Slashdot Mirror

← Back to Domains

Domain: securityweek.com

Stories and comments across the archive that link to securityweek.com.

Stories · 383

  1. Apple's iPhone Already Has a Backdoor

    Apple · Privacy · · posted by timothy · from the hidden-driveway-too dept. · 401 comments
    Nicola Hahn writes: As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple's CEO has publicly stated that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn't trustworthy. Something to consider in light of the government's ability to steal digital certificates and manipulate network traffic, not to mention the private sector's lengthy history of secret cooperation. Related: wiredmikey writes: Apple said Monday it would accept having a panel of experts consider access to encrypted devices if US authorities drop efforts to force it to help break into the iPhone of a California attacker. Apple reaffirmed its opposition to the US government's effort to compel it to provide technical assistance to the FBI investigation of the San Bernardino attacks, but also suggested a compromise in the highly charged legal battle.

    In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."

  2. Apple's iPhone Already Has a Backdoor

    Apple · Privacy · · posted by timothy · from the hidden-driveway-too dept. · 401 comments
    Nicola Hahn writes: As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple's CEO has publicly stated that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn't trustworthy. Something to consider in light of the government's ability to steal digital certificates and manipulate network traffic, not to mention the private sector's lengthy history of secret cooperation. Related: wiredmikey writes: Apple said Monday it would accept having a panel of experts consider access to encrypted devices if US authorities drop efforts to force it to help break into the iPhone of a California attacker. Apple reaffirmed its opposition to the US government's effort to compel it to provide technical assistance to the FBI investigation of the San Bernardino attacks, but also suggested a compromise in the highly charged legal battle.

    In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."

  3. Apple's iPhone Already Has a Backdoor

    Apple · Privacy · · posted by timothy · from the hidden-driveway-too dept. · 401 comments
    Nicola Hahn writes: As the Department of Justice exerts legal pressure on Apple in an effort to recover data from the iPhone used by Syed Rizwan Farook, Apple's CEO has publicly stated that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." But, as one Windows rootkit developer has observed, the existing functionality that the FBI seeks to leverage is itself a backdoor. Specifically, the ability to remotely update code on a device automatically, without user intervention, represents a fairly serious threat vector. Update features marketed as a safety mechanism can just as easily be wielded to subvert technology if the update source isn't trustworthy. Something to consider in light of the government's ability to steal digital certificates and manipulate network traffic, not to mention the private sector's lengthy history of secret cooperation. Related: wiredmikey writes: Apple said Monday it would accept having a panel of experts consider access to encrypted devices if US authorities drop efforts to force it to help break into the iPhone of a California attacker. Apple reaffirmed its opposition to the US government's effort to compel it to provide technical assistance to the FBI investigation of the San Bernardino attacks, but also suggested a compromise in the highly charged legal battle.

    In his first public remarks since Apple CEO Tim Cook said he would fight the federal magistrate's order, FBI Director James Comey claimed the Justice Department's request is is about "the victims and justice."

  4. Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com)

    It · Opensource · · posted by timothy · from the dark-side-wins-some-rounds dept. · 100 comments
    An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

  5. Metasploit Creator HD Moore To Launch Venture Fund (securityweek.com)

    It · Business · · posted by samzenpus · from the moving-on-down-the-road dept. · 18 comments
    wiredmikey writes: Well known security expert HD Moore announced that he is leaving Boston-based security firm Rapid7 to help launch a new venture capital firm focused on helping early-stage security firms get to market faster. Moore is the creator of the open source penetration testing framework Metasploit, which Rapid7 acquired in 2009. Moore says he will continue to work on Metasploit and will remain active in the community even after he leaves Rapid7 on January 29.

