Slashdot Mirror

← Back to Domains

Domain: csoonline.com

Stories and comments across the archive that link to csoonline.com.

Stories · 202

  1. Cisco Patches Serious Flaws In Cable Modems and Home Gateways (csoonline.com)

    Hardware · Bug · · posted by timothy · from the way-better-than-not-fixing dept. · 22 comments
    itwbennett writes: Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices that are distributed by some ISPs to their customers, and said in an advisory that customers should contact their service providers to ensure they have the patches. The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication. And the Web-based administration interfaces of the Cisco DPC3941 Wireless Residential Gateway with Digital Voice and Cisco DPC3939B Wireless Residential Voice Gateway are affected by a vulnerability that could lead to information disclosure. In addition, the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA is affected by a separate vulnerability, also triggered by malicious HTTP requests, that could lead to a denial-of-service condition.

  2. Home Depot Will Pay Up To $19.5 Million For Massive 2014 Data Breach (csoonline.com)

    Yro · Business · · posted by timothy · from the thanks-for-the-new-credit-card-again-and-again dept. · 66 comments
    itwbennett writes: In remedy for the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services. And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer.

  3. Seagate Hit By Targeted Phishing Attacks Seeking W2 Data (csoonline.com)

    Yro · Crime · · posted by timothy · from the tax-system-downsides-part-43276543-subsection-(b) dept. · 26 comments
    itwbennett writes: You can add Seagate to the growing list (now up to 7) of companies hit by malware seeking W2 data on employees. As reported on Slashdot, Snapchat disclosed the last weekend of February that someone had posed as the company's CEO and received payroll data on 700 employees. The other companies hit by similar phishing scams so far are Central Concrete Supply Co., Mercy Housing Inc., Magnolia Health Corporation, BrightView, and Polycom. Seagate learned of the incident on March 1, and the story was broken by Brian Krebs after a former employee received a notice and reached out to him.

  4. New Ransomware-as-a-Service Speaks To Victims (csoonline.com)

    Yro · Crime · · posted by timothy · from the gps-was-bad-enough dept. · 40 comments
    itwbennett writes: Cerber, a new file-encrypting ransom ware, has a couple of interesting features. First, according to cyber intelligence outfit SenseCy, it is available for sale 'as a service' on a private Russian-language forum, which makes it 'available to low-level criminals who might not have the coding skills or resources to create their own ransom ware,' writes Lucian Constantin. Second, one of the 3 files it drops on a victim's desktop is a VBS (Visual Basic Scripting) file containing text-to-speech code that converts text into an audio message. 'When the above script is executed, your computer will speak a message stating that your computer's files were encrypted and will repeat itself numerous times,' said Lawrence Abrams, administrator of the technical support forum BleepingComputer.com, in a blog post.

  5. Cisco Issues Patch For Nexus Switches To Remove Hardcoded Credentials (csoonline.com)

    News · Bug · · posted by BeauHD · from the where's-the-remote dept. · 36 comments
    itwbennett writes: Cisco Systems has released critical software updates for its Nexus 3000 and 3500 switches to remove a default administrative account with static credentials that could allow remote attackers access to a bash shell with root privileges, meaning that they can fully control the device. The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory. The affected devices are: Cisco Nexus 3000 Series switches running NX-OS 6.0(2)U6(1), 6.0(2)U6(2), 6.0(2)U6(3), 6.0(2)U6(4) and 6.0(2)U6(5) and Cisco Nexus 3500 Platform switches running NX-OS 6.0(2)A6(2), 6.0(2)A6(3), 6.0(2)A6(4), 6.0(2)A6(5) and 6.0(2)A7(1).

  6. FREAK, Logjam, DROWN All a Result of Weaknesses Demanded By US Gov't (csoonline.com)

    It · Security · · posted by timothy · from the home-to-roost dept. · 70 comments
    itwbennett writes: You need look no further than the FREAK and Logjam attacks in 2015 and the DROWN attack announced just this week to get a sense of 'the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today,' writes Lucian Constantin. But this isn't a new problem. 'One approach [the government] used throughout the 1990s [to keep encryption under its control] was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications,' says Constantin. 'This gave birth to so-called 'export-grade' encryption algorithms that have been integrated into cryptographic libraries and have survived to this day.'

