Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Bad Neighborhoods Theory Applies to Bots, Also (securityledger.com)

chicksdaddy writes: It turns out that the “bad neighborhoods” theory (http://ns.umich.edu/new/releases/8588) applies to computers, as well as people.

Researchers from the firm Recorded Future said that the company has developed what it described as a “support vector machine” model to analyze contextual open source intelligence (OSINT) data on malicious online behavior. (https://www.recordedfuture.com/artificial-intelligence-cyber-defense/) That is cross referenced to “CIDR neighborhoods” – blocks of Internet addresses identified using Classless Internet Domain Routing. The AI's output is a predictive risk score for specific IP addresses that are likely to turn to crime.

So far the results are promising. In one case, Recorded Future tagged an IP address as likely to be used in an attack a full 10 days before it actually was. In an analysis of 500 previously unseen IPs with a predictive risk scores that suggested they would become malicious, 25% turned up on independent, open source lists of malicious IP addresses within 7 days, the company said. By comparison, just %.02 percent of the entire population of global (IPV4) IP addresses are marked as malicious at any time, the company said.

As for why, the explanation that Recorded Future gives sounds similar to the findings of sociological and psychologic research on the effects of bad neighborhoods. The notion there is that “bad neighborhoods” – characterized by crime, poverty and a scarcity of good role models and economic opportunities – can affect the cognitive development of children and even of the children of those children.(https://psmag.com/growing-up-poor-has-effects-on-your-children-even-if-you-escape-poverty-df11e668378a#.a27begtv0)

In the case of Internet connected systems that are destined to ‘go bad,’ the issue is proximity to computers that are involved in malicious activity, Staffan Truve, CTO, Recorded Future told The Security Ledger.(https://securityledger.com/2016/12/bad-neighborhoods-predict-which-computers-turn-to-crime-also/)

Hackers and botnet operators are rational, economic beings, he observes. That means that they will eventually use infrastructure that they rent for a purpose (like virtual systems in a data center that might be rented out for use in a denial of service attack). By analyzing the “closeness” of IPV4 addresses, Recorded Future found a predictor of future malicious activity. Proximity to one of those bad apples makes it more likely that you’re a bad apple, also – or soon will be, he said. “There’s an underlying logic, which is that the neighborhood (the system) is in will be the core part of whether it becomes malicious, but also how your neighbors are talked about.”

Submission + - Zeus Still Alive and Well With New Variant Floki Bot

Trailrunner7 writes: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets.

Flashpoint conducted the analysis of Floki Bot with Cisco’s Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge.

Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate.

Submission + - Pebble Is No More After Fitbit Buys Smartwatch Assets

Mickeycaskill writes: Pebble will no longer support or make smartwatches, ending its bid to become an independent challenger to Apple, Samsung and others.

The original Pebble watch was funded on Kickstarter and other devices had been added to the range over the years. However the journey is at an end.

Fitbit's acquisition does not include the products Pebble has, mostly variants of its smartwatch, but rather adds assets that aim to help fitness wearable specialist Fitbit better establish a platform from which other fitness and health related products and services can be built upon.

“The additional resources will facilitate the faster delivery of new products, features and functionality while introducing speed and efficiencies to develop the general purpose utility consumers value in a connected device,” Fitbit said.

Pebble on the other hand will case creating its smartwatches and will cease to operate as an independent entity.

Submission + - Flash Bugs Dominate Exploit Kit Landscape

Trailrunner7 writes: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows.

Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it’s no surprise that Flash and IE exploits dominated the landscape.

Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it’s deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future’s analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups.

Submission + - Two Backdoors Found in Sony IP Cameras

Trailrunner7 writes: A long list of IP-enabled security cameras made by Sony contain backdoors in their firmware that can allow an attacker to run arbitrary code remotely on the devices and potentially opening them up for use in a botnet.

The cameras affected by the vulnerabilities are surveillance cameras, mainly used in enterprises and retail settings and there are dozens of models that contain the vulnerable firmware. Researchers at SEC Consult discovered the backdoors and found that an attacker could use one of them to enable hidden Telnet and SSH services on the cameras and then use the other backdoor to gain root privileges.

“After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges! The vulnerabilities are exploitable in the default configuration over the network. Exploitation over the Internet is possible, if the web interface of the device is exposed," the researchers said.