  6. Uncooperative Russian ISP Prevents Cisco From Shutting Down Cybercriminal Gang

    · posted by ryuzaki0 · from the money-is-involved dept. · 122 comments
    An anonymous reader writes: Cisco's Talos research team has managed to identify and partially shut down a cyber-criminal group that is using the RIG exploit kit to infect users with spambots via a malvertising campaign. Their investigation led them back to Russian ISP Eurobyte, who didn't bother answering critical emails and allowed the campaign to go on even today. In October 2015, Cisco's researchers also thwarted the activity of another group of cyber-criminals that made around $30 million from distributing ransomware.

  7. DoD Award To Recognize Drone Operators (securityweek.com)

    Tech · Military · · posted by samzenpus · from the here's-your-medal dept. · 144 comments
    wiredmikey writes: According to a Pentagon memo due out today, the US military will create a new way to recognize drone operators and other service members who contribute to America's fighting efforts from afar. The military is set to introduce a new "R" designation — known as a "device" — that can be attached to medals given to drone operators and other non-combat troops, such as cyber warriors who hack enemy networks. Former defense secretary Chuck Hagel nixed a proposed new combat medal for US troops who launch drone strikes or cyber attacks, after a torrent of criticism from veterans and lawmakers. Drone pilots have complained of low morale, long hours and of the psychological impacts stemming from killing people remotely.

  8. DoD Award To Recognize Drone Operators (securityweek.com)

    Tech · Military · · posted by samzenpus · from the here's-your-medal dept. · 144 comments
    wiredmikey writes: According to a Pentagon memo due out today, the US military will create a new way to recognize drone operators and other service members who contribute to America's fighting efforts from afar. The military is set to introduce a new "R" designation — known as a "device" — that can be attached to medals given to drone operators and other non-combat troops, such as cyber warriors who hack enemy networks. Former defense secretary Chuck Hagel nixed a proposed new combat medal for US troops who launch drone strikes or cyber attacks, after a torrent of criticism from veterans and lawmakers. Drone pilots have complained of low morale, long hours and of the psychological impacts stemming from killing people remotely.

  9. Always-Listening IoT Devices Raise Security Policy Questions For the Workplace (securityweek.com)

    Devices · Business · · posted by timothy · from the meet-your-new-conference-bridge dept. · 152 comments
    wiredmikey writes: Rafal Los raises an interesting point about new Internet of Things (IoT) devices that may be coming into the office after Christmas, and the possible security risks associated. He uses an example of the Amazon Echo which is "always listening" and raises the question of how welcome it would be in an office where confidential and highly sensitive conversations are frequent. "How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn't be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who's addressing all the other gadgetry?"

  10. Always-Listening IoT Devices Raise Security Policy Questions For the Workplace (securityweek.com)

    Devices · Business · · posted by timothy · from the meet-your-new-conference-bridge dept. · 152 comments
    wiredmikey writes: Rafal Los raises an interesting point about new Internet of Things (IoT) devices that may be coming into the office after Christmas, and the possible security risks associated. He uses an example of the Amazon Echo which is "always listening" and raises the question of how welcome it would be in an office where confidential and highly sensitive conversations are frequent. "How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn't be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who's addressing all the other gadgetry?"

  11. Always-Listening IoT Devices Raise Security Policy Questions For the Workplace (securityweek.com)

    Devices · Business · · posted by timothy · from the meet-your-new-conference-bridge dept. · 152 comments
    wiredmikey writes: Rafal Los raises an interesting point about new Internet of Things (IoT) devices that may be coming into the office after Christmas, and the possible security risks associated. He uses an example of the Amazon Echo which is "always listening" and raises the question of how welcome it would be in an office where confidential and highly sensitive conversations are frequent. "How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn't be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who's addressing all the other gadgetry?"

  12. XSS Can Take Down Your IoT Wind Turbine (softpedia.com)

    It · Security · · posted by Soulskill · from the winds-of-unchange dept. · 68 comments
    An anonymous reader writes: ISC-CERT is warning of a critical vulnerability (score 9.8 out of 10) in Internet-enabled XZERES 442SR wind turbines. According to CERT, the Web administration portal of these portals is subject to the simplest XSS attacks (modifying IDs for admin access), which even the most basic n00b-level hackers can perform. This is yet another security bug in critical IoT equipment, like the Midas gas detector.

