Information Security News
According to a new paper authored by two Google security engineers, 21 out of the world’s top 25 news organizations have been successfully hacked by state-sponsored actors.
Among targets of hacking attacks, journalists were “massively over-represented,” Shane Huntley, one of the paper's authors, told the news wire. Google has been monitoring such attacks, which are often sponsored by foreign governments that seek sensitive information held by journalistic enterprises, in many cases related to secretive corporate and governmental operations.
Developers of two popular smartphone apps—Fandango and Credit Karma—have been caught transmitting passwords, social security numbers, birth dates, and other highly sensitive user data over the Internet without properly encrypting it first, officials with the Federal Trade Commission said.
As a result, it was trivial for hackers to intercept the data when people used the apps on both Apple's iOS and Google's Android mobile operating systems, complaints filed by the FTC alleged. The complaints leveled charges of other shortcomings in the developers' security, including the failure to properly test and audit the safety of apps before making them available for download. The improper encryption, which security experts warn is akin to having no encryption at all, was allowed to persist for four years at Fandango. The company also failed to have an adequate process for receiving vulnerability reports from researchers and other third parties, FTC officials said.
Fandango has as many as 100 million downloads from the iOS App Store and Google Play market for Android. Among other things, the app allows users to buy movie tickets. Credit Karma has five million to 10 million downloads and allows users to monitor their credit scores.
While looking at the latest honeypot data for what is happening with Synology devices, I did notice one particular agressive IP connecting to a number of our honeypot IPs. At first, I figured it may just be a new Shodan scan (got tons of them in the honeypot). But when I connected to port 443 using openssl, I saw a rather interesting SSL certificate being sent:
$ openssl s_client -connect a.b.c.d:443 CONNECTED(00000003) depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = HIKVISION, OU = DVRNVR, CN = www.hikvision.com, emailAddress = [email protected] verify error:num=18:self signed certificate verify return:1 depth=0 C = CN, ST = ZheJiang, L = HangZhou, O = HIKVISION, OU = DVRNVR, CN = www.hikvision.com, emailAddress = [email protected] verify return:1 GET --- Certificate chain 0 s:/C=CN/ST=ZheJiang/L=HangZhou/O=HIKVISION/OU=DVRNVR/CN=www.hikvision.com/[email protected] i:/C=CN/ST=ZheJiang/L=HangZhou/O=HIKVISION/OU=DVRNVR/CN=www.hikvision.com/[email protected]
This certificate appears to be associated with a DVR sold in conjunction with security camera systems . Usually these systems run some form of Linux, so I guess it is to expected that given a weak password, these systems get mistaken for a Linux server and exploited just like one.
Right now, if I am real lucky I may be able to get a hold of the owner of the DVR, but it looks like a Chinese residential IP so not getting my hopes up too high.
Posted by InfoSec News on Mar 28http://www.networkworld.com/news/2014/032714-solutionary-280149.html
Posted by InfoSec News on Mar 28http://healthitsecurity.com/2014/03/27/how-will-windows-xp-end-of-support-affect-health-it-security/
Posted by InfoSec News on Mar 28http://dealbook.nytimes.com/2014/03/26/law-firms-scrutinized-as-hacking-increases/
Posted by InfoSec News on Mar 28http://blogs.wsj.com/digits/2014/03/27/new-firm-pitches-cybersecurity-for-less-well-heeled/
Posted by InfoSec News on Mar 28http://arstechnica.com/tech-policy/2014/03/feds-want-an-expanded-ability-to-hack-criminal-suspects-computers/