Archive

Category Archives for "Network World Security"

Counterterrorism expert says it’s time to give companies offensive cybercapabilities

The U.S. government should deputize private companies to strike back against cyberattackers as a way to discourage widespread threats against the nation’s businesses, a former government official says.Many U.S. businesses have limited options for defending their IP networks, and the nation needs to develop more “aggressive” capabilities to discourage cyberattacks, said Juan Zarate, the former deputy national security advisor for counterterrorism during President George W. Bush’s administration.The U.S. government should consider allowing businesses to develop “tailored hack-back capabilities,” Zarate said Monday at a forum on economic and cyberespionage hosted by think tank the Hudson Institute. The U.S. government could issue cyberwarrants, giving a private company license “to protect its system, to go and destroy data that’s been stolen or maybe even something more aggressive,” he added.To read this article in full or to leave a comment, please click here

Newest RIG exploit kit driven by malicious advertising

LAS VEGAS - Earlier this year, a disgruntled reseller leaked the source code for version 2.0 of the RIG exploit kit.Since then, the RIG's author has released version 3.0, which was recently discovered by researchers from Trustwave. The latest version uses malvertising in order to deliver a majority of its traffic, infecting some 1.25 million systems to date.There have been a few notable changes made to RIG between versions, including a cleaner control panel that's easier to navigate, changes to the URL structure used by the kit that helps it avoid detection, and a security structure that prevents unauthenticated users from accessing internal files – clearly implemented to avoid leaks such as the one that exposed the source code for the previous version.To read this article in full or to leave a comment, please click here

Harvard CISO shares 5 pearls of IT security wisdom

Chief Information Security Officer Christian Hamer, who is responsible for policy and awareness across Harvard University and whose team handles security operations and incident response, took part on a panel last week at the Campus Technology conference in Boston (Campus Technology’s Rhea Kelly moderated; ESET researcher Lysa Myers was also an expert panelist). Here’s a selection of Hamer’s more notable observations:  Most important steps for protecting your network: We think all too often about IT security or information security [as being] about the bits and bytes, and what kind of widget we put on the network or somebody’s computer to protect it… But in general we have populations that want to do the right thing. They’re a lot more aware of the threats now because a lot of them have been in the media quite a bit recently. But they’re just not sure what to do or how to do it. And that’s probably the No. 1 thing that people could double down on. Does your community know what to do? Do they know how to do it? And do they know who to ask if they have trouble understanding that? Mobile security: “There’s a great industry around mobile Continue reading

Patch halt looms for half of all IE users

With just over four months left before Microsoft stops serving security updates to most versions of Internet Explorer (IE) other than IE11, nearly half of all IE users are still running a soon-to-be-retired edition, new data released Saturday showed.In August 2014, Microsoft abruptly told virtually all IE users that they needed to be running IE11 by Jan. 12, 2016, or face a shut-off of security updates. After that date, Microsoft will support IE9 only on Windows Vista and Windows Server 2008; IE10 only on Windows Server 2012; and only IE11 on Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2 and Windows Server 2012 R2.To read this article in full or to leave a comment, please click here

Hello Windows 10. Hello Criminals.

It’s not really surprising that scammers are taking advantage of Microsoft’s consumer release of Windows 10. According to security firm KnowBe4:  Major Operating System upgrades are usually causing confusion among end-users and the current Windows 10 upgrade is no exception. The bad guys exploit these confusions in several ways, mostly through massive phishing campaigns and with criminal call-center operations which claim to be Microsoft tech support. Some campaigns will try to worry the user that their PC has changed somehow, causing access issues. Other phishing emails will try to lure the user with links where they can get their new no-charge version of Windows 10, or have it "attached" in a zipped file, which makes it our Scam Of The Week, because the attachment is the CBT-Locker ransomware!To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, Aug. 3

Attacked then abandoned in Philadelphia, Hitchbot’s attempt to thumb a lift across the U.S. ends in disasterA robot that counted on the kindness of strangers to help it travel around the world has met a cruel fate in Philadelphia, barely three weeks into an attempt to hitch-hike across the U.S. Hitchbot, developed by robotics researchers at McMaster University in Hamilton, Ontario, had already hitch-hiked successfully across Canada and Germany, but U.S. residents turned out to be less welcoming, AP reports.To read this article in full or to leave a comment, please click here

