If you're a hacker, it's a good idea to stay away from Facebook and Gmail to communicate with your colleagues.Three men, who allegedly were part of a multi-year hacking campaign executed by the Syrian Electronic Army (SEA), left a long digital trail that didn't make them hard to identify, according to court documents.The U.S. Department of Justice unsealed charges on Tuesday against the men, who are accused of hacking companies and defacing websites.The SEA, which emerged around July 2011, claimed credit for prominent hacks that sought to support Syrian President Bashar al-Assad. The group targeted the White House, Harvard University, Reuters, the Associated Press, NASA and Microsoft, among others.To read this article in full or to leave a comment, please click here
The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.To read this article in full or to leave a comment, please click here
Apple's iMessage system has a cryptography flaw that allowed researchers to decrypt a photo stored in iCloud, the Washington Post reported on Sunday.The researchers, led by cryptography expert Matthew D. Green of Johns Hopkins University, wrote software that mimicked an Apple server and then targeted an encrypted photo stored on iCloud, the publication reported.To read this article in full or to leave a comment, please click here
An uptick in cyberattacks and greater awareness about government surveillance have prompted calls for tighter security on the Internet, and a big part of that is encrypting the traffic that flows to and from websites. Google, Facebook and Microsoft are among the many companies that have been pushing for wider use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption, though it can be tricky and expensive to implement. Here's the basics of what you need to know.To read this article in full or to leave a comment, please click here
The FBI and the National Highway Traffic Safety Administration warned on Thursday that the rising use of computers in vehicles poses increasing risks of cyberattacks.
The warning comes eight months after a high-profile demonstration published by Wired showed how a Jeep Cherokee could be remotely controlled over the Internet. Fiat Chrysler later recalled 1.4 million vulnerable vehicles.
Manufacturers see great promise in designing vehicles with advanced networking capabilities for everything from entertainment to fleet management.
But computer security experts have criticized the industry for not taking stronger steps to prevent software vulnerabilities that could have lethal consequences.To read this article in full or to leave a comment, please click here
Millions of Android devices are at risk yet again after researchers found a new way to exploit an older vulnerability that was previously patched by Google.
NorthBit, based in Herzliya, Israel, published a paper outlining Metaphor, a nickname for a new weakness they found in Stagefright, Android's mediaserver and multimedia library.
The attack is effective against devices running Android versions 2.2 through 4.0 and 5.0 and 5.1, NorthBit said.
The company said its attack works best on Google's Nexus 5 with stock ROM, and with some modifications for HTC's One, LG's G3 and Samsung's S5.
The attack is an extension of other ones developed for CVE-2015-3864, a remote code execution vulnerability which has been patched twice by Google.To read this article in full or to leave a comment, please click here
The latest version of the TeslaCrypt ransomware has tidied up a weakness in previous versions that in some cases allowed victims to recover their files without paying a ransom.
Cisco's Talos research group found that TeslaCrypt 3.0.1 has improved its implementation of a cryptographic algorithm making it impossible now to decrypt files.
"We can not say it loud and often enough, ransomware has become the black plague of the internet," wrote Andrea Allievi and Holger Unterbrink, both security researchers with Cisco, in a blog post on Wednesday. "The adversaries are modifying and improving it in every version."To read this article in full or to leave a comment, please click here
Major websites including the BBC, Newsweek, The New York Times and MSN ran malicious online advertisements on Sunday that attacked users' computers, a campaign that one expert said was the largest seen in two years.The websites weren't at fault. Instead, they are unwitting victims of malvertising, a scheme where cyberattackers upload harmful ads to online advertising companies, which are then distributed to top-tier publishers.Tens of thousands of computers could have been exposed to the harmful advertisements on Sunday, which means some running vulnerable software may have been infected with malware or file-encrypting ransomware.Some bad ads were still appearing on some websites including the BBC on Monday, said Jerome Segura, a senior security researcher with Malwarebytes, in a phone interview Tuesday.To read this article in full or to leave a comment, please click here
Tens of thousands of Web browsers may have been exposed to ransomware and other malware over the last few days after malicious advertisements appeared on high-profile websites, security vendors said Monday.The malicious advertisements are connected to servers hosting the Angler exploit kit, a software package that probes a computer for software vulnerabilities in order to deliver malware, Trend Micro said.Security vendor Trustwave wrote on Monday that it also detected a large Angler-related malvertising campaign.To read this article in full or to leave a comment, please click here
Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to US$100,000, sweetening the pot in hopes of drawing more attention from security researchers.The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google's security blog on Monday."Since we introduced the $50,000 reward, we haven’t had a successful submission," Google wrote. "That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."To read this article in full or to leave a comment, please click here
A software component for encrypting instant messaging clients has a flaw that could let attackers take over users' machines, but there's now a patch for the vulnerability.The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.OTR stands for Off-the-Record Messaging. It's a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium.The integer overflow flaw was found by Markus Vervier of the German company X41 D-Sec, which released an advisory. To read this article in full or to leave a comment, please click here
Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself.Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.Trustwave's SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky."We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware," wrote Rodel Mendrez, a Trustwave security researcher.To read this article in full or to leave a comment, please click here
The iPhone 5c at the center of the legal battle between Apple and the FBI might be accessible through a delicate hardware technique, but experts warn it would be difficult.In recent days, the American Civil Liberties Union's technology fellow and former NSA contractor Edward Snowden have suggested a method that would let investigators repeatedly guess the iPhone's password.Federal investigators fear San Bernardino shooter Syed Rizwan Farook may have configured his work phone to use an Apple security feature that erases a key for decrypting data after 10 incorrect guesses of the phone's password. The forensic technique for getting at the data, known as "chip off," involves removing a NAND flash memory chip from a device and copying its data, yielding a decryption key that can be restored if it is erased after incorrect guesses.To read this article in full or to leave a comment, please click here
Let's Encrypt, an organization set up to encourage broader use of encryption on the Web, has distributed 1 million free digital certificates in just three months.The digital certificates cover 2.5 million domains, most of which had never implemented SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts content exchanged between a system and a user. An encrypted connection is signified in most browsers by "https" and a padlock appearing in the URL bar."Much more work remains to be done before the Internet is free from insecure protocols, but this is substantial and rapid progress," according to a blog post by the Electronic Frontier Foundation, one of Let's Encrypt's supporters.To read this article in full or to leave a comment, please click here
Google has released 16 patches for Android, including one for a critical remote execution vulnerability in the operating system's mediaserver.The company's Nexus devices will receive an over-the-air update. Google's partners were notified no later than Feb. 1 of the fixes, giving them more than a month to prepare.The vulnerabilities in mediaserver could be exploited if malicious content is displayed or played on a device, such as an MMS, email, or if the browser plays some type of media, Google's advisory said.A string of vulnerabilities has been found in media playback software since last year, most notably the Stagefright bug. To read this article in full or to leave a comment, please click here
With the help of security researchers, Apple over the weekend quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware.The incident is believed to be the first Apple-focused attack using ransomware, which typically targets computers running Windows.Victims of ransomware are asked to pay a fee, usually in bitcoin, to get access to the decryption key to recover their files.Security company Palo Alto Networks wrote on Sunday that it found the "KeRanger" ransomware wrapped into Transmission, which is a free Mac BitTorrent client. Transmission warned on its website that people who downloaded the 2.90 version of the client "should immediately upgrade to 2.92."To read this article in full or to leave a comment, please click here
Security researchers have identified a new piece of OS X malware that may come from Hacking Team, the controversial Italian company that sells surveillance software to governments.The malware is a "dropper," which is used to plant other software onto a computer. In this case, it appears intended to install Hacking Team's Remote Control System (RCS)."The dropper is using more or less the same techniques as older Hacking Team RCS samples, and its code is more or less the same," wrote Pedro Vilaca, an OS X security expert with SentinelOne, on his blog.To read this article in full or to leave a comment, please click here
There's a disturbing new angle to cyberattacks that has become more common over the last year, and it is proving costly for organizations: extortion.Over the last year, companies have at times paid more than US$1 million in hush money to cyberattackers who have stolen their sensitive data and threatened to release it online, said Charles Carmakal, a vice president with Mandiant, the computer forensics unit of FireEye, in an interview on Wednesday."This is where a human adversary has deliberately targeted an organization, has stolen data, has reviewed that data and understands the value of it," Carmakal said. "We have seen seven-figure payouts by organizations that are afraid for that data to be published."To read this article in full or to leave a comment, please click here
The Internet is becoming harder to browse for users of Tor, the anonymity network that provides greater privacy, according to a new study.
The blame can be placed largely on those who use Tor, short for The Onion Router, for spamming or cyberattacks. But the fallout means that those who want to benefit from the system's privacy protections are sometimes locked out.
Researchers scanned the entire IPv4 address space and found that 1.3 million websites will not allow a connection coming from a known Tor exit node. Also, some 3.67 percent of Alexa's top 1000 websites will block Tor users at the application level.To read this article in full or to leave a comment, please click here
Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study.
Baidu responded by releasing software fixes, but researchers say not all the issues have been resolved.
The study was published Tuesday by Citizen Lab, a research group that's part of the University of Toronto.
It focused on the Windows and Android versions of Baidu's browser, which are free products. It also found that sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit).To read this article in full or to leave a comment, please click here
Jeremy Kirk