Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - NSA's EternalBlue Exploit Ported to Windows 10 (threatpost.com)

msm1267 writes: EternalBlue, the NSA-developed attack used criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers.

The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks.

These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable.

Submission + - OneLogin Warns of Breach at U.S. Data Center

Trailrunner7 writes: Security firm OneLogin, which provides single sign-on and other identity and authentication products, has suffered a data breach that it says likely affects all of its customers served by its data center in the United States.

In an email sent to customers, the company said that customer data was possibly compromised, but it didn’t specify what kind of data was affected. OneLogin has pointed customers to a support page that instructs them on how to deal with the breach, including having users change their passwords, creating new certificates, and creating new OAuth tokens. The company has a wide range of customers, and one its site lists a number of colleges, school systems, law firms, and technology companies among its enterprise customers.

Submission + - Bill Simmons says ESPN blew it by not embracing tech (cnbc.com)

An anonymous reader writes: ESPN's problem isn't competition over content: They didn't position themselves for a future where cord cutting was a reality, according to former ESPN personality Bill Simmons.

"They didn't see a lot of this coming," said Simmons. "They didn't see cord cutting coming. They weren't ready for it. A lot of decisions were made based on subs staying at a certain level. They had to realize they were a technology company. The ones winning are now Facebook, Twitter, Amazon, Hulu. ESPN should have been in that mix, but they're in Bristol. They should have had a place in Silicon Valley. That was their biggest mistake."

ESPN is far from over, Simmons points out. Though it may make less money in the future, it has such strong cable deals, he said.

"Everybody in here was paying $7 for ESPN whether they watched or not," he said.

Simmons left ESPN in May 2015 after a public breakup, and signed a deal for an HBO series called "Any Given Wednesday" shortly after. The HBO show was cancelled in November 2016. Simmons also launched a new website called The Ringer in 2016, which now has an advertising sales partnership deal with Vox Media.

Submission + - Ringless Voicemails May Become the New Robocalls

Trailrunner7 writes: Federal regulators are working on various methods to block robocalls, both to landlines and to mobile phones, with varying degrees of success. As those technologies make their way into the marketplace, some companies now are looking for clearance from the FCC to deliver their messages directly to customers’ voicemails without ringing their phones.

The commission is considering a petition from a company called All About the Message to “declare that the delivery of a voice message directly to a voicemail box does not constitute a call that is subject to the prohibitions on the use of an automatic telephone dialing system (‘ATDS’) or an artificial or prerecorded voice”. If the FCC approves the petition, it would mean that companies such as AATM would have the legal ability to push commercial or political messages to phone subscribers. The petition essentially asks the FCC to declare that these messages don’t constitute calls as defined by the commission, exempting them from the rules that govern robocalls and auto-dialers.

Submission + - Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech

Trailrunner7 writes: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker’s machine.

After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker.

“The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion,” the bill says.

Submission + - WannaCry Author Speaks Chinese and English (threatpost.com)

msm1267 writes: The WannaCry ransom note was likely written by Chinese- and English-speaking authors, adding more intrigue to the investigation into whether it was indeed a North Korean APT using stolen NSA exploits to spread ransomware worldwide.

Analysts at Flashpoint, including some fluent in Chinese, said the Simplified and Traditional Chinese notes differ significantly from the others and that they were likely the original notes. The English note was then the source note for the remaining translations and was flushed through Google Translate to create them.

Many of the notes, Flashpoint director of Asia-Pacific research Jon Condra said, contained glaring grammatical errors that a native would not make. Ironically, the version of the note written in Korean was among the most poorly translated.

“It was interesting to us and we were kind of shocked after hearing the links to the Lazarus group that the Korean note was so badly translated,” Condra said. “That could be intentional, or maybe the person who wrote it didn’t speak Korean.”

Condra said the analyst who looked at it said it was about 65 percent correct and there were some basic mistakes made in the translation.

Submission + - WannaCry is the Ransomware We Deserve

Trailrunner7 writes: We knew this was coming. We’ve known for years that a ransomware attack on the scale of WannaCry was not just possible, but probable. What we didn’t know was that when it came it would involve a vulnerability discovered by the NSA, an exploit developed by the NSA, and a backdoor written by the NSA.

But that’s where we are in 2017.

We’re dealing with a ransomware worm, possibly unleashed by a foreign government, that uses exploit code lifted from a tool dump stolen from the NSA. Allegedly. It’s a weird, hall-of-mirrors kind of story, and it’s looking more and more like a harbinger of things to come as we move deeper into the era of cyber espionage. WannaCry is very, very bad. It’s the most effective ransomware campaign we’ve seen to date. And it’s probably not over yet. There’s likely another variant or two in the works that don’t include the kill switch domains that researchers have used to limit its spread this week and that will cause a fresh wave of infections.

Submission + - Experts: WannaCry Kill Switches Just a Temporary Fix

Trailrunner7 writes: While security researchers have had some success in preventing the WannaCry ransomware campaign from becoming a true epidemic with the use of kill switches hidden in the malware’s code, experts say those are just temporary solutions that may not last much longer.