Submission + - New Google Trusted Contacts Service Shares User Location in Real Time

Trailrunner7 writes: Google has spent a lot of time and money on security over the last few years, developing new technologies and systems to protect users’ devices. One of the newer technologies the company has come up with is designed to provide security for users themselves rather than their laptops or phones.

On Monday Google launched a new app for Android called Trusted Contacts that allows users to share their locations and some limited other information with a set of close friends and family members. The system is a two-way road, so a user can actively share her location with her Trusted Contacts, and stop sharing it at her discretion. But, when a problem or potential emergency comes up, one of those contacts can request to get that user’s location to see where she is at any moment. The app is designed to give users a way to reassure contacts that they’re safe, or request help if there’s something wrong.

Submission + - FBI, Europol Dismantle Avalanche Cybercrime Crew

Trailrunner7 writes: A large group of law enforcement officials, security researchers, registrars, and others have dismantled a huge malware, phishing, and cybercrime network known as Avalanche, taking down more than 800,000 domains in the process.

The operation, which was a collaborative effort by Europol, the FBI, German police, and security groups, resulted in five arrests and the seizure of 39 servers in various countries. Officials say the Avalanche crew and its infrastructure was distributed around the world and estimated that damages from the group’s activities were in the hundreds of millions of Euros. The group conducted spam, phishing, and malware attacks using a wide variety of malware strains and tactics.

Investigators began looking at the Avalanche infrastructure in 2012 after a widespread ransomware attack that was attributed to the group. Many victims also were infected with banker malware that stole banking credentials and other private data. Like many cybercrime crews, Avalanche used money mules to cash out their profits and layers of personnel to handle specific tasks in an effort to avoid detection. The group also employed technical methods to attempts to confuse law enforcement and security researchers.

Submission + - ESPN Loses Another 555,000 Subscribers Per Nielsen (outkickthecoverage.com)

An anonymous reader writes: Last month ESPN lost 621,000 subscribers according to Nielsen media estimates, which was the worst month in the company's history. This month things weren't much better — ESPN lost another 555,000 subscribers according to Nielsen media estimates, meaning that the worst month in the history of ESPN has now been followed up by the second worst month in ESPN history. ESPN has now lost a jawdropping 1.176 million subscribers in the past two months.

Putting that into perspective, that means nearly 20,000 people a day are leaving ESPN for each of the past two months. If that annual average subscriber loss continued, ESPN would lose over seven million subscribers in the next 12 months. And at an absolute minimum, these 1.176 million lost subscribers in the past two months will lead to a yearly loss in revenue of over $100 million. According to Nielsen ESPN now has 88.4 million cable and satellite subscribers, a precipitous decline from well over 100 million subscribers just a few years ago.

Submission + - Matt Taibbi: 'Washington Post' 'Blacklist' Story Is Shameful and Disgusting (rollingstone.com)

MyFirstNameIsPaul writes: From the article:

Most high school papers wouldn't touch sources like these. But in November 2016, both the president-elect of the United States and the Washington Post are equally at ease with this sort of sourcing.

Even worse, the Post apparently never contacted any of the outlets on the "list" before they ran their story. Yves Smith at Naked Capitalism says she was never contacted. Chris Hedges of Truthdig, who was part of a group that won the Pulitzer Prize for The New York Times once upon a time, said the same. "We were named," he tells me. "I was not contacted."

Hedges says the Post piece was an "updated form of Red-Baiting."

"This attack signals an open war on the independent press," he says. "Those who do not spew the official line will be increasingly demonized in corporate echo chambers such as the Post or CNN as useful idiots or fifth columnists."


Submission + - More Than 1 Million Android Devices Rooted by Gooligan Malware

Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims’ Google accounts in the process.

The malware campaign is known as Gooligan, and it’s a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that’s not the main concern for victims.

The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users’ Google credentials.Although the malware has full remote access to infected devices, it doesn’t appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.

Submission + - Cerber Ransomware Using Tor Network to Hide

Trailrunner7 writes: Ransomware authors have adopted a number of new tactics recently to help avoid detection and stop takedown attempts, and the latest move by the gang behind the Cerber malware is the use of both Google redirection and the Tor network as evasion and obfuscation mechanisms.

Researchers from Cisco’s Talos group have come across a new version of the Cerber ransomware that uses these techniques, combined with pretty rudimentary email messages to trick victims into clicking on links that lead to the malicious files. Typically, sophisticated ransomware crews will use well-crafted emails with malicious attachments that contain the ransomware. But this Cerber campaign isn’t using any attachments in its spam emails and instead is relying on trickery to entice users into following the links, which are obfuscated and lead to sites on the Tor anonymity network.

