The Asprox botnet, whose malware-spamming activities have been followed for years by security researchers, appears to be gone.Since 2007, the botnet was used for effective spam campaigns that sought to trick people into downloading malware attachments in emails that purported to be court notices or notifications from services including FedEx, the U.S. Postal Service and American Airlines.But by January, the botnet seemed to be shut down, wrote Ryan Olson, intelligence director for Palo Alto Networks, in a blog post. Throughout 2014, the security company noticed the botnet was distributing Kuluoz, a malware program linked to Asprox.To read this article in full or to leave a comment, please click here
Responding to an accusatory blog post, BlackBerry has again denied that its embedded operating system caused the potentially dangerous vulnerability recently demonstrated in Chrysler Jeep Cherokees.Last month, security researchers demonstrated how to circumnavigate the in-vehicle entertainment system of the Jeep Cherokee to take over the car itself, including control of the dashboard, steering mechanism, transmission, locks, and brakes.Over 1.4 million vehicles have subsequently been recalled to fix the problem. The dealerships will install updated software, though owners can install the update themselves.To read this article in full or to leave a comment, please click here
When it comes to hacking chemical plants, for an attacker to go hackedity-hack-hack and then the plant goes boom fortunately only happens in the movies. But “if you plan to improve your financial posture” now and at least in the five years is a good time for security researchers to jump into cyber-physical systems security where you will be most concerned about attacks that cause physical damage.Granted, you and attackers may know a lot about the IT world, and even Industrial Control Systems (ICS) aka SCADA, but hacking a chemical plant means also needing to know some physics, chemistry and engineering. The Damn Vulnerable Chemical Process was developed to help you master new skills; it’s the “first open source framework for cyber-physical experimentation based on two realistic models of chemical plants.”To read this article in full or to leave a comment, please click here
VirusesImage by BixentroThe world of computer viruses has changed drastically over the last 25 or so years. In the early days, internet users were very naïve towards email attachments, contributing to the alarming speed that viruses could spread across the globe. These days, viruses very rarely land in our inboxes due to preconfigured firewalls and strict measures from the likes of Gmail and Outlook. SSLs.com compiled this list in looking at the destructive viruses that wreaked havoc on the Internet.To read this article in full or to leave a comment, please click here
One of the best ways to understand your enemy – what he’s up to, what his capabilities are and how he can damage you – is to spy on him.And according to some cybercrime experts, one of the easier and more effective ways to do that is to hang out where the bad guys do – on the Dark Web.In a recent post on Dark Reading, Jason Polancich, founder and chief architect of SurfWatch Labs, asserted that, “most businesses already have all the tools on hand for starting a low-cost, high-return Dark Web intelligence operations within their own existing IT and cybersecurity teams.”To read this article in full or to leave a comment, please click here
Customers of the oft-criticized security and performance program MacKeeper have until Nov. 30 to file a claim for reimbursement, the result of a proposed class-action suit settlement.Those who bought MacKeeper before July 8 are eligible, according to the settlement website where claims can be filed.The class action suit accused MacKeeper’s original developer, ZeoBIT, of deceptively advertising the program and making false claims about what it could fix. It was filed in May 2014 in the U.S. District Court for the Western District of Pennsylvania.To read this article in full or to leave a comment, please click here
When car manufacturers hear Samy Kamkar’s name, they likely cringe as Kamkar has been on a car-cracking spree. About a week after he unveiled OwnStar, Kamkar was at Def Con 23 presenting “Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars.”At the end of July, Kamkar revealed his $100 OwnStar device that could “locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communications between the RemoteLink mobile app and OnStar servers.” GM quickly patched the OnStar app.To read this article in full or to leave a comment, please click here
