Monday, March 31, 2014

[securityaffairs] RSA is accused again to have helped NSA to weaken security products

A group of researchers from Johns Hopkins University discovered that a second NSA tool aggravate the RSA security software’s vulnerability.

[securityaffairs] Chinese CNCERT report raises the alarm on attacks originated overseas

The last report issued by China’s Computer Emergency Response Team (CNCERT) blames US for the majority of malware based attacks against the Chinese systems.

[securityaffairs] Turkish Government is hijacking the IP for popular DNS providers

The Turkish Government ordered to Turk Telekom to hijack the IP address for popular free and open DNS providers such as Google’s

[securityaffairs] How GCHQ and NSA spied on German citizens and global politics

GCHQ infiltrated German firms while NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database.

[securityaffairs] Coinkrypt Android malware used to mine digital currencies

Experts at Lookout Mobile Security have discovered that cyber criminals are spreading Coinkrypt malware to use victim’smobile to mine digital currencies.

[securityaffairs] Philips SmartTV susceptible to serious hack according ReVuln experts

Researchers at ReVuln firm demonstrated how to exploit the last firmware update for Philips SmartTV to steal user’s cookies and other sensitive data.

[securityaffairs] Reading the Global Threat Intelligence Report (GTIR)

The Global Threat Intelligence Report (GTIR) addresses the security challenges of organizations globally analyzing 3 billion worldwide attacks occurred in 2013.

[securityaffairs] Google Transparency Report at first glance

Google has published its new Google Transparency Report related to the second semester of 2013, the number of requests for user information is still increasing.

[securityaffairs] Netcraft stats on the increasing abuse for WordPress installations

More than 12,000 phishing sites analyzed by Netcraft are hosted on compromised WordPress installations, the websites were used also to serve malicious code.

[net-security] Cost of Advanced Evasion Techniques in recent data breaches

A new report by McAfee examines the controversy and confusion surrounding Advanced Evasion Techniques (AETs), and the role that they play in Advanced Persistent Threats (APTs).

[net-security] CIOs are moving more information into the cloud

Despite continued concerns about security, CIOs and other senior-level IT leaders are moving an increasing percentage of their organizational information into the cloud and are making growing use of private cloud and SaaS delivery models.

[net-security] Panic! No malware required!

The landscape has shifted. Security is no longer something your organization can have complete control over. In this video, John Strand will demonstrate how most large corporations can be compromised in moments, even without phishing.

[net-security] European Cybercrime Centre warns about Windows XP security risks

The European Cybercrime Centre (EC3) at Europol warns about security risks related to the end of Windows XP support.

After 8 April 2014, Windows will stop supporting its Windows XP operating system. This means that from that day forward, security vulnerabilities will not be fixed, leaving computers potentially vulnerable to attacks.

[securityintelligence] Application Security Management at the Enterprise Level

Risk-Based Application Security Management

In a large organization with thousands of applications and a small security team, a strategic application security management system is required to sustain security at the enterprise level. AppScan Enterprise 9.0offers a risk-based approach to efficiently address this requirement. However, a single measure of risk that can properly correspond to every organization’s strategy cannot be strictly determined and programmed. With IBM AppScan Enterprise 9.0, organizations can define risk based on their own strategy.
A measure for risk can be determined on an application by factors such as access, business impact, significance of security threats and so on. All these factors can be customized and programmed into AppScan Enterprise’s calculations. With this flexibility, managers can define rules to measure risk and then automatically classify or rank applications based on that risk to help them make reliable and resource-efficient decisions.

[dwaterson] Mobile app permissions, leaks and pileup flaws

Even though mobile malware is growing rapidly, malware still remains a small proportion of the threats on mobile devices. By far the greatest mobile threat is from “legitimate” applications downloaded from the official Apple Store or from Google Play – apps that undertake “risky” behaviours, such as location tracking, identifying the user’s ID (UDID), accessing the user’s contact list, and sharing sensitive user data.

[dwaterson] Android Wear OS security issues

Last week, Google announced the launch of Android Wear – a new operating system for wearable computing. Wearable devices currently are in the form of glasses, braces and watches. With the advent of Android Wear, many more devices will come to market – smartwatches, fitness monitors, health devices, spectacles, and other wearable computers including those built into clothing. It is now a much simpler task for example, for a watch manufacturer with no experience in software, to produce a smartwatch running Android Wear and apps written by independent developers.

[infosecinstitute] Android Hacking and Security, Part 2: Content Provider Leakage

In the previous article, we discussed how an attacker exploits vulnerable Activity Components and ways to secure them. In this article, we will discuss “Content Provider Leakage”.

[infosecinstitute] SkypeFreak: A Cross-Platform Skype Forensic tool

This is a small tool that can be used to investigate Skype user accounts stored in your PC. First of all, let’s learn how to investigate data manually. This is a very easy to understand article. I hope you have a basic understanding of SQL. All the data is stored in the main.db file related to each user in separate folders.

