Hackin9

Forbes

TrueCrypt Shut Down; What to Use Now to Encrypt Your Data
PC Magazine
"PGP/GnuPG comes to mind," Ullrich said on the InfoSec Handlers Diary. German company Steganos is offering an older version of their encryption tool (version 15 is their latest, but the offer is for version 14) for free to users, which isn't really ...
TrueCrypt is Dead, Long Live BitLockerWindows IT Pro
TrueCrypt is no longer secure – government power and the open source ...SiliconANGLE (blog)
TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use insteadRegister
Network World
all 110 news articles »
 
AppliedMicro plans to put ARM mobile chips with 16 cores in servers, but is approaching the market cautiously following the abrupt shutdown of ARM server pioneer Calxeda late last year.
 
Facebook will soon be listening to its users -- literally -- but some of them wish it would cover its ears.
 
Moodle CVE-2014-0215 Remote Information Disclosure Vulnerability
 
The GPRS Roaming Exchange (GRX) network, which carries roaming traffic among hundreds of mobile operators worldwide, contains Internet-reachable hosts that run vulnerable and unnecessary services, recent security scans reveal.
 
Technology stocks are up for the year, and while high company valuations may boost compensation for some executives, it doesn't necessarily help them sleep easier at night. In fact, those high share prices can be a cause for concern.
 
JavaScript is the reigning programming language across platforms and devices. Harness that power with the right frameworks and tools
 
A U.S. House of Representatives committee has reportedly launched an investigation into the Federal Trade Commission's use of information from a peer-to-peer security vendor to bring a data breach complaint against a medical testing laboratory.
 
Microsoft remains committed to trouncing Salesforce.com in the CRM market.
 
OpenDNS plans to drop in-browser ads from its free consumer services next week because its pivot to an enterprise security provider has been successful.
 
The FTC has published enough information publicly for companies to know what it considers reasonable security practices for protecting sensitive data, an FTC official said.
 
Computer scientists at Sandia National Laboratories have launched an effort to develop whole new types of computers that will be used 10, 25 or even 50 years from now.
 
Mozilla Network Security Services CVE-2014-1492 Security Bypass Vulnerability
 
Tests by the National Ballistics Intelligence Service in Birmingham, England and Warwick University found that 3D-printed plastic guns can be more dangerous to the user than the intended target.
 
Jeff Schilling, who joined cloud hosting startup FireHost this week as chief security officer, knows a thing or two about cybersecurity.
 
The App Store page for a clone of 1Password, a popular security app that stores login information.

A 1Password clone has snuck its way into the App Store with a near-perfect replica of the real deal's logo. The clone version retails for $1.99, $16 less than the price of 1 Password developer Agile Bits' original login-storing app. The clone looks to be of dubious origin, as do a handful of other cloned apps submitted by the same developer.

Apple's walled-garden system for its App Store is meant to prevent the more nefarious forms of activity that can happen in freer markets, like the malware or ad-spam apps found in the Google Play Store. But the method for approving apps for sale has always been a black box, and lately, that box seems particularly hospitable to clones.

Read 4 remaining paragraphs | Comments

 
Google Compute Engine Multiple DOS Vulnerabilities
 
Google Compute Engine - Lateral Compromise
 
Sales of videoconferencing and telepresence hardware systems are declining, hurt by an increase in cloud and software-based options that often are cheaper and simpler to deploy, according to an IDC study.
 
The digital pin-board of choice for more than 70 million users made two significant steps on the advertising front in as many weeks. With an expanded test of ad products and targeting now underway, you can expect to see more ads as the company aims at online marketers.
 
Google is moving ahead with plans to aggressively lock down its Chrome browser by disabling most add-ons not installed from its curated app store and banning plug-ins built to a decades-old standard.
 