  7. FBI Should Try To Unlock iPhone Without Apple's Help, Lawmaker Says (csoonline.com)

    Apple · Crime · · posted by timothy · from the seems-reasonable dept. · 254 comments
    itwbennett writes: Representative Darrell Issa, a California Republican and former car-alarm entrepreneur, has suggested that the FBI try unlocking mass shooter Syed Rizwan Farook by copying the hard drive and running password attempts until they find the correct password. Bruce Sewell, Apple's senior vice president and general counsel, said during a congressional hearing that, although the company doesn't know the condition of the shooter's iPhone, Issa's approach may work.

  8. Security Talent Shortage Hits Cybercrime Groups, Too (csoonline.com)

    News · Crime · · posted by BeauHD · from the minimum-wage dept. · 40 comments
    itwbennett writes: A report released today by Digital Shadows finds that cybercrime organizations "face many of the same hiring problems as defending security organizations, but with their own particular twists," writes Maria Korolov. In particular, the groups are finding a shortage of qualified candidates for jobs such as malware writers, exploit developers, bot net operators, and mules. But, unlike legitimate organizations, "cybercriminals are limited in their ability to properly vet new hires, to widely advertise for needed talent, and to find people who are both trustworthy and are willing to break the law," writes Korolov. One thing the criminals have in common with defending organizations: entry-level skills are the easiest to find. This is one reason why many attackers use simple tools and attack methods.

  9. Attackers Can Turn Microsoft's Exploit Defense Tool EMET Against Itself (csoonline.com)

    Tech · Microsoft · · posted by timothy · from the friends-like-these dept. · 40 comments
    itwbennett writes: FireEye researchers have found a way for exploits to trigger a specific function in EMET that disables all protections it enforces for other applications. The researchers believe that their new technique, which essentially uses EMET against itself, is more reliable and easier to use than any previously published bypasses. It works against all supported versions of EMET — 5.0, 5.1 and 5.2 — but Microsoft patched the issue in EMET 5.5, which was released on Feb. 2. So if you haven't upgraded yet, now would be a good time to do it. For more about how the technique works, read FireEye's blog post.

  10. Database Error Exposes Sensitive Information On 1,700 Kids (csoonline.com)

    Yro · Privacy · · posted by timothy · from the u-really-know-kids dept. · 62 comments
    itwbennett writes: Researcher Chris Vickery discovered that the Arlington, Virginia based child monitoring service uKnowKids.com had a misconfigured MongoDB installation that left sensitive details on over 1,700 children exposed for months. UKnowKids helps parents monitor their child's activities online, by watching their mobile communications, social media activities, and their location. And so the database stored 6.8 million private text messages, 1.8 million images (many depicting children), Facebook, Twitter, and Instagram account details, in addition to the children's full names, email addresses, GPS coordinates, date of birth.

  11. What Happens When Google Doc Credentials Are Leaked On the Dark Web? (csoonline.com)

    It · Security · · posted by timothy · from the nothin'-good dept. · 27 comments
    itwbennett writes: It only takes one day of online credentials being available on the Dark Web before login attempts will start, according to security company Bitglass, which set up a simulation using fake credentials for a Google Drive account, complete with real credit card details, fake corporate data and personal data, according to Bitglass' report. Bitglass said there were three attempted logins to Google Drive in the first day and five attempted logins to the fake bank site. Within two days, files were downloaded from the Google Drive account.

  12. Hard-Coded Password Exposes Video Surveillance DVRs To Hacking (csoonline.com)

    It · Security · · posted by yaelk · from the hackers dept. · 41 comments
    itwbennett writes: Security researchers from vulnerability intelligence firm Risk Based Security (RBS) have found that DVRs from RaySharp and six other vendors have a basic vulnerability: They accept a hard-coded, unchangeable password for the root account. "RaySharp DVR devices provide a Web-based interface through which users can view camera feeds, manage recording and system settings and use the pan-tilt-zoom (PTZ) controls of connected surveillance cameras. Gaining access to this management interface would provide an attacker with full control over the surveillance system," writes Lucian Constantin. RaySharp claims on its website that it ships over 60,000 DVRs globally every month, but the Chinese company also creates digital video recorders and firmware for other companies. The RBS researchers confirmed that at least some of the DVR products from König, Swann Communications, COP-USA, KGUARD Security, Defender (a brand of Circus World Displays) and LOREX Technology, a division of FLIR Systems, contain the same hard-coded root password.