[infosecurity-magazine] Facebook Builds its Own Threat Information Framework

Keeping ahead of web-based threats requires a mechanism to continually search for new types of attacks while understanding existing ones. However, data fragmentation and threat complexity plagues efforts to keep track of all the data related to malware, phishing and other risks – differences in how threats are discussed, categorized or even named vary from platform to platform and vendor to vendor. Facebook is taking steps to solve the issue for itself with the release of ThreatData.

[securelist] Caution: Malware pre-installed!

China’s leading TV station, CCTV, has a long-standing tradition of marking World Consumer Rights Day on March 15 with its ‘315 Evening Party’. The annual show makes a song and dance about consumer rights violations. This year’s party reported on cases where smartphone distribution channels pre-install malware into Android mobiles before selling them on to unwitting customers.

[fireeye] Android.MisoSMS : Its back! Now with XTEA

FireEye labs recently found a more advanced variant of Android.MisoSMS, the SMS-stealing malware that we uncovered last December — yet another sign of cybercriminals’ growing interest in hijacking mobile devices for surveillance and data theft.

Thursday, March 27, 2014

[thehackernews] 25 Million 'NAVER' Accounts Breached using Stolen Data

A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users of Naver, one of the popular search portal in South Korea.

[thehackernews] Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information

The Android operating system has hardened its security with application Sandboxing features to ensure that no application can access sensitive information held by another without proper privileges.

[scmagazine] WinRAR spoofing vulnerability being exploited in malware campaign

A WinRAR vulnerability recently discovered by an Israeli researcher is being exploited in a malware campaign that seems to be targeting government and international organizations, as well as Fortune Global 500 companies, according to cyber intelligence company IntelCrawler. 

[securityaffairs] Gameover ZeuS is Targeting recruitment websites

Security experts at F-Secure have detected a new variant ofGameover ZeuS financial Trojan which is targeting recruitment websites.

[securityintelligence] Improve Application Security Immediately with These 5 Software Development Practices

According to the classic film “It’s a Wonderful Life,” an angel gets its wings every time a bell rings. The modern-day corollary is that a customer loses his or her credit card data every time a programmer introduces an application security flaw into code.

[infosecinstitute] Android Hacking and Security, Part 1: Exploiting and Securing Application Components

Mobile Application Security is one of the hottest segments in the security world, as security is really a big concern with growing mobile applications. In this article, we will go through the attacks associated with Android application components.

[infosecinstitute] Information Security Policy For SME

Information security (IS) is a critical part of any small scale company and a big enterprise, and a challenge for any firm. Information security involves very confidential, important assets and other business process. It also includes private financial documents and other information of each and every employee within the organization. In some cases, information may also include a client’s important assets. Without having proper security of all this information, it becomes unreliable. A lack of proper security mechanisms can also sometimes make the information inaccessible when it is really needed. Lack of security can also invite third parties in to compromise these private assets and information. Information has two types.

[infosecinstitute] Exploiting by Information Disclosure, Part 1

Information disclosure is considered to be a serious threat, wherein an application reveals too much sensitive information, such as mechanical details of the environment, web application, or user-specific data. Subtle data may be used by an attacker to exploit the target hosting network, web application, or its users. Therefore, leakage of sensitive data should be limited or prevented whenever possible. This paper is intended to unfold the information disclosure bugs in software or websites which can be utilized by attackers to unveil sensitive data or even exploit other applications of the machine, and it is dedicated to newbies, developers, and experienced professionals to get them to understand how to shield from this attack, because they are limited to coding and functionality implementation for the software. In fact, a software developer doesn’t have knowledge or awareness about information security framework. Hence they usually don’t think like a hacker and will leave such bugs inadvertently, which are exploited by intruders later.

[infosecinstitute] Nmap Cheat Sheet: From Discovery to Exploits – Part 1: Introduction to Nmap

As always during reconnaissance, scanning is the initial stage for information gathering.
What is Reconnaissance?
Reconnaissance is to collect as much as information about a target network as possible. From a hacker’s perspective, the information gathered is very helpful to make an attack, so to block that type of malicious attempt, generally a penetration tester tries to find the information and to patch the vulnerabilities, if found. This is also called Footprinting. Usually by information gathering, someone can find the below information:
  • E-mail Address
  • Port no/Protocols
  • OS details
  • Services Running
  • Traceroute information/DNS information
  • Firewall Identification and evasion
  • And many more…
So for information gathering, scanning is the first part. For scanning, Nmap is a great tool for discovering Open ports, protocol numbers, OS details, firewall details, etc.

[infosecurity-magazine] Criminal Underground is a Sophisticated Metropolis, with Stores, Education, and Law & Order

“Shadowy hacker underworld.” “Dark Web.” “Underground cyber-forum.” These are the phrases that get bandied about referring to those dark corners of the internet where cybercriminals publish their malware, espionage campaigns are hatched and hacktivist manifestos are discussed. The verbiage is decidedly DIY. But new research suggests that these cyber black markets are hardly makeshift affairs: rather, they account for a mature and growing multi-billion-dollar economy with a robust infrastructure and social organization.