Each of the variants of WannaCry that have emerged so far has a domain hidden inside of it that malware tries to contact once it infects a new machine. If the connection succeeds, the malware stops the infection routine, so researchers have registered the domains and prevented broader infections.

But those kill switches are essentially the only things standing between vulnerable machines and a huge wave of WannaCry infections. Although Microsoft released a patch in March for the vulnerability that the ransomware uses to infect new machines, there are plenty of PCs that haven’t been patched yet. Researchers say a new version of the malware without a kill switch could be brutally effective.

“We got incredibly lucky that was even involved in the creation of the malware,” said Juan Andres Guerrero-Saade, a senior security researcher at Kaspersky Lab, said Wednesday.

“It actually means that we’ve barely bought a little time. If another version comes out without this, we’re going to have a very, very serious problem because there won’t be an easy way to slap a band aid on this.”

Submission + - Leaked NSA Exploit Spreading Ransomware Worldwide (threatpost.com)

msm1267 writes: A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent ShadowBrokers dump.

Researchers said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA.

Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they’ve recorded more than 45,000 infections so far on their sensors, and expect that number to climb.

Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems.

Submission + - Corporate Call Centers are Now the Weakest Link in Security

Trailrunner7 writes: Criminals are targeting corporate call centers at an unprecedented rate, resulting in a 113 percent spike in the fraud rate in the last year, new data compiled by Pindrop shows.

Phone fraud has become one of the favored tactics for criminals as they look for less-risky and more-profitable avenues to get into targeted organizations. The phone channel typically is not as well-defended as other channels, including the web and in-person transactions, making it a juicy target for fraudsters. Data published in Pindrop’s 2017 Call Center Fraud Report today shows that these criminals are having more than their share of success.

In 2016, one in every 937 calls was fraudulent, a significant increase from 2015, when one in every 2,000 calls was fraudulent. The data, extracted from more than 500 million calls to Pindrop’s customers’ call centers, is an indication that the fraudsters running these phone scams are getting better and better and continuing to develop new skills and schemes to get past call center agents.

“The sophistication of the fraudsters, the expansion of criminal rings, heightened security in other channels, and the amount of information available on the dark web is making the call center the easiest fraud target in virtually every industry,” said Vijay Balasubramaniyan, CEO and co-founder of Pindrop.

Submission + - SPAM: WikiLeaks Reveals The "Snowden Stopper": CIA Tool To Track Whistleblowers

schwit1 writes: As the latest installment of it's 'Vault 7' series, WikiLeaks has just dropped a user manual describing a CIA project known as ‘Scribbles’ (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release

But, the "Scribbles" user guide notes there is just one small problem with the program...it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.

Link to Original Source

Submission + - Nearly Three-Quarters of Healthcare Breaches Involve Ransomware

Trailrunner7 writes: Ransomware attacks are becoming a larger and larger problem for enterprises, now accounting for nearly 75 percent of malware-related incidents in health care companies, according to new data released by Verizon.

Data from the 2017 Verizon Data Breach Investigations Report released Thursday shows that 72 percent of all malware incidents affecting health care organizations involved ransomware. The DBIR dataset, which includes more than 2,000 separate breaches, reveals a 50 percent increase in ransomware incidents compared to 2015, and also shows that ransomware is now the fifth most-common variety of malware found in breaches.

Submission + - Mastercard Replaces PINs With Fingerprint Sensor on New Cards 3

Trailrunner7 writes: Mastercard is rolling out a new payment card that includes a fingerprint sensor built right onto the card, a feature that is meant to eliminate the need for a PIN during in-person transactions.

The new card also has a chip embedded in it and it can be used at all of the existing chip-and-PIN terminals. During a transaction, the user would insert the card into the terminal and hold his thumb on the embedded biometric sensor while the terminal reads the chip. Rather than entering a PIN, the user’s print serves as a second factor of authentication. The user’s print is stored on the card and it is compared against the one used during each transaction.

Mastercard already has tested the new card in a pair of trials in South Africa, one with a large supermarket chain and another with a bank. The company plans wider trials this year and is aiming for a full rollout by the end of 2017.

Submission + - Facebook Launches Beta of New Account Recovery System

Trailrunner7 writes: Facebook has opened a beta program for its new Delegated Account Recovery system, which is designed to replace traditional email or SMS-based recovery processes.

The Facebook system allows users to connect their Facebook accounts with other services and use that trusted link to recover access to one of the accounts. The company has published an SDK and documentation on the system, which it has been testing for several months with GitHub. Now the program is entering a closed beta with the promise of a public release in the coming months. Delegated Account Recovery is meant to eliminate the use of insecure channels such as email or SMS to verify a user’s ownership of a given account.

“It’s an open protocol. Trust who you want. We’re really excited that GitHub is making the first connection with us,” Brad Hill, a security engineer at Facebook, said. “We really don’t want this to be a Facebook-only service, so that we can have that network effect protecting you. The best way for us to address that is to share it.”

Slashdot Top Deals

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...