  13. LinkedIn's Own CSS Abused For Clickjacking Attacks

    It · Security · · posted by Soulskill · from the hyperlinked-in dept. · 12 comments
    An anonymous reader writes: LinkedIn has fixed a security bug that allowed attackers to use its own CSS code for clickjacking attacks. Basically attackers can create blog posts and load CSS classes from LinkedIn's own stylesheets. If a reader lands on that blog post, then a malicious link can be shown for the entire area of the page. Not something "unique" since this type of method is quite well-known, but you don't generally expect to find these kind of attacks on LinkedIn's own platform. (Here's a link to the LinkedIn security blog. Sorry for not linking to the particular blog — LinkedIn has a weird URL policy. It's the first one.)

  14. Snowden Joins Twitter, Follows NSA

    Yro · Government · · posted by timothy · from the if-that-is-your-real-name dept. · 206 comments
    wiredmikey writes: Edward Snowden joined Twitter Tuesday, picking up more than a quarter of a million followers on the social network in just over two hours. Snowden followed a single Twitter account: the U.S. National Security Agency, from which he stole electronic documents revealing the agency's secret surveillance programs. "Can you hear me now?" he asked in his first tweet, which was quickly resent by Twitter users tens of thousands of times. In his second, Snowden noted the recent news about the planet Mars and then quipped about the difficulty he had finding asylum after the U.S. government fingered him as the source of the NSA leaks. "And now we have water on Mars!" he wrote. "Do you think they check passports at the border? Asking for a friend."

  15. BlackBerry Launches Android Smartphone

    Blackberry · · posted by ryuzaki0 · from the not-dead-yet dept. · 127 comments
    wiredmikey writes: In an attempt to come back from the dead, BlackBerry announced plans to sell an Android-powered smartphone. The struggling Canadian smartphone maker said it would begin selling "Priv," described as "a flagship handheld device that will run on the Android operating system with BlackBerry security," expected to be available later this year. The company isn't giving up on its own operating system, and will continue to develop and enhance its BlackBerry 10 platform, which currently represents less than one percent of smartphone users.

  16. Hacker Shows How To Fabricate Death Records

    Tech · Internet · · posted by Soulskill · from the making-you-dead dept. · 46 comments
    wiredmikey writes: Hackers the Def Con gathering in Las Vegas on Friday got schooled in how to be online "killers." A rush to go digital with the process of registering deaths has made it simple for maliciously minded folks to have someone who is alive declared dead by the authorities. The process of having someone officially stamped dead by getting a death certificate issued typically involves a doctor filling out one form and a funeral home filling out another, according to Rock's research. Once forms are submitted online, certificates declaring the listed person legally dead are generated. A fatal flaw in the system is that people can easily pose as real doctors and funeral directors.

  17. Samsung To Push Monthly Over-the-Air Security Updates For Android

    Mobile · Android · · posted by samzenpus · from the air-security dept. · 126 comments
    wiredmikey writes: Smartphone maker Samsung said on Wednesday that it soon will implement a new Android security update process that fast tracks mobile security patches over the air when security vulnerabilities are uncovered. The South Korea-based maker of popular Android smartphones said that it recently fast tracked security updates to its Galaxy devices in response to the recent Android "Stagefright" vulnerabilities uncovered late last month by security firm Zimperium. News of the initiative is great for Android users. For years, wireless carriers and phone manufacturers have been accused of putting profits over protection and dragging their feet on regular operating system updates, making Android users vulnerable to malware and other attacks. Nexus is also joining the monthly OTA update club.

