Domain: cso.com.au
Stories and comments across the archive that link to cso.com.au.
Stories · 16
-
Windows Defender Will Soon Start Removing Applications With Coercive Messaging: Cleaners and Optimizers Put on Notice (cso.com.au)
Microsoft is stepping up its efforts to protect Windows users from programs that use fear to convince people to buy or upgrade products. From a report: The Redmond company is taking aim at all software that use scary messaging to convince people to upgrade to a paid product that purportedly fixes a problem detected by a free version. Specifically it is targeting registry cleaners and optimizers, which Microsoft previously didn't endorse but also didn't blacklist them as unwanted programs or malware. That's changing on March 1. "We find this practice problematic because it can pressure customers into making unnecessary purchase decisions," said Barak Shein, a member of the Windows Defender security research team. From March 1 Microsoft's Windows Defender and other security products will "classify programs that display coercive messages as unwanted software, which will be detected and removed," Shein said. -
McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise (theregister.co.uk)
mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time." -
Staff Breach At OneLogin Exposes Password Storage Feature (cso.com.au)
River Tam quotes a report from CSO Australia: Enterprise access management firm OneLogin has suffered an embarrassing breach tied to a single employee's credentials being compromised. OneLogin on Tuesday revealed the breach affected a feature called Secure Notes that allowed its users to "store information." That feature however is pitched to users as a secure way to digitally jot down credentials for access to corporate firewalls and keys to software product licenses. The firm is concerned Secure Notes was exposed to a hacker for at least one month, though it may have been from as early as July 2 through to August 25, according to a post by the firm. Normally these notes should have been encrypted using "multiple levels of AES-256 encryption," it said in a blog post. Several thousand enterprise customers, including high profile tech startups, use OneLogin for single sign-on to access enterprise cloud applications. The company has championed the SAML standard for single sign-on and promises customers an easy way to enable multi-factor authentication from devices to cloud applications. But it appears the company wasn't using multi-factor authentication for its own systems. OneLogin's CISO Alvaro Hoyos said a bug in its software caused Secure Notes to be "visible in our logging system prior to being encrypted and stored in our database." The firm later found out that an employees compromised credentials were used to access this logging system. The company has since fixed the bug on the same day it detected the bug. CSO adds that the firm "also implemented SAML-based authentication for its log management system and restricted access to a limited set of IP addresses." -
How SSL/TLS Encryption Hides Malware (cso.com.au)
Around 65% of the internet's one zettabyte of global traffic uses SSL/TLS encryption -- but Slashdot reader River Tam shares an article recalling last August when 910 million web browsers were potentially exposed to malware hidden in a Yahoo ad that was hidden from firewalls by SSL/TLS encryption: When victims don't have the right protection measures in place, attackers can cipher command and control communications and malicious code to evade intrusion prevention systems and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware as it can pass through firewalls and into organizations' networks undetected if the right safeguards aren't in place. As SSL/TLS usage grows, the appeal of this threat vector for hackers too increases.
Companies can stop SSL/TLS attacks, however most don't have their existing security features properly enabled to do so. Legacy network security solutions typically don't have the features needed to inspect SSL/TLS-encrypted traffic. The ones that do, often suffer from such extreme performance issues when inspecting traffic, that most companies with legacy solutions abandon SSL/TLS inspection. -
Internal 'Set Of Blunders' Crashed Australia's Census Site (cso.com.au)
Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.
In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site... -
Internal 'Set Of Blunders' Crashed Australia's Census Site (cso.com.au)
Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.
In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site... -
Internal 'Set Of Blunders' Crashed Australia's Census Site (cso.com.au)
Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.
In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site... -
Chrome 43 Should Help Batten Down HTTPS Sites
River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can't or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an 'mixed-content warning' in the form of a yellow triangle over the padlock. -
NJ School District Hit With Ransomware-For-Bitcoins Scheme
An anonymous reader sends news that unidentified hackers are demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way. -
Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware
First time accepted submitter River Tam writes Cybercriminals behind the TorrenLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections worldwide, of which over 9,000 were from Australia. If you're a Windows user in Australia who's had their files encrypted by hackers after visiting a bogus Australia Post website, chances are you were infected by TorrentLocker and may have contributed to the tens of thousands of dollars likely to have come from Australia due to this digital shakedown racket. -
FBI: Wiper Malware Has Korean Language Packs, Hard Coded Targets
chicksdaddy sends news that the FBI has issued a warning to U.S. businesses over a "destructive" malware campaign using advanced tools. They don't name specific targets, but the information fits with the details from last week's attack on Sony Pictures, which led to the leak of several unreleased movies. A copy of the FBI's recent five-page FLASH alert reveals that the malware alleged to have wiped out systems at Sony Pictures Entertainment deployed a number of malicious modules, including a version of a commercial disk wiping tool on target systems. Samples of the malware obtained by the FBI were also found to contain configuration files created on systems configured with Korean language packs. The use of Korean could strengthen theories that the destructive cyber attacks have links to North Korea, though it is hardly conclusive. It does appear that the attack was targeted at a specific organization. The malware analyzed by the FBI contained a hard coded list of IP addresses and computer host names. -
Synolocker 0-Day Ransomware Puts NAS Files At Risk
Deathlizard (115856) writes "Have a Synology NAS? Is it accessible to the internet? If it is, You might want to take it offline for a while. Synolocker is a 0-day ransomware that once installed, will encrypt all of the NAS's files and hold them for ransom just like Cryptolocker does for windows PC's. The Virus is currently exploiting an unknown vulnerability to spread. Synology is investigating the issue." -
Large DDoS Attack Brings WordPress Pingback Abuse Back Into Spotlight
angry tapir writes "Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri. The attack involved over 162,000 legitimate WordPress websites being forced to send hundreds of requests per second to a popular WordPress site, preventing access to it for many hours. The attack exploited an issue with the XML-RPC (XML remote procedure call) implementation in WordPress that's used for features like pingback, trackback, remote access from mobile devices and others, and brought back into the spotlight the denial-of-service risks associated with this functionality that have been known since 2007." -
Microsoft Researchers Slash Skype Fraud By 68%
mask.of.sanity writes "Life could become more difficult for fraudsters on Skype thanks to new research by Microsoft boffins that promises to cut down on fake accounts across the platform. The research (PDF) combined information from diverse sources including a user's profile, activities, and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection. The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate." -
Groups Accuse EU Parliament of "Caving In" To Pressure From Business and US
angry tapir writes "The European Parliament's industry committee has approved more than 900 amendments to proposed new data protection laws. Civil liberties groups and consumer organizations were quick to accuse members of the Parliament (MEPs) of caving in to pressure from big business and the U.S. 'The Conservative and Liberal parties in the Parliament have voted against the interests of European consumers, who expect MEPs to ensure existing E.U. data protection standards are not diluted,' said Monique Goyens, director general of the European consumer organization, BEUC." -
Google Security Engineer Issues Sophos Warning
angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)"