A secure employee departure checklist

Employee exitImage by ThinkstockA certain amount of employee turnover is a natural part of any organization’s life cycle. With each departure, whether the employee was entry-level or an executive, every organization should have a comprehensive process in place to facilitate the employee’s exit, while protecting the company’s information and securing the network and computer system accounts. Laura Iwan, Senior Vice President of Programs at the Center for Internet Security, has compiled these tips to help avoid any issues when an employee leaves the company.To read this article in full or to leave a comment, please click here

T-Mobile caught in crossfire of injected ad war with Flash Networks

LAS VEGAS - An ongoing conflict between website owners and ad injectors who place unwanted ads on those websites has just flared up into full-blown war, with advertisers and carriers caught in the crossfire.Take, for example, T-Mobile, which is proudly named as a customer by Flash Networks, a company that brags about creating "new monetization opportunities" for mobile operators when it "inserts the most relevant engagement display into the selected webpages."This seems to have been a surprise to T-Mobile. Cynthia Lee, the company's senior digital media manager, adamantly denied that T-Mobile was using Flash Networks to inject ads into webpages it was serving up to mobile customers.To read this article in full or to leave a comment, please click here

Sorriest technology companies of 2015

Sorry situationImage by ThinkstockDespite all the technology advances that have rolled out this year, it’s also been a sorry state of affairs among leading network and computing vendors, along with businesses that rely heavily on technology. Apple, Google, airlines and more have issued tech-related mea culpas in 2015…To read this article in full or to leave a comment, please click here

DNS server attacks begin using BIND software flaw

Attackers have started exploiting a flaw in the most widely used software for the DNS (Domain Name System), which translates domain names into IP addresses.Last week, a patch was issued for the denial-of-service flaw, which affects all versions of BIND 9, open-source software originally developed by the University of California at Berkeley in the 1980s.The flaw can be exploited with a single packet, crashing both authoritative and recursive DNS servers. Security analysts predicted that attackers would quickly figure out how to exploit the flaw, which has now happened.“We can confirm that the attacks have begun,” wrote Daniel Cid, CTO and founder of the security company Sucuri. “DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down, it also means your email, HTTP and all other services will be unavailable.”To read this article in full or to leave a comment, please click here

Fake Apple iOS crash reports prove tricky to remove

Some Apple mobile users have been encountering a pop-up message that is particularly difficult to close.The message appears after a user has been redirected to a different domain, usually caused by viewing a malicious advertisement, wrote Jerome Segura, a senior security researcher with Malwarebytes.The message warns that a third-party application on the phone has caused the device to crash and includes a phone number where users can allegedly get their device fixed.Warnings such as this one are employed by technical support schemes, which convince people to call their support lines by falsely warning that their computers or devices have security or performance problems.To read this article in full or to leave a comment, please click here

Microsoft will NOT email you Windows 10, it’s ransomware

A few days ago, over 14 million machines had been upgraded to Windows 10, but millions of other people who used the “Get Windows 10” app are impatiently waiting for Microsoft to notify them that it is their turn to download Windows 10. The app says Microsoft is rolling out the free upgrade in waves; “Watch for your notification so that you can start your upgrade. Your notification to upgrade could come as soon as a few days or weeks.” That notification has become an exploitation opportunity for bad guys who are sending out fake Windows 10 upgrade emails along with supposedly zipped Windows 10 download attachments that ultimately install ransomware on victims’ PCs.To read this article in full or to leave a comment, please click here

Personal health information in the wrong hands can be painful

Credit card data isn’t quite the mother lode it once was for cyber thieves. Not only is its useful life generally brief, it also isn’t worth as much as it used to be.But cyber criminals are, among other things, adaptable. As Daniel Berger, CEO of Redspin puts it, "hackers are bad guys but good economists.” So they simply turn to something that provides a bigger bang for the buck.And that, increasingly, is the data you voluntarily turn over to doctors, hospitals and health insurers, known as PHI, or Personal Health Information.MORE ON CSO: How to spot a phishing email The Identity Theft Resource Center reported in January that of reported breaches, the healthcare sector had the most for three years in a row, with 42.5% of the total in 2014.To read this article in full or to leave a comment, please click here