  18. Samsung To Push Monthly Over-the-Air Security Updates For Android

    Mobile · Android · · posted by samzenpus · from the air-security dept. · 126 comments
    wiredmikey writes: Smartphone maker Samsung said on Wednesday that it soon will implement a new Android security update process that fast tracks mobile security patches over the air when security vulnerabilities are uncovered. The South Korea-based maker of popular Android smartphones said that it recently fast tracked security updates to its Galaxy devices in response to the recent Android "Stagefright" vulnerabilities uncovered late last month by security firm Zimperium. News of the initiative is great for Android users. For years, wireless carriers and phone manufacturers have been accused of putting profits over protection and dragging their feet on regular operating system updates, making Android users vulnerable to malware and other attacks. Nexus is also joining the monthly OTA update club.

  19. Samsung To Push Monthly Over-the-Air Security Updates For Android

    Mobile · Android · · posted by samzenpus · from the air-security dept. · 126 comments
    wiredmikey writes: Smartphone maker Samsung said on Wednesday that it soon will implement a new Android security update process that fast tracks mobile security patches over the air when security vulnerabilities are uncovered. The South Korea-based maker of popular Android smartphones said that it recently fast tracked security updates to its Galaxy devices in response to the recent Android "Stagefright" vulnerabilities uncovered late last month by security firm Zimperium. News of the initiative is great for Android users. For years, wireless carriers and phone manufacturers have been accused of putting profits over protection and dragging their feet on regular operating system updates, making Android users vulnerable to malware and other attacks. Nexus is also joining the monthly OTA update club.

  20. Using HTML5 To Hide Malware

    It · Security · · posted by timothy · from the but-html5-is-magic dept. · 56 comments
    New submitter Jordan13 writes: SecurityWeek reports on the findings of a group of Italian researchers about web malware. They developed three new obfuscation techniques that can be used to obfuscate exploits like the one usually leveraged in drive-by download malware attacks. These techniques use some functionalities of the HTML5 standard, and can be leveraged through the various JavaScript-based HTML5 APIs. The research also contains recommendations about some of the steps that can be taken to counter these obfuscation techniques.

  21. Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons

    It · Security · · posted by samzenpus · from the here-comes-the-fallout dept. · 123 comments
    Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.

  22. Google Let Root Certificate For Gmail Expire

    Tech · Google_Fb · · posted by Soulskill · from the happens-to-the-best-of-us dept. · 104 comments
    Gr8Apes writes: The certificate for Google's intermediate certificate authority expired Saturday. The certificate was used to issue Gmail's certificate for SMTP, and the expiration at 11:55am EDT caused many e-mail clients to stop receiving Gmail messages. While the problem affected most Gmail users using PC and mobile mail clients, Web access to Gmail was unaffected. I guess Google Calendar failed to notify someone.

  23. Massive Power Outage Paralyzes Turkey

    Hardware · Power · · posted by Soulskill · from the taken-for-granted-until-it's-gone dept. · 57 comments
    wiredmikey writes: A massive power outage caused chaos and shut down public transport across Turkey on Tuesday, with the government refusing to rule out that the electricity system had been the victim of an attack. The nationwide power cut, the worst in 15 years, began shortly after 10:30 am (0730 GMT) in Istanbul, the state-run Anatolia news agency quoted the Turkey Electricity Transmission Company (TEIAS) as saying. Energy Minister Taner Yildiz said the authorities were investigating whether the power outage was due to a technical failure or cyber-attack. "It is too early to say now if it is because of a technical reason, a manipulation, a faultplay, an operational mistake, or a cyber (attack). We are looking into it... We cannot say they are excluded possibilities."

  24. Oracle Releases Massive Security Update

    Developers · Oracle · · posted by samzenpus · from the protect-ya-neck dept. · 79 comments
    wiredmikey writes Oracle has pushed out a massive security update, including critical fixes for Java SE and the Oracle Sun Systems Products Suite. Overall, the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password.

