Information Security News
Posted by InfoSec News on Mar 20http://www.v3.co.uk/v3-uk/news/2256031/blackberry-denies-bb10-and-z10-flunked-uk-government-security-test
Posted by InfoSec News on Mar 20http://www.nj.com/hudson/index.ssf/2013/03/former_it_administrator_pleade.html
A cyber-attack in South Korea on Wednesday took the networks of several companies offline. While some recovered in a matter of hours, South Korea's public broadcasting organization, KBS, is still offline. But the identity of the person or group behind the attacks is still an open question—one muddied by the hackers who are taking credit for at least part of it. It's not clear at this point if the attack was state-sponsored, cyber-warfare by North Korea or simply an act of cyberterrorism by hackers looking to make a virtual name for themselves.
As we reported earlier, at about 2pm Seoul time, the networks of three broadcasters and three banks were affected by an attack that disrupted their networks, possibly caused by malware. But while malware was initially blamed for the outage, the malware that's been discovered thus far could not have taken networks down by itself. There was a lot more going on than just a malware attack; the convergence of multiple types of attacks suggests a coordinated effort by an organized attacker.
The latest update from South Korean officials is that the attack emanated from a Chinese IP address. But the identity of the attackers is still unclear.
Howard Schmidt to Keynote InfoSec World 2013 in Orlando in April
PR Newswire (press release)
SOUTHBOROUGH, Mass., March 19, 2013 /PRNewswire/ -- Security veteran Howard Schmidt will be the kick-off keynote at InfoSec World 2013 that will take place April 15-17, 2013 in Orlando, Florida. Security veteran Howard Schmidt , who has headed up ...
by Jacqui Cheng
Just a day after Apple released iOS 6.1.3, a new lock screen bug has been discovered that could give an attacker access to private information. The vulnerability is different from the passcode bug(s) addressed by Tuesday's iOS update, but the end result is similar: access to iPhone's contact list and photos.
The new lock screen bug was first documented by YouTube user videosdebarraquito, who posted a video demoing the procedure. The basic gist, seen in the video below, is to eject the iPhone's SIM card while using the built-in voice controls to make a phone call.
There are a couple important things to keep in mind, though. For one, it seems like this bug applies to most modern iPhones, though apparently the procedure isn't as easy as it looks. The YouTube video above shows the hack being executed on an iPhone 4, and iphoneincanada was able to replicate it on an iPhone 4. TheNextWeb was able to replicate it on an iPhone 4S but not an iPhone 5. But the iPhone 5 didn't get away scot free, as German language site iPhoneblog.de appears to have been able to replicate the bug on that version of the phone. We have not yet seen a confirmed case of the bug existing on the iPhone 3GS, though it's probably safe to assume that it does.
Researchers have unearthed a decade-long espionage operation that used the popular TeamViewer remote-access program and proprietary malware to target high-level political and industrial figures in Eastern Europe.
TeamSpy, as the shadow group has been dubbed, collected encryption keys and documents marked as "secret" from a variety of high-level targets, according to a report published Wednesday by Hungary-based CrySyS Lab. Targets included a Russia-based Embassy for an undisclosed country belonging to both NATO and the European Union, an industrial manufacturer also located in Russia, multiple research and educational organizations in France and Belgium, and an electronics company located in Iran. CrySyS learned of the attacks after Hungary's National Security Authority disclosed intelligence that TeamSpy had hit an unnamed "Hungarian high-profile governmental victim."
Malware used in the attacks indicates that those responsible may have operated for years and may have also targeted figures in a variety of countries throughout the world. Adding intrigue to the discovery, techniques used in the attacks bear a striking resemblance to an online banking fraud ring known as Sheldon, and a separate analysis from researchers at Kaspersky Lab found similarities to the Red October espionage campaign that the Russia-based security firm discovered earlier this year.
Attackers are using fraudulently obtained information to take over high-profile Xbox Live accounts held by current and former Microsoft employees, company officials said.
"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees," Microsoft officials said in a statement sent to Ars. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use."
The disclosure comes two days after security reporter Brian Krebs linked one of the people who may have prompted a raid on his home by armed police to a four-man team that uses illicitly obtained credit information to hijack Xbox Live accounts. According to Krebs, the same person who took credit online for the swatting attack also ordered a denial-of-service attack on his website. Records unearthed by Krebs found that the same Gmail address used to order that hit also ordered a DoS on Ars Technica.
In one of the more audacious and ethically questionable research projects in recent memory, an anonymous hacker built a botnet of more than 420,000 Internet-connected devices and used it to perform one of the most comprehensive surveys ever to measure the insecurity of the global network.
In all, the nine-month scanning project found 420 million IPv4 addresses that responded to probes and 36 million more addresses that had one or more ports open. A large percentage of the unsecured devices bore the hallmarks of broadband modems, network routers, and other devices with embedded operating systems that typically aren't intended to be exposed to the outside world. The researcher found a total of 1.3 billion addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. There were no signs of life from the remaining 2.3 billion IPv4 addresses.
Continually scanning almost 4 billion addresses for nine months is a big job. In true guerilla research fashion, the unknown hacker developed a small scanning program that scoured the Internet for devices that could be logged into using no account credentials at all or the usernames and passwords of either "root" or "admin." When the program encountered unsecured devices, it installed itself on them and used them to conduct additional scans. The viral growth of the botnet allowed it to infect about 100,000 devices within a day of the program's release. The critical mass allowed the hacker to scan the Internet quickly and cheaply. With about 4,000 clients, it could scan one port on all 3.6 billion addresses in a single day. Because the project ran 1,000 unique probes on 742 separate ports, and possibly because the binary was uninstalled each time an infected device was restarted, the hacker commandeered a total of 420,000 devices to perform the survey.
by Sean Gallagher
The computer networks of three major South Korean banks and three television networks went offline nearly simultaneously at 2pm Seoul time on Wednesday, according to South Korea's National Police Agency. The government confirmed that malware was used to bring the networks down, and it is looking into whether North Korea is behind the attack.
While no definitive link has been made to North Korea, the government has said it's not ruling out the possibility. The South Korean military has raised its information surveillance levels in the wake of the attack, according to a report by Yonhap News Agency's Kim Eun-jung. North Korea has been blamed for a number of previous cyberattacks against South Korean government and business networks.
A spokesperson for South Korea's public broadcasting company KBS told Yonhap News Service that its network had been "paralyzed since 2pm, and we cannot do any business." At cable broadcaster YTN, editing equipment was also affected, impacting its broadcasts. The attack on financial institutions Shinhan Bank, Jeju, and Nonghyup affected Internet and mobile banking applications while taking ATM machines offline.
Posted by InfoSec News on Mar 19http://www.hawaiinewsnow.com/story/21676306/pacific-command-contractor-charged-with-spying
Posted by InfoSec News on Mar 19http://www.darkreading.com/advanced-threats/167901091/security/application-security/240151010/decoy-ics-scada-water-utility-networks-hit-by-attacks.html
Posted by InfoSec News on Mar 19http://rt.com/usa/nato-publishes-cyberwar-guidelines-502/
Posted by InfoSec News on Mar 19http://www.nextgov.com/defense/2013/03/pentagon-plans-deploy-more-100-cyber-teams-late-2015/61948/
Posted by InfoSec News on Mar 19http://thehill.com/blogs/hillicon-valley/technology/289127-mandiant-chinese-hacker-unit-attempted-to-clean-up-online-presence