[infosecurity-magazine] Gameover Trojan Morphs to Target Monster and Careerbuilder Websites

A new variant of the Gameover banking Trojan is expanding beyond the financial sector to target vulnerable job seekers and recruiters by stealing log-in credentials for the two largest employment sites on the web.

[infosecurity-magazine] Analysis of 3 Billion Attacks Demonstrates Security Gap Between Attack and Defense

For the first time, NTT has pooled the resources of its group companies and produced a threat report based on an analysis of 3 billion attacks. What it found is that while attackers move faster than defenders, and there are still many basic processes and procedures that companies are failing to implement.

[infosecurity-magazine] NHS PR Fiasco Continues as Google Pulls Out of Secret Deal

First the NHS was forced to delay its project (storage of all patient GP health data in a central data warehouse) for six months; then it was learned that PA Consulting had obtained 27 DVDs of hospital event statistics (HES) and uploaded them to Google cloud (followed by a complaint being raised with the ICO); and now Google has pulled out of search discussions with the NHS because it is 'too toxic'.

[infosecurity-magazine] Survey Suggests Trust in the Cloud is Slowly Increasing

A survey of almost 300 IT security professionals at RSA 2014 shows that trust in cloud security has increased slightly over the last 15 months – but not by very much. By February 2014 the number of professionals who prefer to keep sensitive corporate data within their own network had fallen from 86% (November 2012) to 80%.

[defensesystems] Amazon cloud gets DOD authorization

The Defense Department, which has been pushing to take advantage of cloud computing, has granted Amazon Web Services provisional authorization to deliver its cloud services to DOD components, Amazon announced

[defensesystems] DARPA taps Boeing to build satellite-launching aircraft

Many satellites may no longer require expensive booster rockets in order to be launched into space if the Defense Advanced Research Projects Agency is successful in its plan to launch satellites from aircraft.

[defensesystems] Pentagon plans to seed ocean floor with payloads waiting to be activated

Sensors, drones and other devices can be a great help to U.S. forces at sea, but not if forces get caught in a situation without them. That’s why the military is planning to plant them in potential trouble spots ahead of time, and have them wait on the ocean floor to be called into action.

[fireeye] A Little Bird Told Me: Personal Information Sharing in Angry Birds and its Ad Libraries

Many popular mobile apps, including Rovio’s ubiquitous Angry Birds, collect and share players’ personal information much more widely than most people realize.

Tuesday, March 25, 2014

[securityaffairs] Another zero-day vulnerability is threatening the Microsoft world

Microsoft issued a security advisory for the presence of a zero-day vulnerability in Microsoft Word products which allows a remote code execution.

[securityaffairs] Pileup flaws in Android PMS menace more than 1 Billion devices

A group of researchers discovered a series of 6 vulnerabilities, dubbed Pileup flaws, in Android PMS that exposes more than 1 Billion Google-based devices.

[securityaffairs] Cisco on large-scale attacks against unpatched or not updated servers

Cisco observed 400 hosts were infected on daily base and more than 2,700 URLs have been used in a multistage attack against websites running older OS versions.

[securityaffairs] Snoopy software can turn a drone is a data stealer

Researchers at Sensepoint have realized a software that could be used to turn a drone in a perfect spying machine able to steal data from mobile devices.

[securityintelligence] Cloud Encryption and Key Management: Does History Provide the Answer?

As industry and government assess the use of the cloud for the storage of data and the hosting of everything from infrastructure to applications, we are all working diligently to provide cloud encryption and make the cloud secure. But I want to take a step back and ask a possibly redundant question: What makes us believe we can make the cloud secure?

[infosecinstitute] New Training Programs!

You heard right, the InfoSec Institute is adding several new training programs to our award winning lineup of courses. Whether you want to master a new application, improve your web dev skills or dive into relational databases, we’ve got you covered.

[infosecinstitute] Average CISA Salary 2014

As we become more dependent on technology the proper security of our data is more important than ever been before. It’s no surprise that the demand for competent IT auditors is at an all time high. The need for enterprises to evaluate the processes and policies they use to secure their data will only continue to grow in the future. One of the primary criteria organizations look for when hiring an IT Auditor is CISA (Certified Information Systems Auditor) certification. As of this writing, there are currently over 106,000 CISA certified professionals worldwide.

[infosecinstitute] iOS Application Security Part 32 – Automating tasks with iOS Reverse Engineering Toolkit (iRET)

While doing security audit of iOS apps, there are a lot of tasks that we have to repeat every time. This includes finding out the class information for the app, checking if the application stores any important data in plist files, analyzing the content in the database files etc. These tasks can be a little time consuming every time and so it doesn’t make quite a lot of sense to repeat them over and over again for every app. We have also looked at some tools like Snoop-it and iNalyzer that make our job easier by automating some of these tasks. In this article, we will talk about a new tool named iOS Reverse Engineering Toolkit (iRET) that has just been released to assist penetration testers in automating most of the tasks involved in a iOS penetration test. The project is developed and maintained by @S3Jensen.

