Thursday, April 30, 2015

EU officially ranks cyber crime a top concern

From The Hill:

EU officially ranks cyber crime a top concern

Cyber crime is one of the top three security challenges that will guide the European Commission's security agenda for the next five years.

MySQL Bug Can Strip SSL Protection From Connections

From ThreatPost:

MySQL Bug Can Strip SSL Protection From Connections

Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently.

The Importance of Cyber Hygiene in Cyberspace

From the InfoSec Institute:

The Importance of Cyber Hygiene in Cyberspace

The drastic increase in the frequency of cyber attacks on financial systems, the healthcare industry and large and small scale industries have raised concerns about security at every level of an organization. A recent Australian Securities and Investments Commission (ASIC) “Cyber-resilience health-check” report says that industry feedback will further tighten the financial services and other regulated sectors. Organizations need to be better-prepared to respond, adapt to and recover from unprecedented cyber-attacks. These attacks are escalating across the data-driven, mobile, Internet and cloud-based services’ sectors, says ASIC. Cyber criminals and hackers are trying different types of malware based attacks on their victims. Recently, ransomware, a type of malware has been making rounds as a popular hacker trick to take over a victim’s computer and blackmail for cash.Crypto-ransomware has become a popular way to extract money from victims who inadvertently download the malware. These new variants of malware allow cyber criminals to launch multiple types of attacks on individuals and organizations.

Wi-Fi Woes Continue To Plague Infosec

From Dark Reading:

Wi-Fi Woes Continue To Plague InfoSec

Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.

Cybercriminals Use RawPOS Malware to Target Hotels, Casinos

From Security Week:

Cybercriminals Use RawPOS Malware to Target Hotels, Casinos

An old point-of-sale (PoS) malware has been used by cybercriminals to target the customers of resorts, hotels, and casinos in North America and other parts of the world, Trend Micro has warned.

Lock Screen Bypass Flaw Found in Samsung Androids

From ThreatPost:

Lock Screen Bypass Flaw Found in Samsung Androids

A vulnerability exists in Samsung devices running Android version 4.1.2 that could give unauthenticated users the ability to circumvent the screen lock and view the home screen, run apps, and reach out to contacts without successfully completing Android’s pattern lock, PIN, password or Face Unlock mechanisms.

Large List of FTP Credentials For Sale in Underground Forums

From ThreatPost:

Large List of FTP Credentials For Sale in Underground Forums

Hackers are targeting FTP upload sites with the hopes of redirecting victims to spam or even infecting webservers that rely on FTP applications for updates.

Researcher Unlocks Samsung Galaxy S4 Bootloader for AT&T, Verizon Android Phones

From ThreatPost:

Researcher Unlocks Samsung Galaxy S4 Bootloader for AT&T, Verizon Android Phones

Those of you who like to tinker and jailbreak Android phones should take notice of some new research conducted on Samsung Galaxy S4 Android devices shipped by AT&T and Verizon. Both device makers ship the Galaxy S4 smartphones with a locked down bootloader that prevents users from uploading custom kernels or from making modifications to software on the phone.

OpenSSL Past, Present and Future

From ThreatPost:

OpenSSL Past, Present and Future

Rarely does anything have a defined turning point in its history, a single day where people can point and say that was the day everything changed.

US-CERT Alert: Top 30 Targeted High Risk Vulnerabilities

From US-CERT:

Alert (TA15-119A) Top 30 Targeted High Risk Vulnerabilities

Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1] (link is
external).

This Alert provides information on the 30 most commonly exploited vulnerabilities used in these attacks, along with prevention and mitigation recommendations.

It is based on analysis completed by the Canadian Cyber Incident Response Centre (CCIRC) and was developed in collaboration with our partners from Canada, New Zealand, the United Kingdom, and the Australian Cyber Security Centre.

Banking Trojan delivered to companies via macro-based malware

From Help Net Security:

Banking Trojan delivered to companies via macro-based malware

Cybercriminals continue targeting enterprises with malicious emails whose ultimate goal is to infect company computers with the Dyre/Dyreza banking malware.