  25. Researchers Use Siri To Steal Data From iPhones

    Apple · Iphone · · posted by samzenpus · from the protect-ya-neck dept. · 55 comments
    wiredmikey writes "Using Apple's voice-activated Siri function, security researchers have managed to steal sensitive information from iOS smartphones in a stealthy manner. Luca Caviglione of the National Research Council of Italy and Wojciech Mazurczy of the Warsaw University of Technology warn that malicious actors could use Siri for stealthy data exfiltration by using a method that's based on steganography, the practice of hiding information. Dubbed "iStegSiri" by the researchers, the attack can be effective because it doesn't require the installation of additional software components and it doesn't need the device's alteration. On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the modified Siri traffic. The attack method involves controlling the "shape" of this traffic to embed sensitive data from the device. This covert channel could be used to send credit card numbers, Apple IDs, passwords, and other sensitive information from the phone to the criminal mastermind, researchers said in their paper.

  26. Microsoft Restricts Advanced Notification of Patch Tuesday Updates

    Tech · Microsoft · · posted by timothy · from the you'll-find-out-eventually dept. · 57 comments
    wiredmikey writes Microsoft has decided to ditch its tradition of publicly publishing information about upcoming patches the Thursday before Patch Tuesday. The decision represents a drastic change for the company's Advance Notification Service (ANS), which was created more than a decade ago to communicate information about security updates before they were released. However, Microsoft's "Premier customers" who still want to receive information about upcoming patches will be able to get the information through their Technical Account Manager support representatives, Microsoft said.

  27. US Slaps Sanctions On North Korea After Sony Cyberattack

    News · Usa · · posted by Soulskill · from the you-can-have-cuba's-old-digs dept. · 231 comments
    wiredmikey writes: The United States imposed financial sanctions Friday on North Korea and several senior government officials in retaliation for a cyber attack on Sony Pictures. President Obama said he ordered the sanctions because of "the provocative, destabilizing, and repressive actions and policies (PDF) of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014." The activities "constitute a continuing threat to the national security, foreign policy, and economy of the United States," he added, in a letter to inform congressional leaders of his executive order. The new measures allow the Treasury Department "to apply sanctions against officials of the Government of North Korea and the Workers' Party of Korea, and persons determined to be owned or controlled by, or acting for or on behalf of" these bodies.

  28. South Korea Says Nuclear Reactors Safe After Cyberattacks

    It · Security · · posted by samzenpus · from the all-clear dept. · 54 comments
    wiredmikey writes South Korea on Thursday ruled out the possibility that recent cyber-attacks on nuclear power operator Korea Hydro and Nuclear Power Co (KHNP) could cause a malfunction at any of the country's 23 atomic reactors. Earlier this week, South Korea heightened security in the wake of the leaks, with the defense ministry's cyber warfare unit increasing its watch-level against attacks from North Korean and other hackers. On Monday, KHNP launched a two-day drill, testing its ability to thwart a cyber attack.

  29. Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

    It · Security · · posted by timothy · from the forewarned-is-forearmed dept. · 177 comments
    wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

  30. Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

    It · Security · · posted by timothy · from the forewarned-is-forearmed dept. · 177 comments
    wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

  31. Hackers Breach Payment Systems of Major Parking Garage Operator

    It · Security · · posted by timothy · from the situational-awareness-only-goes-so-far dept. · 38 comments
    wiredmikey writes Parking garage operator SP+ said on Friday that an unauthorized attacker gained access to its payment processing systems and was able to access customer names and payment card information. The company, which operates roughly 4,200 parking facilities in hundreds of cities across North America, said the attack affected 17 SP+ parking facilities. According to the company, an unauthorized person had used a remote access tool to connect to the payment processing systems to install malware which searched for payment card data that was being routed through the computers that accept payments made at the parking facilities. Parking facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach, though a majority of the locations affected were located in Chicago.

  32. Court Shuts Down Alleged $120M Tech Support Scam

    Yro · Court · · posted by samzenpus · from the shutting-it-down dept. · 129 comments
    wiredmikey writes A federal court has temporarily shut down and frozen the assets of two telemarketing operations accused by the FTC of scamming customers out of more than $120 million by deceptively marketing computer software and tech support services. According to complaints filed by the FTC, since at least 2012, the defendants used software designed to trick consumers into believing there were problems with their computers and then hit them with sales pitches for tech support products and services to fix their machines.

