Slashdot Mirror

Orome1 quotes a report from Help Net Security: The U.S. Customs and Border Protection agency has submitted a request to the Office of Management and Budget, asking for permission to collect travelers social media account names as they enter the country. The CBP, which is part of the U.S. Department of Homeland Security, proposes that the request "Please enter information associated with your online presence -- Provider/Platform -- Social media identifier" be added to the Electronic System for Travel Authorization (ESTA) and to the CBP Form I-94W (Nonimmigrant Visa Waiver Arrival/Departure). "It will be an optional field to request social media identifiers to be used for vetting purposes, as well as applicant contact information," the CBP noted. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case." The public and affected agencies are asked to comment on the request within 60 days of its publication. Commenters are asked to send their comments to this address.

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.
The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."

Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.

Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.

Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.

Orome1 quotes a report from Help Net Security: Red Hat launched Ansible Container under the Ansible project, which provides a simple, powerful, and agent-less open source IT automation framework. Available now as a technology preview, Ansible Container allows for the complete creation of Docker-formatted Linux containers within Ansible Playbooks, eliminating the need to use external tools like Dockerfile or docker-compose. Ansible's modular code base, combined with ease of contribution, and a community of contributors in GitHub, enables the powerful IT automation platform to manage today's infrastructure, but also adapt to new IT needs and DevOps workflows. Help Net Security reports: "The automated container creation and deployment offered by Ansible factor into Red Hat's existing container infrastructure stack, which now includes: A stable, container-centric operating system in Red Hat Enterprise Linux Atomic Host; An enterprise-grade, Kubernetes- and Docker-native container application platform through Red Hat OpenShift and the recently announced next-generation OpenShift Online public cloud service; Infrastructure management, automation and monitoring across hybrid environments with Red Hat CloudForms, Red Hat insights, Red Hat Satellite and Ansible Tower by Red Hat; Massively-scalable private and hybrid cloud architecture for large-scale container deployment through Red Hat OpenStack Platform and Red Hat Cloud Suite, which also includes Red Hat OpenShift."

This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security."

But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?

Reader Orome1 writes: The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to a report by Ponemon Institute. Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record -- a full $100 more than in 2013.

Reader LichtSpektren writes: Symantec will acquire Blue Coat for approximately $4.65 billion in cash, the security firm announced on Monday. The transaction has been approved by the boards of directors of both companies and is expected to close in the third calendar quarter of 2016. Greg Clark, CEO of Blue Coat, will be appointed CEO of Symantec and join the Symantec Board upon closing of the transaction.If Blue Coat name sounds familiar to you, it is because this controversial surveillance firm was recently in the news for receiving a grant for a powerful encryption certificate by its now-parent company Symantec.

Orome1 quotes a report from HelpNetSecurity: Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors. The technique, dubbed TeLeScope, has been developed for research purposes and proves that a third-party can eavesdrop on communications encrypted with the Transport Layer Security (TLS) protocol between an end-user and a virtualized instance of a server.
Bitdefender says the new technique "works to detect the creation of TLS session keys in memory as the virtual machine is running." According to HelpNetSecurity, this vulnerability "makes it possible for a malicious cloud provider, or one pressured into giving access to three-letter agencies, to recover the TLS keys used to encrypt every communication session between virtualized servers and customers. CIOs who are outsourcing their virtualized infrastructure to a third-party vendor should assume that all of the information flowing between the business and its customers has been decrypted and read for an undetermined amount of time."

Reader Orome1 writes: The Mozilla Foundation has set up the Secure Open Source (SOS) Fund, whose aim is to help open source software projects get rid their code of vulnerabilities. Projects that want Mozilla's help must be open source/free software and must be actively maintained, but they have a much better probability to being chosen if their software is commonly used and is vital to the continued functioning of the Internet or the Web. Three open source projects -- PCRE, libjpeg-turbo, and phpMyAdmin -- have already gone through the process, and the result was removal of 43 vulnerabilities (including one critical).

Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.

An anonymous reader writes: Check Point's security research team has discovered vulnerabilities in Facebook's standard online Chat function, as well as Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences. To exploit the vulnerability, an attacker simply needed to identify the unique ID for the sent message he or she is targeting.According to the report, Facebook, in conjunction with Check Point's researchers, patched the vulnerability earlier this month.

Reader Orome1 writes: Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app. After discovering the SSID and the pre-shared key, they connected to a static IP address within a network's subnet, and this allowed them to sniff the Wi-Fi connection and send messages to the car. Through these messages they were able to turn the car's lights, air conditioning and heating on and off, change the charging programme and, most importantly, to disable the car's anti-theft alarm.

