53776197
submission
msm1267 writes:
CryptoLocker infections are up, and that makes security analysts nervous. One Boston-area forensics expert, however, may have found a way to shave down some recovery time after a recent infection at his company. Using a couple of available tools, he found clues in the NTFS Master File Table that led him to the specific files encrypted by CryptoLocker, meaning he had to restore only gigabytes of data versus terabytes.
53428421
submission
msm1267 writes:
A lingering security issue in Ruby on Rails that stems from a setting in the framework’s cookie-based storage mechanism is still present in almost 2,000 websites.
Sites using an old version of Ruby on Rails that relies on CookieStore, the framework’s default cookie storage mechanism, are at risk. CookieStore saves each user’s session hash in the cookie on the client side, something that keeps each cookie valid for life. This makes it possible for an attacker to glean a user’s log-in information – either via cross-side scripting or session sidejacking – and log in as them at a later date.
53338455
submission
msm1267 writes:
An attack platform has been discovered in espionage attacks against Asian automotive makers and activists in the region. The platform has been around for a few years, but has gone undetected because the platform itself is relatively benign until it's dropped onto the victim's machine and opens a backdoor connection to the hacker's infrastructure.
The attacker can then, under layers of encryption, upload diverse attack tools such as keyloggers, remote shells, file upload and download capabilities and steal data or credentials from the victim.The attack also makes use of the now-familiar CVE-2012-0158 vulnerability, using infected Office documents trigger the remote code execution flaw in Windows.
53173415
submission
msm1267 writes:
The Mevade botnet made news when it was found to be using the Tor anonymity network to communicate with its command and control infrastructure. Running C&C on Tor, however, turned out to be a fatal mistake when Tor usage spiked alerting administrators to the unusual activity.
A group of Russian criminals apparently were paying attention to what happened to Mevade and are using a different darknet called I2P, or Invisible Internet Protocol, as a communication protocol for new financial malware called i2Ninja.
Researchers at Trusteer monitoring a Russian malware forum spotted i2Ninja, which seems to be run-of-the-mill financial malware that includes HTTP injection capabilities, email , FTP and form grabbers. The twist on this one is that it uses I2P to send stolen credentials back to the attackers, and it promotes 24/7 support as a differentiator.
53145387
submission
msm1267 writes:
Attackers are using route injection attacks against BGP-speaking routers to insert additional hops in the traffic stream, redirecting traffic to third-party locations where it can be inspected before it’s sent to its destination.
Internet intelligence company Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year, a disturbing trend that indicates attackers could finally have an increased interest in weaknesses inherent in core Internet infrastructure.
53143775
submission
puddingebola writes:
Toyota has announced plans for a fuel cell powered car at the Tokyo Motor show. From the article, "Satoshi Ogiso, the Toyota Motor Corp. executive in charge of fuel cells, said Wednesday the vehicle is not just for leasing to officials and celebrities but will be an everyday car for ordinary consumers, widely available at dealers. "Development is going very smoothly," he told The Associated Press on the sidelines of the Tokyo Motor Show. The car will go on sale in Japan in 2015 and within a year later in Europe and U.S." I couldn't find any further details in searches.
53141329
submission
CowboyRobot writes:
The price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity. For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there. Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250.
53099893
submission
msm1267 writes:
Google announced today that it has completed the upgrade of all its SSL certificates to 2048-bit RSA or better, coming in more than a month ahead of schedule.
Google announced in May that it had begun work on changing all its key lengths and that it wanted to do so before the end of 2013. That was a little more than two weeks before the first Edward Snowden leaks and bombshell revelations about NSA surveillance on Americans in the name of national security.
By choosing the longer key lengths, Google makes cracking the SSL connections that encrypt and secure banking transactions, email communication and more online that much tougher. The NSA, however, has had success obtaining user data either via a warrant, National Security Letter, or allegedly by subverting NIST-sponsored crypto algorithms.
