Hackin9
Apple and Samsung Electronics have agreed to end their litigation outside the U.S.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sprint is giving up its plan to acquire T-Mobile USA and will name a new CEO as soon as Wednesday, according to several news reports.
 
Samsung Semiconductor continues to pack data more into solid-state storage, announcing Tuesday a new generation of its V-NAND technology that should help bring down the cost and power consumption of flash later this year.
 
The California Integrated Data Exchange plans to develop a statewide health information exchange that will allow caregivers to share the electronic records of one-quarter of the state's population.
 
Hewlett-Packard's initial approach to the wearables market will be through partnerships, rather than developing products entirely in-house.
 
NetSuite has avoided what could have been an ugly, image-damaging court battle, having reached an agreement to dismiss a lawsuit brought by its customer SkinMedix over an allegedly unusable software system.
 
Criminals in Russia have amassed a huge database of 1.2 billion stolen user names and passwords and half a billion email addresses, a U.S.-based Internet security company said Wednesday.
 
Dan Goodin

A Wisconsin security firm claims that a Russian criminal group has accumulated the largest known collection of stolen online usernames and passwords via SQL injections, according to a new report in The New York Times on Tuesday.

Hold Security, which did not immediately respond to Ars’ request for comment, apparently has 1.2 billion usernames and passwords across 420,000 sites. It declined to tell The Times which companies were affected, nor name the group specifically.

In February 2014, Hold Security also discovered 360 million compromised login credentials for sale in underground crime forums. The haul, which included an additional 1.25 billion records containing only e-mail addresses, came from multiple breaches. In October 2013, the same firm discovered the circulation of 153 million user names and passwords stolen during a massive breach of Adobe's corporate network. A month later, the security firm uncovered 42 million plaintext passwords taken during a hack on niche dating service Cupid Media.

Read 4 remaining paragraphs | Comments

 
NASA's Mars rover Curiosity has already achieved its initial mission, proving that the Red Planet could have once sustained life, but one scientist says its greatest accomplishments could be in the year ahead.
 
The time is ripe for professionalizing cybersecurity, according to Salve Regina University's Pell Center for International Relations and Public Policy.
 
Microsoft has kicked off a month-long deal on its new Surface Pro 3 tablet-slash-notebook for college students, cutting prices between 10% and 19%.
 
The U.S. Department of Commerces National Institute of Standards and Technology (NIST) and several partners today are kicking off the year-long Global City Teams Challenge to help communities around the world work together to address ...
 
It looks like Apple will hold its annual iPhone event on Tuesday, Sept. 9.
 
The coming Internet of things (IoT) revolution may not run on batteries, but on power plucked from the air, according to researchers at the University of Washington.
 
 
While attending a tech conference last month, Michael DeFranco received word on his phone that Apple was joining forces with IBM to go after the enterprise. The CEO and founder of Lua, a mobile messaging service running on Android and iOS, stared at the text message in disbelief.
 

Open source threat visualization engine for infosec pros
Help Net Security
OpenDNS has released OpenGraphiti, an interactive open source data visualization engine that enables security analysts, researchers and data scientists to pair visualization and Big Data to create 3D representations of threats.

and more »
 
Hoping to lure more enterprises to its cloud, Hewlett-Packard is offering a trimmed-down basic infrastructure service for lighter workloads.
 
The lines between IT and marketing are blurring in the age of digital marketing. For that reason, it's more important than ever that CIOs and CMO communicate consistently and effectively. To examine this evolving relationship as it pertains to big data in particular, CIO.com partnered with CMO.com to produce this report.
 
Exploit kits of cybercrime tools fell into a big slump in the first half of this year after Russian authorities nabbed the alleged creator of the popular Blackhole kit, but users aren't necessarily safer.
 
Is do-it-yourself (DIY) search engine optimization (SEO) possible if you lack SEO experience?
 
Contrary to some experts' expectations, Microsoft hasn't been "printing money" since it launched Office for iPad in March.
 

A teenage whitehat hacker said he has found a simple way that attackers can bypass the two-factor authentication system PayPal uses to protect user accounts.

The circumvention requires little more than spoofing a browser cookie set when users link their eBay and PayPal accounts, according to Joshua Rogers, a 17-year-old living in Melbourne, Australia. Once the cookie—which is tied to a function PayPal identifies as "=_integrated-registration"—is active in a user's browsing session, the two-factor authentication is circumvented, Rogers reported. That means attackers who somehow acquire someone else's login credentials would be able to log in without having to enter the one-time passcode sent to the account holder's mobile phone.

Rogers said he reported the vulnerability privately to PayPal on June 5. He said he went public two months later after receiving no response. He went on to write:

Read 3 remaining paragraphs | Comments

 
Those apps you download on your smartphone may be free or very cheap, but there's a hidden price you should be aware of: loss of privacy.
 
Windows Phone is getting better voice and chat features thanks to upgraded applications from Facebook and Viber -- and that's key if Microsoft wants its OS to gain share.
 
libxml-dt-perl Multiple Insecure File Permissions Vulnerabilities
 
Zyxel P-660HW-T1 Multiple Cross Site Request Forgery Vulnerabilities
 
Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
 
SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director
 
Apache Cordova 3.5.1
 
There's relief available for users who applied a recent Java update that stopped some Web applications from being able to launch.
 
Contrary to some experts' expectations, Microsoft hasn't been "printing money" since it launched Office for iPad in March.
 
LinuxSecurity.com: An updated yum-updatesd package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Several security issues were fixed in the GNU C Library.
 
CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall
 
Re: ownCloud Unencrypted Private Key Exposure
 
[security bulletin] HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
 
Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability
 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but aren't always available and complete.

