A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point."This affects all Android phones KitKat and higher," said Yevgeny Pats, co-founder and CEO at security vendor Perception Point.ALSO: A brief history of Linux malware
Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit. Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world's supercomputers.To read this article in full or to leave a comment, please click here
Last week's distributed denial of service attack against the BBC website may have been the largest in history.A group calling itself New World Hacking said that the attack reached 602Gbps. If accurate, that would put it at almost twice the size of the previous record of 334Gbps, recorded by Arbor Networks last year."Some of this information still needs to be confirmed," said Paul Nicholson, director of product marketing at A10 Networks, a security vendor that helps protect companies against DDoS attacks."If it's proven, it would be the largest attack on record. But it depends on whether it's actually confirmed, because it's still a relatively recent attack."To read this article in full or to leave a comment, please click here
Last summer, law enforcement agencies from 20 countries joined forces to shut down the notorious Darkode hacking forum. Organizers said they would be back, stronger than ever.Security researchers have been keeping an eye out for its resurgence ever since and finally found it last week, but instead of being stronger than ever, it's actually insecure and badly configured.According to Loucif Kharouni, senior threat researcher at Damballa, it feels like a "bad Darkode imitation" that is "just not worth anyone's time."At its peak, Darkode had hundreds of users who were heavy-weights in the cybercriminal world.To read this article in full or to leave a comment, please click here
According to a new report by Trend Micro, the North American cyber criminal underground isn't buried as deep as in other geographies."It doesn't exist in the dark web as much as other undergrounds do, or practice as much security," said Tom Kellermann, chief cybersecurity officer at Trend Micro. "Essentially, it's become a gun show for everyone as long as they can participate and are willing to pay."In addition to offering guns, as well as murder for hire, there's also drugs, money laundering, bullet-proof hosting, and hacking services available.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
It's a bonanza of services and capabilities, he said, allowing traditional criminals and organized crime groups to become cyber-capable.To read this article in full or to leave a comment, please click here
There's a new botnet malware on the loose, called Corebot, that researchers believe has the potential to develop into a significant threat.The malware was first spotted by IBM Security X-Force, and Damballa followed up with a deep dive into how the malware works, and what else the malware's author is working on.The malware itself is particularly clever, said Loucif Kharouni, senior threat researcher at Damballa, in that it is written from scratch to be modular, making it easy for the author to add plugins to do specific tasks.MORE ON CSO: How to spot a phishing email
"Most malware is based on older malware, on Zeus code for example," he said. "This one looks like it was built new, from scratch."To read this article in full or to leave a comment, please click here
To avoid detection, some hackers are ditching malware and living "off the land" -- using whatever tools are already available in the compromised systems, according to a new report from Dell SecureWorks.In fact, this has been the case for nearly all the intrusions analyzed by the Dell SecureWorks’ Incident Response Team last year.The cyber criminals typically start out with compromised credentials, said Phil Burdette, senior security researcher at Atlanta-based Dell SecureWorks, Inc."For example, they might use phishing attacks," he said. "They'll send an email purporting to be from the IT staff, asking users to log in and test their credentials because the IT staff has just created a new email server. Once a user logs in, those same credentials would then be used to access the company's virtual private network solutions."To read this article in full or to leave a comment, please click here
In a cybersecurity survey of 485 large colleges and universities, the Massachusetts Institute of Technology came in at the bottom of the list.In a report released today, SecurityScorecard analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators.SecurityScorecard's chief research officer Alex Heid said they have a feeling that MIT's low scores were due in part to its cybersecurity research efforts.MORE ON CSO: What is wrong with this picture? The NEW clean desk test
"They do their own malware research," he said. "They run honeypots. They're running TOR exit nodes."To read this article in full or to leave a comment, please click here
This fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA, but many security experts and privacy advocates are opposed.Cybersecurity has been in the news a lot this summer, and not just with several new high-profile breaches in government and the in private sector.Last month alone, the Pentagon began requiring defense contractors to report breaches, the White House Office of Management and Budget proposed new cybersecurity rules for contractor supply chains, and a court agreed that the Federal Trade Commission has the authority to enforce cybersecurity standards.MORE ON CSO:Millions of records compromised in these data breaches
And many security experts agree that it's important for companies to share cybersecurity information, in real time, without risk of being publicly embarrassed, fined, or sued.To read this article in full or to leave a comment, please click here
The Ashley Madison breach has been a Christmas-in-August present for spammers and scammers of all kinds, and your company could be the next target.
