Hackin9

ITProPortal

Infosec 2013: Bitdefender previews Android privacy app Clueful
ITProPortal
This was identified as the most pertinent problem in mobile security when we discussed the subject with industry experts recently, and it appears Romanian firm Bitdefender – who ITProPortal met at this week's Infosec in London - is thinking along the ...

 

ITProPortal

Infosec 2013: BlackBerry talks up “mature” tech ahead of Q10 launch
ITProPortal
With the return of its trademark physical-keyboard smartphone finally taking place this weekend, BlackBerry has told ITProPortal its “mature” mobile philosophy will make the burgeoning BB10 line a major force in the market. The Canadian firm today ...

and more »
 

Infosec 2013: There is no such thing as information security risk
CSO
April 24, 2013 — Techworld — There is no such thing as information security risk, according to a panel of security professionals speaking at the Infosecurity Europe 2013 conference in London; the only risk that matters within any organisation is the ...

and more »
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A key U.S. lawmaker has unveiled plans for a comprehensive review of the laws surrounding copyright in the United States to determine whether they are still relevant in the digital age.
 
The three-year blockade against donations to WikiLeaks may have just been chiseled away, in Iceland, by a ruling handed down by the European country's Supreme Court.
 

V3.co.uk

Infosec 2013: Cyber threats unlikely to disappear, says security researcher
ComputerWeekly.com
Latest Headlines. Infosec 2013: Cyber threats unlikely to disappear, says security researcher · Infosec 2013: Sophos updates free Android security app · Infosec 2013: ICO expects clarity on EU data rules only in 2014 · View All News ...
Infosec 2013: Apple App Store hailed as biggest security achievement in past ...V3.co.uk
We will always be fighting cyber crime, says Mikko HypponenInquirer
Infosecurity Europe honours Shlomo Kramer and Mikko Hypponen in the 2013 ...Virtual-Strategy Magazine (press release)

all 8 news articles »
 
Scientists at the Large Hadron Collider say they are getting some clues about where all the anti-matter went
 
The U.S. online advertising industry has not lived up to a promise to stop the online tracking of Internet users who ask advertisers to do so, a senior U.S. senator said Wednesday.
 
Scores of IT projects being conducted by North Carolina's government are racking up higher-than-expected costs and going far beyond their planned schedules, a new report by the state's auditor has found.
 
Companies using social networks like Twitter and Facebook need to face what to do during a national crisis like the Boston Marathon bombing.
 
Dell has pulled together products it gained from its recent acquisitions into a series of BYOD offerings, though it faces the challenge of selling them at a time when the company's ownership hangs in the balance.
 

V3.co.uk

ICO expects clarity on EU data rules only in 2014
ComputerWeekly.com
Latest Headlines. Infosec 2013: Cyber threats unlikely to disappear, says security researcher · Infosec 2013: Sophos updates free Android security app · Infosec 2013: ICO expects clarity on EU data rules only in 2014 · View All News ...
Infosec 2013: ICO dismisses EC's 'tick box' approach to data protectionV3.co.uk
The right to be forgotten is unrealistic, says ICOComputing

all 11 news articles »
 

Infosec 2013: BAE Systems Detica claims China hacking group has "restarted ...
ITProPortal
Security group BAE Systems Detica has stuck its oar into the ongoing saga surrounding China's alleged involvement in cyber attacks on foreign organisations, announcing at Infosec that the Shanghai hacking unit levelled with major accusations in ...

and more »
 
Thousands of older systems, including those used to manage traffic lights, fuel pumps, point-of-sale terminals and building automation can be tampered with because they're insecurely connected to the Internet.
 
Eight years after the first Xbox 360 units shipped, Microsoft will finally pull the curtains off its long-awaited successor on May 21.
 
Overwhelming global demand may limit initial supplies of the Galaxy S4 smartphone, Samsung said Wednesday, while both Sprint and T-Mobile USA confirmed there would be delays in their receiving the phones.
 
Automobile makers should prevent drivers from using their in-vehicle electronic devices to browse the Internet and send text messages while their vehicles are moving, the U.S. Department of Transportation has recommended.
 
Tumblr is giving its users more options to share their posts across other social networks such as Twitter and Facebook, with a new iOS app released Wednesday.
 

A critical flaw in an Android app downloaded as many as 100 million times allows attackers to take full control of handsets even when they're protected by screen locks.