[infosecinstitute] DNS Tunnelling

You all know what DNS is, and I don’t think any more information is needed on it. Our Internet world exists due to DNS technology, and exploiting DNS can bring down the Internet for a day or month, or in a particular region. One of the common attacks that we heard about in 2012 was Operation Global Blackout, wherein the attacker ‘Anonymous’ threatened to take down the complete global Internet. Computer security experts were worried and have taken additional layers of protection to secure the network, particularly DNS.

[infosecinstitute] NJVC and InfoSec Institute Partner to Provide Cyber Security Training Services

CHANTILLY, Va., March 18, 2014— NJVC®, an information technology solutions provider headquartered in northern Virginia,  and InfoSec Institute, an information security training company, announce a strategic partnership to provide cyber security training services. Via this agreement, NJVC can now implement federal government and military formal training programs that fall under Department of Defense 8570 training mandates.

[infosecinstitute] From Turbine to Quantum: Implants in the Arsenal of the NSA


The revelations of Edward Snowden totally changed our perception of NSA cyber capabilities. Day by day, the IT security community is reading about secret surveillance programs, exploits, and automated hacking platforms to compromise any kind of technology, infiltrating networks all over the world.

[infosecinstitute] Vulnerable Encoded URL

This paper especially pinpoints the poor practice of cryptography in URL, which is typically implemented to encrypt sensitive data residing in the website URL in the form of a query string that is transmitted across a variety of networks. Websites can be compromised and such subtle information (query string) can be disclosed by exploiting this vulnerability. This article demonstrates a real-time scenario in which developers commit mistakes by practicing weak cryptographic methods inadvertently. Finally, this article addresses the various disadvantages of applying weak cryptography algorithm and suggests a variety of alternative methods to secure URL data properly.

[defensesystems] Army network of the future: Fast, flexible and end-to-end

The Army’s next-generation network will offer faster speeds, greater capacity and run end-to-end, delivering easy-to-use applications to soldiers, the service’s chief information officer said recently.

[defensesystems] Navy’s robot will interact with sailors, fight fires aboard ship

Fires aboard Navy ships can be damaging, dangerous and difficult to fight, particularly when they occur in confined spaces below decks. The Naval Research Laboratory is working on a way to help contain such fires without putting sailors at risk, by developing a humanoid robot to handle the job.

[defensesystems] Navy sending black-box locator to aid in search for MH 370

The Navy’s U.S. Pacific Command is sending a black box locator to the Indian Ocean to aid in the search for Malaysian Airlines Flight 370, in the even debris from the plane is found.
The Towed Pinger Locator 25 system, used by the Navy to search for downed military and commercial aircraft, has highly sensitive listening capabilities and can detect pings from an aircraft’s black box — or flight data recorder — at depths up to about 20,000 feet.

[defensesystems] Biometrics for access control is knocking on the door

The Defense Department’s biometrics program primarily focuses on the use of biometrics as a countermeasure — to identify potential adversaries in the field — but the Pentagon also is testing its use for access control.

[defensesystems] Classified NRO satellite readied for launch

A classified satellite is scheduled to be launched from Cape Canaveral on March 25 on behalf of the National Reconnaissance Office (NRO).

[fireeye] Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370

While many advanced persistent threat (APT) groups have increasingly embraced strategic Web compromise as a malware delivery vector, groups also continue to rely on spear-phishing emails that leverage popular news stories. The recent tragic disappearance of flight MH 370 is no exception. This post will examine multiple instances from different threat groups, all using spear-phishing messages and leveraging the disappearance of Flight 370 as a lure to convince the target to open a malicious attachment.

Sunday, March 23, 2014

[securityaffairs] NSA hacked Huawei network for cyber espionage

NSA leaked documents, analyzed by Der Spiegel and The Times, report that NSA has hacked Huawei network to demonstrate the link with Chinese PLA.

[securityaffairs] IntelCrawler profiled Syrian Electronic Army group

The intelligence firm IntelCrawler has published a report on the activities of the Syrian Electronic Army. Are they hacktivists or cyber spies?

[securityaffairs] Orange Telecom company grants full data access to French intelligence

The Orange telecom company is providing its data to France intelligence agency, the Direction Générale de la Sécurité Extérieure.

[securityaffairs] New variant of Zorenium Bot can infect iOS devices

Security analysts at SenceCy which are monitoring the advancement of a new Zorenium Bot discovered that it is able to infect also iOS devices.

[securityaffairs] SEA has stolen invoices that shows Microsoft charges FBI for user data

A collection of emails hacked by the group Syrian Electronic Army shows that Microsoft charges the FBI’s Digital Intercept Technology Unit for user data.

[securityaffairs] For Google it is time to encrypt all GMail connections

Google has announced to have adopted encrypt mechanisms for all Gmail connections to reply to the increasing demand of privacy of Internet users.