Yahoo develops cheap, effective biometric smartphone authentication

From Help Net Security:

Yahoo develops cheap, effective biometric smartphone authentication

A group of Yahoo researchers have demonstrated that apart from fingerprints, other parts of the human body, such as ears, fists, palms and fingers, can also be successfully used to authenticate users to their mobile phones.

US-CERT Alert: Alert (TA15-120A) Securing End-to-End Communications

From US-CERT:

Alert (TA15-120A) Securing End-to-End Communications

Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, causing unsecured web browsers around the world to become unwitting participants in a distributed denial-of-service attack. That same code can be employed to deliver an exploit for a particular vulnerability or to take other arbitrary actions.

Strongly recommended for both novice & expert InfoSec practitioners.  Contains useful info on how to use various technologies to mitigate man-in-the-middle (MITM) attacks.

Unpatched, vulnerable PDF readers leave users open to attack

From Help Net Security:

Unpatched, vulnerable PDF readers leave users open to attack

Unpatched, vulnerable PDF readers are a big security issue for private PC users, according to Secunia. 14% of PC users in the US (up from 12.9% last quarter) have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks.

US-CERT Alert: Nepal Earthquake Disaster Email Scams

From US-CERT:

Nepal Earthquake Disaster Email Scams

US-CERT would like to warn users of potential email scams regarding the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters.

Google unveils Password Alert Chrome extension, an early warning system against phishing attacks

From Sophos Naked Security:

Google unveils Password Alert Chrome extension, an early warning system against phishing attacks

Google has announced the release of a new browser extension designed to protect its users from phishing attacks.

iPad crash grounds dozens of American Airlines flights

From Sophos Naked Security:

iPad crash grounds dozens of American Airlines flights

Dozens of American Airlines flights were grounded on Tuesday night when pilots' iPads abruptly crashed - or, in the words of one passenger who quoted a pilot, "stopped working".

Hollywood gets Piracy app Popcorn Time blocked in the UK

From Sophos Naked Security:

Hollywood gets Piracy app Popcorn Time blocked in the UK

The UK High Court has ordered internet service providers (ISPs) to block Popcorn Time, a piracy app that's as easy to use as Netflix.

This is just the latest in a series of blocking orders issued by the High Court.

DARPA demonstrates breakthrough in self-guided bullets

From Fox News:

DARPA demonstrates breakthrough in self-guided bullets

DARPA’s Extreme Accuracy Tasked Ordinance (EXACTO) program just had its most successful round of live-fire tests to date. The tests were conducted in February with an experienced shooter using the self-steering bullet technology to repeatedly hit “moving and evading targets” while a novice shooter used the system for the first time to hit a moving target, according to a press release.

Wednesday, April 29, 2015

Social Engineering: Attackers' Reliable Weapon

From Security Week:

Social Engineering: Attackers' Reliable Weapon

It begins with a baited hook.

It could be a link posted on social media that appears to lead to a subject of interest. It could be the sudden arrival of an emailed invoice. Whatever the ploy, social engineering is the opening salvo in targeted attacks against organizations all over the world. Sometimes, the social engineering begins with an email. Other times it may involve Facebook, and other times it may begin with a phone call.

The Rise of Cyber Extortion

From Security Week:

The Rise of Cyber Extortion

In 1824, the Duke of Wellington received a letter from a publisher threatening to publish a memoir by his former mistress. The publisher offered to keep the Duke out of the book if he received a sum of money. The Duke reportedly sent the letter back with “Publish and be damned” scrawled on the back.

Antivirus Software Weakens HTTPS Security: Researcher

From Security Week:

Antivirus Software Weakens HTTPS Security: Researcher

German journalist and researcher Hanno Böck has analyzed three popular antivirus products and determined that each one of them lowers security when they intercept HTTPS traffic.

Böck was featured in several news articles in February after the world learned that Lenovo had pre-installed a piece of adware known as Superfish on laptops. Superfish came into the spotlight when experts discovered that it broke the security of HTTPS connections in order to inject ads into web pages. After the Superfish incident came to light, Böck revealed that Privdog, a tool promoted by Comodo and designed to replace ads with ones from trusted sources, was “worse than Superfish.”