The vulnerability in the Skype rival known as Viber affects Android smartphone brands such as Samsung, Sony, and HTC, according to a blog post published Tuesday by Bkav Internet Security. Although attack techniques differ from model to model, they all exploit programming logic in the way Viber handles popup messages, researchers with the company wrote.

A spokesman Viber Media, maker of the affected app, said company officials learned of the vulnerability on Wednesday and plan to release a fix next week.

Read 3 remaining paragraphs | Comments

 
CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
 
Verizon's annual breach report highlights a spate of new security research reports. However, overall conclusions from these are hard to come by.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Making good on a promise made in December, VMware and parent company EMC have launched a new company, called Pivotal, to offer an enterprise-ready data analysis platform as a service (PaaS) based on software from both companies.
 
The merger of T-Mobile USA and MetroPCS cleared its last major hurdle on Wednesday as MetroPCS shareholders overwhelmingly approved the deal.
 
Financial concerns in the wake of the recession are causing companies to better align IT and business and this shift is changing what is expected from technology workers, say executives and staffing professionals. Business acumen is now on par with possessing stellar technical skills, with in-demand employees those who can contribute more than code to the company.
 
Apple CEO Tim Cook on Tuesday defended the company's iconic Mac line, which saw a second consecutive decline in sales last quarter, and promised that Apple would continue to crank out personal computers.
 
The new BlackBerry Q10 smartphone features a qwerty keypad, along with an updated OS and some great new features. But do users still want a 'real' keyboard?
 
Cisco's new director-class switch for storage, unveiled today, increases throughput six-fold and offers N+1 resilience.
 
Texas law enforcement officer Nick Selby balks at the notion that last week's Boston Marathon bombings was the result of an intelligence failure.
 
Samsung is making an aggressive sales push in the U.S. market by expanding into thousands of third-party retail outlets where dedicated staff will sell and provide advice on the company's smartphones, tablets and entertainment products.
 

V3.co.uk

Infosec 2013: Police call for united front in fight against cyber crime
V3.co.uk
McMurdie said a lack of resources in the public sector means firms needs to help the police battle back against criminals, during a speech at Infosec on Wednesday. "We can always do more and I wish I had three-to-four times the capability I've ...
InfoSec 2013: MoD Warns Cyber Attack Could Bring Down GovernmentTechWeekEurope UK

all 2 news articles »
 
Sprint warned Wednesday that it will be "slightly delayed" with its full launch of the Samsung Galaxy S 4 on Saturday as planned.
 
Apple today said that its annual developers conference will take place June 10-14, when it will provide developers with preview builds of the next versions of both iOS and OS X.
 
A recently patched Java remote code execution vulnerability is already being exploited by cybercriminals in mass attacks to infect computers with scareware, security researchers warn.
 
EMC reported first-quarter revenue rose 6% to $5.39 billion, while net income fell about 1% year-over year to $580 million as costs rose.
 
Two WordPress cache plugins were discovered to allow commenters to inject PHP code into the server. The developers have fixed the flaws and users of the affected cache plugins should update as soon as possible
    


 
The popular VirusTotal scan service that offers over 20 anti-virus scanners under one roof now also looks for signs of malware infections in captured network traffic
    


 

In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity.

When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently we've started seeing $60 transactions.  These are easily identified and the motive is very clear, test the card.  If the transaction goes through the card number and CVC (if needed) or other details are correct.

Recently however I've been seeing more interesting transactions. The transactions start with a high value and step down until the transaction is accepted.  ie. we start with a charge of 10K, the next transaction 9K , 8K ......3K, $1000, $900, $800, ....$100.  The process is automated so if the limit on the card is high enough multiple transactions are sometimes accepted. Again these transactions are easily identified, however the motive eludes me. We looked at a number of possibilities:

  • identify the upper limit on the card. - The process however results in the card being maxed out. The issuing bank or card brand blocks the card. The number now no longer has any value. You know the upper limit, but can no longer use the card.
  • purchases for resale - This was the obvious one, but in the cases I worked on, none actually deliver physical product to the purchaser.   
  • Refunds? - Another scenario we looked at is that after the transactions are done the organisation is called by the fake cardholder and a refund is requested. Because their bank has blocked the card they'd like to be refunded to a different card or some other payment mechanism. Looking at refunds and refund requests through customer service avenues allowed us to discard this scenario in the cases we worked on.
  • Credit Card DOS - A third scenario was a DOS on cards,  max out the card and as many as possible and irritate either the bank or the card brand, or the proper cardholders. The volumes however would be annoying for the merchant and issuing bank, but were certainly not on epic scales. Unless of course we were only seeing one small part of a much larger distributed effort.

