wiredmikey writes "President Barack Obama admitted Wednesday he was not allowed to have an iPhone owing to security fears — explaining why he is sometimes seen with a bulky super secure BlackBerry. "I'm not allowed for security reasons to have an iPhone," Obama told a group of young people at the White House for an event promoting his health care law.
Within days of being inaugurated president, Obama won his battle with the Secret Service to hang on to his BlackBerry, despite fears that it was vulnerable to being hacked. The White House says the president's personal email address was strictly limited to a small list of senior officials and personal friends, but will not detail the encryption devices that are used to secure his communications.
Obama did say that his daughters Sasha and Malia spend a lot of time on their iPhones."Link to Original Source
wiredmikey writes "Royal Bank of Scotland's CEO admitted on Tuesday that the bank had failed to invest in its IT systems "for decades", after a glitch left customers unable to access cash for three hours.
Chief executive Ross McEwan said it was unacceptable that customers could not use their credit and debt cards for a period of the evening on "Cyber Monday", one of the busiest shopping days of the year.
"For decades, RBS failed to invest properly in its systems," McEwan said. The bank said in a statement earlier Tuesday that the "systems issues" that caused Monday's outage had been resolved and all services were now working normally.
The latest glitch follows an incident in June 2012 when a software upgrade left hundreds of thousands of people unable to make or receive payments for several days, and cost the group £175 million (290 million) in compensation."Link to Original Source
wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware.
Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."Link to Original Source
wiredmikey writes "Sweden said it will hand over Pirate Bay co-founder Gottfrid Svartholm Warg to Denmark where he is wanted for questioning on alleged hacking charges.
"It (the extradition) will take place on November 27," the prosecutor in charge of the case, Henrik Olin, said, adding that Sweden was responding to an arrest warrant issued by Copenhagen.
In June, Danish police revealed that the 30-year-old Swedish hacker is suspected of illegally downloading police files between April and August 2012. He is currently serving a one-year sentence in Sweden for hacking into the computer systems of contractors working for the national tax authority."Link to Original Source
wiredmikey writes "Jeremy Hammond, a computer programmer linked to the online hacktivist group Anonymous who pleaded guilty to hacking the intelligence firm Stratfor was sentenced to 10 years in prison today.
He was sentenced by a US federal judge in New York after pleading guilty in May to conspiracy charges in connection with the 2011 hack of Stratfor, the US attorney's office said.
Hammond, whose case has been supported by digital rights activists and others, also was part of a group which broke into the FBI computer network and later delivered documents to WikiLeaks, according to investigators.
The Electronic Frontier Foundation argued in a brief that Hammond "did not profit financially as a result of his actions, but rather, exposed uncomfortable truths."
Hammond, who could have faced a longer prison sentence before his "non-cooperating plea agreement," admitted his involvement in computer intrusions into the FBI Virtual Academy, the Arizona Department of Public Safety and other government networks."Link to Original Source
wiredmikey writes "Microsoft announced today that it has opened a new cybercrime center that combines technical expertise with cutting-edge tools and technology and cross-industry expertise, to combat cyber crime. Located at Microsoft's campus in Redmond, Washington, the center houses technologies that enable teams to visualize and identify global cyberthreats developing in real time, including SitePrint, which allows the mapping of online organized crime networks; PhotoDNA, a leading anti-child-pornography technology; cyberforensics, a new investigative capability that detects global cybercrime, including online fraud and identity theft; and cyberthreat intelligence from Microsoft’s botnet takedown operations.
The Cybercrime Center also has a secure location for third-party partners, including from academia and law enforcement, allowing cybersecurity experts from around the world to work in the facility with Microsoft’s experts for an indefinite period of time."Link to Original Source
wiredmikey writes "Popular Mac news and information site MacRumors.Com said that its forums site was hacked on Monday, according to a notice alerting readers that usernames, email addresses and (hashed) passwords were likely obtained by the attacker(s). As of late Tuesday night, statistics displayed that MacRumors Forums had 860,182 members.
“In situations like this, it's best to assume that your MacRumors Forum username, email address and (hashed) password is now known,” Arnold Kim, Founder and Editor of MacRumors.com, wrote in a security notice Tuesday evening.
Some users are already reporting suspicious and malicious activity in accounts they have with other services, indicating that the hackers are already putting the stolen data to use, mainly by trying to use the same combination of username/password elsewhere in attempt to gain access.
Kim said the MacRumors Forums breach is being investigating with the help of a 3rd party security researcher."Link to Original Source
wiredmikey writes "According to a recent survey of malware analysts at U.S. enterprises, 40% of the time a device used by a member the senior leadership team became infected with malware was due to executives visiting a pornographic website. The study, from ThreatTrack Security, also found that nearly 6 in 10 of the malware analysts have investigated or addressed a data breach that was never disclosed by their company.
When asked to identify the most difficult aspects of defending their companies' networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions."Link to Original Source
wiredmikey writes "Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia.
According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync. The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. If exploited successfully, the vulnerability can be used to remotely execute code.
The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack."Link to Original Source
wiredmikey writes "Vulnerability management software company Rapid7 has launched an ambitious community project to scan the public Internet, organize the results and share the data with the IT security industry. The brainchild of Metasploit creator HD Moore, the overall goal of Project Sonar is to crowdsource the discovery and reporting of security vulnerabilities of affected software and hardware vendors.