With their own dedicated processor and operating system, LTE/3G modems built into new business laptops and tablets could be a valuable target for hackers by providing a stealthy way to maintain persistent access to an infected device.In a presentation Saturday at the DEF CON security conference in Las Vegas, researchers Mickey Shkatov and Jesse Michael from Intel’s security group demonstrated how a malware program installed on a computer could rewrite the firmware of a popular Huawei LTE modem module that’s included in many devices.The module runs a Linux-based OS, more specifically a modification of Android, that is completely independent from the computer’s main operating system. It’s connected to the computer through an internal USB interface, which means that it could be instructed to emulate a keyboard, mouse, CD-ROM drive, network card, or other USB device. Those would appear connected to the primary OS.To read this article in full or to leave a comment, please click here
Cyberthieves broke into the IT systems of Carphone Warehouse, a large cell phone retailer in the U.K., and may have stolen personal and bank data of up to 2.4 million customers and the credit card details of up to 90,000 customers.Specifically, the division that was attacked operates the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites, and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some customers of Carphone Warehouse, the company said Saturday in an emailed statement.The attack, which the company described as “sophisticated,” was discovered Wednesday afternoon, and likely happened at some point in the two weeks prior to the discovery. Carphone Warehouse has secured the breached systems, put in place additional safety measures and hired a security company to determine what data was compromised. It is also notifying customers that could be affected.To read this article in full or to leave a comment, please click here
A talk about a radio-based privacy device dubbed ProxyHam that promised to allow hackers to connect to Wi-Fi networks from as far as 2.5 miles away was abruptly pulled from the DEF CON schedule by its creator a few weeks ago.The incident, which some speculated was the result of pressure from the FBI or the NSA, outraged the security community. But as hackers are not the type to give up easily, they quickly came up with a replacement that in many respects is better than the original.Called HamSammich, the new device is the creation of security researchers Robert Graham and David Maynor and can proxy data over the 900 Mhz radio band from 20 miles away at up to 56kbps—the top speed of a dial-up modem from the late 1990s. It was presented at the DEF CON hacking conference on Friday.To read this article in full or to leave a comment, please click here
The IRS this week said some 4,000 victims have lost over $20 million to scammers and the rip-offs continue at a startling pace.+More on Network World: FBI and IRS warn of pervasive, maddening business, consumer scams+ The IRS noted what it called a number of new variations on old schemes:
Scammers alter what appears on your telephone caller ID to make it seem like they are with the IRS or another agency such as the Department of Motor Vehicles. They use fake names, titles and badge numbers. They use online resources to get your name, address and other details about your life to make the call sound official. They even go as far as copying official IRS letterhead for use in email or regular mail.
Brazen scammers will even provide their victims with directions to the nearest bank or business where the victim can obtain a means of payment such as a debit card. And in another new variation of these scams, con artists may then provide an actual IRS address where the victim can mail a receipt for the payment – all in an attempt to make the scheme look official.
Scammers try to scare people Continue reading
May Black Hat be with youAs if hacked cars and massive Android vulnerabilities weren’t enough to keep the attention of security experts attending Black Hat 2015 in Las Vegas, the vendors at this increasingly vendor-driven show were wheeling out shiny distractions ranging from food and drink to celebrity lookalikes to custom art and free giveaways. Here’s a look at some of what helped keep Black Hat entertained. (See all the stories from Black Hat.)To read this article in full or to leave a comment, please click here
Travel industry software maker Sabre is the latest company said to have been hit by the same hackers who recently attacked U.S. health insurer Anthem and the U.S. Office of Personnel Management (OPM), while American Airlines has been investigating its own systems for evidence of a similar breach.Texas-based Sabre, whose technology processes reservations for hundreds of airlines and thousands of hotel properties, on Friday confirmed that its systems were compromised.“We recently learned of a cybersecurity incident, and we are conducting an investigation into it now,” Sabre said. “At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing.”To read this article in full or to leave a comment, please click here