An anonymous reader writes from a report on Help Net Security: Mozilla has asked a Washington State District Court to compel FBI investigators to provide details about a vulnerability in the Tor Browser hack with them, before they share it with the defendant in a lawsuit, so that they could fix it before the knowledge becomes public. The lawsuit in question is against Jay Michaud, a Vancouver (Wa.) teacher that stands accused of accessing and downloading child pornography from a website on the Dark Web. The FBI used a "network investigative technique" (NIT) to discover the IP address and identity of the defendant, which was only possible from a vulnerability in the Tor Browser. Why does Mozilla care to learn about the vulnerability? "The Tor Browser is partially based on our Firefox browser code. Some have speculated, including members of the defense team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser," Denelle Dixon-Thayer, Chief Legal and Business Officer at Mozilla Corporation, explained.

An anonymous reader writes: People who travel to Germany are often surprised at the lack of public, open Wi-Fi networks. That's because German law holds operators of public hotspots liable for everything their users do online, especially when these actions are against the law, and even if the operators weren't aware of them. The law doesn't apply to commercial operators, but does to private (think home WI-Fi's) and small operators (e.g. wireless networks set up by public establishments like coffee bars, shops, etc.). But, there's more than a good chance that this clause of the law will be repelled this year, and hopefully, open Wi-Fi networks in Germany will mushroom as a result.Copyright trolls, who make money by sending invoices to people claiming that their content has been infringed, will not be pleased.

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

Orome1 writes: Cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime. Low-level criminal attackers are even creating call center operations to increase the impact of their scams. "Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off," said Kevin Haley, director, Symantec Security Response. "We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams."

An anonymous reader writes: Cyber threat intelligence firm Intelliagg and dark net indexing company Darksum have released the results of their efforts to map the dark web (actually, only the Tor network). They discovered that Tor network is much smaller than commonly thought, and that around 68% of the sites analyzed can be classified as illegal under UK and US law. In related news, a recent poll found that the vast majority of people want a ban on the dark net.

An anonymous reader writes: You might remember HackingTeam from an epic data leak back in July 2015. Now, the Italian Ministry of Economical Progress has revoked HackingTeam's licence to export their Galileo remote control software abroad, two years before it would expire, on April 30, 2018. Until the situation changes, HackingTeam will have to ask express permission for every single commercial operation that involves the sale of their Galileo system abroad.

An anonymous reader writes: Security researchers have discovered 1,418 vulnerabilities in CareFusion's Pyxis SupplyStation system -- automated cabinets used to dispense medical supplies -- that are still being used in the healthcare and public health sectors in the US and around the world. The vulnerabilities can be exploited remotely by attackers with low skills, and exploits that target these vulnerabilities are publicly available. Things already seem to be getting out hand.

An anonymous reader writes: A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analyzing the electromagnetic radiation emanating from smartphones. Modern cryptographic software on mobile phones, implementing the ECDSA digital signature algorithm, may inadvertently expose its secret keys through physical side channels: electromagnetic radiation and power consumption which fluctuate in a way that depends on secret information during the cryptographic computation.

An anonymous reader writes: A test of seven OEM laptops running Windows has shown consistent privacy and security issues, including an interesting revelation that the McAfee Antivirus running on six of them is using web beacons to serve ads and possibly even track users online. The seven laptops – Lenovo Flex 3, Lenovo G50-80 (UK version), HP Envy, HP Stream x360 (Microsoft Signature Edition), HP Stream (UK version), Acer Aspire F15 (UK version), and Dell Inspiron 14 (Canada version) – have been tested by the security research team of Duo Security by simply sniffing the traffic sent from and to them once they have been taken out of the box, plugged in, and connected to a network.

An anonymous reader quotes an article on Help Net Security: In the last couple of days, visitors of a number of highly popular media outlets including the NY Times, the BBC, and Newsweek have been targeted with malicious adverts that attempted to install malware (mostly ransomware, but also various Trojans) on their systems. The websites themselves weren't compromised as the problem was with the ad networks these sites use -- Google, AppNexus, AOL, Rubicon. The ad networks were tricked into serving malicious ads to the visitors.

An anonymous reader writes: Google has once again upped the ante for bug hunters concentrating on Chrome, and is now offering $100,000 to anyone capable of achieving a compromise of a Chromebook or Chromebox (the desktop variant of the Chromebook laptop) with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page). From Google's Monday announcement: Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven't had a successful submission. That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.

An anonymous reader writes with a snippet from HelpNet Security about a technology that sounds promising down the road for consumer equipment, but may land a lot sooner than that in high-end applications where cooling is critical: Thousands of electrical components make up today's most sophisticated systems – and without innovative cooling techniques, those systems get hot. Lockheed Martin is working with DARPA on its ICECool-Applications research program that could ultimately lead to a lighter, faster and cheaper way to cool high-powered microchips – by cooling the chips with microscopic drops of water. This technology has applications in electronic warfare, radars, high-performance computers and data servers. The micro-cooler is only 250 microns thick, and 5 millimeters long by 2.5 millimeters wide.

An anonymous reader writes with a report at HelpNet Security that A vulnerability in "libotr," the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user's machine.

