Information Security News
Criminals are installing fairly sophisticated malicious programs on banks' ATMs, allowing them to control access to the machines and easily steal cash, security firms Kaspersky and Interpol said in a joint statement released on Tuesday.
The malware, which Kaspersky dubbed 'Tyupkin,' allows low-level thieves, known as money mules, access to the machines at certain times of day using an intermittently changing code, similar to the six-digit electronic tokens used for security in the financial industry. More than 50 ATMs in Eastern Europe and Russia were found to have been infected with the malware to date, leading to the theft of currency equivalent to millions of dollars, according to the statement.
The attack shows that criminals are improving their tactics and appear to be able to gain enough access to ATMs to install code, Vicente Diaz, principal security researcher at Kaspersky Lab, said.
Have you ever done a quick vulnerability check only to discover that someone found that vulnerability before you did and already had the system compromised?
During the early stages of a vulnerability scan, nmap is your friend just to quickly confirm what you got. In this case, the big surprise was that the firewall responded on port 4444. Anybody whoever dabbled with pentestingmay be familiar with this port: Metasploit uses port 4444 by default for its remote shell. Other then that, it is typically not used by any well known service.
At this point, with a possible compromised network firewall, there isnt much point in going much further. A quick connect with netcat oddly enough let to an HTTP error. Upon further investigation, it tuns out thatSophosfirewalls use port 4444 for https remote administration. Typically, ports like 8000,8080 or 8443are used, but then again, maybe Sophos wanted to hide their port, or just be different.
According ot various reports, many users of Belkin routers are havingproblems connecting to the internet as of last night. It appears that the router will occasionally ping">heartbeat.belkin.com to detect network connectivity, but the heartbeat host is not reachable for some (all?) users. Currently, the host responds to ICMP">As a workaround, you can add an entry to the routers host file pointing heartbeat.belkin.com to 127.0.0.1. This appears to remove the block. The block only affects the DNS server on the device. It will route just fine. You can still get hosts on your network to work as long as you set a DNS server manually, for example using Googles DNS server at 22.214.171.124. .
For a statement from Belkin, seehttps://belkininternationalinc.statuspage.io
In a tweet, Belkin also pointed to this page on its community forum:http://community.belkin.com/t5/Wireless/Belkin-Routers-Internet-Outage/m-p/5796#M1466
Security incidents are up - and pricier! - but infosec budgets are dwindling
Not only is spending not keeping pace, it's actually developed a limp: infosec budgets declined, on average, 4% over 2013. Specifically, investments in these safeguards declined: Due diligence of third-party providers; Employee security awareness and ...
by Sean Gallagher
Adobe’s Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local “library” along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders.
Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply.
Update, 6:23 PM ET: An Adobe spokesperson now says the company is working on an update. "In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue," the spokesperson said in an email to Ars Technica. "We will notify you when a date for this update has been determined."