In particular for small businesses, various simple NAS systems have become popular over the recent years. Different manufacturers offer a set of Linux based devices that are essentially "plug and play" and offer high performance RAID protected storage that is easily shared on the network. One of these vendors, Synology, has recently been somewhat in the cross hairs of many attacks we have seen. In particular vulnerabilities int he web based admin interface of the device have led to numerous exploits we have discussed before. 

The most recent manifestation of this is "Synolocker", malware that infects Synology disk storage devices and encrypts all files, similar to the original cryptolocker. Submissions to the Synology support forum describe some of the results [1].

The malware will also replace the admin console index web page with a ransom message, notifying the user of the exploit. It appears however that this is done before the encryption finishes. Some users where lucky to notice the message in time and were able to save some files from encryption.

It appears that the best way to deal with this malware if found is to immediatly shut down the system and remove all drives. Then reinstall the latest firmware (may require a sacrificial drive to be inserted into the system) before re-inserting the partially encrypted drives.

To protect your disk station from infection, your best bet is:

  • Do not expose it to the internet, in particular the web admin interface on port 5000
  • use strong passwords for the admin functions
  • keep your system up to date
  • keep offline backups. this could be accomplished with a second disk station that is only turned on to receive the backups. Maybe best to have two disk stations from different manufacturers.

It is important to note that while Synology has been hit the hardest with these exploits, other devices from other manufacturers had vulnerabilities as well and the same security advice applies (but typically, they listen on ports other then 5000). 

[1] http://forum.synology.com/enu/viewtopic.php?f=3&t=88716

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple's iTunes App Store and Google Play are a bit like Moroccan city marketplaces: There's a lot going on, and it's all a bit chaotic and overwhelming. Browsing by categories or searching by keyword helps. But not much.
 
Salesforce.com is giving users of its Desk.com support application new features for embedding videos into support articles and Web pages, a move the vendor says will let them give their customers the help they need faster and more efficiently than text-based documentation alone.
 
Running a social media hub for any large event poses a challenge, but perhaps none quite so daunting as running the FIFA Social Hub, the official social platform of the 2014 FIFA World Cup.
 
This year's Google I/O Conference showcased an enthusiastic love affair between Android and its fans. Sundar Pichai, senior vice president of Android, Chrome and Google Apps, told conference attendees that Android phones and tablets are everywhere. Android now has 1 billion users who check their phones 100 billion times a day, take 93 million selfies and walk 1.5 trillion steps.
 

Yesterday, I spotted the following tweet mentioning me:

Needless to say, I got intrigued, and luckily the sender of the tweet was willing to share a sample.

The sample turned out to be simple legal threat malware e-mail written in German. The e-mail claimed that the recipient downloaded a copyrighted movie and it asked for legal fees. The invoice for the legal fees was supposed to be included in the attached ".cab" file.

From: "Johannes Ullrich"  
To: [removed].de
Subject: [vorfall:132413123]

Guten Tag,

2014 wurde von Ihrem Rechner mit der IP-Addresse 192.0.2.1 um 12:13:01 der Film "Need for Speed" geladen. Nach §19a UrhG ist dies eine kriminelle Handlung. Unsere Anwaltskanzlei  muss dies ans zuständige Amtsgericht melden, außer Sie Zahlen ein außergerichtliches Strafgeld in Höhe von 436.43 Euro an uns.
Die Rechnung "1234.cab" entnehmen Sie dem Anhang.

Hochachtungsvoll,
Johannes Ullrich
+4991312341234

The attached .cab file runs a typical trojan downloader that could download various pieces of malware. A quick search shows a number of other reports of this email, with different "From:" names. It looks like it picks plausible German names, maybe from the contact list of infected systems. My names isn't that terrible unusual, so I don't think this is targeted at all. Sometimes it is just an odd coincidence, and they aren't really after you.

In the case above, the "From" e-mail address is not related to me. However, if an attacker sends spam using your e-mail address, it is very useful to have DMARC configured for your domain. With DMARC, you give the receiving mail server the option to report any e-mail that fails the DKIM or SPF tests to you. Only a few mail servers do so, but some of them are major public web mail systems. For example, here a quick report I just received for a domain I own:


(click on image for full size)

The attachment does include a report with details why the e-mail was found to be suspect (of course, you should still be careful with attachments. These reports can be faked too!) ;-).

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Infosecurity Magazine Home » Webinars » Does certification matter in infosec?
Infosecurity Magazine
To watch this webinar you'll need an Infosecurity Magazine account. Log in or sign up for your's below. Log In. Email Address. Password Forgotten your password? Or. Sign Up. Get up-to-the-minute news and opinions, plus access to a wide assortment of ...

and more »
 
Professional networking company LinkedIn agreed to pay close to $6 million in overtime back wages and damages to employees at its branches in California, Illinois, Nebraska and New York, the U.S. Department of Labor said Monday.
 
Bill Gates has sold another 20 million shares of the company he co-founded, driving his portfolio under the 300-million mark for the first time, according to regulatory filings.
 
So OKCupid has rushed to Facebook's defense by announcing that it, too, experiments on users' profiles. Is this any way to run a social site?
 
Symantec and Kaspersky Lab are both denying that China has banned their products, amid media reports that the country is shutting out foreign security vendors from selling to government agencies.
 
A security feature offered by PayPal to help prevent accounts from being taken over by hackers can be easily circumvented, an Australian security researcher has found.
 
Telefonica has submitted an offer for Brazilian telecom operator GVT (Global Village Telecom) worth $9 billion, as it seeks to build up its business in Brazil by integrating mobile and fixed broadband with pay-TV services.
 
As businesses integrate vast quantities of new consumer data they need to think through privacy and transparency issues.
 
Internet Storm Center Infocon Status