Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Softpedia News

Somebody Hacked Verizon's Data Breach Experts
Softpedia News
Its security division is well known in the infosec community, where its annual Data Breach Digest provides a wide variety of case studies of actual data breach incidents the company's experts have helped solve. It is so a great irony that the company ...

and more »
 

(credit: John Lester)

Researchers have discovered highly stealthy malware that can infect computers not connected to the Internet and leaves no evidence on the computers it compromises.

USB Thief gets its name because it spreads on USB thumb and hard drives and steals huge volumes of data once it has taken hold. Unlike previously discovered USB-born malware, it uses a series of novel techniques to bind itself to its host drive to ensure it can't easily be copied and analyzed. It uses a multi-staged encryption scheme that derives its key from the device ID of the USB drive. A chain of loader files also contains a list of file names that are unique to every instance of the malware. Some of the file names are based on the precise file content and the time the file was created. As a result, the malware won't execute if the files are moved to a drive other than the one chosen by the original developers.

"In addition to the interesting concept of self-protecting multi-stage malware, the (relatively simple) data-stealing payload is very powerful, especially since it does not leave any evidence on the affected computer," Tomáš Gardoň, a malware analyst with antivirus provider Eset, wrote in a blog post published Wednesday. "After the USB is removed, nobody can find out that data was stolen. Also, it would not be difficult to redesign the malware to change from a data-stealing payload to any other malicious payload."

Read 8 remaining paragraphs | Comments

 

Code warriors
Chico News & Review
Among the other presentations will be talks on coding, InfoSec (information security), the corporate takeover of the hacker community, and how-to-hack gift cards. The convention will provide an opportunity to learn hacking basics. Caput says he's has ...

and more »
 

Verizon Enterprise offers security services, but it is dealing with a breach of its own this week. (credit: Verizon)

After a data breach at Verizon Enterprise Solutions, a customer database and information about Verizon security flaws were reportedly put up for sale by criminals this week.

According to KrebsOnSecurity, "a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise." The entire database was priced at $100,000, or $10,000 for each set of 100,000 customer records. "Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site," security journalist Brian Krebs reported.

Verizon Enterprise is itself a seller of security products and services, often helping Fortune 500 businesses clean up after data breaches. Verizon Enterprise also sells Internet service to large businesses, along with a variety of other networking products.

Read 4 remaining paragraphs | Comments

 

Companies weigh tech skills, business polish for CISO job
TechTarget
A CISO with lots of technology credentials may have a hard time getting other executives or board members at retail, insurance or healthcare companies to understand that information security risk is business risk. But at software development, say, ...

 

Techworm

Microsoft's TAY AI Chatbot transforms into Hitler loving, sex promoting robot
Techworm
Twitter seems to turn even an machine into a racist these days. A day after Microsoft introduced its Artificial Intelligence chat robot to Twitter it has had to delete it after it transformed into an evil Hitler-loving, incestual sex-promoting, 'Bush ...

and more »
 
Critical-infrastructure leaders and others have provided feedback on the voluntary, federally led Cybersecurity Framework at the invitation of the National Institute of Standards and Technology (NIST). Today NIST published an analysis of ...
 

The indictment against employees of the Iranian information security firm ITSecTeam, unsealed today, alleges the company was one of two involved in state-sanctioned attacks against US banks and SCADA systems.

US Attorney General Loretta Lynch, FBI Director James Comey, and other Justice Department officials announced today that a federal grand jury had issued indictments for seven Iranians employed by two information technology companies. The indictments allege that the companies were contracted by the Iranian government to conduct cyber attacks against bank websites in the US and carry out intrusion into the supervisory control and data acquisition (SCADA) network of a dam near Rye, New York.

In a press conference announcing the indictments, Lynch said, "Today, we have unsealed an indictment against seven alleged experienced hackers employed by computer security companies working on behalf of the Iranian government, including the Islamic Revolutionary Guard Corps. A federal grand jury in Manhattan found that these seven individuals conspired together, and with others, to conduct a series of cyberattacks against civilian targets in the United States financial industry that, in all, cost victims tens of millions of dollars."

The seven worked at ITSecTeam (ITSEC) and Mersad Company, both based in Iran. The companies are alleged to be contracted by the Iranian government and the Iranian Revolutionary Guard to conduct a range of network intrusions and attacks, including distributed denial of service campaigns against the websites of several US banks. The DDoS attacks, which started sporadically in December 2011, continued into September 2012—when attacks were ramped up to a "near-weekly basis,' the indictment states. At their peaks, the DDoS attacks reached 140 gigabits per second.

Read 4 remaining paragraphs | Comments

 

'Mr. Robot' season 2 spoilers: Elliot's world is about to become more complicated
Ecumenical News
Of Wallstrom's character, there still no news on his whereabouts ever since he disappeared in the finale. Meanwhile, series creator Sam Esmail told Variety that most of the storylines for season 2 would revolve around the Federal Bureau of ...

and more »
 

Embedded code used in a drive-by attack on the website of EC-Council, the professional organization that maintains the Certified Ethical Hacker program. (credit: Fox IT)

For the past four days, including during the hour that this post was being prepared on Thursday morning, a major security certification organization has been spreading TeslaCrypt malware—despite repeated warnings from outside researchers.

EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker program, started spreading the scourge on Monday. Shortly afterward, researchers from security firm Fox IT notified EC-Council officials that one of their subdomains—which just happens to provide online training for computer security students—had come under the spell of Angler, a toolkit sold online that provides powerful Web drive-by exploits. On Thursday, after receiving no reply and still detecting that the site was infected, Fox IT published this blog post, apparently under the reasonable belief that when attempts to privately inform the company fail, it's reasonable to go public.

Like so many drive-by attack campaigns, the one hitting the EC-Council is designed to be vexingly hard for researchers to replicate. It targets only visitors using Internet Explorer and then only when they come to the site from Google, Bing, or another search engine. Even when these conditions are met, people from certain IP addresses—say those in certain geographic locales—are also spared. The EC-Council pages of those who aren't spared then receive embedded code that redirects the browser to a chain of malicious domains that host the Angler exploits.

Read 2 remaining paragraphs | Comments

 

Techworm

You can soon play PlayStation games on iPhones and Android smartphones
Techworm
While this will be a mega news for gamers, Forward Works, Sony's mobile gaming arm, is going to focus on users based in Japan and Asia, according to today's announcement. The division will be formally created on April 1, the same date that Sony ...

and more »
 
[SYSS-2016-016] innovaphone IP222 - Improper Input Validation
 
[SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts
 
[SYSS-2016-017] innovaphone IP222 - Improper Input Validation
 
[SECURITY] [DSA 3527-1] inspircd security update
 
XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section
 

Code warriors Web headline
Chico News & Review
Among the other presentations will be talks on coding, InfoSec (information security), the corporate takeover of the hacker community, and how-to-hack gift cards. The convention will provide an opportunity to learn hacking basics. Caput says he's has ...

 

CloudTweaks News

Montreal – A Burgeoning International Startup Hub
CloudTweaks News
Not only the first in Canada, this data center for AWS cloud services will be the first such data center situated outside of North America, and the Board of Trade of Metropolitan Montreal has welcomed this news as proof that Montreal's IT sector is a ...

 
Internet Storm Center Infocon Status