Experts Warn on Critical Shortage of Cybercrime Specialists

From Security Week:

Experts Warn on Critical Shortage of Cybercrime Specialists

Riyadh - Experts warned at a conference in Saudi Arabia on Tuesday of a critical shortage of global specialists trained to confront increasingly malicious cyber security threats.

"Some reports say that we have globally less than 1,000 people who are truly qualified, whereas we need over 30,000 to address the problem," said Mark Goodwin, of Virginia Tech university in the United States.

Vulnerability in Realtek SDK Exposes Routers to Attacks

From Security Week:

Vulnerability in Realtek SDK Exposes Routers to Attacks

Routers from D-Link, TRENDnet and likely other vendors are vulnerable to remote code execution attacks due to a flaw in a component of the Realtek software development kit (SDK).

The issue was discovered by Ricky Lawshae, DVLabs security researcher and content developer at HP Enterprise Security. The expert reported his findings to HP’s Zero-Day Initiative (ZDI) in August 2014. Since Realtek hasn’t responded to any of ZDI’s attempts to report the vulnerability, the existence of the zero-day has been disclosed.

RSA Highlighted Impending IoT Troubles

From Dark Reading:

RSA Highlighted Impending IoT Troubles

As attendees digest the messages coming out of RSA Conference last week, they're sifting through plenty of important themes that came to light be it information sharing, big data analytics' impact on security,  and the use of automation to better level the playing field with the scale attackers have achieved. But perhaps one of the most lasting topics to bridge across conference session tracks and cocktail debates is the impending difficulties enterprise IT will face in securing the Internet of Things (IoT).

To Evangelize Security, Get Out Of Your Comfort Zone

From Dark Reading:

To Evangelize Security, Get Out Of Your Comfort Zone

I'm not a security professional -- I can't configure a firewall or hack my way out of a paper bag -- but I've been lucky enough to live and work in the info security community for almost a decade now. For me, last week's RSA Conference in San Francisco was old home week; nearly everywhere I walked, I saw someone I knew. And I was able to participate in nearly every conversation, because the topics were well-known and familiar.

Actor using Fiesta exploit kit

From SANS ISC:

Actor using Fiesta exploit kit

This diary entry documents a criminal group using the Fiesta exploit kit (EK) to infect Windows computers.  I previously wrote a guest diary about this group on 2014-12-26 [1] and provided some updated information on my personal blog this past February [2].  I first noticed this group in 2013, and it's likely been active well before then.

2015-04-29 Phish of the day

Just received this one.  It comes with a base64 encoded attachment named "check.doc".  Keep your eyes open for this one.

----- Begin Phishing Email -----

Are you sure you issued this check? Your signature looks bogus

----- End Phishing Email -----

----- Begin Phishing Email Header Info -----

Return-path: <shrewed49@rmeasdale.com>
Received: from 84-232-236-159.pppoe-business.brasov.rdsnet.ro
 ([84.232.236.159]) by vms172077.mailsrvcs.net
 (Oracle Communications Messaging Server 7.0.5.34.0 64bit (built Oct 14 2014))
 with ESMTP id <0NNK00AY3NDB4L20@vms172077.mailsrvcs.net> for
 <recipient_email_omitted>; Wed, 29 Apr 2015 09:10:30 -0500 (CDT)
Date: Wed, 29 Apr 2015 16:14:30 +0200
From: "Ashlee Tyson" <shrewed49@rmeasdale.com>
Subject: Re: payroll checkare
X-Originating-IP: [84.232.236.159]
To: <recipient_email_omitted>Message-id: <1439X27C.3641794@rmeasdale.com>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_PgzM7siDShtPG6KvVVfGMg)"
X-Verizon-Spam: Yes
X-CMAE-Score: 100
X-CMAE-Analysis: v=2.1 cv=LYyLMYaK c=1 sm=1 tr=0 p=rJqd6rZlIhYbTn4MaQAA:9
 p=H1u9zqURehgJvYRmWIMA:9 a=a8IUkKEvmxiWzBY6Ruf4/A==:117
 a=a8IUkKEvmxiWzBY6Ruf4/A==:17 a=TBwV841PfKQA:10 a=ARMftL3jAAAA:8
 a=oR5dmqMzAAAA:8 a=e9J7MTPGsLIA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=9iDbn-4jx3cA:10
 a=cKsnjEOsciEA:10 a=gZbpxnkM3yUA:10 a=wPNLvfGTeEIA:10 a=DJSPjBAeKj4A:10
 a=QPrpmIQDwqUA:10 a=RXpN45yG6AAA:10 a=diV1Cm6KfS4A:10 a=tclcd6dtLQvEqt9_mmAA:9
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
 Thunderbird/24.2.0
Original-recipient: rfc822;<recipient_email_omitted>