  13. Malware Targets All Android Phones — Except Those In Russia (csoonline.com)

    Mobile · Android · · posted by timothy · from the talk-about-localization dept. · 78 comments
    itwbennett writes: MazarBOT, a malware program that can take full control of Android phones, appears to be targeting online bank accounts. The malware has been seen advertised on Russian underground forums in the last few months and surfaced over the weekend. '[On] Friday, a swarm of SMSs were sent to random phone numbers in Denmark and likely elsewhere. The content of the SMS had the purpose of luring the recipient into clicking the provided link, which would serve up a malicious APK,' wrote Peter Kruse, an IT security expert and founder of CSIS Security Group. One interesting feature: 'MazarBOT will stop installing itself if it detects an Android device that is running within Russia,' writes Jeremy Kirk.

  14. Hackers of Ukrainian Utilities Probably Hit Mining and Railroad Targets, Too (csoonline.com)

    It · Crime · · posted by timothy · from the while-they-were-in-the-neighborhood dept. · 21 comments
    itwbennett writes: Trend Micro said Thursday that its latest technical research shows that the same malware — dubbed BlackEnergy and KillDisk — were likely used in attacks on a mining company and a railway operator that preceded the devastating power-company hacks and that those earlier attacks may have been test runs. 'The malware used in the attacks, known as Black Energy, has been linked by the security firm iSight Partners to a group nicknamed the Sandworm Team, which is suspected to be from Russia,' writes Jeremy Kirk.

  15. Hackers of Ukrainian Utilities Probably Hit Mining and Railroad Targets, Too (csoonline.com)

    It · Crime · · posted by timothy · from the while-they-were-in-the-neighborhood dept. · 21 comments
    itwbennett writes: Trend Micro said Thursday that its latest technical research shows that the same malware — dubbed BlackEnergy and KillDisk — were likely used in attacks on a mining company and a railway operator that preceded the devastating power-company hacks and that those earlier attacks may have been test runs. 'The malware used in the attacks, known as Black Energy, has been linked by the security firm iSight Partners to a group nicknamed the Sandworm Team, which is suspected to be from Russia,' writes Jeremy Kirk.

  16. Cisco ASA Firewall Has a Wormable Problem — And a Million Installs (csoonline.com)

    It · Security · · posted by timothy · from the that's-web-scale dept. · 78 comments
    itwbennett writes: Cisco has published an advisory for a vulnerability with a CVSS (Common Vulnerability Scoring System) score of 10 that was discovered by researchers from Exodus Intelligence. According to the advisory, 'a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.' As CSO's Dave Lewis points out, 'the part of this that is most pressing is that Cisco claims that there are over a million of these deployed.'
    And attackers have not been sitting on their thumbs.

  17. Identity Thieves Obtain 100,000 Electronic Filing PINs From IRS System (csoonline.com)

    Yro · Government · · posted by yaelk · from the identity-theft dept. · 107 comments
    itwbennett writes: In January attackers targeted an IRS Web application in an attempt to obtain E-file PINs corresponding to 464,000 previously stolen social security numbers (SSNs) and other taxpayer data. The automated bot was blocked by the IRS after obtaining 100,000 PINs. The IRS said in a statement Tuesday that the SSNs were not stolen from the agency and that the agency would be notifying affected taxpayers.

