Information Security News
by Ars Staff
AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers' Internet activity.
"It has been phased off our network," said Emily J. Edmonds, an AT&T spokeswoman.
The move comes after AT&T and Verizon received a slew of critical news coverage for inserting tracking numbers into their subscribers' Internet activity, even after users opted out. Last month, ProPublica reported that Twitter's mobile advertising unit was enabling its clients to use the Verizon identifier. The tracking numbers can be used by sites to build a dossier about a person's behavior on mobile devices, including which apps they use, what sites they visit and for how long.
by Dan Goodin
In the 14 months following the advent of Cryptolocker, there has been a rash of malware copycats that also use strong cryptography to encrypt contents of hard drives until victims pay a hefty ransom, almost always in bitcoins. Usually, they're little more than old wine in a new bottle, but the latest follow-on has tried a new tack: it allows victims to recover exactly one of the encrypted files for free.
Dubbed Coinvault, it was documented Friday by a researcher from antivirus provider Webroot. It allows victims to pick any encrypted file on their hard drive and get it back immediately, free of charge. To decrypt the remaining files, a victim must pay a ransom of 0.5 bitcoins, or about $200 at current exchange rates.
"What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I've seen which actually gives you a free decrypt," Webroot's Tyler Moffitt wrote in a blog post. "It will let you pick any single file that you need after encryption and will decrypt it for you."
by Sean Gallagher
An interruption of satellite imagery feeds to the National Weather Service in October was caused by a National Oceanographic and Atmospheric Administration (NOAA) shutdown of network connections intended to combat an intrusion into NOAA’s computer systems, the Washington Post reported this week. But the breach, which started in September and lasted until late October, was not reported to Commerce Department officials and other federal cybersecurity authorities.
The NOAA satellite imagery system is used by civilian and military meteorologists worldwide to build weather models; it is also used in planning commercial aircraft and merchant shipping traffic. While NOAA did not identify the attacker publicly, agency officials reportedly told Rep. Frank R. Wolf (R-VA) about the attack and that it was traced back to China. The attacks happened during the same timeframe of an alleged Chinese infiltration of the White House’s unclassified network and a data breach at the US Post Office that exposed 800,000 employee records—also now attributed to Chinese attackers.
Ironically, the attacks came just before President Barack Obama’s visit to Beijing where he discussed (among other things) measures to combat climate change.
Three weeks ago, a security researcher uncovered a Tor exit node that added malware to uncompressed Windows executables passing through it. Officials with the privacy service promptly shut down the Russia-based node, but according to new research, the group behind the node had likely been infecting files for more than a year by that time, causing careless users to install a backdoor that gave attackers full control of their systems.
What's more, according to a blog post published Friday by researchers from antivirus provider F-Secure, the rogue exit node was tied to the "MiniDuke" gang, which previously infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden. MiniDuke was intriguing because it bore the hallmark of viruses first encountered in the mid-1990s, when shadowy groups such as 29A engineered innovative pieces of malware for fun and then documented them in an E-zine of the same name. Written in assembly language, most MiniDuke files were tiny. Their use of multiple levels of encryption and clever coding tricks made the malware hard to detect and difficult to reverse engineer. The code also contained references to Dante Alighieri's Divine Comedy and alluded to 666, the "mark of the beast" discussed in the biblical Book of Revelation.
"OnionDuke," as the malware spread through the latest attacks is known, is a completely different malware family, but some of the command and control (C&C) channels it uses to funnel commands and stolen data to and from infected machines were registered by the same persona that obtained MiniDuke C&Cs. The main component of the malware monitored several attacker-operated servers to await instructions to install other pieces of malware. Other components siphoned login credentials and system information from infected machines.
Just a quick update on the SChannel problem (MS14-066, CVE-2014-6321). So far, there is still no public available exploit for the vulnerability, and details are still sparse. But apparently, there is some progress in developing a working exploit. For example, this tweet by Dave Aitel :
Overall: Keep patching, but I hope your weekend will not be disrupted by a major new exploit being released.
Emerging Threats also released some public/free snort rules that promise to cover the various vulnerabilities patched by MS14-066. (http://emergingthreats.net/daily-ruleset-update-summary-11132014/)
I also got a VERY experimental scanner that may be helpful scanning for unpatched hosts. This scanner does not scan for the vulnerability. Instead, it scans for support for the 4 new ciphers that were added with MS14-066. Maybe someone finds it helpful. Let me know if it works. It is a bash script and uses openssl on Unix. You will need at least openssl version 1.0.1h (and you need to connect directly to the test server, not a proxy).
See: https://isc.sans.edu/diaryimages/MSFT1466test.sh (sig: MSFT1466test.sh.asc)
Job description: Infosec Ranger at Pwnie Express
Help Net Security
I told them I'm good at telling people what I like and I really, really like the defensive solutions that Pwnie Express makes and the plans they have for the future! So as the Infosec Ranger for Pwnie Express I'll be one of the voices for them ...
Posted by InfoSec News on Nov 14http://www.bankinfosecurity.com/hsbc-turkey-confirms-card-breach-a-7558
Posted by InfoSec News on Nov 14http://arstechnica.com/security/2014/11/iphone-galaxy-s5-nexus-5-and-fire-phone-fall-like-dominoes-at-pwn2own/
Posted by InfoSec News on Nov 14http://www.nextgov.com/cio-briefing/2014/11/risky-business-irs-when-it-comes-it-security-ig-finds/98921/
Posted by InfoSec News on Nov 14http://www.washingtontimes.com/news/2014/nov/12/inside-the-ring-cyber-war-games-held/
Posted by InfoSec News on Nov 14http://www.csoonline.com/article/2847313/security-awareness/isaca-survey-shows-security-disconnect-for-breaches-wearables.html
Posted by InfoSec News on Nov 14http://news.techworld.com/security/3585884/coca-cola-sued-by-former-employee-over-unencrypted-laptop-data-theft/
Posted by InfoSec News on Nov 14Dear Friends