Here are some scams to watch out for.
Phishing
There is a significant amount of spam related to the Ashley Madison attack.
According to Trend Micro, the most recent Ashley Madison-related phishing campaign offers a link to the "Ashley Madison Client List" but instead infects the user's computer with banking malware, or locks up files until the user pays one Bitcoin, or approximately $235.
"Companies should block all Ashley Madison related emails at the email gateway and use URL filtering for all inbound emails for those bulletproof hosts which are disseminating this crimewave," said Tom Kellermann, chief cybersecurity officer at Irving, Tex.-based Trend Micro Inc.To read this article in full or to leave a comment, please click here
The US Court of Appeals has ruled that the FTC mandate to protect consumers against fraudulent, deceptive and unfair business practices extends to oversight of corporate cybersecurity efforts -- and lapses. But security experts are split about whether the decision will help improve enterprise security.
"It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information," said Federal Trade Commission Chairwoman Edith Ramirez in a statement.
Specifically, last week's decision allowed the FTC to take action against Wyndham Hotels and Resorts for failing to reasonably protect consumers' personal information between 2008 and 2010, when hackers broke in three times and stole more than 600,000 bank card numbers.To read this article in full or to leave a comment, please click here
In the past two years, 81 percent of hospitals and health insurance companies have had a data breach, according to a report released by KPMG."These are all incidents where they have determined they lost data," said Greg Bell, Cyber US Leader at KPMG. "This wasn't just a malware or a virus infection -- it actually went to exfiltration."The study surveyed 223 senior technology and security executives at health care organizations with over $500 million in annual revenues.However, only 66 percent of the insurance executives and 53 percent of hospital executives said they said that they were prepared for an attack.To read this article in full or to leave a comment, please click here
Enterprises tend to be highly focused on keeping attackers out of their systems, but most of the actual damage happens not when the bad guys first break in, but when they're able to successfully steal data -- and the techniques they're using to do this are getting steadily more sophisticated.One of the ways that attackers evade detection is to disguize the data before sending it out, according to a new report from Intel Security."They are compressing the data so that it's smaller in size, or making it look like something else," said Intel Security CTO Steve Grobman. "Or they cut it up into little pieces and send the pieces to different places, so that the attacker can then pick up all the chunks and reassemble them."To read this article in full or to leave a comment, please click here
Wouldn't it be convenient if all the spam and malware sites were all grouped together under one top-level domain -- .evil, say -- so that they would be easy to avoid? According to a new study from Blue Coat, there are in fact ten such top-level domains, where 95 percent or more of sites pose a potential threat to visitors.The worst offenders were the .zip and the .review top-level domains, with 100 percent of all sites rated as "shady," according to the report.The report is based on an analysis of tens of millions of websites visited by Blue Coat's 75 million global users. In order to protect its customers, Blue Coat has a database where it ranks websites on whether they have legitimate content, or malware, spam, scams, phishing attacks or other suspicious behaviors.To read this article in full or to leave a comment, please click here
The real cause of the talent shortage in the information security field isn't a lack of new people entering the profession, but retention and churn at the highest levels, according to a new report by IDC.
"It's a fairly common theme to suggest that we have better training in colleges, certificate courses, and all that sort of thing for entry-level folks," said IDC analyst and report author Pete Lindstrom.
But in fact, at the entry level, expectations are basic and companies are willing to be flexible, are open to diverse backgrounds, and can train new hires.
