Information Security News
This week at Golden Gate Fields
San Francisco Chronicle
In post-position order (with jockey and morning-line odds), the field for the 1 1/16 -mile race consists of Enterprising (Aaron Gryder, 2-1), Exit Stage Left (Russell Baze, 5-2), Morally Bankrupt (Leslie Mawing, 15-1), Harbaugh (Juan Hernandez, 10-1 ...
Exit Stage Left tops California Derby field
Take a look at port 4028. Thanks to Bill for sharing an analysis that concluded a piece of malware was an Aidra botnet client. His shared analysis asks for a deeper look at port 4028. I found a published write up from Symantec. 
After looking at our port 4028 data , there is reason to watch for it. Please chime in if you are seeing any traffic on port 4028.
# portascii.html # Start Date: 2013-12-01# End Date: 2014-01-15 # Port: 4028 # created: Thu, 16 Jan 2014 01:34:07 +0000 # Date in GMT. YYYY-MM-DD format. date records targets sources tcpratio 2013-12-01 19 2 2 100 2013-12-04 18 2 2 100 2013-12-05 28 4 6 100 2013-12-06 8 2 2 100 2013-12-07 13 5 7 85 2013-12-08 9 5 7 67 2013-12-09 13 3 4 100 2013-12-10 23 5 6 100 2013-12-11 5 3 5 80 2013-12-12 19 3 3 100 2013-12-23 4 2 3 100 2013-12-25 6 2 3 100 2014-01-04 49240 45589 3 100 2014-01-05 1559 1440 40 100 2014-01-08 28910 26975 4 100 2014-01-09 6 6 3 83 2014-01-10 4531 3675 4 100 2014-01-11 76271 72307 3 100 2014-01-13 239 173 3 100 2014-01-14 195 164 6 99 2014-01-15 10 5 2 90 # (c) SANS Inst. / DShield. some rights reserved. # Creative Commons ShareAlike License 2.5 # http://creativecommons.org/licenses/by-nc-sa/2.5/
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in.
According to a post published Wednesday to KrebsOnSecurity, point-of-sale (POS) malware was uploaded to Symantec-owned ThreatExpert.com on December 18, the same day that Krebs broke the news of the massive Target breach. An unidentified source told Krebs that the Windows share point name "ttcopscli3acs" analyzed by the malware scanning website matches the sample analyzed by the malware scanning website. The thieves used the user name "Best1_user" to log in and download stolen card data. Their password was "BackupU$r".
The class of malware identified by Krebs is often referred to as a memory scraper, because it monitors the computer memory of POS terminals used by retailers. The malware searches for credit card data before it has been encrypted and sent to remote payment processors. The malware then "scrapes" the plain-text entries and dumps them into a database. Krebs continued:
by Peter Bright
Earlier this month, we reported that Microsoft would stop providing updates for Microsoft Security Essentials on Windows XP on April 8, the same day that it will cease providing security fixes for Windows XP. The company has now altered its stance and will produce signature updates for Security Essentials until July 14, 2015.
This change, it says, is to help organizations complete their migrations. Of course, using that rationale, the company should extend Windows XP's support until the heat death of the universe.
While it will provide updated signature definitions, the company warns that its research "shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited." In other words, it's hard to provide a robust anti-malware system when hostile code can penetrate processes and the kernel willy-nilly just through attacking the browser.
I was still wiping the sleep from my eyes this morning when the nagging voice kicked in: before trawling the Internet for news, you better install yesterday's security updates.
It wasn't a pleasant thought, given the raft of patches released yesterday by Microsoft, Adobe, and Oracle for a variety of products. But as someone who has covered computer security for eight years, I've come to make updating a top priority. And for good reason. A large percentage of the booby-trapped websites that surreptitiously install malware on visitors' machines exploit vulnerabilities that have already been patched.
The recent hack on Yahoo's ad network, for instance, targeted two security flaws in the Java software framework that Oracle had fixed 17 and 24 months ago, Trend Micro reported in a blog post. Those who visited compromised Yahoo servers with up-to-date systems were immune to those attacks. By contrast, people using unpatched software were exposed to malicious payloads that installed the Dorkbot and Gamarue trojans, as well as malware that turned visitors' machines into Bitcoin miners.
Phil Zimmermann, creator of PGP e-mail encryption, is leading a team of security industry executives building an Android phone with a variety of built-in privacy tools.
"I've been interested in secure telephony for longer than I've been interested in secure e-mail," Zimmermann said in a video on so-called Blackphone's website. "I had to wait for the rest of the technology infrastructure to catch up to make it possible to do secure telephony. PGP was kind of a detour for me while waiting for the rest of the technology to catch up to make really good secure telephony possible."
The narrator of the Blackphone video ominously says, "Technology was supposed to make our lives better. Instead we have lost our privacy—we have become enslaved." The Blackphone website says the phone will use "PrivatOS," an Android-based operating system, while letting users "make and receive secure phone calls; exchange secure texts; exchange and store secure files; have secure video chat; browse privately; and anonymize your activity through a VPN."
What Healthcare Can Teach Us About App Security
It's a mission that's not so different from InfoSec. Here's our challenge: our increasing reliance on software is occurring exactly when two other trends are making security more difficult. First, software size, complexity, interconnection, and even ...
10 ways to prep for -- and ace -- a security job interview
IDG News Service
"The candidate should avoid cramming for knowledge, and focus on interviewing to demonstrate attitude, not as much infosec aptitude. Infosec is baked into nearly every business and tech process, so the candidate should be prepared to identify the ...
Top 10 Influencers in Government InfoSec
Recognizing the leaders who play a critical role in shaping the way governments approach information security and privacy, GovInfoSecurity announces its fifth annual list of Influencers. What makes an Influencer? It's a combination of position and know ...
Posted by InfoSec News on Jan 15http://www.komonews.com/news/local/Hacker-Compermises-Patient-and-Firefighter-Information-240206801.html
Posted by InfoSec News on Jan 15http://www.computerworld.com/s/article/9245390/Target_to_invest_5M_in_cybersecurity_ed_program
Posted by InfoSec News on Jan 15http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html
Posted by InfoSec News on Jan 15http://www.courier-journal.com/article/20140114/NEWS01/301140060/State-Auditor-Edelen-backing-cyber-security-bill
Posted by InfoSec News on Jan 15http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2983516