Want a robot that you can print out and watch as it assembles itself? If so, a group of MIT scientists may have something for you
 

SiliconANGLE (blog)

TrueCrypt is no longer secure – government power and the open source ...
SiliconANGLE (blog)
On Twitter, infosec guru and Security Conference 'BSides' Co-founder 'Jack_Daniel' stated: So, yeah: hack, troll, ragequit, whatever- silence means TrueCrypt org can't be trusted, so neither can TrueCrypt. Damn. — Jack Daniel (@jack_daniel) May 29, 2014.
TrueCrypt is Dead, Long Live BitLockerWindows IT Pro
Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of MysteryForbes
TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use insteadRegister
Network World
all 98 news articles »
 
Will smartwatches and cars give the Tizen OS the traction it hasn't received in smartphones? The OS's backers are getting their hopes up in advance of a developer conference next week.
 

TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago.

Phase II of the security audit was already scheduled to commence when Wednesday's bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for.

"We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday's circumstances," Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. "We don't want there to remain all sorts of questions or scenarios or what ifs in people's minds. TrueCrypt has been around for 10 years and it's never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis."

Read 5 remaining paragraphs | Comments

 
The National Institute of Standards and Technology (NIST) hasrequested public commentson its newly proposed 'Secure Hash Algorithm-3' (SHA-3) Standard, which isdesigned to protect the integrity of electronic messages.The draft Federal ...
 
Moodle CVE-2014-0213 Cross Site Request Forgery Vulnerability
 
Benchmarking can pit you against your IT outsourcing supplier on prices. Here are five friendlier alternatives to keep costs competitive and your relationship positive.
 
Taiwanese PC maker Acer is rolling out an 8-inch Android tablet, set to arrive in the third quarter.
 
Executive career coach Ford Meyers gives practical advice for making valuable connections both inside and outside your company.
 
For Dell, reports of the personal computer's death have been greatly exaggerated. In fact, the company's seeing good growth from its PC and thin client lines. Credit new designs, higher screen resolutions, a program for helping users migrate from Windows XP -- and a steadfast refusal to believe the hype about the death of the PC.
 
Editor in Chief Maryfran Johnson describes the profoundly hopeful and uplifting story of how informal coalitions of CIOs from some of the country's leading medical institutions are crossing boundaries to collaborate in the fight against cancer.
 
LinuxSecurity.com: Updated python-django-horizon packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low [More...]
 
LinuxSecurity.com: Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: An updated openstack-heat-templates package that fixes three security issues is now available Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low [More...]
 
LinuxSecurity.com: An updated openstack-foreman-installer package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Updated openstack-nova packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
Cumin CVE-2013-6445 Password Hash Algorithm Security Weakness
 

Our reader Mark sent us a link he recovered from a Phishing e-mail. We don't have the e-mail right now, but the web site delivering the malware is kind of interesting in itself.

The e-mail claims to come from "Energy Australia", an actual Australian utility company, and the link leads to:

hxxp://energymar.com/ data/ electricity/ view/get/ energy.php ?eid=[long number]

Note the somewhat plausible domain name (energymar.com). The actual domain name for Energy Australia is "www.energyaustralia.com.au".

The first screen presented to the user asks the user to solve a very simple CAPTCHA. This is likely put in place to hinder automatic analysis of the URL:

Malware Captcha

(click on images to see full size)

The layout of the page matches the original very well. Users are confronted with CAPTCHAs regularly in similar sites, so I doubt this will raise suspicion.

Next, we are asked to download the file, again using a similar layout.

Fake Bill Download

The "bill" itself is a ZIP file that includes a simple ZIP file that expands to an EXE. Virustotal shows spotty detection:

Virus Total Results

You can also review the full updated results here: https://www.virustotal.com/en/file/ad9692b0d589faf72121e4c390138dfe872fe913f73dd1edb699e60bab38f875/analysis/

It doesn't look like the checksum of this sample changes between downloads, so I hope AV signatures will catch up quickly.

Once downloaded and unzipped, the malware presents itself as a PDF:

PDF Icon in Microsoft Explorer

But then, as soon as the malware is launched, it does reveal it's true nature:

Crypto Locker Screen

We ran this on a fresh Windows 7 Ultimate SP1 32 Bit install with one round of patches, so there wasn't much to encrypt for Cryptolocker.