  18. Hearthstone Cheats and Tools Spiked With Malware (csoonline.com)

    Games · Crime · · posted by timothy · from the honor-among-etc dept. · 42 comments
    itwbennett writes: Cheating at the online card game Hearthstone (which is based on Blizzard's World of Warcraft) can get you banned from the game, but now it also puts you at risk of 'financial losses and system ruin,' writes CSO's Steve Ragan. Symantec is warning Hearthstone players about add-on tools and cheat scripts that are spiked with malware. 'In one example, Hearth Buddy, a tool that allows bots to play the game instead of a human player (which is supposed to help with rank earnings and gold earning) compromises the entire system,' says Ragan. 'Another example, are the dust and gold hacking tools (Hearthstone Hack Tool), which install malware that targets Bitcoin wallets.'

  19. Java Installer Flaw Shows Why You Should Clear Your Downloads Folder (csoonline.com)

    Developers · Oracle · · posted by timothy · from the keepin'-it-tidy dept. · 64 comments
    itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

  20. Hackers Leak DHS Staff Directory, Claim FBI Is Next (csoonline.com)

    Yro · Security · · posted by timothy · from the soon-we'll-leak-your-mailing-address dept. · 81 comments
    itwbennett writes: On Sunday, the name, title, email address, and phone number of more than 9,000 DHS employees, with titles ranging from engineers, to security specialists, program analysts, InfoSec and IT, all the way up to director level was posted on Twitter. 'The account went on to claim that an additional data dump focused on 20,000 FBI employees was next,' writes CSO's Steve Ragan. The hacker told Motherboard that the data was obtained by "compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place."

  21. Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com)

    It · Security · · posted by timothy · from the embedded-evil dept. · 43 comments
    itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.

  22. Anti-Malware Maker Files Lawsuit Over Bad Review (csoonline.com)

    Yro · Security · · posted by timothy · from the hearts-and-minds dept. · 163 comments
    itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.

  23. Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com)

    Yro · Crime · · posted by timothy · from the short-attention-span dept. · 84 comments
    itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.

  24. Cisco Patches Authentication, Denial-of-Service, NTP Flaws In Many Products (csoonline.com)

    It · Security · · posted by timothy · from the work-never-ends dept. · 33 comments
    itwbennett writes: Cisco Systems has released a new batch of security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

  25. What Happened To Norse Corp.? Threat Intelligence Vendor Disappears (csoonline.com)

    It · Security · · posted by timothy · from the black-sails-in-the-sunset dept. · 59 comments
    itwbennett writes: Over the weekend, Brian Krebs reported that Sam Glines, CEO of threat intelligence vendor Norse Corp., was asked to step down by the board of directors and employees were told that they could report to work on Monday, but that there was no guarantee they'd be paid for their work. 'Less than a day after Krebs published his article, Norse Corp.'s website was offline, and attempts to email the company failed,' writes CSO's Steve Ragan. 'The ever-popular Norse attack map was online for some of the weekend, but that too had gone dark by Sunday evening.' In the aftermath of the company's disappearance, the topic of flawed data and assumptions once again resurfaced in a blog post written by ICS expert, Robert M. Lee.

  26. iOS App Update Technique Puts Users At Risk (csoonline.com)

    Apple · Ios · · posted by timothy · from the key-under-the-doormat dept. · 67 comments
    itwbennett writes: An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through Apple's normal review process, potentially opening the door to abuse and security risks for users. An implementation of this technique, which is a variation of hot patching, comes from an open-source project called JSPatch. After adding the JSPatch engine to their application, developers can configure the app to always load JavaScript code from a remote server they control. This code is then interpreted by the JSPatch engine and converted into Objective-C. 'JSPatch is a boon to iOS developers,' security researchers from FireEye said in a blog post. 'In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes.'

  27. Attackers Use Microsoft Office To Push BlackEnergy Malware (csoonline.com)

    It · Security · · posted by timothy · from the but-most-office-machines-are-up-to-date dept. · 51 comments
    itwbennett writes: Researchers at SentinelOne reverse engineered the latest variant of the BlackEnergy 3 rootkit (the same malware used in recent attacks against Ukraine's critical infrastructure) and found indicators that suggest it is being used by insiders and that it is the byproduct of a nation-sponsored campaign. 'BlackEnergy 3 exploits an Office 2013 vulnerability that was patched some time ago, so it only works if the target machine isn't patched or an employee (either deliberately or after being tricked into it) executes the malicious Excel document,' writes CSO's Steve Ragan.