52926953
submission
msm1267 writes:
The hacker behind the MacRumors Forums breach said the attack was “friendly” and that none of the data accessed will be leaked. Editorial Director Arnold Kim confirmed to Threatpost that a post on the forums from the hacker is legitimate.
Kim posted an advisory on the forum on Monday informing users that a breach had occurred, and advising the site’s 860,000-plus members to change their passwords on the forum and anywhere else they might have used the same credential.
The hacker, who posted the portion of Kim’s password hash and salt as proof of his legitimacy, blamed a MacRumors Forums moderator whose credentials were stolen and used to access the password database.
“We’re not going to ‘leak’ anything. There’s no reason for us to. There’s no fun in that. Don’t believe us if you don’t want to, we honestly could not care less,” the hacker wrote. Kim said this afternoon that the site has no further details on the status of the investigation.
52916215
submission
msm1267 writes:
Security researchers and analysts hope that standards in development such as CRITs and STIX will facilitate the automated sharing of attack and threat intelligence between computers. At the Advanced Cyber Security Center annual conference in Boston, government and enterprise security officers talked about the importance of information sharing, especially with the proliferation of targeted attacks and nation-state funded hacks.
The experts say that vulnerability reports and reports on compromises are the wrong types of information to share. Instead, they hope to get more real-time insight into indicators of compromise such as domains and IPs involved in attacks.
52860909
submission
msm1267 writes:
Microsoft announced this afternoon that the zero-day vulnerability being exploited in a watering hole attack against an unnamed U.S.-based NGO website was already scheduled to be patched in a cumulative Internet Explorer update tomorrow.
The zero-day was reported publicly on Friday by FireEye researchers and today a few more dots were connected on the attack, which is dropping a variant of the McRAT Trojan that has been used in a number of targeted espionage attacks targeting industrial secrets.
52719139
submission
msm1267 writes:
HD Moore today disclosed seven zero-day vulnerabilities in IPMI firmware from vendor Super Micro. The security issues were reported to the vendor in August, however the vendor, beyond acknowledging receipt of the vulnerabilities never communicated with Metasploit regarding a fix.
A Super Micro representative told Threatpost that this was an “old story” and that the issue had been resolved. A request for further comment from a Super Micro project manager was not returned in time for publication and the availability of patches could not be confirmed.
IPMI, or intelligent platform management interface, are tiny computers that sit on a motherboard that are used by IT administrators in large data centers for remote management of servers or remote BIOS maintenance. They’re mostly present in rack-mount servers, and are cumbersome to update because they often require physical access to the hardware, and in a service provider environment, for example, there could be hundreds of these embedded devices present.
Beardsley said that a Project Sonar scan for the IPMI firmware in question, version SMT_X9_226, found 35,000 of them online. He estimates that number likely represents less than 10 percent of the total devices in use.
52635833
submission
Gunkerty Jeb writes:
Having found some initial success with its first foray into the bug bounty world, Microsoft is expanding the program to open up payments of up to $100,000 to incident response teams and forensics experts who come across active attacks in the wild that include new techniques that bypass exploit mitigations in place on the newest version of Windows.
52633177
submission
msm1267 writes:
Having found some initial success with its first foray into the bug bounty world, Microsoft is expanding the program to open up payments of up to $100,000 to incident response teams and forensics experts who come across active attacks in the wild that include new techniques that bypass exploit mitigations in place on the newest version of Windows.
The change is designed to broaden the field of people who can submit new attack techniques to Microsoft, therefore helping the company further secure Windows. The Microsoft bug bounty program is different from most vendors’ programs, as it pays out not for individual vulnerabilities but rather for new attack and defensive techniques.
52632893
submission
ericgoldman writes:
Terry Childs was a network engineer in San Francisco, and he was the only employee with passwords to the network. After he was fired, he withheld the passwords from his former employer, preventing his employer from controlling its own network. Recently, a California appeals court upheld his conviction for violating California's computer crime law, including a 4 year jail sentence and $1.5 million of restitution. The ruling provides a good cautionary tale for anyone who thinks they can gain leverage over their employer or increase job security by controlling key passwords.