[securityaffairs] Tor browser app in the Apple app store is fake

For more than two months is is present in the official App Store a fake version of the Tor Browser app. It’s full of adware and spyware.

[securityaffairs] Fraudulent infrastructure behind 5M harvested Russian phone numbers service

Danchev profiling a service which proposes more than 5M harvested mobile phone numbers has discovered a fraudulent architecture used for illicit purposes.

[net-security] NSA targets sys admins to breach computer networks

A newly analyzed document from Edward Snowden's trove show that the NSA collects personal and account information on system administrators and uses it to compromise their computers in order to access the networks they manage.

[net-security] Microsoft accessed Hotmail account to uncover internal leaker

This week's charging of a former Microsoft employee for stealing the company's trade secrets could have passed almost unnoticed were it not for an important detail revealed in the court filing: in order to discover his identity, Microsoft has resorted to rifling through another person's private Hotmail account.

[infosecinstitute] Hooking the System Service Dispatch Table (SSDT)


In this article we’ll present how we can hook the System Service Dispatch Table, but first we have to establish what the SSDT actually is and how it is used by the operating system. In order to understand how and why the SSDT table is used, we must first talk about system calls.

[infosecinstitute] Overview of OS Fingerprinting

Operating system fingerprinting is the process of learning what operating system is running on a particular device.
By analyzing certain protocol flags, options, and data in the packets a device sends onto the network, we can make relatively accurate guesses about the OS that sent those packets.

[infosecinstitute] Hooking System Calls Through MSRs

In this article we presented the details of using sysenter instruction to call from user-mode to kernel-mode. In older versions of Windows operating systems, the “int 0x2e” interrupt was used instead, but on newer systems sysenter is used. When the “int 0x2e” interrupt is being used, it uses the 0x2e interrupt descriptor from the Interrupt Descriptor Table (IDT), while the system call number is passed in the eax register. On the other hand, the sysenter instruction can be used to transition from user to kernel-mode faster than by using the “int 0x2e” instruction. The instruction uses the Model Specific Registers (MSRs) specified below to do its thing. The MSR registers are control registers in the x86 machine used for debugging, program execution tracing, computer performance monitoring and toggling certain CPU features [1].

[infosecinstitute] The Systematic and Security Problems of Offshoring

Over the past twenty years or more, corporations in nearly all industries have been outsourcing and offshoring at hyperdrive.
Venture capitalist firms, public shareholders, various types of financial firms, and corporate executives are driven by the temptation of reducing labor expenses, so they’re delegating accountability and responsibility to foreign parties. Often the money saved by offshoring simply goes back into the pocketbooks of executives. They also often get bonuses, sometimes in seven or eight figures, to reduce as much domestic labor as possible.

[infosecurity-magazine] ISACA Launches Digital Badges for Credential Verification

ISACA is taking steps against fraudulent security credentialing with the introduction of digital badges for individuals who have completed one of the group’s training processes.

[infosecurity-magazine] Syrian Electronic Army Hacks Microsoft, and the Country Disappears from the Web

Syrian politics are having big ramifications on the web this week. First up, the Syrian Electronic Army has released what it alleges are hacked invoices from Microsoft that document months of transactions between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU) regarding requests for Microsoft user information.

Wednesday, March 19, 2014

[thehackernews] Windows Spy tool equipped with Android malware to hack Smartphones

winspy android windows malware

I am quite sure that you must be syncing your Smartphone with your Computers for transferring files and taking backup of your device.

[thehackernews] Warning! Invitation for PC Version of 'Grand Theft Auto V' Game infects Computers with Malware

Since all the versions of the popular game ‘Grand Theft’ gone blatant and during the first week of the release of the Grand Theft Auto 4 in 2008, it topped half of millions of dollars, sold 3.6 million copies and generated $310 million in sales i.e., earning about 5 times as much as the blockbuster movie - Iron Man.

[scmagazine] Hacked EA Games server puts Apple IDs and card data at risk

Apple ID accounts, payment card data and other personal information are at risk for victims of a fairly convincing phishing scam being hosted on a compromised EA Games server, according to UK-based internet security company Netcraft.

[scmagazine] Unpatched servers still enabling exploitation of two-year-old PHP vulnerability

PHP vulnerability originally disclosed in March 2012 – and revised in October 2013 after a hacker found an easier way to take advantage of the exploit – is still impacting users after all these years, according to researchers with Imperva.

[securityaffairs] NSA programs MYSTIC and RETRO spies phone calls on global scale, also on past conversations

Documents leaked by Snowden reveals that NSA has built a surveillance system capable of recording all the phone calls of a foreign country.

[securityaffairs] Linux Operation Windingo hit 500000 PC and 25000 dedicated servers

Antivirus Firm ESET has been tracking and investigating the operation behind Linux_Ebury uncovering a sophisticated campaign called Operation Windigo.

[net-security] Full Disclosure mailing list closure elicits mixed reactions

The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list today.