  28. Congress Gives Federal Agencies Two Weeks To Tally Backdoored Juniper Kit (csoonline.com)

    · posted by ryuzaki0 · from the get-it-fixed dept. · 77 comments
    itwbennett writes: In an effort to gauge the impact of the recent Juniper ScreenOS backdoors on government organizations, the House of Representatives is questioning around two dozen U.S. government departments and federal agencies. The U.S. House of Representatives' Committee on Oversight and Government Reform sent letters to the agencies on Jan. 21, asking them to identify whether they used devices running the affected ScreenOS versions, to explain how they learned about the issues and whether they took any corrective actions before Juniper released patches and to specify when they applied the company's patches. The questioned organizations have until Feb. 4 to respond and deliver the appropriate documents, a very tight time frame giving that 'the time period covered by this request is from January 1, 2009 to the present.'

  29. Israel's Electric Grid Targeted By Malware, Energy Minister Says (timesofisrael.com)

    Hardware · Power · · posted by Soulskill · from the hope-you-got-that-security-thing-figure-out dept. · 37 comments
    itwbennett writes: While many are still debating how much risk there is of a catastrophic cyber attack on power grid and other critical infrastructure, Israel's Minister of Infrastructure, Energy and Water, Yuval Steinitz has good reason for warning 'of the sensitivity of infrastructure to cyber-attacks, and the importance of preparing ourselves in order to defend ourselves against such attacks.' On Tuesday Steinitz told attendees at CyberTech 2016 that the country's Public Utility Authority had been targeted by malware just one day earlier, and that some systems were still not working properly. Not long after news of the attack started to spread, Robert M. Lee, the CEO of Dragos Security, published his thoughts on the matter over on the SANS ICS blog.

  30. Exposed HP LaserJet Printers Offer Anonymous FTP To the Public (csoonline.com)

    Tech · Hp · · posted by timothy · from the so-it's-a-public-service dept. · 74 comments
    itwbennett writes: In a blog post on Monday, security researcher Chris Vickery outlined the risks associated with networked HP LaserJet printers, which have been made available to the public by the organizations hosting them. 'There are a few free, open source pieces of software that can be used to upload and interact with HP printer hard drives over port 9100. After uploading to a printer, the file can be accessed by ... any web browser... It doesn't take much creativity to realize that even highly illegal materials could be stored this way,' Vickery wrote. CSO's Steve Ragan picked up the thread: A quick search on Shodan to confirm Vickery's findings returned thousands of results.

  31. FortiGuard SSH Backdoor Found In More Fortinet Security Appliances (fortinet.com)

    It · Security · · posted by Soulskill · from the no-customer-service-reps-involved dept. · 41 comments
    itwbennett writes: Earlier this month, an SSH backdoor was identified in Fortinet firewall appliances. Last week, the company said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Now, it has found that the same issue also exists in some versions of FortiSwitch, FortiAnalyzer and FortiCache. They said, "In accordance with responsible disclosure, today we have issued a security advisory that provides a software update that eliminates this vulnerability in these products. This update also covers the legacy and end-of-life products listed above. We are actively working with customers and strongly recommend that all customers using [those] products update their systems with the highest priority."

  32. IoT Security Is So Bad, There's a Search Engine For Sleeping Kids (arstechnica.com)

    Search · Communications · · posted by timothy · from the what-about-for-active-coffee-makers? dept. · 127 comments
    An anonymous reader writes: Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams. The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. While IoT manufacturers are to blame, this also highlights the creepy stuff you can do with Shodan these days. At the start of January, Check Point recommended companies to block Shodan's crawlers. The infosec community came to defend Shodan, and even its founder said that Shodan is uselessly branded as a tool of evil, saying that attackers have their own scanning tools.