    According to the FTC, the scams began with computer software that claimed to improve the security or performance of the customer's computer. Typically, consumers downloaded a free, trial version of the software that would run a computer system scan. The scan always identified numerous errors, whether they existed or not. Consumers were then told that in order to fix the problems they had to purchase the paid version of the software for between $29 and $49. In order to activate the software after the purchase, consumers were then directed to call a toll-free number and connected to telemarketers who tried to sell them unneeded computer repair services and software, according to the FTC complaint. The services could cost as much as $500, the FTC stated.

  33. Entrepreneur Injects Bitcoin Wallets Into Hands

    Tech · Bitcoin · · posted by timothy · from the heirs-are-not-amused dept. · 77 comments
    wiredmikey writes A Dutch entrepreneur has had two microchips containing Bitcoin injected into his hands to help him make contactless payments. The chips, enclosed in a 2mm by 12mm capsule of "biocompatible" glass, were injected using a special syringe and can communicate with devices such as Android smartphones or tablets via NFC. "What's stored on the microchips should be seen as a savings account rather than a current account," Martijn Wismeijer, co-founder of MrBitcoin said. "The payment device remains the smartphone, but you transfer funds from the chips." The chips are available on the Internet, sold with a syringe for $99, but Wismeijer suggested individuals should find a specialist to handle the injection to avoid infections.

  34. Popular Smartphones Hacked At Mobile Pwn2Own 2014

    Mobile · Android · · posted by timothy · from the keep-it-in-a-faraday-cage dept. · 52 comments
    wiredmikey writes Researchers have hacked several popular smartphones during the Mobile Pwn2Own 2014 competition that took place alongside the PacSec Applied Security Conference in Tokyo this week. The competition, organized by HP's Zero Day Initiative (ZDI) targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5. Using various attacks, some Mobile Pwn2Own 2014 Pwnage included: Apple's iPhone 5s (hacked via the Safari Web browser, achieving a full sandbox escape); Samsung's Galaxy S5 (hacked multiple times using near-field communications attacks); Amazon's Fire Phone (Web browser exploited); Windows Phone (partial hacks using a browser attack), andthe Nexus 5 (a Wi-Fi attack, which failed to elevate privileges). All the exploits were disclosed privately to the affected companies. HP promised to reveal details in the upcoming weeks.

  35. Home Depot Says Hackers Grabbed 53 Million Email Addresses

    It · Security · · posted by samzenpus · from the reply-all dept. · 99 comments
    wiredmikey writes Home Depot said on Thursday that hackers managed to access 53 million customer email addresses during the massive breach that was disclosed in September when the retail giant announced that 56 million customer payment cards were compromised in a cyber attack. The files containing the stolen email addresses did not contain passwords, payment card information or other sensitive personal information, the company said. The company also said that the hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.

  36. Hackers Breach White House Network

    Yro · Government · · posted by Soulskill · from the dozens-of-solitaire-games-compromised dept. · 98 comments
    wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

  37. Hackers Breach White House Network

    Yro · Government · · posted by Soulskill · from the dozens-of-solitaire-games-compromised dept. · 98 comments
    wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

  38. Hackers Breach White House Network

    Yro · Government · · posted by Soulskill · from the dozens-of-solitaire-games-compromised dept. · 98 comments
    wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

  39. Kmart Says Its Payment System Was Hacked

    Yro · Privacy · · posted by timothy · from the worst-case-scenario dept. · 101 comments
    wiredmikey writes Kmart is the latest large U.S. retailer to experience a breach of its payment systems, joining a fast growing club dealing successful hack attacks. The company said that on Thursday, Oct. 9, its IT team detected that its payment data systems had been breached, and that debit and credit card numbers appear to have been compromised. A company spokesperson told SecurityWeek that they are not able to provide a figure on the number of customers impacted. The spokesperson said that based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by the attackers.

