Archive

Category Archives for "Network World Security"

Android root malware widespread in third-party app stores

Four third-party app stores for Android have apps with a malicious component that seeks root access to devices, according to Trend Micro. The security company found 1,163 Android application packages containing the malware, which it calls ANDROIDOS_ LIBSKIN.A, wrote Jordan Pan, a mobile threats analyst with Trend. The malware obtains root access to the phone, the highest level of access and privilege. The apps containing the component were downloaded across 169 countries between Jan. 29 and Feb. 1 from marketplaces called Aptoide, Mobogenie, mobile9 and 9apps.To read this article in full or to leave a comment, please click here

Bill filed in Congress would ban encryption backdoors

Four Congressmen are proposing that states be forbidden to ask manufacturers to install encryption backdoors on their products outfitted with the technology. U.S. Rep. Ted Lieu The four filed a short bill this week that would deny states or parts of states from seeking alterations to products for the purpose of enabling surveillance of the user. It would also block them from seeking the ability to decrypt information that is otherwise unintelligible. The representatives filing the bill are Rep. Ted Lieu (D-Calif.), Rep. Blake Farenthold (R-Texas), Suzan DelBene (D-Wash.) and Mike Bishop (R-Mich.).To read this article in full or to leave a comment, please click here

U.S. intelligence chief touts IoT as a spying opportunity

In a brief aside during a Senate testimony on overall national security this week, U.S. director of national intelligence James Clapper justified the privacy and security advocates who have warned of the implications of the Internet of Things (IoT) since before it was a buzzword."In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," Clapper said, according to The Guardian.To read this article in full or to leave a comment, please click here

Don’t touch the malware at this museum

Malware moments you wish to forgetImage by Jelene Morris (modified)Jason Scott, archivist and software curator for the Internet Archive, and Mikko Hypponen, chief research officer of F-Secure, have brought together this group of malware to mark some of the early viruses. Here are only a few, with another batch to be displayed soon.To read this article in full or to leave a comment, please click here

Underhanded C contest winner’s code fools nuke inspectors into destroying fake nukes

What if Alice and Bob represented countries that agreed to a nuclear disarmament treaty, but neither trusted the other enough to scan a warhead and observe the test results because the scans revealed sensitive information about their nuclear program? In the end, the countries agree to build a fissile material detector that would output only a “yes” or “no” as to if each country dismantled real warheads and not fakes.In essence, that was the scenario for the annual Underhanded C Contest which tasked programmers with solving “a simple data processing problem by writing innocent-looking C code, while covertly implementing a malicious function. This type of malicious program, in the real world, could let states take credit for disarmament without actually disarming.”To read this article in full or to leave a comment, please click here

CSO Online’s 2016 data breach blotter

Another day, another data breachImage by ThinkstockThere were 736 million records exposed in 2015 due to a record setting 3,930 data breaches. 2016 has only just started, and as the blotter shows, there are a number of incidents being reported in the public, proving that data protection is still one of the hardest tasks to master in InfoSec.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Drugs, guns, and hitmen more common on dark web than religious extremism

What many of us likely suspected, but possibly hadn't gone to the trouble—or had the inclination—of finding out for ourselves is that the dark web is full of illegal and dubious stuff, researchers have found. The researchers, who have been studying and writing about encryption policy, sniffed around with a Tor browser and found 1,547 out of 5,205 total websites live on the dark web engaging in illegal activity. Those illicit destinations, uncovered in early 2015, covered subjects relating to illegal drugs, money laundering, and "illegitimate" pornography, the Kings College London scientists write in their Cryptopolitik and the Darknet paper abstracted in Survival: Global Policy and Strategy, a journal.To read this article in full or to leave a comment, please click here

SAP slaps patch on leaky factory software

SAP's February round of critical software updates includes one for SAP Manufacturing Integration and Intelligence (xMII) that may be of interest to hackers and spies. The software is widely used in manufacturing industry, where it connects factory-floor systems to business applications for performance monitoring -- but a flaw in it meant that restrictions on who could see what were not enforced. The patch for xMII fixes a directory traversal vulnerability, SAP reported Tuesday in security note 2230978. The vulnerability could have allowed attackers to access arbitrary files and directories on an SAP fileserver, including application source code, configuration and system files and other critical technical and business-related information, security researchers at ERPScan said Wednesday.To read this article in full or to leave a comment, please click here