  33. At How Much Risk Is the US's Critical Infrastructure? (csoonline.com)

    Hardware · Power · · posted by Soulskill · from the somewhere-between-a-little-and-a-lot dept. · 162 comments
    itwbennett writes: There is growing evidence that intrusions into the power grid and other critical infrastructure by hostile foreign nation states are real and happening. But there's "much less agreement over how much of a threat hackers are," writes Taylor Armerding. "On one side are those – some of them top government officials – who have warned that a cyber attack on the nation's critical infrastructure could be catastrophic,"writes Armerding. Others are crying FUD, including C. Thomas, a strategist at Tenable Network Security, who got some attention when he argued in an op-ed that the biggest threat to the U.S. power grid not a skilled hacker, but squirrels, are crying FUD. Who has it right? Agreement seems to coalesce around two points: 1) the cyber security of industrial control systems remains notoriously weak and 2) hostile hackers will improve their skills over time. So, while we haven't reached "catastrophe" yet, a properly motivated terrorist group could become a cyber threat.

  34. At How Much Risk Is the US's Critical Infrastructure? (csoonline.com)

    Hardware · Power · · posted by Soulskill · from the somewhere-between-a-little-and-a-lot dept. · 162 comments
    itwbennett writes: There is growing evidence that intrusions into the power grid and other critical infrastructure by hostile foreign nation states are real and happening. But there's "much less agreement over how much of a threat hackers are," writes Taylor Armerding. "On one side are those – some of them top government officials – who have warned that a cyber attack on the nation's critical infrastructure could be catastrophic,"writes Armerding. Others are crying FUD, including C. Thomas, a strategist at Tenable Network Security, who got some attention when he argued in an op-ed that the biggest threat to the U.S. power grid not a skilled hacker, but squirrels, are crying FUD. Who has it right? Agreement seems to coalesce around two points: 1) the cyber security of industrial control systems remains notoriously weak and 2) hostile hackers will improve their skills over time. So, while we haven't reached "catastrophe" yet, a properly motivated terrorist group could become a cyber threat.

  35. Google Fixes Zero-Day Kernel Flaw, Says Effect on Android Not Really That Bad (csoonline.com)

    Tech · Google_Fb · · posted by samzenpus · from the protect-ya-neck dept. · 132 comments
    itwbennett writes: Google has developed a patch for Android in response to a flaw in the Linux kernel and has shared it with device manufacturers. That doesn't mean the patch will hit users' phones right away, though. It might take weeks. But that's ok, says Google, because most Android devices are unlikely to run vulnerable kernel versions, and those that do are protected by SELinux.

  36. Serious Flaw Patched In Intel Driver Update Utility (csoonline.com)

    It · Intel · · posted by samzenpus · from the problem-protein dept. · 34 comments
    itwbennett writes: The flaw in a utility that helps users download the latest drivers for their Intel hardware components stems from the tool using unencrypted HTTP connections to check for driver updates. It was discovered by researchers from Core Security and was reported to Intel in November. The Core Security researchers found that the utility was checking for new driver versions by downloading XML files from Intel's website over HTTP. These files included the IDs of hardware components, the latest driver versions available for them and the corresponding download URLs. Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.

  37. Advantech Industrial Serial-To-Internet Gateways Left Wide Open (rapid7.com)

    It · Networking · · posted by Soulskill · from the to-fix-a-backdoor-simply-open-it-so-everyone-can-use-it dept. · 35 comments
    itwbennett writes: Researchers from Rapid7 have discovered a vulnerability in serial-to-IP gateway devices from Advantech that would allow the Internet-connected industrial devices to be accessible to anyone, with no password. In October, the Taiwanese firm patched the firmware in some of these devices to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers. But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.

  38. Apple's Gatekeeper Still Broken (csoonline.com)

    Apple · Security · · posted by Soulskill · from the to-remain-safe,-apple-recommends-not-being-attacked dept. · 80 comments
    itwbennett writes: This weekend, Apple security expert Patrick Wardle will detail a vulnerability in Apple's Gatekeeper that makes it possible to bypass the anti-malware defense. This is the same vulnerability that was disclosed last April, which Apple said it patched later. Wardle was able to easily bypass Apple's fixes. He says "all Apple did was blacklist the signed apps he was abusing, but didn't fix the underlying issue, which is that, essentially, Gatekeeper functions as a guard that doesn't check" software already on the whitelist.