  40. Symantec To Separate Into Two Companies

    News · Business · · posted by samzenpus · from the split-up dept. · 86 comments
    wiredmikey writes Symantec announced plans on Thursday to split into two separate, publicly traded companies – one focused on security, the other focused on information management. The company's security business generated $4.2 billion in revenue in fiscal year 2014 while its information management business meanwhile hit revenues of $2.5 billion. "As the security and storage industries continue to change at an accelerating pace, Symantec's security and IM businesses each face unique market opportunities and challenges," Symantec CEO Michael A. Brown, who officially took over as CEO last month, said in a statement. Garrett Bekker, senior analyst with 451 Research, called the decision "long overdue." "The company had become too big to manage, and they were having trouble keeping up with the pace of innovation in many areas of security," he told SecurityWeek. "The synergies between storage and security never really emerged, in part because in many firms, particularly large enterprises, they are managed by different internal teams."

  41. Hackers Compromised Yahoo Servers Using Shellshock Bug

    Tech · Yahoo · · posted by samzenpus · from the protect-ya-neck dept. · 69 comments
    wiredmikey writes Hackers were able to break into some of Yahoo's servers by exploiting the recently disclosed Shellshock bug over the past few weeks. This may be the first confirmed case of a major company being hit with attacks exploiting the vulnerability in bash. Contacted by SecurityWeek, a Yahoo spokesperson provided the following statement Monday afternoon: "A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data."

  42. Home Depot Says Breach Affected 56 Million Cards

    It · Security · · posted by Soulskill · from the going-for-the-high-score dept. · 80 comments
    wiredmikey writes: Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement. The home improvement retail giant also that it has completed a "major payment security project" that provides enhanced encryption of payment card data at point of sale in its U.S. stores. According to a recent report from Trend Micro (PDF), six new pieces of point-of-sale malware have been identified so far in 2014.

  43. Hackers Demand Automakers Get Serious About Security

    It · Security · · posted by samzenpus · from the lock-it-down dept. · 120 comments
    wiredmikey writes: In an open letter to Automotive CEOs, a group of security researchers has called on automobile industry executives to implement five security programs to improve car safety and build cyber-security safeguards inside the software systems powering various features in modern cars. As car automation systems become more sophisticated, they need to be locked down to prevent tampering or unauthorized access. The Five Star Automotive Cyber Safety Program outlined in the letter asked industry executives for safety by design, third-party collaboration, evidence capture, security updates, and segmentation and isolation. Vehicles are "computers on wheels," said Josh Corman, CTO of Sonatype and a co-founder of I am the Cavalry, the group who penned the letter (PDF). The group aims to bring security researchers together with representatives from non-security fields, such as home automation and consumer electronics, medical devices, transportation, and critical infrastructure, to improve security.

  44. Facebook Acquires Server-Focused Security Startup

    It · Business · · posted by samzenpus · from the answering-the-acquisition-request dept. · 18 comments
    wiredmikey writes In a move to bolster the security of its massive global server network, Facebook announced on Thursday it was acquiring PrivateCore, a Palo Alto, California-based cybersecurity startup. PrivateCore describes that its vCage software transparently secures data in use with full memory encryption for any application, any data, anywhere on standard x86 servers. "I'm really excited that Facebook has entered into an agreement to acquire PrivateCore," Facebook security chief Joe Sullivan wrote in a post to his own Facebook page. "I believe that PrivateCore's technology and expertise will help support Facebook's mission to help make the world more open and connected, in a secure and trusted way," Sullivan said. "Over time, we plan to deploy PrivateCore's technology directly into the Facebook server stack."

  45. Mozilla Dumps Info of 76,000 Developers To Public Web Server

    Tech · Mozilla · · posted by samzenpus · from the for-everyone's-eyes dept. · 80 comments
    wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.

