wiredmikey (1824622) writes "The head of Internet Corporation for Assigned Names and Numbers (ICANN) said on Monday that the group is on course to break free of US oversight late next year. ICANN chief Fadi Chehade expressed his confidence in the move during a press briefing at the opening of the nonprofit organization's meeting this week in Los Angeles.
The timeline for the shift is months rather than years, according to Chehade. While cautioning that there was no strict deadline, he said that substantial progress has been made toward ICANN being answerable to a diverse, global group of "stakeholders" and not the just the US government as has long been the case.
The US government in March of this year announced that it is open to not renewing a contract with ICANN that expires in about 11 months, provided a new oversight system is in place that represents the spectrum of interests and can be counted on to keep the Internet addressing structure reliable." Link to Original Source top
wiredmikey (1824622) writes "In interesting article explores how the basic culture of hacking has changed over the years. Hackers are shaking off their reputations as nerdy, loner basement dwellers and rebranding themselves on the world stage as members of Internet age tribes with offbeat codes of conduct and capricious goals. Clans of hackers such as Anonymous, LulzSec and Lizard Squad have caused havoc — and made news — in recent years, but the legacy of the online community stretches back decades.
"People think of hackers as non-social people who live in the basement; that is not true at all," said Nico Sell, chief executive of the encrypted messaging service Wickr and the longtime organizer of the DEF CON hacking conference.
Hackers often run in groups but tend to be a giving community — as apt to teach visitors to pick locks or create educational games as they are to hack a major firm's network to prove it is flawed. "You don't have the same posturing you do in other societies, because you are judged on your merits," Sell said.
wiredmikey (1824622) writes "Kmart is the latest large U.S. retailer to experience a breach of its payment systems, joining a fast growing club dealing successful hack attacks. The company said that on Thursday, Oct. 9, its IT team detected that its payment data systems had been breached, and that debit and credit card numbers appear to have been compromised.
A company spokesperson told SecurityWeek that they are not able to provide a figure on the number of customers impacted. The spokesperson said that based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by the attackers." Link to Original Source top
wiredmikey (1824622) writes "Symantec announced plans on Thursday to split into two separate, publicly traded companies – one focused on security, the other focused on information management. The company's security business generated $4.2 billion in revenue in fiscal year 2014 while its information management business meanwhile hit revenues of $2.5 billion.
"As the security and storage industries continue to change at an accelerating pace, Symantec’s security and IM businesses each face unique market opportunities and challenges," Symantec CEO Michael A. Brown, who officially took over as CEO last month, said in a statement.
Garrett Bekker, senior analyst with 451 Research, called the decision "long overdue." "The company had become too big to manage, and they were having trouble keeping up with the pace of innovation in many areas of security," he told SecurityWeek. "The synergies between storage and security never really emerged, in part because in many firms, particularly large enterprises, they are managed by different internal teams."" Link to Original Source top
Hackers Compromised Yahoo Servers Using Shellshock Bug
Contacted by SecurityWeek, a Yahoo spokesperson provided the following statement Monday afternoon: “A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. As soon as we became aware of the issue, we began patching our systems and have been closely monitoring our network. Last night, we isolated a handful of our impacted servers and at this time we have no evidence of a compromise to user data. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”" Link to Original Source top
Project SHINE Shows Magnitude of Internet-connected Critical Control Systems
wiredmikey (1824622) writes "In a two-year study of information about critical control systems directly connected to the Internet, researchers found mining equipment, a surprising number of wind farms, a crematorium, water utilities, and several substations.
The researchers identified 182 manufacturers who were considered traditional SCADA and control system manufacturers, and built relevant search queries based on those names to find devices. That was a surprise, considering the team expected only a dozen or so manufacturers. In the end, the team sampled about 2.2 million devices during the course of the project.
Researchers have previously used SHODAN to show example of SCADA and other industrial control systems directly connected to the Internet, but there haven't been any large-scale or in-depth effort to map the extent of the problem. The sheer number of devices exposed and the wide geographic area the devices were located were staggering, Radvanosky told SecurityWeek. Radvanosky is expected to share his findings at the 2014 ICS Cyber Security Conference taking place in Atlanta later this month." Link to Original Source top
wiredmikey (1824622) writes "Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement.
The home improvement retail giant also that it has completed a “major payment security project” that provides enhanced encryption of payment card data at point of sale in its U.S. stores. The security improvements required writing tens of thousands of lines of new software code and deploying nearly 85,000 new pin pads to its stores.
According to a recent report from Trend Micro, six new pieces of point-of-sale (PoS) malware have been identified so far in 2014. Four of these six variants were discovered between June and August: Backoff, BlackPOS version 2, BrutPoS and Soraya." Link to Original Source top
Hackers Demand Automakers Get Serious About Security
As car automation systems become more sophisticated, they need to be locked down to prevent tampering or unauthorized access. The Five Star Automotive Cyber Safety Program outlined in the letter asked industry executives for safety by design, third-party collaboration, evidence capture, security updates, and segmentation and isolation.
Vehicles are “computers on wheels,” Josh Corman, CTO of Sonatype and a co-founder of I am the Cavalry, the group who penned the letter (PDF. The group aims to bring security researchers together with representatives from non-security fields, such as home automation and consumer electronics, medical devices, transportation, and critical infrastructure, to improve security. Along with releasing the open letter, the group participated in a closed-door session with automobile and medical device representatives in a private meeting in Las Vegas on Tuesday and planned to discuss automotive hacking at DEF CON on Sunday." Link to Original Source top
wiredmikey (1824622) writes "In a move to bolster the security of its massive global server network, Facebook announced on Thursday it was acquiring PrivateCore, a Palo Alto, California-based cybersecurity startup. PrivateCore describes that its vCage software transparently secures data in use with full memory encryption for any application, any data, anywhere on standard x86 servers.
“I’m really excited that Facebook has entered into an agreement to acquire PrivateCore,” Facebook security chief Joe Sullivan wrote in a post to his own Facebook page. "I believe that PrivateCore's technology and expertise will help support Facebook's mission to help make the world more open and connected, in a secure and trusted way," Sullivan said. "Over time, we plan to deploy PrivateCore's technology directly into the Facebook server stack."" Link to Original Source top
Mozilla Dumps Info of 76,000 Developers to Public Web Server
wiredmikey (1824622) writes "Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla’s Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday.
“Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server,” Peters wrote. According to Peter, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems." Link to Original Source top
Researchers Make Weak Passwords Virtually Uncrackable
Using an open-source password protection scheme dubbed PolyPasswordHasher, password information is never stored directly in a database; the information is used to encode a cryptographic "store" that cannot be validated unless a certain number of passwords are entered. In other words, an attacker would need to crack multiple passwords simultaneously in order to verify any single hash.
"PolyPasswordHasher divides secret information—in this case, password hashes—into shares, and just like a puzzle that is meaningless unless the pieces are assembled, no individual password can be validated unless a certain number of them are known and entered," explained Assistant Professor of Computer Science and Engineering Justin Cappos. "Even if the password file and all other information on disk were stolen, an attacker could not verify a single correct password without guessing a large number of them correctly."
Cappos estimated an attacker using a modern laptop could crack at least three six-character passwords in an hour if the computer was checking roughly a billion password hashes per second. With PolyPasswordHasher, the attacker would be required to compute these three passwords at the same time. The researchers estimate that in practice, all 900 million computers on Earth would need to work nonstop for longer than 13 billion years to compute the three passwords at the same time. According to the researchers' paper, the method is conceptually similar to encrypting the passwords with a key that is only recoverable when a threshold of passwords are known." Link to Original Source top
Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners
wiredmikey (1824622) writes "China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. According to security firm TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.
Experts determined that the threat group targets servers storing corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. In one attack they observed, 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network.
Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and which is physically located only one block away from the scanner manufacturer, TrapX said." Link to Original Source top
DHS Mistakenly Releases 840-pages of Critical Infrastructure Documents
wiredmikey (1824622) writes "Whoops! The U.S. Department of Homeland Security (DHS) has mistakenly released hundreds of documents, some of which contain sensitive information and potentially vulnerable critical infrastructure points across the United States, in response to a recent Freedom of Information Act (FOIA) request about a cyber-security attack.
Of the documents released by the DHS, none were related to the Operation Aurora cyber attack as requested. Many of the 840 pages are comprised of old weekly reports from the DHS' Control System Security Program (CSSP) from 2007. Other pages that were released included information about possible examples of facilities that could be vulnerable to attack, such as water plants and gas pipelines.
wiredmikey (1824622) writes "Security researchers have found a way to disable the protection systems provided by the latest version of Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a software tool designed to prevent vulnerabilities from being exploited by using various mitigation technologies. Others have managed to bypass EMET in the past, but researchers from Offensive Security have focused on disarming EMET, rather than on bypassing mitigations, as this method gives an attacker the ability use generic shellcodes such as the ones generated by Metasploit.