Submission + - How Your Headphones Can Record Your Conversations Remotely 1

Trailrunner7 writes: As if attackers didn’t have enough methods for observing users’ actions, researchers have now developed a technique that allows them to use speakers or headphones plugged in to a PC as microphones to record victims’ discussions.

The attack involves a technique called re-tasking in which the researchers changed the functionality of the audio jacks on a target computer. So, whereas an input jack would normally be used by a microphone and the output jack would be used by the speakers, the researchers remapped the jacks so that the speakers can record sound when plugged into an output jack. The technique, developed by a team at Ben Gurion University of the Negev in Israel, involves the use of custom malware on the machine, but the researchers showed in their work that the attacks can succeed in recording audio from across a room.

The attack that the researchers developed allows them to record audio surreptitiously and then transmit it to another machine several meters away. The technique can be used without the user’s interaction.

“It’s pretty difficult to defend against such an attack, but it’s possible that anti-virus will detect such a microphone retasking and will block it. Chip manufacturers can redesign the internal commands that can be sent to the controller and regulate it in a better way,” Mordechai Guri, one of the paper's authors, said.

Submission + - The IRS Just Declared War on Bitcoin Privacy (fee.org)

SonicSpike writes: The Internal Revenue Service has filed a “John Doe” summons seeking to require U.S. Bitcoin exchange Coinbase to turn over records about every transaction of every user from 2013 to 2015.

That demand is shocking in sweep, and it includes: “complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.” And every single transaction.

The demand is not limited to owners of large amounts of Bitcoin or to those who have transacted in large amounts. Everything about everyone.

Equally shocking is the weak foundation for making this demand. In a declaration submitted to the court, an IRS agent recounts having learned of tax evasion on the part of one Bitcoin user and two companies. On this basis, he and the IRS claim “a reasonable basis for believing” that all U.S. Coinbase users “may fail or may have failed to comply” with the internal revenue laws.

The IRS’s effort to strip away the privacy of all Coinbase users is more broad than the government’s effort in recent cases dealing with cell site location information. In the CSLI cases, the government has sought data about particular suspects, using a standard below the probable cause standard required by the Fourth Amendment (“specific and articulable facts showing that there are reasonable grounds to believe”).

Submission + - Adobe VoCo, Google WaveNet Raise Voice Security Concerns

Trailrunner7 writes: As voice has continued to emerge as one of the key interfaces for new devices and apps, including vehicles, bank accounts, and home automation systems, concerns about the security of these systems have evolved, as well. Now, as both Google and Adobe have demonstrated systems that can insert and replace words in recorded speech or mimic human speech those concerns are becoming more concrete.

Adobe has revealed a project known as VoCo that has that it has compared to a Photoshop for voice recordings. The app can take a small piece of a person’s recorded voice and give the user the ability to rearrange or insert words or short phrases into the recording. The user types whatever text he wants into the app and the software can then add them into the recording wherever the user specifies.

Google also has been working on a synthetic speech system, known as WaveNet, which models raw audio waveforms to produce speech that sounds more human. Many existing text-to-speech systems rely on a database of recorded words to produce sentences. Google’s model doesn’t have that limitation.

Submission + - Lawmakers Try to Delay Expansion of Government Hacking

Trailrunner7 writes: As the deadline for Congress to act on a proposed change that would give federal law enforcement agencies expanded power to hack remote computers, a group of senators has introduced a bill to delay the rule change until next summer.

The proposed change to Rule 41 of the Federal Rules of Criminal Procedure would allow law enforcement officials to get a single warrant from essentially any judge where things related to a given crime have occurred to remotely search computers that might be involved in the crime. The modification also would allow officers to remotely search computers of victims of computer crimes.

Privacy advocates and some legislators say that the change would constitute a huge a expansion of government hacking powers, while Department of Justice officials and supporters of the change say it’s simply a procedural change. The United States Supreme Court approved the change in April and it is scheduled to go into effect on Dec. 1. Congress has the ability to enact legislation to prevent the change, but so far has not.

On Thursday, a group of five senators introduced a bill that would keep Rule 41 as-is for now and delay the change until July 1, 2017. The idea is to give Congress time to consider the consequences of the proposed change. Sen. Ron Wyden (D-Ore.), one of the sponsors of the new bill, has expressed concern about the change to the rule for months.

Slashdot Top Deals

You will be successful in your work.

Working...