This is a multi-part message in MIME format.
--Boundary_(ID_PgzM7siDShtPG6KvVVfGMg)
Content-type: text/plain; CHARSET=US-ASCII; format=flowed
Content-transfer-encoding: 7BIT

Are you sure you issued this check? Your signature looks bogus
--Boundary_(ID_PgzM7siDShtPG6KvVVfGMg)
Content-type: application/msword; name=check.doc
Content-transfer-encoding: base64
Content-disposition: attachment; filename=check.doc


<Encoding_removed>

Per VirusTotal:

SHA256: dc967761e041aeb6c2f518ebeff8f52551ba32d71887eb04996c3ea6db43e854
File name: check.doc
Detection ratio: 4 / 57 
Analysis date: 2015-04-29 14:44:19 UTC ( 0 minutes ago ) 

AVware  LooksLike.Macro.Malware.gen!d1 (v)  20150429 
AhnLab-V3  W97M/Downloader  20150429 
Fortinet  WM/Agent!tr  20150429 
VIPRE  LooksLike.Macro.Malware.gen!d1 (v)  20150429
 


--Boundary_(ID_PgzM7siDShtPG6KvVVfGMg)
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7BIT


--Boundary_(ID_PgzM7siDShtPG6KvVVfGMg)--


----- End Phishing Email Header Info -----

One-in-four Americans victimized by information security breaches

From Help Net Security:

One-in-four Americans victimized by information security breaches

One-in-four Americans (25 percent) fell victim to information security breaches in the past year, according to a new survey from the American Institute of CPAs (AICPA), which polled 1,010 US adults. This represents more than double the number of people (11 percent) who reported being victimized in a similar survey taken just over a year ago.

Latest trends in the ransomware business

From Help Net Security:

Latest trends in the ransomware business

Cybercrooks wielding ransomware might prefer getting paid in Bitcoin, but the crypto currency is just a way to obfuscate the real destination of the payment - as soon as they can, they turn the Bitcoin into "real" money, IBM senior fraud prevention strategist Etay Maor shared in his presentation at RSA Conference 2015.

Why you should steer users towards less predictable passwords

From Help Net Security:

Why you should steer users towards less predictable passwords

As users are instructed to create ever more complex passwords, and developers are starting to use encryption methods more difficult to crack than standard hashing functions, password crackers (and penetration testers) must wisely choose which type of password attack to try first, second, and so on.

Protecting and identifying your information assets

From Help Net Security (Podcast):

Protecting and identifying your information assets

In this podcast recorded at RSA Conference 2015, Tim Upton, CEO at TITUS, illustrates how TITUS gives your data an identity by adding metadata to an information asset such as an email or a document. They identify data at the time of creation, so that your organization can make intelligent, deliberate decisions on how that information is handled.

Hacker exploits Android devices with self-implanted NFC chip

From Help Net Security:

Hacker exploits Android devices with self-implanted NFC chip

A security researcher has demonstrated that it's possible to implant yourself with a NFC chip that will not be detected by body scanners at airports or other high-security locations, and which could be used to compromise devices inside a guarded perimeter.

Planning for the Internet of Things

From Help Net Security (Podcast):

Planning for the Internet of Things

As organizations plan for the future, and how security has to operate within their business, they now have to worry about the Internet of Things (IoT).