The researchers managed to disarm EMET and get a shell after finding a global variable in the.data section of the EMET.dll file. Initially, they only managed to get a shell by executing the exploit with a debugger attached, due to EMET's EAF checks. However, they've succeeded in getting a shell outside the debugger after disarming EAF with a method described by security researcher Piotr Bania in January 2012. The researchers tested their findings on Windows 7, Internet Explorer 8 and EMET 4.1 update 1." Link to Original Source top
Cybercrooks May Have Stolen Billions Using Brazilian 'Boletos'
wiredmikey (1824622) writes "Researchers with RSA have discovered a Boleto malware (Bolware) ring that compromised as many as 495,753 Boleto transactions during a two-year period. Though it is not clear whether the thieves successfully collected on all of the compromised transactions, the value of those transactions is estimated to be worth as much as $3.75 billion USD.
A Boleto is essentially a document that allows a customer to pay an exact amount to a merchant. Anyone who owns a bank account — whether a company or an individual — can issue a Boleto associated with their bank. The first signs of its existence appeared near the end of 2012 or early 2013, when it began to be reported in the local news media," according to the report (PDF). "The RSA Research Group analyzed version 17 of the malware, gathering data between March 2014 and June 2014. The main goal of Boleto malware is to infiltrate legitimate Boleto payments from individual consumers or companies and redirect those payments from victims to fraudster accounts."" Link to Original Source top
The attacks on the energy sector began with malware sent via phishing emails to targeted personnel. Symantec observed the spear phishing attempts hitting organizations in the form of PDF attachments between February 2013 and June 2013, mostly targeting the US and UK. They emails were disguised as messages about administration issues such as delivery problems or issues with an account.
Later on, the group added watering hole attacks into its repertoire by compromising websites likely to be visited by people working in the industry and redirecting them to sites hosting an exploit kit known as Lightsout. The Lightsout kit has been upgraded over time, and eventually became known as the Hello exploit kit.
The third phase of the campaign involved the Trojanizing of legitimate software bundles belonging to three different industrial control system (ICS) equipment manufacturers using malware detected as Backdoor.Oldrea (Havex), according to Symantec's report (PDF). "The Dragonfly group is technically adept and able to think strategically," the researchers noted. "Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies."" Link to Original Source top
Saudi Government Targeting Dissidents with Mobile Malware
wiredmikey (1824622) writes "Human Rights Watch on Friday demanded a clarification from Saudi Arabia over allegations from security researchers that the kingdom is infecting and monitoring dissidents' mobile phones with surveillance malware. The New York-based rights watchdog said surveillance software allegedly made by Italian firm Hacking Team mostly targeted individuals in Qatif district in Eastern Province, which has been the site of sporadic Shiite-led protests since February 2011.
"We have documented how Saudi authorities routinely crack down on online activists who have embraced social media to call out human rights abuses," said Cynthia Wong, HRW's senior Internet researcher. "It seems that authorities may now be hacking into mobile phones, turning digital tools into just another way for the government to intimidate and silence independent voices."
The operation is believed to have netted a hacker more than $600,000 in the past two months. The situation came to light in February when users began reporting their Synology Network Attached Storage devices were performing poorly and had a high CPU usage. Eventually, an investigation revealed the situation was being caused by malware that had infected the systems.
In a comedic twist, the malware was stored in a folder named 'PWNED.' According to the researchers, a hacker took advantage of vulnerabilities in the DiskStation Manager (DSM), a custom Linux-based operating system for Synology NAS systems. The vulnerabilities allowed the attacker to breach the system and get administrative privileges." Link to Original Source top
Clueless About Card Data Hack, PF Chang's Reverts to Imprinting Devices
The popular restaurant chain said that on Tuesday, June 10, the United States Secret Services alerted the company about the incident. Admitting that it does not know the extent or current situation and impact of the attack, the company noted in a statement: “All P.F. Chang's China Bistro branded restaurants in the continental U.S. are using manual credit card imprinting devices to handle our credit and debit card transactions,” the company said. “This allows you to use your credit and debit cards safely.”
If it's not obvious, anyone who has visited a P.F. Chang’s and used a payment card in the last several months should monitor their accounts and report any suspected fraudulent activity to their card company." Link to Original Source top
Cybercriminals Ramp Up Activity Ahead of 2014 World Cup
While news that cybercriminals are zoning in on a large global event is no surprise, the scale and tactics being used is quite wide in scope, ranging from malware distribution and phishing scams, to fraudulent ticket sales, spam and other promising yet fraudulent schemes.For those visiting Brazil to watch the games in person, the cyber threats also include rogue wireless access points, ATMs rigged with card skimmers and Point-of-Sale malware." Link to Original Source