Microsoft fixes 36 flaws in IE, Edge, Office, Windows, .NET Framework

Microsoft released its second batch of security updates for this year, addressing a total of 36 flaws in Internet Explorer, Edge, Office, Windows and .NET Framework.The patches are covered in 12 security bulletins, five of which are rated critical. There is also a thirteenth bulletin, also critical, for Flash Player. Although it's maintained by Adobe, Flash Player is included with Internet Explorer 11 and Edge, so Microsoft is distributing Adobe's patches through Windows Update.Researchers from security vendor Qualys believe that MS16-022, the Flash Player bulletin, should be at the top of users' priority list this month because it contains fixes for 22 critical vulnerabilities that could give attackers complete control over computers. Flash Player is a frequent target for attackers and can be exploited by simply visiting a malicious or compromised website.To read this article in full or to leave a comment, please click here

IBM’s X-Force team hacks into smart building

As buildings get smarter and increasingly connected to the Internet, they become a potential vector for attackers to target.IBM's X-Force ethical hacking team recently ran a penetration test against a group of office buildings using building automation systems that controlled sensors and thermostats.In this particular case, a building management company operated more than 20 buildings across the United States, as well as a central server.Without any social engineering, or online data gathering about employees, the team targeted one building."We did it old-school, just probing the firewall, finding a couple of flaws in the firmware," said Chris Poulin, research strategist for IBM's X-Force. "Once we had access to that, we had access to the management system of one building."To read this article in full or to leave a comment, please click here

Identity thieves obtain 100,000 electronic filing PINs from IRS system

The Internal Revenue Service was the target of an attack that used stolen social security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.The attack occurred in January and targeted an IRS Web application that taxpayers use to obtain their so-called Electronic Filing (E-file) PINs. The app requires taxpayer information such as name, Social Security number, date of birth and full address.Attackers attempted to obtain E-file PINs corresponding to 464,000 unique SSNs using an automated bot, and did so successfully for 101,000 SSNs before the IRS blocked it.The personal taxpayer data used during the attack was not obtained from the IRS, but was stolen elsewhere, the agency said in a statement. The IRS is notifying affected taxpayers via mail and will monitor their accounts to protect them from tax-related identity theft.To read this article in full or to leave a comment, please click here

US regulator coming around to view that a Google computer could qualify as car driver

The U.S. federal transport safety regulator is coming around to the view that rules could be updated so that computers in autonomous cars can be considered as drivers, but added that the rule-making could take some time.The move by the National Highway Traffic Safety Administration could be a major boost for Google and a number of companies including traditional car makers that are working on partially or fully autonomous vehicles."If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the driver as whatever (as opposed to whoever) is doing the driving," Paul A. Hemmersbaugh, chief counsel of the NHTSA, wrote in a Feb 4 letter in reply to a Google proposal relating to its self-driving cars.To read this article in full or to leave a comment, please click here

Poseidon hacker group behind long-running extortion scheme

Kaspersky Lab has linked a single group to a long-known campaign of cyberattacks that appears to be aimed at extorting corporate victims.The Poseidon Group may have been active since 2001, according to an analysis of malware samples. The group's tools have been designed to function on systems set to English and Portuguese.Victims are usually sent spear-phishing emails and malware hidden inside office documents. Once on a network, the hackers explore its topology in order to eventually steal intellectual property and commercial information."Then the attacker looks for all administrator accounts on both the local machine and the network," Kaspersky wrote in a post on Tuesday. "This technique allows them to map network resources and make lateral movements inside the network, landing in the perfect machine to match the attacker’s interest."To read this article in full or to leave a comment, please click here