"When Len [Rose] and I created the Full Disclosure list way back in July 2002, we knew that we'd have our fair share of legal troubles along the way. We were right. To date we've had all sorts of requests to delete things, requests not to delete things, and a variety of legal threats both valid or otherwise. However, I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to," hewrote on the list. 

[net-security] 20% of all malware ever created appeared in 2013

According to the latest PandaLabs report, malware creation hit a new milestone. In 2013 alone, cyber-criminals created and distributed 20 percent of all malware that has ever existed, with a total of 30 million new malicious strains in circulation, at an average of 82,000 per day.

[securityintelligence] Diving Into IE 10’s Enhanced Protected Mode Sandbox at Black Hat Asia 2014

If you’re using Internet Explorer in immersive mode on Windows 8/8.1 to browse Internet web sites, under the hood, your browser will be running inside the Enhanced Protected Mode sandboxEnhanced Protected Mode (EPM) is the sandboxing mechanism in IE that attempts to prevent a successful remote exploit from installing persistent malware and from stealing personal/sensitive information.

[infosecinstitute] Average MCSE Salary 2014

Modern Networks are vast, sophisticated and intricate. Network Administrators today need to be extremely well-versed with a company’s network to be able to plug security holes, ensure packets are being delivered to the right destination and troubleshoot any problems with the network. IT professionals are required to be comfortable with a host of network tools and technology at a fundamental level while administrators need to understand the working of the tool and rightly interpret the results. In addition to the servers and clients that are the end-points in network environments, administrators should be in a position to handle network infrastructure as well. The MCSE Certification enables this expertise.

[infosecinstitute] Hooking IDT

Once we’ve already gained access to the system, we can use various post-mortem attack vectors to exploit the system further. There might be various reasons for doing that, but attackers mostly use them for hiding the presence of a malicious code in the system. We can also use them for research purposes, because they are invaluable when trying to find out how the application works or for finding new zero-day vulnerabilities in software. We also need to use them when our system has been exploited and we would like to figure out what the malicious hacker got its hands on; thus it’s important to use them in forensic examination of the compromised system.

[infosecurity-magazine] NSA Collects the Whole Voice Conversation of an Entire Nation

It could, in fact, be at least five nations, with a sixth scheduled for inclusion soon. These revelations were published yesterday in a report based on Snowden leaks just after Edward Snowden himself warned the TED2014 Conference audience in Vancouver that there are more – and worse – revelations to come.

[defensesystems] Air Force gives flight to advanced targeting pod

The Air Force’s advanced targeting pod sensor enhancement program has been recently deployed to support combat operations in theater. 

[defensesystems] DARPA developing ‘radical’ copter/plane hybrid

The Defense Advanced Research Projects Agency has awarded four contracts for the first phase of a plane that can take off and land like a helicopter but actually fly like a real plane.
The agency is looking for “innovative cross-pollination between the fixed-wing and rotary-wing worlds” in developing the VTOL Experimental Plane (VTOL X-Plane), according to anannouncement. DARPA has awarded prime contracts to Aurora Flight Sciences, Boeing, Karem Aircraft and Sikorsky Aircraft.
Vertical takeoff and landing, or VTOL, aircraft have always had to sacrifice range or efficiency in order to increase speed, DARPA said. The VTOL X-Plane project is looking is looking for “radical” improvements in both vertical and cruise flight capabilities.
“We were looking for different approaches to solve this extremely challenging problem, and we got them,” said Ashish Bagai, DARPA program manager. “The proposals we’ve chosen aim to create new technologies and incorporate existing ones that VTOL designs so far have not succeeded in developing. We’re eager to see if the performers can integrate their ideas into designs that could potentially achieve the performance goals we’ve set.”
The program is looking for a prototype that could:
  • Achieve a top sustained flight speed of 300 knots to 400 knots.
  • Raise aircraft hover efficiency from 60 percent to at least 75 percent.
  • Present a more favorable cruise lift-to-drag ratio of at least 10, up from 5 to 6, to improve cruise efficiency.
  • Carry a useful load of at least 40 percent of the vehicle’s projected gross weight of 10,000 to 12,000 pounds.
The four companies submitted plans for unmanned aircraft, but DARPA said the VTOL X-Plane program plans to develop technologies that would be useful to both manned and unmanned aircraft.
The program, with a total planned budget of $130 million, is set to take place across three phases in a 52-months stretch starting in October 2013, when the program was announced, through February 2018. The first flight demonstration is expected 42 months from the initial contract awards, which would put the demonstration in September 2017.
DARPA allocated $47 million for the Phase I, which covers concept design and technology maturation, and will choose one of the Phase I contractors to move ahead into Phase II, for design, development and integration, and Phase III, which will cover the flight-test demonstrations.

[defensesystems] Security is on the menu for Joint Information Environment

The Defense Department’s initial push toward its Joint Information Environment began with adoption of DOD Enterprise Email. The next steps will emphasize security, one of JIE’s leaders said Tuesday.