So what I'm asking those of you that deal with credit card payments is this.  Have you seen similar behaviour in your payment systems?  Multiple transactions on the same card, starting with a big value, stepping down in increments to lower values until the transaction is accepted and in some cases beyond. Those of you that deal with donation sites or online delivery (i.e. no physical product) are more likely to see these.

If you have other ideas on what the point of these transactions is by all means share, either as a comment or through the contact form.

Regards
Mark H  (markh.isc at gmail.com)

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The attack seeks to compromise a Twitter webpage via a man-in-the-browser attack. Trusteer warns it could be a harbinger of broader future attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Infosec 2013: cyber security sector failing to attract new talent
Techworld.com
The cyber security sector in the UK is failing to attract young people into the industry – especially women – according to research released this week by e-skills UK. The research, carried out in partnership with information security recruitment ...

 
LinuxSecurity.com: Due to a regression, IcedTea-Web might not be able to access some sites.
 
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver
 
Cisco/Linksys HTTP Service Remote DoS (Denial of Service)
 
[security bulletin] HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency
 

V3.co.uk

Infosec 2013: ICO dismisses EC's 'tick box' approach to data protection
V3.co.uk
The data protectionlegislation proposed by the European Commission (EC) takes too much of a "tick box" approach to be effective and will do nothing more than lumbering firms with excessive paperwork, according to the deputy information commissioner, ...
ICO expects clarity on EU data rules only in 2014ComputerWeekly.com
ICO: Europe's prescriptive approach to data protection won't work in the UKComputing

all 11 news articles »
 

SC Magazine UK

Infosec 2013: C&C research finds 93.8 per cent of countries have received a ...
SC Magazine UK
According to research, 93.8 per cent of countries in the world host malware or a command and control (C&C) server. Research by FireEye of 12 million callback events, found that 184 countries had a callback, or were hosting some sort of malware or ...

and more »
 
RETIRED: Google Chrome Prior to 24.0.1312.52 Multiple Security Vulnerabilities
 

Sophos updates free Android security app
ComputerWeekly.com
Google's Android mobile operating system (OS) is an increasingly popular target for malware and SMS phishing or SMiShing, says security firm Sophos. This is because Android has become the world's most popular smartphone OS. According to comScore ...

and more »
 

V3.co.uk

Infosec 2013: Apple App Store hailed as biggest security achievement in past ...
V3.co.uk
Hypponen said the closed approach taken by Apple for its App Store has made the marketplace one of the most secure in the world, in a question and answer session at the Infosec conference on Wednesday. "Think about the Apple model, you have a device ...
Infosec 2013: Cyber threats unlikely to disappear, says security researcherComputerWeekly.com
We will always be fighting cyber crime, says Mikko HypponenInquirer
Infosecurity Europe honours Shlomo Kramer and Mikko Hypponen in the 2013 ...Virtual-Strategy Magazine (press release)

all 8 news articles »
 
April's Patch Tuesday didn't quite go according to plan, as one of the security updates caused system crashes and error messages. Now, a new patch has arrived
    


 

V3.co.uk

Infosec 2013: Cyberwar threats to escalate over next decade
V3.co.uk
Hypponen warned that the cyber threat facing businesses will continue to grow and get exponentially worse over the next 10 years during a speech at Infosec in London on Wednesday. "The biggest change of all over the last 10 years is that governments ...

 

Bobsguide (press release) (blog)

Show Report: Infosec Europe 2013
Bobsguide (press release) (blog)
The 2013 infosec trade show got underway, before news of the attack circulated, with an opening keynote speech from Chloe Smith, UK Minister for Political and Constitutional Reform in the Cabinet Office, who outlined the UK's cybercrime strategy.
Infosec 2013: Communication skills vital for CISOs of the futureSC Magazine UK

all 3 news articles »
 
Getting hacked on Twitter is fast becoming a rite of passage for big corporations, but Tuesday's attack on the Associated Press could be a tipping point and shows that social networks must do more to keep their users safe, security experts said.
 