Former Hacking Team developer reportedly in contact with a terrorist group

An individual who did work for Hacking Team was in contact with hackers working for a terrorist organization, and disgruntled employees—who deny the charge—were planning to sell an antidote to the spyware vendor’s surveillance software, an Italian newspaper reported Friday.A general in the Italian foreign intelligence service (AISE), identified as “G” in internal emails published by WikiLeaks three weeks ago, told Hacking Team CEO David Vincenzetti that “an ex-collaborator of Hacking Team is working with foreign hackers who collaborate with terrorist organizations,” according to Il Fatto Quotidiano.Hacking Team, a Milan-based company that sold surveillance software to law enforcement agencies around the world and was criticized for helping oppressive regimes crack down on their political opponents, suffered a disastrous security breach at the beginning of July, with 400 GB of confidential information eventually dumped online.To read this article in full or to leave a comment, please click here

Black Hat 2015: Cracking just about anything

Researchers at the Black Hat 2015 conference next week will show how to crack Internet routing protocols, malware-detecting honeypots, radio-frequency ID gear that gates building access, and more, but also offer tips on how to avoid becoming victims to their new attacks.A pair of researchers will release a hardware device that exploits weaknesses in RFID access controls and show how to use it to break into buildings. The device exploits the communication protocol used by most access-control systems, according to the team, Eric Evenchick, a freelance developer, and Mark Baseggio, a security consultant for Accuvant.+ ALSO ON NETWORK WORLD: The Black Hat Quiz 2014 +To read this article in full or to leave a comment, please click here

Ad group urges FTC to reject right to be forgotten in US

The U.S. Federal Trade Commission should reject a privacy group’s push to extend the E.U.’s controversial right to be forgotten rules to the U.S. because such regulations would have a “sweeping” negative effect on many U.S. companies, a trade group said.The FTC should dismiss a July 7 complaint from Consumer Watchdog against Google, the Association of National Advertisers [ANA] said Friday, because the privacy group’s request that Google and other Internet firms enforce the right to be forgotten could open the door to more European privacy regulations in the U.S.To read this article in full or to leave a comment, please click here

Why does SQL injection still exist?

After having spent the last two weeks in Asia I find myself sitting in a hotel room in Tokyo pondering something. I delivered a few talks in Singapore and in Manila and was struck by the fact that we’re still talking about SQL injection as a problem.So, what is SQL injection you might ask. This is a method to attack web applications that have a data repository. The attacker would send a specially crafted SQL, or structured query language, statement that is designed to cause some malicious action. These statements are successful too often as many web applications do not sanitize their inputs.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers The OWASP Top Ten is a collection of vulnerabilities that are of particular note. The problem that jumps out at me is that SQL injection has been on this list for the better part of a decade. Why does this continue to be the case? Well, there are contributing factors to be certain. One of which is the time to market issue which will most likely never be dealt with from a security perspective.To read this article in full or Continue reading

Hacker steals Bitdefender customer log-in credentials, attempts blackmail

A hacker extracted customer log-in credentials from a server owned by Bitdefender that hosted the cloud-based management dashboards for its small and medium-size business clients.The antivirus firm confirmed the security breach, but said in an emailed statement that the attack affected less than 1 percent of its SMB customers, whose passwords have since been reset. Consumer and enterprise customers were not affected, the company said.The hacker, who uses the online alias DetoxRansome, first bragged about the breach on Twitter Saturday and later messaged Bitdefender threatening to release the company’s “customer base” unless he was paid US$15,000.To read this article in full or to leave a comment, please click here

Hacker shows he can locate, unlock and remote start GM vehicles

A security researcher has posted a video on YouTube demonstrating how a device he made can intercept wireless communications to locate, unlock and remotely start GM vehicles that use the OnStar RemoteLink mobile app. Samy Kamkar, who refers to himself as a hacker and whistleblower, posted the video today showing him using a device he calls OwnStar. The device, he said, intercepts communications between GM's OnStar RemoteLink mobile app and the OnStar cloud service. Samy Kamkar Hacker Samy Kamkar shows how after hacking the OnStar mobile app, he's able to use it to control a Chevy Volt.To read this article in full or to leave a comment, please click here

Researchers improve de-anonymization attacks for websites hiding on Tor

Researchers have developed a new technique that could allow attackers to determine with a high degree of accuracy which Tor websites users are accessing and where those websites are hosted.The new attack, which improves upon previous traffic fingerprinting techniques, was devised by researchers from the Massachusetts Institute of Technology (MIT) and the Qatar Computing Research Institute (QCRI), who found ways to differentiate between different types of connections in a user’s encrypted Tor traffic.The Tor anonymity network was built to hide from network snoopers which websites or other Internet resources that user is accessing. It does this by wrapping the user’s requests in several layers of encryption and routing them through multiple computers that run the Tor software.To read this article in full or to leave a comment, please click here