Tuesday, March 18, 2014

[thehackernews] Turkish Hacker Crashes Google Play Store Twice while testing vulnerability

Last Weekend Google Play Store was crashed twice by a Turkish hacker when he tried to test vulnerability he discovered on the Android apps publishing system, known as Google's Developer Console.

[thehackernews] Infamous Hacker 'Diabl0' arrested in Bangkok, responsible for $4 Billion Damage to Swiss Banks

27-year-old Infamous Moroccan-Russian hacker arrested by Thailand's Department of Special Investigation (DSI)  in Bangkok, accused of cracking Switzerland Bank Computers and websites.

[thehackernews] Operation Windigo: Linux malware campaign that infected 500,000 Computers Worldwide

In late 2013, Security Researchers identified thousands of Linux systems around the world infected with the OpenSSH backdoor trojan and credential stealer named Linux/Eburythat allows unauthorized access of an affected computer to the remote attackers.

[thehackernews] WATCH OUT! Scammers targeting Google Account with Phishing Page hosted on Google Drive

You all are quite aware of phishing attacks, and for those who are not, Phishing scams are typically fraudulent email messages, masquerading as a well known and trustworthy entity in an attempt to gather personal and financial information from victims. However, phishing attacks have become more sophisticated recently.

[thehackernews] Banks to Pay Microsoft Millions of Dollars for extended Windows XP Support

Despite so many warnings from Microsoft and Cyber Security Experts, Windows XP is still being used by a number of Government organizations, Financial institutions as well as big Corporations all around the world.

[scmagazine] $30 RAT, WinSpy, involved in two phishing campaigns

Researchers with FireEye have identified two phishing campaigns involving a remote administration tool (RAT) known as WinSpy, according to recent research, which adds that the $30 malware also comes packaged with an Android component known as GimmeRAT.

[securityaffairs] Darpa is looking for experts from private sector for future cyber ops

Darpa is scouting the private companies to recruit high skilled professional and use company infrastructure to protect classified information.

[securityaffairs] Google Public DNS Server Traffic Hijacked, Millions users impacted

Google DNS public server was hijacked yesterday for 22 minutes, the victims were hijacked to the Latin America division of BT in Venezuela and Brazil.

[net-security] Eight cyber security tips I learned from The Walking Dead

Sometimes two things that don’t seem to go together, make the most magical combinations. This article is the first in a new series of security articles I’ll be writing that tries to uncover an unexpected pairing - information security and pop culture.

[securityintelligence] Network Security: 4 Lessons to Better Defend Your Organization and Critical Data

Network Security: Fear and Loathing on the Yellow Brick Road

Lions and tigers and bears, oh my! These days, the path to network security seems littered with cyber perils. On a weekly if not daily basis, we hear reports of external cyber beasts, criminals and mischievous insiders who succeed in breaching the defenses of enterprises and public institutions with relative impunity. The pouncers are capitalizing on the asymmetrical advantage in technical know-how and are persevering against lightly defended targets, carrying off secrets and treasures back to their dark castles.

[dwaterson] Evil twin

An evil twin is a malicious wi-fi access point (AP) that mimics a legitimate AP. Typically an attacker sets up an evil twin in an area of public wi-fi hotspot access such as a coffee shop, airport, hotel or event. The evil twin spoofs the Service Set Identifier (SSID) and password of the legitimate wi-fi, which provides the opportunity for the attacker to eavesdrop on data passing through.

Evil twin attacks can be successful against both PCs and mobile devices. Unsuspecting users logging in to what they think is the legitimate wi-fi connection, have no idea that their traffic is being routed via the malicious AP.
Evil twin attacks are not new – they have been around for a decade or more – however they are still a significant threat in public hotspot areas. An attacker can re-direct traffic to the legitimate AP, or simply route the traffic directly to the internet. The attacker is in the position of a man-in-the-middle, able to analyse all internet traffic passing through the evil twin.
Users either login manually to the malicious access point, or their device logs in automatically. After the user has manually entered the wi-fi details on the first occasion, PCs and smartphones default to automatically logging in again whenever the device is in the vicinity and the AP is detected. So, if the user visits the same coffee shop, his smartphone will automatically connect if it has connected before.
It is a simple matter to setup a smartphone as an evil twin to conduct a MITM attack at a wi-fi hotspot. On the Android for example, choose Tethering and portable hotspot – Portable Wi-Fi hotspot – Configure – then enter the SSID and password of the legitimate hotspot. Please note that it is illegal to redirect unsuspecting users’ traffic through your device at a public hotspot.
If the user’s device detects two SSIDs, it will connect to the stronger. The attacker can position himself between the legitimate AP and the victim in order to give out a stronger signal. Alternatively, the attacker can disrupt the legitimate AP through radio interference or a denial of service attack.
Through an evil twin, an attacker is able to gain access to all traffic which is not encrypted – all information entered into http sites – and view the contents of files that are uploaded or downloaded. Evil twin attackers are able to obtain additional information by spoofing https sites such as a bank, and directing the user to a duplicate http phishing site. An evil twin is able to provide the attacker with passwords, bank details, and any other sensitive information which the user may enter on their device.
A video demonstration of setting up an evil twin attack on a tablet and successfully capturing the password is here. This demonstration uses Wireshark, StringsWatch and SSLStrip for analysing web traffic from the victim.
It is not obvious how to set a smartphone so that it does not automatically connect to a particular individual AP. It may not be simple to delete a connection – some operating systems require the phone to be in range to do this.
There are not a lot of protections against an evil twin attack apart from never using public wi-fi hotspots or only visiting https sites if you do. Disable autoconnect for saved SSIDs. Only use public wi-fi for harmless internet browsing – do not enter sensitive information while connected publicly. Enterprise connections should be conducted over a VPN.

