The FTC filed complaints against two separate groups of defendants, the leaders of which have both been involved in previous legal actions for robocalling operations. The defendants each controlled several different corporate entities that were involved in selling home security systems, extended auto warranties, and other products through repeated automated phone calls. Many of the calls were to numbers on the DNC list, a violation of the telemarketing regulations.
The two main defendants in the complaints are Justin Ramsey and Aaron Michael Jones, and in separate actions, they and many of their co-defendants have agreed to court-ordered bans on robocall activities and financial settlements. The FTC alleges that Ramsey directed an operation that made millions of robocalls a month.
The Anthem data breach is one of the larger health cae-related incidents ever in the United States and it has cost the company $260 million so far in technology improvements, credit monitoring, and other expenses. Anthem officials discovered the breach in January 2015 and disclosed it publicly the following month. The attack began, as many of the incidents do, with a spearphishing email, which an employee of one of Anthem’s subsidiaries opened. That led to the installation of malware on the employee’s machine, and the attacker then moved on to compromise at least 90 other computers in the organization, according to the report.
Anthem hired security firm CrowdStrike to investigate the intrusion, and the California Department of Insurance conducted an analysis of the event, as well. The analysts came to the conclusion that operators from a foreign government had initiated the attack. The report does not specify which government was involved, however.
The new report is the result of an order from President Barack Obama to investigate whether elements of the Russian government hacked U.S. networks in the months leading up to the election. There will be a classified version of the report delivered to Congress, as well as an unclassified version released to the public. In a hearing before the Senate Armed Service Committee Thursday, senior intelligence officials said they are highly confident that Russian intelligence was behind a number of intrusions tied to the election.
“This was a multifaceted campaign. The hacking was only one part of it. It included classical propaganda, fake news, disinformation,” said Director of National Intelligence James Clapper during Thursday’s hearing.
The idea of needing a new law to make a form of hacking illegal may seem counterintuitive, but ransomware is a case of criminals outflanking the existing laws. Ransomware emerged in a big way a few years ago and the law enforcement community was not prepared for the explosion of infections. While there have been takedowns of ransomware gangs, they often involve charges of money laundering or other crimes, not the installation of the ransomware itself.
In September, California Gov. Jerry Brown signed into law a bill that made the use of ransomware a crime, essentially a form of extortion. The law went into effect on Jan. 1.
The new document is not a set of regulations, but is simply guidance designed to give manufacturers and regulators a framework for medical device security issues. This topic has become a major concern in the last few years as manufacturers have added networking and other capabilities to more and more medical devices such as insulin pumps and pacemakers.
A large portion of the FDA guidance concerns the ways in which manufacturers assess the potential exploitability of a given vulnerability and how they respond to vulnerability reports. There are well-defined processes for this kind of assessment in the normal software and hardware worlds. But medical devices are a much different story, given their dedicated purposes and the potential consequences if a vulnerability is exploited.
The network came to light on Dec. 21 when researchers at Imperva saw a two-part DDoS attack that began with a 20-minute flood that peaked around 400 Gbps. A few minutes later, the attackers pushed the button again, this time hitting a peak volume of 650 Gbps and throwing more than 150 million packets per second at the targets. That volume of attack traffic approaches the enormous DDoS floods generated by the Mirai botnet over the last few months. The largest of the known Mirai floods was around 1 Tbps of traffic.
The Imperva researchers said the attacks from the new botnet, which they’ve named Leet, came from spoofed IP addresses and ended after a total of about 37 minutes. Aside from the high volume involved in the attacks, the other interesting piece is the makeup of the packets Leet is sending at its targets. Some of the packets are typical SYN packets, but others are more than 10 times as large as normal packets and include some very odd ingredients.
Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely.
ATS is Apple’s collection of transport security standards designed to provide attack resistance for data that’s sent between iOS and macOS apps and back end servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.
The Encryption Working Group, comprised of members of the House Judiciary Committee and House Energy and Commerce Committee, has been looking at the challenges that law enforcement and intelligence communities face with the wide deployment of strong encryption. The group said in its report that although encrypted communications present a serious obstacle for law enforcement agencies, officials in the national security community said encryption is a key part of protecting the nation’s critical infrastructure.
“Congress should not weaken this vital technology because doing so works against the national interest. However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities,” the report says.
the tests are called Project Wycheproof, and Google’s engineers designed them to help developers implement crypto libraries without having to become experts. Cryptographic libraries can be quite difficult to implement and making errors can lead to serious security problems. Attackers often will look for weak crypto implementations as a means of circumventing strong encryption in a target app.
Among the issues that Google’s engineers found with the Project Wycheproof tests is one in ECDH that allows an attacker to recover the private key in some circumstances. The bug is the result of some libraries not checking the elliptic curve points that they get from outside sources.
Researchers at IBM Security’s X-Force surveyed executives at 600 businesses of all sizes and found that organizations hit with ransomware are choosing to pay out at a high rate. The data shows that 20 percent of compromised organizations have paid ransoms of more than $40,000, and 25 percent have paid between $20,000 and $40,000. Those numbers are far higher than what consumers typically pay, which is usually in the range of $500-$1,000, depending on the ransomware variant.
The kit then uses the victim’s browser to identify the home router and fingerprint it and then send the details back to the remote server. The server will then send back instructions on how to exploit that particular router. Once that's done, the malware will change the DNS server and redirect victims' web traffic.
Flashpoint conducted the analysis of Floki Bot with Cisco’s Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge.
Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate.
Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it’s no surprise that Flash and IE exploits dominated the landscape.
Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it’s deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future’s analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups.
The cameras affected by the vulnerabilities are surveillance cameras, mainly used in enterprises and retail settings and there are dozens of models that contain the vulnerable firmware. Researchers at SEC Consult discovered the backdoors and found that an attacker could use one of them to enable hidden Telnet and SSH services on the cameras and then use the other backdoor to gain root privileges.
“After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges! The vulnerabilities are exploitable in the default configuration over the network. Exploitation over the Internet is possible, if the web interface of the device is exposed," the researchers said.
On Monday Google launched a new app for Android called Trusted Contacts that allows users to share their locations and some limited other information with a set of close friends and family members. The system is a two-way road, so a user can actively share her location with her Trusted Contacts, and stop sharing it at her discretion. But, when a problem or potential emergency comes up, one of those contacts can request to get that user’s location to see where she is at any moment. The app is designed to give users a way to reassure contacts that they’re safe, or request help if there’s something wrong.