The deputy head of the Department of Homeland Security implored a group of skeptical security pros at Black Hat 2015 to share information about security incidents and to trust the government to keep it safe.“We understand the trust deficit that exists in the [security] community,” says Alejandro Mayorkas, deputy secretary of Homeland Security, encouraging attendees to participate in a government program where private businesses share information about cyber threats they encounter.+ MISS BLACK HAT? Get caught up with our stories from the show +Part of the trust problem is that businesses lack confidence that government can secure information it receives, Mayorkas says, citing the massive breach at the Office of Personnel Management. (It didn’t help his cause that as the meeting broke up news also broke that unclassified emails for the Joint Chiefs of Staff had been hacked and the email system shut down for two weeks.)To read this article in full or to leave a comment, please click here
An attack using the SMB file sharing protocol that has been believed to work only within local area networks for over a decade can also be executed over the Internet, two researchers showed at the Black Hat security conference.The attack, called an SMB relay, causes a Windows computer that’s part of an Active Directory domain to leak the user’s credentials to an attacker when visiting a Web page, reading an email in Outlook or opening a video in Windows Media Player.Those credentials can then be used by the attacker to authenticate as the user on any Windows servers where the user has an account, including those hosted in the cloud.In an Active Directory network, Windows computers automatically send their credentials when they want to access different types of services like remote file shares, Microsoft Exchange email servers or SharePoint enterprise collaboration tools. This is done using the NTLM version 2 (NTLMv2) authentication protocol and the credentials that get sent are the computer and user name in plain text and a cryptographic hash derived from the user’s password.To read this article in full or to leave a comment, please click here
Late Thursday night, Mozilla released a security patch for the Firefox browser after finding a serious vulnerability being exploited in the wild. The vulnerability allows malicious attackers to use some JavaScript magic to “search for and upload potentially sensitive” from your hard drive to their servers.Mozilla is asking all Firefox users to upgrade immediately to version 39.0.3. Anyone on the Firefox Extended Support release via their school or business should upgrade to version 38.1.1. MORE ON NETWORK WORLD: Free security tools you should try
The security issue only affects PCs since the flaw relies on an interaction between Firefox’s PDF Viewer and other parts of the browser. Firefox for Android does not have the PDF Viewer and therefore not vulnerable, according to a blog post by Mozilla’s security lead, Daniel Veditz.To read this article in full or to leave a comment, please click here
They say an ounce of prevention is worth a pound of cure. With Nest’s motion-sensing camera, that prevention will put a dent in your wallet.The Google-owned company, which makes a smart thermostat and smoke detector, recently launched its first home security camera, the Nest Cam. It offers higher-quality video and smarter motion detection than its predecessor, the Dropcam, which Nest acquired last year. But with a bunch of similar cameras on the market, some of which come with cheaper or even free cloud storage plans, the Nest Cam is not necessarily a smart buy.To read this article in full or to leave a comment, please click here
The criminals behind the GameOver ZeuS Botnet didn’t just steal $100 million from banks -- they also spied on several countries on behalf of Russia, according to a Black Hat presentation Wednesday by an FBI agent and two other security experts.These countries included Ukraine, Turkey, Georgia, and OPEC members, according to FBI special agent Elliott Peterson.The gang, which called itself Business Club, had two leaders, one of whom was Evgeniy Bogachev who is still uncaught. The FBI is offering a $3 million reward for information leading to Bogachev’s arrest.[ Follow all the stories out of Black Hat 2015 ]To read this article in full or to leave a comment, please click here
A group of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it’s possible to steal data using just specialized malware on the computer and the mobile phone.To read this article in full or to leave a comment, please click here
A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers, a security researcher said Thursday. Such malware could be undetectable by security products.The vulnerability stems from a feature first added to the x86 architecture in 1997. It was disclosed Thursday at the Black Hat security conference by Christopher Domas, a security researcher with the Battelle Memorial Institute.By leveraging the flaw, attackers could install a rootkit in the processors System Management Mode (SMM), a protected region of code that underpins all the firmware security features in modern computers.To read this article in full or to leave a comment, please click here