The value of patching and how to do it properly

From Help Net Security (Podcast):

The value of patching and how to do it properly

Patching has been the stalwart of the information security community for at least the last 15 years.

Fee-fi-fo-fum, do I want Google to sniff my network traffic, all of it?

From Sophos Naked Security:

Fee-fi-fo-fum, do I want Google to sniff my network traffic, all of it?

Google is getting a lot of publicity for a business venture called Project Fi.

Dubbed rather grandly as "a new way to say hello," the service seems to be a joint project with US mobile providers Sprint and T-Mobile.

FBI: Hacktivists targeting US law enforcement as anti-police sentiment grows

From Sophos Naked Security:

FBI: Hacktivists targeting US law enforcement as anti-police sentiment grows

The FBI has issued a new warning for police officers in the US to limit their public exposure on social media sites, citing the threat of hacktivists who may target them and their families.

25 members of $15 million carding gang arrested in Romania

From Sophos Naked Security:

25 members of $15 million carding gang arrested in Romania

Romanian authorities have announced the arrests of 25 people in connection with a well-organised operation using cloned bank cards to withdraw cash from ATMs.

Judge chided for Facebook posts that triggered mistrial in "boy in the box" case

From Sophos Naked Security:

Judge chided for Facebook posts that triggered mistrial in "boy in the box" case

A Texas judge has been chewed out for making Facebook posts about a case that resulted in a mistrial, and has been ordered to get trained on "proper and ethical use of social media" by judges.

The "Dirty Dozen" SPAMPIONSHIP: Who needs to kill the most zombies?

From Sophos Naked Security:

The "Dirty Dozen" SPAMPIONSHIP: Who needs to kill the most zombies?

Here they are: the latest "Dirty Dozen" SPAM­PION­SHIP tables, detailing the globe's most dastardly distributors of delinquent data during the first quarter of 2015.

Remotely operated surgery robot is easy to e-hijack, researchers find

From Sophos Naked Security:

Remotely operated surgery robot is easy to e-hijack, researchers find

Nothing like having a squid-like alien embryo extracted from your abdomen to make you appreciate automated surgery.
 
Alas, outside of science fiction, there's a flip side to the world of robotic surgery, as computer security researchers at the University of Washington have found.

Tuesday, April 28, 2015

Smartphone Security Shootout

From DarkReading:

Smartphone Security Shootout

Researcher compared Apple iOS, Android, Windows smartphones for business use privacy and security.

RSA CONFERENCE -- San Francisco -- Conventional wisdom would say Apple iPhone would be hands down more safe for business users than Android, but a security researcher found Android a close second to iPhone if it's a Google Nexus or Samsung Knox version phone.

Google blushes over Google Maps showing Android icon urinating on Apple icon

From Sophos Naked Security:

Google blushes over Google Maps showing Android icon urinating on Apple icon

As of Monday, all was well in Pakistan's Ayub National Park, at least as far as Google Maps was concerned, which was showing it as a verdant green swath of pixels.

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

From US-CERT:

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking collectives may exploit publicly available information identifying officers or officials, their employers, and their families. These target groups should protect their online presence and exposure.

Champlain College Awarded for Best Cybersecurity Higher Education Program

From Forensic Magazine:

Champlain College Awarded for Best Cybersecurity Higher Education Program

Champlain College has been recognized for the second time as winner of the Professional Award for Best Cybersecurity Higher Education Program at the 2015 SC Awards. The award was presented during the 2015 SC Awards Gala held in San Francisco.

Details on WordPress Zero Day Disclosed

From ThreatPost:

Details on WordPress Zero Day Disclosed

WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver.

New Utility Decrypts Data Lost to TeslaCrypt Ransomware

From ThreatPost:

New Utility Decrypts Data Lost to TeslaCrypt Ransomware

Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key.

Second Crypto Bug in Networking Library Could Affect 25,000 Apps

From ThreatPost:

Second Crypto Bug in Networking Library Could Affect 25,000 Apps

A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced.