4re|dev1|', the malware is hitting mass transit systems, and acts a backdoor that gives attackers remote administration capabilities."

Link to Original Source

+ - Court Shuts Down Alleged $120M Tech Support Scam->

Submitted by wiredmikey
wiredmikey (1824622) writes "A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than $120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines.

According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between $29 and $49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as $500, the FTC stated."

Link to Original Source

+ - Popular Smartphones Hacked at Mobile Pwn2Own 2014->

Submitted by wiredmikey
wiredmikey (1824622) writes "Researchers have hacked several popular smartphones during the Mobile Pwn2Own 2014 competition that took place alongside the PacSec Applied Security Conference in Tokyo this week.

The competition, organized by HP's Zero Day Initiative (ZDI) targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5.

Using various attacks, some Mobile Pwn2Own 2014 Pwnage Included: Apple's iPhone 5s hacked via the Safari Web browser achieving a full sandbox escape; Samsung's Galaxy S5 hacked multiple times using near-field communications (NFC) attacks; Web browser exploited used to break the Web browser on the Amazon Fire Phone; Partial hacks using a Browser attack against Windows Phone, and a Wi-Fi attack against a Nexus 5, which failed to elevate privileges.

All the exploits were disclosed privately to the affected companies. HP promised to reveal details in the upcoming weeks."

Link to Original Source

+ - Entrepreneur Injects Bitcoin Wallets into Hands

Submitted by wiredmikey
wiredmikey (1824622) writes "A Dutch entrepreneur has had two microchips containing Bitcoin injected into his hands to help him make contactless payments. The chips, enclosed in a 2mm by 12mm capsule of "biocompatible" glass, were injected using a special syringe and can communicate with devices such as Android smartphones or tablets via NFC.

"What's stored on the microchips should be seen as a savings account rather than a current account," Martijn Wismeijer, co-founder of MrBitcoin said. "The payment device remains the smartphone, but you transfer funds from the chips."

The chips are available on the Internet, sold with a syringe for $99, but Wismeijer suggested individuals should find a specialist to handle the injection to avoid infections."

+ - Home Depot Says Hackers Grabbed 53 Million Email Addresses->

Submitted by wiredmikey
wiredmikey (1824622) writes "Home Depot said on Thursday that hackers managed to access 53 million customer email addresses during the massive breach that was disclosed in September when the retail giant announced that 56 million customer payment cards were compromised in a cyber attack. The files containing the stolen email addresses did not contain passwords, payment card information or other sensitive personal information, the company said. The company also said that the hackers acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada."
Link to Original Source

+ - WireLurker Malware Targets Mac OS X, iOS Devices in Single Attack->

Submitted by wiredmikey
wiredmikey (1824622) writes "Researchers have uncovered a new piece of malware dubbed "WireLurker" that can infect even non-jailbroken iOS devices through trojanized and repackaged Mac OS X applications. This first known malware family that can infect installed iOS applications similar to how a traditional virus would, according to Palo Alto Networks.

Currently, the iOS component of WireLurker is only spread through an infected Mac OS X computer via USB and the malware appears to be distributed mostly in China through a popular Apple-related software website called Maiyadi. WireLurker abuses iTunes protocols implemented by the libimobiledevice library to install the malicious apps onto iPhones and iPads. The threat is also the first known piece of malware to automate the generation of malicious iOS programs via binary file replacement, and the first to infect iOS applications similar to a traditional virus.

From May 2014, through September 28, 2014, five different WireLurker files (representing three different versions) were submitted to VirusTotal, and none of the 55 detection engines used by VirusTotal flagged samples as malware, the security firm said.

Palo Alto Networks wrote a Python scrip for Mac OS X systems which can detect known malicious and suspicious files to help spot a WireLurker infection."

Link to Original Source

All the simple programs have been written.