"If we try to parse the data sets ourselves, even with a team of 30 people, it would take multiple years just to figure out the vulnerabilities in the data set. It's ridiculous, really," Moore said in an interview with SecurityWeek.
To start, Rapid7 has released about 3 terabytes of raw data generated from scans across public Internet-facing systems. The data sets relate to IPv4 TCP banners & UDP probe replies, IPv4 Reverse DNS PTR records and IPv4 SSL Certificates.
Moore's team also listed a set of tools used to generate the data sets. They include ZMap, an Internet-scale scanner developed at he University of Michigan; UDPBlast, a stand-alone UDP scanning utility; and MASSCAN, an Errata Security tool that claims to scan the entire IPv4 internet in three seconds."Link to Original Source
wiredmikey writes "Kaspersky Lab has uncovered details on what they believe is a small yet sophisticated group of attackers targeting several industrial and high tech organizations in South Korea and Japan. What's interesting about this attack is the type of organizations being targeted, and their connection with the technology supply chain.
Kaspersky identifies the cyber-espionage campaign as "Icefog”, with researchers describing the tactics used as “hit and run” attacks against very specific targets with “surgical precision”.
“We believe this is a relatively small group of attackers that are going after the supply chain — targeting government institutions, military contractors, maritime and ship-building groups, telecom operators, satellite operators, industrial and high technology companies and mass media, mainly in South Korea and Japan,” Kaspersky Lab experts explained.
Depending on the level of malicious intent by the attackers and their success in penetrating companies connected to the technology supply chain, the fallout of these attacks or similar attacks could be serious.
Less than a year ago, Gartner analysts warned that IT supply chain integrity issues are real, and would have mainstream enterprise IT impact within the next five years. A March 2012 report from Northrop Grumman also warned that “Successful penetration of a supply chain such as that for telecommunications industry has the potential to cause the catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety.”
Kaspersky Lab has published a full report with a detailed description of the backdoors and other malicious tools used in Icefog, along with indicators of compromise (IOC). An FAQ is also available."Link to Original Source
wiredmikey writes "Twitter on Wednesday launched a system for emergency alerts which can help spread critical information when other lines of communication are down. Twitter Alerts are designed to help communicate in natural disasters or other emergencies when traditional channels may be overloaded or unavailable.
"We know from our users how important it is to be able to receive reliable information during these times," Twitter product manager Gaby Pena said in a blog post.
Users who sign up to receive an account's Twitter Alerts will receive a notification directly to their phone for tweets marked as alerts from certain senders. Some of those able to send alerts include the American Red Cross, Federal Emergency Management Agency, World Health Organization, and government and non-government agencies in Japan and South Korea."Link to Original Source
wiredmikey writes "HP's Zero Day Initiative (ZDI) is dangling more than $300,000 in cash to entice hackers to demonstrate zero-day attacks against the Apple iOS, Android, Windows RT and BlackBerry mobile platforms.
As part of this year's Mobile Pwn2Own hacker challenge, ZDI is partnering with Google and Android to gather intelligence on realistic attacks against the most widely deployed smart phones.
The organizers plan to pay as much as $100,000 for exploits that target the baseband layer of mobile devices and $70,000 for a full code execution compromise of messaging services like SMS, MMS or CMAS. Attacks against short-distance technologies like Bluetooth, Wi-FI, USB or Near Field Communications (NFC) will pay out $50,000 while mobile web browser compromises will fetch $40,000.
According to HP ZDI's Brian Gorenc, successful attacks must require "little or no user interaction" and must demonstrate remote code execution by bypassing sandboxes (if applicable) and exfiltrating sensitive information, silently calling long-distance numbers, or eavesdropping on conversations. All vulnerabilities used in the attack must be unpublished zero-days.
Mobile Pwn2Own will form part of the PacSec Applied Security Conference in Tokyo, Japan later this year."Link to Original Source
wiredmikey writes "Yahoo! CEO Marissa Mayer admitted to a large audience at Tech Crunch Disrupt that she does not protect access to her smartphone with a passcode. "I don't have a passcode on my phone," she told Arrington on Wednesday.
Apparently, the former Google-exec who has since taken the top spot at Yahoo!, is too busy to be bothered with security.
“I just can’t do this passcode thing like 15 times a day,” she said. Mayer, who is said to be an iPhone user, hinted at the fact that she may soon be an iPhone 5S customer. Commenting on the new biometric security feature in the iPhone 5S, Mayer added, “When I saw the finger print thing I was like, now I don’t have to.”"Link to Original Source
wiredmikey writes "Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany. “This criminal attack appears to have been executed by an individual working inside Vodafone,” the company said in a statement provided to SecurityWeek. “An individual has been identified by the police and their assets have been seized.”
The company said the attack was discovered on September 5, but said authorities had requested that the breach remained under wraps while an investigation was conducted.
The data accessed by the attacker includes customer names, addresses, gender, birth dates, bank account numbers and bank sort codes, the telecommunications giant said. Vodafone said credit card numbers, passwords, PINs, and mobile phone numbers were not exposed, and no personal call information or browsing data was accessed."Link to Original Source