Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Disable WPAD Now or Have Your Accounts Compromised, Researchers Warn ( 75

It's enabled by default on Windows (and supported by other operating systems) -- but now security researchers are warning that "Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections," according to CSO. Slashdot reader itwbennett writes: Their advice: disable WPAD now. "No seriously, turn off WPAD!" one of their presentation slides said. "If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file"... A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled BadWPAD.

North Korea Is Blackmailing Top South Korean Online Retailer For $2.66 Million ( 45

An anonymous reader writes from a report via Softpedia: South Korea says that North Korea is behind a data breach that occurred last May, where hackers stole details about 10 million user accounts from, one of the country's biggest shopping portals. The hackers later tried to extort Interpark management by requesting for 3 billion won ($2.66 million / 2.39 million euros), otherwise they were going to release the data on the internet. [The hackers wanted the money transferred to their accounts as Bitcoin.] Authorities say they tracked the source of the hack to an IP in North Korea, previously used in other attacks on South Korean infrastructure. "Besides the evidence related to the IP addresses and the techniques used in the attacks, investigators also said that the emails Interpark management received, written in the Korean language, contained words and vocabulary expressions that are only used in the North," reports Softpedia.

New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks ( 124

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.

There's a Stuxnet Copycat, and We Have No Idea Where It Came From ( 30

Joseph Cox, reporting for Motherboard: After details emerged of Stuxnet, arguably the world's first digital weapon, there were concerns that other hackers would copy its techniques. Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware -- dubbed IRONGATE by cybersecurity company FireEye -- only works in a simulated environment it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration. [...] IRONGATE works within a simulated Siemens environment called PLCSIM, used for testing programs before they are pushed out into the field. Like Stuxnet, IRONGATE replaces a Dynamic Link Library (DLL), a small collection of code that can be used by different programs at the same time, with a malicious one of its own. IRONGATE's DLL records five seconds of traffic from the Siemens' system to the user interface, and replays it over again, potentially tricking whoever is monitoring the system into thinking everything is fine, while the malware might manipulate something else in the background.Dark Reading's coverage on this is also worth a read.

Over 7 Million Accounts for Minecraft Community Hacked ( 40

Joseph Cox, reporting for Motherboard: Over seven million user accounts belonging to members of Minecraft community "Lifeboat" have been hacked, according to security researcher Troy Hunt. Hunt said he will upload the data to his breach notification website "Have I Been Pwned?", which allows people to check if their account is compromised, on Tuesday, and that it includes email addresses and weakly hashed passwords -- meaning that hackers could likely obtain full passwords from some of the data. "The data was provided to me by someone actively involved in trading who's sent me other data in the past," Hunt, who has verified the data and sent Motherboard a redacted screenshot of some of it, said in an email.

FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years ( 101

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: The feds warned that "a group of malicious cyber actors," whom security experts believe to be the government-sponsored hacking group known as APT6, "have compromised and stolen sensitive information from various government and commercial networks" since at least 2011, according to an FBI alert obtained by Motherboard. The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government's servers, their activities going unnoticed for years. [...] In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks "in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011."

Researcher Finds Tens of Software Products Vulnerable To Simple Bug ( 162

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.

Malware Operator Barters With Security Researcher To Remove Open Source Ransomware Code ( 34

An anonymous reader writes: The author of the Magic ransomware strain has agreed to release all decryption keys for free if Utku Sen, a Turkish security researcher, takes down his Hidden Tear open-source ransomware project from GitHub. Sen has released multiple open source ransomware projects, which contained backdoors and encryption flaws. The flaws disrupted the plans of several ransomware operators. This particular ransomware author is Russian, while Sen is Turkish, so just like Putin and Erdogan, the two struggled to come to an agreement. Utku Sen finally agreed to take down the Hidden Tear repository in three days, while the author of the Magic ransomware will provide all the encryption keys for free for the next 15 days.

Serious Flaw Patched In Intel Driver Update Utility ( 34

itwbennett writes: The flaw in a utility that helps users download the latest drivers for their Intel hardware components stems from the tool using unencrypted HTTP connections to check for driver updates. It was discovered by researchers from Core Security and was reported to Intel in November. The Core Security researchers found that the utility was checking for new driver versions by downloading XML files from Intel's website over HTTP. These files included the IDs of hardware components, the latest driver versions available for them and the corresponding download URLs. Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.

Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords ( 62

itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow "anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction." The password manager in Trend's antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months.

BBC Taken Offline By 'Anti-IS' Group ( 150

New submitter shilly writes: The BBC is reporting that all its websites were taken offline on New Year's Eve for several hours, and the attack appears to be from a group calling itself New World Hacking. The group claims its raison d'être is to attack IS, but wanted to test out its capabilities first and chose the BBC as a target. A member of the group said, "We realize sometimes what we do is not always the right choice, but without cyber hackers... who is there to fight off online terrorists?"

AVG Forces Chrome Extension On Users, Extension Is Woefully Insecure ( 170

An anonymous reader writes: The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more. "This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page," explains Mr. Ormandy. "The installation process is quite complicated so that they [AVG] can bypass the Chrome [Store] malware checks, which specifically tries to stop abuse of the [Chrome] Extension API." Simple XSS and MitM attacks expose data from other tabs opened in the browser, browsing history, and even manage to render SSL useless.

PhantomSquad Hackers Begin Their Xmas DDoS Attacks By Taking Down EA Servers ( 127

An anonymous reader writes: The hacking crew was not kidding about their Christmas DDoS attacks on Xbox & PSN. This morning the group started warmup attacks on the EA network, taking it down for 3 hours. The attacks were severe enough to take down the network completely, and EA issued apologies on its Twitter account. Phantom Squad is now carrying out DDoS attacks on PSN. Users started reporting outages in small areas around the world.

Hyatt Hotels Payment-Processing Systems Hit By Malware ( 32

itwbennett writes: Hyatt Hotels said Wednesday that it recently identified malware on the computers that run its payment-processing systems. And while Hyatt didn't provide more details on the breach, including how many customers might be affected, the alert to customers asking them to closely check their credit card statements suggests that hackers may have obtained critical credit card information. The breach is the latest in a series of attacks in the hospitality industry, which include Hilton Worldwide, Mandarin Oriental and Starwood Hotels & Resorts Worldwide.
The Almighty Buck

Torrent Sites Earned $70M After Dropping Malware On Visitors ( 91

jones_supa writes: One in three torrent sites is spreading malware, claims a recent joint report (PDF) from Digital Citizens Alliance and RiskIQ, which compiled data from over 800 sites. Most of the time, the sites expose visitors to drive-by attacks that silently download malicious files on computers without any user interaction. These types of attacks are usually carried out through malvertising campaigns. It turns out that this is actually a good business for the operators of the pirate sites: depending on traffic, they can make between $200 and $5,000 per day. In total it is estimated that this type of covert agreement between malware distributors and pirate site operators has pocketed the latter about $70 million per year.

Slashdot Top Deals

Riches cover a multitude of woes. -- Menander