  39. Android Banking Malware SlemBunk Part of Well-Organized Campaign (fireeye.com)

    Yro · Android · · posted by samzenpus · from the protect-ya-neck dept. · 35 comments
    itwbennett writes: Researchers from FireEye first documented the SlemBunk Android Trojan that targets mobile banking users in December. Once installed, it starts monitoring the processes running on the device and when it detects that a mobile banking app is launched, it displays a fake user interface on top of it to trick users into inputting their credentials. The Trojan can spoof the user interfaces of apps from at least 31 banks from across the world and two mobile payment service providers. The attack is more complicated than it appears at first glance, because the APK (Android application package) that users first download does not contain any malicious functionality, making it hard for antivirus apps and even Android's built-in app scanner to detect it.

  40. New Remote Access Trojan Used In Cyberespionage Operations (csoonline.com)

    It · Security · · posted by samzenpus · from the protect-ya-neck dept. · 18 comments
    itwbennett writes: Researchers from Arbor Networks have discovered a new remote access Trojan, dubbed Trochilus, whose detection rate was very low among antivirus products. The malware was discovered while the researchers were investigating attacks in Myanmar that were launched from compromised government websites. While the Myanmar attacks provided initial insights into the group's operations, additional research revealed that the hackers' activities extend beyond that country.

  41. Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords (csoonline.com)

    It · Security · · posted by Soulskill · from the of-barn-doors-and-horses dept. · 62 comments
    itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow "anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction." The password manager in Trend's antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months.

  42. Ukraine Power Station Outage -- Enabled By Malware, But Not Caused By Malware (sans.org)

    Hardware · Power · · posted by Soulskill · from the splitting-malhairs dept. · 35 comments
    itwbennett writes: A new study of a recent cyberattack against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers. While malware was used to gain access to networks, the attackers then opened circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team. The attackers used direct intervention to try to mask their actions to the power systems operators and also conducted denial-of-service attacks on the utilities' phone systems to block complaints from affected customers, SANS said.

  43. Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

    It · Security · · posted by timothy · from the good-austin-powers-subplot dept. · 74 comments
    itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

  44. Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

    It · Security · · posted by timothy · from the good-austin-powers-subplot dept. · 74 comments
    itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

  45. Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

    It · Security · · posted by timothy · from the good-austin-powers-subplot dept. · 74 comments
    itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

  46. Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

    It · Security · · posted by timothy · from the good-austin-powers-subplot dept. · 74 comments
    itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

  47. Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

    It · Security · · posted by timothy · from the good-austin-powers-subplot dept. · 74 comments
    itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

  48. Uber To Pay $20,000 In Settlement On Privacy Issues (csoonline.com)

    Yro · Privacy · · posted by samzenpus · from the sorry-take-some-money dept. · 17 comments
    itwbennett writes: Uber has agreed to pay a penalty of $20,000 in a settlement with New York Attorney General Eric T. Schneiderman for delaying telling drivers about the data breach of their personal information in 2014. The company has also agreed to tighten employee access to geo-location data of passengers, following reports that the company's executives had an aerial 'God View' of such data, the office of the attorney general said in a statement Wednesday.

  49. Time Warner Cable Warns 320,000 Customers of Possible Compromise (csoonline.com)

    Yro · Business · · posted by timothy · from the watch-your-email dept. · 35 comments
    itwbennett writes: Time Warner Cable said on Wednesday that up to 320,000 customers have had their accounts compromised. 'We have not yet determined how the information was obtained, but there are no indications that TWC's systems were breached,' said Eric Mangan, public relations director for Time Warner Cable. 'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.' If this breach is like many others, expect that number of affected customers to grow, too.

  50. Malvertising Campaign Used a Free Certificate From Let's Encrypt (csoonline.com)

    Yro · Advertising · · posted by timothy · from the oh-do-let's dept. · 123 comments
    itwbennett writes: On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers. The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend. The subdomain used an SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate issued by Let's Encrypt, the first large-scale project to issue free digital certificates. which is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, the Electronic Frontier Foundation, Cisco, and Akamai, among others. The incident has sparked disagreement over how to deal with such abuse, writes Jeremy Kirk.