Information Security News
Posted by InfoSec News on Apr 02http://www.v3.co.uk/v3-uk/news/2337382/middle-eastern-hackers-use-remote-access-trojan-to-infect-24-000-machines-worldwide
Posted by InfoSec News on Apr 02http://healthitsecurity.com/2014/04/01/umc-health-system-security-officer-discusses-user-awareness/
Posted by InfoSec News on Apr 02http://www.dvidshub.net/news/123583/army-reserve-soldiers-train-cyber-defense-operations
Posted by InfoSec News on Apr 02http://www.networkworld.com/news/2014/040114-hacked-passwords-can-enable-remote-280268.html
SnoopWall Unveiling Next Generation Privacy Solution for Android Devices at ...
Consumer Electronics Net
The InfoSec World Expo brings together the latest advances in technology and the most innovative solutions businesses need to secure their information assets. Specialized workshops and discussion platforms are aimed to provide the professionals and ...
Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of Boxee.tv, the Web-based television service that was acquired by Samsung last year, researchers said.
The breach occurred no later than last week, when a full copy of the purloined forum data became widely available, Scott A. McIntyre, a security researcher in Australia, told Ars. On Tuesday, officials from password management service LastPass began warning customers with e-mail addresses included in an 800 megabyte file that's still circulating online. The file contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically scrambled passwords that corresponded to those Boxee accounts, LastPass said. The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak.
As Ars has explained before, even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account. The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, an extremely common practice.
Over a year ago, security firm Kaspersky published its findings on a new strain of malware it dubbed “MiniDuke." Now, new analysis shows that the malware was distributed via a number of fake PDF attachments relating to Ukraine, among other decoys.
“This is interesting considering the current crisis in the area,” Mikko Hypponen, the CTO of security research firm F-Secure, wrote on Tuesday.
As Ars previously reported, MiniDuke combined older and newer styles: it was written in assembly language, which rendered its file size tiny, and it uses hijacked Twitter accounts and automated Google searches to ensure that it can receive continuous instructions.
Women in cybersecurity: The time is now
The demand for qualified, experienced information security practitioners far outpaces the supply: The International Information Systems Security Certification Consortium estimates that last year about 332,000 InfoSec pros joined the global workforce of ...
Password bug let me see shoppers' credit cards in eBay ProStores, claims ...
A serious vulnerability that potentially allowed shoplifters to empty eBay ProStores shops and swipe customer credit cards has been fixed – according to the security researcher who says he found the hole. Mark Litchfield, an infosec pro at Securatary ...
One of our readers have reported that he has seen a broadcast traffic to udp/137 . He suspected that the traffic cause a denial of service to some of his systems.
If you have seen such traffic and you would like to share some packets we would appreciate that.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Weaknesses in the way the Tesla's high-end Model S electric sedan communicates with drivers could leave it open to hacks that allow a remote hacker to unlock its doors and continuously track its location, a security researcher said.
The most serious vulnerability stems from Tesla's minimum password requirement, which is just six characters with at least one number and one letter, according to a recently published evaluation from independent security researcher Nitesh Dhanjani. Combined with no clear account lockout policy limiting incorrect login attempts, the requirement makes passwords susceptible to brute-force attacks, which cycle through all possible combinations until the proper one is guessed. Armed with a valid password, an attacker could use an iOS app to check the car's location and charge status and unlock its doors. Update: On Tuesday, four days after the evaluation was published, Tesla changed the password requirements to 8 characters with at least one number and one letter. The manufacturer also added a lockout following five unsuccessful login attempts, after which users must reset the password.
Dhanjani has previously uncovered weaknesses in Internet-connected LED lights, networked baby monitors, and other "Internet-of-things" devices, and he pointed out that a large percentage of people use identical or very similar passwords for multiple services. That means that even if Tesla improves its password policy, Model S passwords could still be vulnerable if they're included in a hacked database retrieved from an unrelated website. Password reuse is by no means a threat that's unique to Model S owners, but given the ability of a single password to track and unlock cars, the threat could be particularly more severe.
Info sec industry still struggles to attract women
According to latest research, such as the 2013 (ISC)2 Global Information Security Workforce Study, only 11 percent of infosec professionals are female. There are a number of barriers preventing women from entering or staying in the field, but both ...
The researchers have discovered a new type of vulnerability called Pileup flaws, the vulnerability exist in the Package Management Service.
When a new app installed on old version of Android request a permission for features that don’t exist on that version of Android, however when the user upgrade to the new version, Android keeps all the permissions which mean that they will work in the new version of Android.
The researchers have developed a detection service, called SecUp, which deploys a scanner on the user’s device to capture the malicious apps designed to exploit Pileup vulnerability.
Like many other threats, the best mitigation is installing trusted software only.
The First Mass-Market Spy Phone Is About to Hit Stores
The First Mass-Market Spy Phone Is About to Hit Stores. Just buy an mSpy for a girlfriend or boyfriend, or one of your employees, and it can track their every move—without them knowing it. Is this even legal? Share (131); Tweet. AUTHOR: Eric Markowitz.
Cyber emergency: Teach, train and employ half a million ethical hackers
Indian Infosec Consortium, an association of professionals working in the field of cyber security on its own initiative, alerts the government against potential or existing cyber threats. Also, the National Security Database, a community of white hat ...
Yesterday, we talked about a scanner looking for Synology devices that was running on a ARM CPU equipped DVR. Looking at a few other sources of these scans, we did see a couple that didn't originate from similar DVRs. The first guess was that the scan originated from a device that was sitting behind a NAT gateway and wasn't exposed. At this point, it could have been "anything", even a good old infected Windows PC.
To our surprise, at least in one case it turned out that a binary by the same name, "cmd.so", was running on the NAT router itself. In addition, a second process was running that looked just like the bitcoin miner we saw running in the infected DVRs. Sadly, we were not able to retrieve the binaries, but the processlist looks similar enough to make us believe that this is the same basic binary just compiled for MIPS in this case (the router in question uses a MIPS CPU).
The first image shows the processlist with "cmd.so". In this case, the binary was dropped in /var/run, not /dev, likely due to the different architecture of the router allowing write access to /var/run. The screen show shows a partial output of the "ps" command executed using the routers web based admin interface.
Figure 1: Partial Process List with "cmd.so". Click on image for larger version.
Figure 2: Partial "ps" output showing the suspected bitcoin miner. In this case, it is called TgW66Q.
The process we think is a copy on minerd uses the same command line parameters as the process we identified as minerd on the DVR.
If you got a router like this, take a look what you find. We do still need a copy of the respective executables to confirm our suspicion.
Posted by InfoSec News on Apr 01http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/
Posted by InfoSec News on Apr 01http://www.computerworld.com/s/article/9247309/Bank_abandons_place_in_class_action_suit_against_Target_Trustwave
Posted by InfoSec News on Apr 01http://www.networkworld.com/news/2014/033114-xp-china-280233.html
First Info Sec highlights cutting edge next-gen secure mobility solutions at ...
First Information Security (First Info Sec), a company dedicated to offering a comprehensive range of security products and services that are in compliance with the latest international industry standard requirements, is highlighting its latest range ...