After launching the malware, the system connected via https to 151.248.118.193.( vps.regruhosting.ru ), likely to retrieve/send the key. I did not see a DNS lookup. The self signed SSL certificate include the IP address 213.183.60.75 as a Subject:

        Serial Number:
            b7:ff:8c:36:d5:71:51:b2
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=213.183.60.75
        Validity
            Not Before: Apr 10 09:41:14 2012 GMT
            Not After : Apr  8 09:41:14 2022 GMT
        Subject: CN=213.183.60.75

---

Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Moodle MoodleMobile Token Expiry Security Bypass Weakness
 
Moodle CVE-2014-0216 Unauthorized Access Vulnerability
 
Moodle courses Remote Information Disclosure Vulnerability
 
Moodle CVE-2014-0218 Cross Site Scripting Vulnerability
 
Apple made it official Wednesday that it would acquire Beats Entertainment, but even after weeks of speculation, pundits still can't decide whether the deal is a smart move.
 
Taiwanese PC maker Acer has made another big push into the smartphone market, and unveiled four new models under its "Liquid" brand that will arrive in the third quarter.
 
The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher.
 
Google executives say they're not satisfied that the company's workforce is largely made up of white males.
 
NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
 
The Apache Software Foundation has announced the first production-ready release of Spark, analysis software that could speed jobs that run on the Hadoop data-processing platform.
 
Apple's Worldwide Developers Conference is the company's one big chance to talk up hardware, operating systems and services -- and explain where Apple is headed. Ryan Faas explains what to look for on Monday.
 
The trial for damages in the e-books price-fixing lawsuit against Apple is to proceed on July 14 after an appeals court declined to stay it.
 
Microsoft's new Surface Pro 3 is supposed to work as both a tablet and a laptop. After working with it for a week, does our reviewer agree?
 

Posted by InfoSec News on May 30

http://www.theregister.co.uk/2014/05/30/france_a_cyberespionage_threat_says_robert_gates/

By Richard Chirgwin
The Register
30 May 2014

Former spook and defense department secretary Robert Gates has identified
France as a major cyber-spying threat against the US.

In statements that are bound to raise eyebrows on both sides of the
Atlantic, Gates (not Bill) nominated French spies as being number two in
the world of industrial cyber-espionage....
 

Posted by InfoSec News on May 30

http://www.bloomberg.com/news/2014-05-29/monsanto-data-security-breached-at-precision-planting.html

By Jack Kaskey
bloomberg.com
May 29, 2014

Monsanto Co. (MON)’s data security was breached at its Precision Planting
unit, exposing employees and customers to potential misuse of credit card
information and tax identification numbers.

Fewer than 1,300 farmer customers were affected by the breach, Christy
Toedebusch, a spokeswoman for the St....
 

Posted by InfoSec News on May 30

http://www.computerworld.com/s/article/9248693/Hackers_put_security_tool_that_finds_payment_card_data_into_their_arsenal

By Jeremy Kirk
IDG News Service
May 30, 2014

Like a crowbar, security software tools can be used for good and evil.

Bootleg versions of a powerful tool called "Card Recon" from Ground Labs,
which searches for payment card data stored in the nooks and crannies of
networks, have been appropriated by cybercriminals....
 

Posted by InfoSec News on May 30

http://news.techworld.com/security/3522313/vessel-tracking-system-vulnerable-to-denial-of-service-other-attacks-researchers-say/

By Lucian Constantin
Techworld.com
29 May 2014

Inexpensive equipment can be used to disrupt vessel-tracking systems and
important communications between ships and port authorities, according to
two security researchers.

During the Hack in the Box conference in Amsterdam Thursday, Marco
Balduzzi, a senior research...
 

Posted by InfoSec News on May 30

http://www.defenseone.com/technology/2014/05/iranian-hackers-target-us-military-officials-elaborate-social-media-scam/85417/

By Marina Koren
National Journal
May 29, 2014

It was the “most elaborate social-engineering campaign” these security
researchers had ever seen.

A new report from iSight Partners, a Dallas-based computer-security firm,
exposed on Thursday a three-year cyberespionage campaign carried out by
Iranian hackers. The...
 
Like a crowbar, security software tools can be used for good and evil.
 
Google has started accepting requests from Europeans wanting to remove search links to information on them that they find objectionable, following a controversial ruling earlier this month by the Court of Justice of the European Union.
 
Internet Storm Center Infocon Status