  46. Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners

    Yro · China · · posted by timothy · from the location-location-location dept. · 93 comments
    wiredmikey (1824622) writes China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. According to security firm TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

    Experts determined that the threat group targets servers storing corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. In one attack they observed, 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network. Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and which is physically located only one block away from the scanner manufacturer, TrapX said.

  47. DHS Mistakenly Releases 840 Pages of Critical Infrastructure Documents

    News · Usa · · posted by Unknown · from the someone-inverted-the-black-lines dept. · 50 comments
    wiredmikey (1824622) writes The Operation Aurora attack was publicized in 2010 and impacted Google and a number of other high-profile companies. However, DHS responded to the request by releasing more than 800 pages of documents related to the 'Aurora' experiment conducted several years ago at the Idaho National Laboratory, where researchers demonstrated a way to damage a generator via a cyber-attack. Of the documents released by the DHS, none were related to the Operation Aurora cyber attack as requested. Many of the 840 pages are comprised of old weekly reports from the DHS' Control System Security Program (CSSP) from 2007. Other pages that were released included information about possible examples of facilities that could be vulnerable to attack, such as water plants and gas pipelines.

  48. Researchers Disarm Microsoft's EMET

    Tech · Microsoft · · posted by timothy · from the slipping-through dept. · 33 comments
    wiredmikey (1824622) writes "Security researchers have found a way to disable the protection systems provided by the latest version of Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a software tool designed to prevent vulnerabilities from being exploited by using various mitigation technologies. Others have managed to bypass EMET in the past, but researchers from Offensive Security have focused on disarming EMET, rather than on bypassing mitigations, as this method gives an attacker the ability use generic shellcodes such as the ones generated by Metasploit. The researchers managed to disarm EMET and get a shell after finding a global variable in the .data section of the EMET.dll file. Initially, they only managed to get a shell by executing the exploit with a debugger attached, due to EMET's EAF checks. However, they've succeeded in getting a shell outside the debugger after disarming EAF with a method described by security researcher Piotr Bania in January 2012. The researchers tested their findings on Windows 7, Internet Explorer 8 and EMET 4.1 update 1."

  49. Researchers Disarm Microsoft's EMET

    Tech · Microsoft · · posted by timothy · from the slipping-through dept. · 33 comments
    wiredmikey (1824622) writes "Security researchers have found a way to disable the protection systems provided by the latest version of Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a software tool designed to prevent vulnerabilities from being exploited by using various mitigation technologies. Others have managed to bypass EMET in the past, but researchers from Offensive Security have focused on disarming EMET, rather than on bypassing mitigations, as this method gives an attacker the ability use generic shellcodes such as the ones generated by Metasploit. The researchers managed to disarm EMET and get a shell after finding a global variable in the .data section of the EMET.dll file. Initially, they only managed to get a shell by executing the exploit with a debugger attached, due to EMET's EAF checks. However, they've succeeded in getting a shell outside the debugger after disarming EAF with a method described by security researcher Piotr Bania in January 2012. The researchers tested their findings on Windows 7, Internet Explorer 8 and EMET 4.1 update 1."

  50. Cybercrooks May Have Stolen Billions Using Brazilian "Boletos"

    Yro · Crime · · posted by samzenpus · from the making-that-money dept. · 69 comments
    wiredmikey writes Researchers with RSA have discovered a Boleto malware (Bolware) ring that compromised as many as 495,753 Boleto transactions during a two-year period. Though it is not clear whether the thieves successfully collected on all of the compromised transactions, the value of those transactions is estimated to be worth as much as $3.75 billion. A Boleto is essentially a document that allows a customer to pay an exact amount to a merchant. Anyone who owns a bank account — whether a company or an individual — can issue a Boleto associated with their bank. The first signs of its existence appeared near the end of 2012 or early 2013, when it began to be reported in the local news media," according to the report (PDF). "The RSA Research Group analyzed version 17 of the malware, gathering data between March 2014 and June 2014. The main goal of Boleto malware is to infiltrate legitimate Boleto payments from individual consumers or companies and redirect those payments from victims to fraudster accounts."