Jobs that require less than five years of experience are filled within just three months 85 percent of the time, and 99 percent are filled within six months, according to the IDC survey of senior infosec executives.To read this article in full or to leave a comment, please click here
Amazon will stop accepting Flash ads on its advertising network on Tuesday, and it will help make the entire Web more secure, security experts say.
According to Amazon, the move was prompted by a recent update from Google Chrome that limited how Flash was displayed on Web pages. Mozilla Firefox and Apple Safari already had similar limitations in place.
"his change ensures customers continue to have a positive, consistent experience on Amazon, and that ads displayed across the site function properly for optimal performance," the company said in its announcement.
Bad, bad FlashTo read this article in full or to leave a comment, please click here
Just 1 percent of employees are responsible for 75 percent of cloud-related enterprise security risk, and companies can dramatically reduce their exposure at very little additional cost by paying extra attention to these users.According to newly-released research by CloudLock, which analyzed the behavior of 10 million users during the second quarter of this year, these users are sending out plain-text passwords, sharing files, accidentally downloading malware, clicking on phishing links, using risky applications, reusing passwords, and engaging in other types of dangerous behaviors.MORE ON CSO: The things end users do that drive security teams crazy
These users include both rank-and-file employees as well as super-privileged users, software architects, and non-human accounts used to perform automated tasks.To read this article in full or to leave a comment, please click here
CrytoLocker is malware cyber criminals use to encrypt the contents of a computer until users pay up.But that's only one type of cyber extortion, according to Tim Francis, enterprise cyber lead at Hartford, Conn.-based insurance company Travelers.Criminals can also threaten to shut down computer systems or erase data, to infect a company with a virus, to publish proprietary information or personally identifiable information of customers or employees, launch a denial-of-service attack, or hold social media accounts hostage.Criminals can also start the attack first, and refuse to stop until the money is paid.MORE ON CSO:Lost in the clouds: Your private data has been indexed by Google
It's no longer just a lone disgruntled employee targeting a single company, Francis said. CryptoLocker is just one example of how cyber extortion technology has been commodified, making it accessible to a wider variety of criminals.To read this article in full or to leave a comment, please click here
The criminals behind the GameOver ZeuS Botnet didn’t just steal $100 million from banks -- they also spied on several countries on behalf of Russia, according to a Black Hat presentation Wednesday by an FBI agent and two other security experts.These countries included Ukraine, Turkey, Georgia, and OPEC members, according to FBI special agent Elliott Peterson.The gang, which called itself Business Club, had two leaders, one of whom was Evgeniy Bogachev who is still uncaught. The FBI is offering a $3 million reward for information leading to Bogachev’s arrest.[ Follow all the stories out of Black Hat 2015 ]To read this article in full or to leave a comment, please click here
LAS VEGAS - An ongoing conflict between website owners and ad injectors who place unwanted ads on those websites has just flared up into full-blown war, with advertisers and carriers caught in the crossfire.Take, for example, T-Mobile, which is proudly named as a customer by Flash Networks, a company that brags about creating "new monetization opportunities" for mobile operators when it "inserts the most relevant engagement display into the selected webpages."This seems to have been a surprise to T-Mobile. Cynthia Lee, the company's senior digital media manager, adamantly denied that T-Mobile was using Flash Networks to inject ads into webpages it was serving up to mobile customers.To read this article in full or to leave a comment, please click here
According to a new survey of Black Hat attendees released last week, InfoSec professionals are spending the biggest amount of their time and budgets on security problems created within the organization itself.
Security vulnerabilities introduced by their own application development teams consumed the most amount of time for 35 percent of respondents. Purchased software and systems were in second place with 33 percent of respondents.
Dealing with sophisticated targeted attacks was sixth on the list, with 20 percent of respondents choosing it as one of the three areas where they spent the most time.
Meanwhile, 57 percent said that their biggest concerns were sophisticated attacks directed at their organization.To read this article in full or to leave a comment, please click here