Google will stop accepting new Flash ads on June 30

Google has just hammered another nail in the coffin for Flash, Adobe Systems' multimedia software widely criticized for its frequent security vulnerabilities.On Tuesday, Google set deadlines for when it will stop running Flash ads and accept only those written in HTML5, the latest version of the Web's mother tongue.As of June 30, Google will stop accepting new Flash-based display ads for AdWords and DoubleClick Digital Marketing. And Flash ads won't be allowed on the company's Display Network or DoubleClick after Jan. 2, 2017.Flash is one of the most commonly targeted applications by hackers because it's installed on hundreds of millions of computers. Unpatched vulnerabilities can allow a hacker to install malicious software on a computer if a victim merely views a malicious ad.To read this article in full or to leave a comment, please click here

Obama’s new cybersecurity agenda: What you need to know

In response to mounting cyber attacks on federal networks, President Barack Obama is seeking $19 billion for cybersecurity, more than a 35% increase over last year’s spending, and calling for a federal CISO to oversee all the upgrade of outdated and insecure cyber infrastructure.The number of information security incidents grew more than 11-fold between 2006 and 2014 to 67,168, and attacks from other countries have been on the rise.+More on Network World: Feds' primary network security weapon needs more bang+To read this article in full or to leave a comment, please click here

Microsoft released 13 security bulletins for February Patch Tuesday, 6 rated critical

On February 2016 Patch Tuesday, Microsoft released 13 security bulletins, six of which are rated as critical for remote code execution. The rest deal with fixing elevation of privilege, denial of service, and security feature bypass vulnerabilities.Rated critical MS16-022 resolves 23 flaws in Adobe Flash Player by updating Flash libraries in Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. This patch is meant for all supported editions of Windows. It was ranked at the top of the list for patching, according to Qualys CTO Wolfgang Kandek, who called the patch a “packaging change” since “there is a real bulletin for it,” as opposed to a security advisory.To read this article in full or to leave a comment, please click here

Heterogeneous Multi-Dimensional Cloud Security

According to ESG research, 75% of organizations use public cloud services of one kind or another today (note: I am an ESG employee).  A majority (65%) use SaaS, 38% use IaaS, and 33% use PaaS.  In terms of IaaS, Amazon Web Services (AWS) is still the king of the hill but many large enterprises are implementing or kicking the tires on alternatives.  Microsoft is pushing clients with enterprise client access licenses (ECAL) toward Office365 and Azure, IBM is winning SoftLayer deals with large customers, and Google Cloud Platform is gaining traction in the life sciences industry.With all of this cloud momentum, we see a new compute model evolving that ESG calls heterogeneous multi-dimensional cloud infrastructure.  Simply stated, heterogeneous multi-dimensional cloud infrastructure is sort of a hybrid cloud on steroids where enterprises have a little bit of everything – AWS, Azure, OpenStack, SoftLayers, VMware, etc., on-premise and in the public cloud.To read this article in full or to leave a comment, please click here

Java-based Trojan was used to attack over 400,000 systems

A cross-platform remote access Trojan that's being openly sold as a service to all types of attackers, from opportunistic cybercriminals to cyberespionage groups, has been used to attack more than 400,000 systems over the past three years.The RAT (Remote Access Tool/Trojan), which depending on the variant is known as Adwind, AlienSpy, Frutas, Unrecom, Sockrat, jRat or JSocket, is evidence of how successful the malware-as-a-service model can be for malware creators.Adwind is written in Java, so it can run on any OS that has a Java runtime installed including Windows, Mac OS X, Linux and Android. The Trojan has been continuously developed since at least 2012 and is being sold out in the open via a public website.To read this article in full or to leave a comment, please click here

Current p2p trends threatening enterprise security

Security threats from peer to peer (p2p) communication are nothing new, but they are becoming more sophisticated. From ransomware and botnets, these threats are a global threat that continue to evolve in more sophisticated ways. If security teams aren’t looking for them, they may go undetected, which could be costly for the enterprise.The TrendLabs Security Intelligence blog has been talking about ransomware and CryptoLocker threats for the better part of this and the last decade. In his August 2015 post, Macro Threats and Ransomware Make Their Mark: A Midyear Look at the Email Landscape, Maydalene Salvador, noted that the number of spammed messages in 2014 was nearly 200 billion emails.To read this article in full or to leave a comment, please click here