An anonymous reader writes: For the last 17 years, the American not-for-profit MITRE Corporation has been editing and maintaining the list of Common Vulnerabilities and Exposures (CVEs). According to a number of researchers, MITRE has lately been doing a lousy job when it comes to assigning these numbers, forcing researchers to do without them or to delay public disclosure of vulnerabilities indefinitely. The problem is getting worse by the day, and the situation has spurred Kurt Seifried, a "Red Hat Product Security Cloud guy" and a CVE Editorial Board member, to create a complementary system for numbering vulnerabilities.

Orome1 writes: NEC is developing a new biometric personal identification technology that uses the resonation of sound determined by the shape of human ear cavities to distinguish individuals. The new technology instantaneously measures (within approximately one second) acoustic characteristics determined by the shape of the ear, which is unique for each person, using an earphone with a built-in microphone to collect earphone-generated sounds as they resonate within ear cavities.

An anonymous reader writes: Among the things one can find with Shodan, the search engine for the Internet of Things, are trucks, buses and delivery vans that have been equipped with the Telematics Gateway Unit device and a modem to connect to the Internet. What's more, security researcher Jose Carlos Norte says that this setup can be misused by malicious individuals to monitor and control these vehicles -- to discover their position, their speed, and so on, as well as to change some of those parameters, e.g. change the vehicle's route, or put up a geo-fence for it (he says he does not know what such a change would cause).

An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.

An anonymous reader writes: In a little over seven months, cybercriminals using click-jacking mobile malware to earn affiliate income have managed to push over 340 instances of the malware into Google Play. The "Porn Clicker," as ESET researchers have dubbed the threat, does not steal user information or download additional malware – it simply clicks on ads generated by the attackers' servers and shown on pornographic websites. The user is none the wiser, as the malicious app does so covertly.

An anonymous reader writes: The FTC is actively trying to make sure that companies secure the software and devices that they provide to consumers, and a settlement with Taiwan-based hardware maker ASUSTeK Computer is one step towards that goal. The complaint was raised after well-meaning hackers exploited a weakness on Asus routers and left note on victims' drives notifying them of the matter. Later, a researcher discovered an exploit campaign that abused vulnerabilities to change vulnerable routers' DNS servers. According to the settlement, the company will have to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

An anonymous reader writes: The FTC is actively trying to make sure that companies secure the software and devices that they provide to consumers, and a settlement with Taiwan-based hardware maker ASUSTeK Computer is one step towards that goal. The complaint was raised after well-meaning hackers exploited a weakness on Asus routers and left note on victims' drives notifying them of the matter. Later, a researcher discovered an exploit campaign that abused vulnerabilities to change vulnerable routers' DNS servers. According to the settlement, the company will have to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

An anonymous reader writes: The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called "federal Trojan"). In fact, it could end up being used as early as this week. The police will have to get a court order to use the spyware, and prove that the suspect is involved in a crime threatening citizens' "life, limb or liberty". The malware has been developed in-house, and has been available since autumn 2015. It is supposed to be used only for so-called telecommunication surveillance at the source, i.e. to read emails, chats and wiretap phone calls made by the target via his or her computer or smartphone, and not to access files, steal passwords, or set up video or audio surveillance via the device.

An anonymous reader writes: An app called "Happy Daily English", which has been offered for download via Apple's official App Store, has been revealed to be a fully functional third party App Store client for iOS, offering users in mainland China a way to install modified versions of iOS apps on non-jailbroken devices. Its discovery shows that there are new techniques that can be used to fool Apple reviewers into allowing potentially malicious apps into the App Store, that enterprise certificates can be easily abused, and that there are ways for bypassing Apple's prohibition of apps dynamically loading new code.

An anonymous reader writes: Why stop at asking ransom for encrypted files when you can also steal personal info, passwords, online banking credentials and credit card details, and sell it or use it to get even more money? Palo Alto researchers have recently analyzed Xbot, a Trojan that is capable of doing all the aforementioned things, and have found it mimicking 22 different Android apps.

Orome1 writes: A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, warns Sucuri researcher Denis Sinegubko. At the time, the Magento development team pushed out a patch (SUPEE-5344) but after two whole months, 98,000 online merchants still hadn't implemented it. This forced the team to send out email alerts directly to the users, urging them to apply the patch immediately. Obviously, even that was not enough. Attackers are still actively deploying malware that exploits the vulnerability to inject malicious code into the Magento core file.

Orome1 writes: A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, warns Sucuri researcher Denis Sinegubko. At the time, the Magento development team pushed out a patch (SUPEE-5344) but after two whole months, 98,000 online merchants still hadn't implemented it. This forced the team to send out email alerts directly to the users, urging them to apply the patch immediately. Obviously, even that was not enough. Attackers are still actively deploying malware that exploits the vulnerability to inject malicious code into the Magento core file.