TechWeekEurope UK

InfoSec 2013: Security Big Guns Back Cyber Weapons Non-Proliferation Treaty
TechWeekEurope UK
Some of the biggest players in the security industry have backed calls for a cyber weapons non-proliferation treaty, akin to the 1970 agreement that sought to stop nations building nuclear arms. The deal covering nuclear weapons has been ratified or ...

and more »
 
Nokia's latest advanced feature phone, the Asha 210, comes with a physical key to access WhatsApp messaging, as well as software clients for Twitter and Facebook.
 
Amazon Web Services is looking to expand its security offerings with hosted intrusion protection appliances and more extensive encryption features, as it seeks to increase the level of protection users can get in its cloud.
 
Microsoft has inked an agreement that adds ZTE to its Android and Chrome patent licensing program.
 
A well-known cyberspying tool called Gh0st RAT is still being employed in stealthy malware attacks, according to security firm FireEye.
 
Windows Server 2012 Hyper-V combines easy setup and management with new features that lower the entry barrier to highly available virtualization clusters
 
Windows Server 2012 Hyper-V brings advanced virtualization features to small shops, but VMware still reigns at the high end
 
VMware takes virtualization higher and deeper with rich storage automation and more advanced virtual networking tools
 
A patent that Motorola Mobility used to force Apple to turn off its iCloud push mail service in Germany is likely to be invalid, the Higher Regional Court in Karlsruhe said on Wednesday -- but the ban will not be lifted, a court spokeswoman said.
 
Google Chrome CVE-2012-5154 Integer Overflow Vulnerability
 

Infosec 2013: There is no such thing as information security risk
Techworld.com
There is no such thing as information security risk, according to a panel of security professionals speaking at the Infosecurity Europe 2013 conference in London; the only risk that matters within any organisation is the risk to the bottom line. Serge ...

and more »
 

V3.co.uk

Infosec 2013: Flood of breaches show really bad year for small business security
SC Magazine UK
SC Magazine UK > News > Infosec 2013: Flood of breaches show really bad year for small business security. Infosec 2013: Flood of breaches show really bad year for small business security. Asavin Wattanajantra. April 24, 2013. Print · Email · Reprint ...
Infosec 2013: UK fighting back in cyber battle as security sector growsV3.co.uk
Infosec 2013: Cost of cyber breaches rises three-fold, research showsComputerWeekly.com
Infosec 2013: UK vendors can profit from growing cyber threats, says ...ITProPortal
IT PRO -TechWeekEurope UK -ChannelBiz
all 47 news articles »
 
The BlackBerry Q10 with its physical keyboard is expected to be available from major U.S. carriers in late May at a suggested price of $249 with a contract.
 
Unknown attackers deployed a bogus tweet on the news service's Twitter timeline saying that two explosions had occurred at the White House
    


 
Google Chrome CVE-2012-5146 Same Origin Policy Security Bypass Vulnerability
 

Sydney Morning Herald

Australian LulzSec hacker arrested
Sydney Morning Herald
Australian police have arrested IT security professional and self-proclaimed leader of an international hacking ring Matthew Flannery after he allegedly infiltrated a government website this month. The 24-year-old man, from Point Clare on the NSW ...

and more »
 
RETIRED: Oracle January 2013 Critical Patch Update Multiple Vulnerabilities
 

Infosec 2013: Communication skills vital for CISOs of the future
SC Magazine UK
Subscribe to our RSS feeds RSS | Log in | Register · SC Magazine UK > News > Infosec 2013: Communication skills vital for CISOs of the future. Infosec 2013: Communication skills vital for CISOs of the future. Asavin Wattanajantra. April 24, 2013. Print ...

 

Posted by InfoSec News on Apr 24

http://arstechnica.com/security/2013/04/hacked-ap-twitter-feed-rocks-market-after-sending-false-news-flash/

By Dan Goodin
Ars Technica
Apr 23 2013

Stock prices plunged and then quickly recovered after a Twitter account
belonging to the Associated Press was hacked and used to send a bogus report
falsely claiming that the White House had been bombed and President Obama was
injured.

"The @AP Twitter account has been suspended after it was...
 
IBM Java SDK CVE-2013-0485 Unspecified Security Vulnerability
 
Internet Storm Center Infocon Status