Archive

Category Archives for "Network World Security"

Google worried US could use amended warrant rule to search computers abroad

Google has opposed moves by the U.S. Department of Justice to extend the warrant issuing authority of magistrate judges to searches of computers in districts other than their own.Innocuous as that may sound, Google is concerned that the proposed amendment would likely end up being used by U.S. law enforcement to directly search computers and devices anywhere in the world.There is nothing in the proposed change to the Federal Rule of Criminal Procedure 41 that would prevent access to computers and devices worldwide, wrote Richard Salgado, Google’s legal director for law enforcement and information security, in a blog post Wednesday.To read this article in full or to leave a comment, please click here

Swedish man pleads guilty to peddling Blackshades malware

A Swedish man pleaded guilty Wednesday to peddling one of the most prevalent spying programs called Blackshades that was widely used by the criminal underground.Alex Yucel, 24, pleaded guilty to one count of distributing malicious software. He could face a maximum of 10 years in prison, the U.S. Attorney’s Office for the Southern District of New York said. He is expected to be sentenced on May 22.BlackShades, a remote access trojan, was marketed by its developers as a program for legitimate computer monitoring but was mostly used for stealing payment card data, recording a computer’s keystrokes and secretly controlling webcams. It was sold for between US$40 to $100.To read this article in full or to leave a comment, please click here

Tens of thousands of home routers at risk with duplicate SSH keys

A setup mistake has apparently left hundreds of thousands of home routers running the SSH (Secure Shell) remote access tool with identical private and public keys.John Matherly used Shodan, a specialized search engine for querying Internet-connected devices, and found more than 250,000 devices that appear to be deployed by Telefónica de España sharing the same public SSH key.+ ON THE LIGHTER SIDE: Most Memorable Saturday Night Live Techie Skits & Bits +Matherly, who founded Shodan, performed the search after someone posted a shorter version of a public key—called a fingerprint—for their device.To read this article in full or to leave a comment, please click here

Samsung smart TVs don’t encrypt the voice data they collect

Samsung does not encrypt voice recordings that are collected and transmitted by its smart TVs to a third party service, even though the company has claimed that it uses encryption to secure consumers’ personal information.A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung’s own privacy policy those words can in some cases include personal or sensitive information. The incident even drew comparisons to Big Brother behavior from George Orwell’s dystopian novel 1984.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Wednesday, February 18

Facebook wants us all to create VR contentFacebook is actively looking at ways to make its $2 billion acquisition of virtual reality headset maker Oculus Rift part of the social media experience. At a re/code conference Tuesday, Chief Product Officer Chris Cox said the company is working on VR apps, and he also said he expected users to one day upload and share VR content. As re/code pointed out, creating that content is currently a nontrivial affair; Cox also told the publication that “We’re probably a long way from everyone having these headsets.”To read this article in full or to leave a comment, please click here

Israel targeted by malware packaged with pornographic video

Israeli institutions have been targeted by an Arab-speaking hacker group that sought to extract sensitive documents, according to Trend Micro.The campaign, which Trend called Operation Arid Viper, focused on sending phishing emails to targets. Those emails came with malware packaged with a short pornographic video, according to the company’s report.The phishing emails were sent to targets including a government office, infrastructure providers, a military organization and academic institutions in Israel and Kuwait.The attacks “targeted professionals who might be receiving very inappropriate content at work and so would hesitate to report the incident,” Trend wrote. “These victims’ failure to act on the threat could have then allowed the main malware to remain undiscovered.”To read this article in full or to leave a comment, please click here

What’s in a typo? More evidence tying North Korea to the Sony hack

A security company in the U.S. has provided further evidence that last year’s devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.The FBI has already named North Korea as the source of the attack, but some security experts have been skeptical, in part because the FBI didn’t disclose all the details of its investigation.Security firm CrowdStrike is among those who believe North Korea was the culprit, and on Tuesday it presented another piece of evidence to support that claim.To read this article in full or to leave a comment, please click here

Russian extradited to US for hacks that stole 160 million credit card numbers

A Russian man accused of high-profile cyberattacks on Nasdaq, Dow Jones, Heartland Payment Systems and 7-Eleven has been extradited to the U.S. and appeared in court in Newark, New Jersey, Tuesday.Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia, was charged for his alleged role in a data theft conspiracy that targeted major corporate networks and stole more than 160 million credit card numbers, the U.S. Department of Justice said in a press release. Drinkman was arrested in the Netherlands in June 2012 and had been detained there.Drinkman appeared Tuesday in U.S. District Court for the District of New Jersey and entered a plea of not guilty to 11 counts he faces. His trial is scheduled to begin in April.To read this article in full or to leave a comment, please click here

Arabic cyberespionage group attacking Middle Eastern, other targets

An Arabic cyberespionage group has attacked thousands of high-profile targets in Egypt, Israel, Jordan and other countries for the past two years, cybersecurity vendor Kaspersky Lab said.The cybermercenaries, which the vendor dubbed the Desert Falcons, has stolen more than 1 million files from 3,000 victims in more than 50 countries, Kaspersky Lab said Tuesday. The group, likely native Arabic speakers, began in 2011, with the first infections coming in 2013, the company said.Targeted countries include Algeria, Lebanon, Turkey and the United Arab Emirates in the Middle East, and the U.S., Russia, France and Sweden beyond the region, Kaspersky said.To read this article in full or to leave a comment, please click here

Twitter improves security for shared accounts

Twitter is giving users what it thinks is a safer way to handle shared access to an account without compromising the login.Users of TweetDeck, the popular dashboard system for the site, will be able to share access to Twitter accounts without sharing passwords. That adds a useful layer of security for businesses that use Twitter, by eliminating the need to disseminate passwords among employees.Some high-profile Twitter accounts like those belonging to Newsweek magazine and the U.S. military’s Central Command have been hacked in recent months. Shared passwords are an obvious weak point for corporate social media accounts, as they increase the likelihood of unauthorized access.To read this article in full or to leave a comment, please click here

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism.Users can test the new feature, known as HTTP Strict Transport Security (HSTS) in Internet Explorer on Windows 10 Technical Preview. In the future, it will also be added to the Project Spartan browser, said Microsoft program managers Mike Bell and David Walp in a blog post.HSTS is a standard defined by the Internet Engineering Task Force in RFC6797. It was designed to prevent SSL stripping attacks, where hackers in a position to intercept a user’s traffic can downgrade connections from HTTPS (HTTP and SSL encryption) to plain HTTP.To read this article in full or to leave a comment, please click here

Microsoft adds HTTP Strict Transport Security support to Internet Explorer

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism. Users can test the new feature, known as HTTP Strict Transport Security (HSTS) in Internet Explorer on Windows 10 Technical Preview. In the future, it will also be added to the Project Spartan browser, said Microsoft program managers Mike Bell and David Walp in a blog post. HSTS is a standard defined by the Internet Engineering Task Force in RFC6797. It was designed to prevent SSL stripping attacks, where hackers in a position to intercept a user’s traffic can downgrade connections from HTTPS (HTTP and SSL encryption) to plain HTTP.To read this article in full or to leave a comment, please click here

Fanny superworm likely the precursor to Stuxnet

The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet.The USB worm is called Fanny and is part of a sophisticated malware toolset used by a cyberespionage group that researchers from Russian antivirus firm Kaspersky Lab have dubbed Equation.Kaspersky published a detailed report Monday about Equation, which it considers the most advanced group of attackers to date and whose activity spans back to 2001 and possibly even to 1996. Even though the company stopped short of directly linking the group to the U.S. National Security Agency, there are significant details that point to such links.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Tuesday, February 17

Spy group has embedded tools in foreign networks, systemsA cyberspy group using tools similar to those of U.S. intelligence agencies has embedded spy and sabotage firmware in systems and networks in countries including Iran, Russia, Pakistan and China, a report by security vendor Kaspersky Lab claims. Kaspersky said that the tools can’t be combated by antivirus products and are also able to stealthily obtain a computer’s encryption keys in order to read otherwise protected data.Sony forges ahead with its SmartEyeglassTo read this article in full or to leave a comment, please click here

Equation cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia

A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia.Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.The tools, exploits and malware used by the group—named after its penchant for encryption—have strong similarities with NSA techniques described in top-secret documents leaked in 2013.Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.To read this article in full or to leave a comment, please click here

Campaigners offer simpler way to find out if British government spied on you

There’s now an easier way to discover whether the U.K. intelligence services illegally obtained your information from their U.S. colleagues—but you’ll have to tell a U.K. campaign group as well as the U.K. Government Communications Headquarters your details to find out.Civil rights group Privacy International has launched a website to allow anyone in the world to ask whether GCHQ has illegally spied on them. If you’re curious to find out you can sign up by giving the group your name, email address and, optionally, your phone number, and granting its legal team permission to share the data with GCHQ and the U.K.’s Investigatory Powers Tribunal.To read this article in full or to leave a comment, please click here

Proposal for altered data retention law is still unlawful, Dutch DPA says

The Dutch government’s proposed revision of the country’s data retention law is not enough to bring it into compliance with a recent European Union court ruling, the Dutch privacy watchdog said Monday.An effort by the Dutch government to adjust a law requiring telecommunications and Internet companies to retain their customers’ location and traffic metadata for investigatory purposes should be dropped, as the infringement of the private life of virtually all Dutch citizens is too great, the Dutch Data Protection Authority (DPA) said on Monday.The Dutch government is looking to change data retention obligations for telephone and Internet communications operators following a decision last year by the Court of Justice of the European Union (CJEU). The court invalidated the European data retention directive, on which the Dutch law is based, because it violates fundamental privacy rights.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Monday, February 16

Kaspersky exposes huge, ongoing bank-robbery-by-hackRussian cybersecurity firm Kaspersky Lab is releasing a report Monday with some details on a wide-ranging series of hacks into at least 100 banks in 30 counties—some of which are apparently still ongoing. Kaspersky gave the New York Times an advance look at the material, and says that losses total at least $300 million, mostly suffered by banks in Russia but also affecting institutions in Japan, Europe and the U.S.Xiaomi still tops Apple in China, says IDCTo read this article in full or to leave a comment, please click here

Information disclosure flaw exposes Netgear wireless routers to attacks

Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys.The vulnerability can be exploited over local area networks, as well as over the Internet if the devices are configured for remote administration and expose their Web interface externally.Details about the vulnerability were published on the Full Disclosure mailing list last week, along with a proof-of-concept exploit. Peter Adkins, the researcher who found the flaw, claims that he contacted Netgear but that his attempts to explain the nature of the issue to the company’s technical support department failed.To read this article in full or to leave a comment, please click here

Cybercriminal gang plunders up to $1 billion from banks over two years

A still-active cybercriminal gang has stolen up to a $1 billion from banks in at least 25 countries over the last two years, infiltrating networks with malware and spying on employees’ computers to facilitate large wire transfers, Kaspersky Lab said Sunday.The computer security vendor, which said it will release a report Monday on its findings, said the gang penetrated deeply into the banks’ networks, taking time to learn about internal procedures to make their fraudulent activity less suspicious.In some cases, the gang learned about wire transfer systems by watching administrators’ computers over video.“In this way the cybercriminals got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out,” Kaspersky said in a news release.To read this article in full or to leave a comment, please click here