[infosecinstitute] Building Cryptographically Secure Cloud Applications

1. Introduction to the Problem

Crypton is an open-source project provided by SpiderOak with the purpose of solving privacy and security problems through cloud applications. Before introducing the solution, we must first talk about the problem. The main problem with cloud-based applications is that the user’s data is stored in the cloud and therefore can be accessed and read by anyone having access to the server—namely the cloud service provider (CSP). Not to mention that, if an attacker was able to penetrate the CSP’s defenses, he might also be able to access the client’s data. That being said, Crypton is a framework that can be used for building cryptographically secure cloud applications, which means that the client’s data is securely stored in the cloud in encrypted form—only the client possesses the knowledge to decrypt its data. Crypton does all the cryptography behind the scenes, so developers don’t have to bother with it. If everybody is trying to use their own cryptographic methods to provide zero-knowledge cloud-based applications, there would definitely be discrepancies, probably some more vulnerable than others, but none would fit the profile perfectly.

[infosecinstitute] CODENAME: Samurai Skills – An Incredible Course to Start Learning Pentesting

CODENAME: Samurai Skills Course is a new starter course for beginners who want to learn ethical hacking, penetration testing, and information security with real access to their very own penetration testing lab which has over 20 targets that are waiting to be pwned and attacked. You can connect through their online penetration testing lab using VPN and the credentials that they will give you, and then you can start hacking right away for specific targets. New to hacking? No need to worry, the course comes with 17 hour High-Definition hands-on penetration testing videos for you to study!

[infosecurity-magazine] Commercial RAT Used by Malicious Hackers

Win-Spy is a commercial off-the-shelf (COTS) stealth monitoring tool. "Start Spying on any PC or Phone within the Next 5 minutes," says its website. With such products generally available, why should hackers go to the trouble of developing their own RATs? Indeed, according to a FireEye analysis following an attempted intrusion on a US financial institution, they don't.

[defensesystems] Enemy ID: How DOD uses biodata in the field

Thirty years ago, it was still largely the stuff of sci-fi, and overwhelmingly limited to fingerprints. But biometric security today is quite real and evolving well beyond inky ’prints alone. At root is capturing peoples’ unique physical characteristics: their biodata.

[defensesystems] Out-of-control Army phishing test results in new guidelines

Army commanders who want to run phishing simulations on their staffs will now have to get approval first, after an email phishing test went awry last month, prompting a small group of recipients to forward the email to thousands of government coworkers.

[fireeye] From Windows to Droids: An Insight in to Multi-vector Attack Mechanisms in RATs

FireEye recently observed a targeted attack on a U.S.-based financial institution via a spear-phishing email. The payload used in this campaign is a tool called WinSpy, which is sold by the author as a spying and monitoring tool. The features in this tool resemble that of many other off-the-shelf RATs (Remote Administration Tools) available today. We also observed a second campaign by a different attacker where the WinSpy payload was implanted in macro documents to attack various other targets in what appears to be a spam campaign.

Monday, March 17, 2014

[securityaffairs] QUANTUMHAND – NSA impersonates Facebook to inject malware

Recent revelations on TURBINE platform include also a disturbing truth, NSA used QUANTUMHAND exploits to implant malware in Facebook users’ machines.

[thehackernews] Google Public DNS Server Traffic Hijacked

The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services. The latest bad news is that the World's largest and most widely used Google's free public DNS (Domain name system) resolvers raised security red flags yesterday.

[scmagazine] IBM to clients: No data, source code handed over to NSA

In an open letter to its clients, software and IT services giant IBM made some weighty assurances that it has not helped the National Security Agency (NSA) obtain customer data through contested surveillance programs.

[net-security] Exploiting vulnerabilities in media players to spread advanced malware

Trusteer’s research has shown that vulnerable media players are constantly targeted by malicious actors. Since in most environments media players exist on users’ desktops for their own personal use, IT and security administrators ignore these applications and the content files they use. After all, you want to keep your employees productive and happy, and allow them to listen to their harmless music while they work. However, because these applications are not controlled, and users are not in a rush to patch these applications, most installations are vulnerable to exploits.

[net-security] SSL innovations

In this podcast recorded at RSA Conference 2014, Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, compares and explains certificate transparency, certificate authority authorization and certificate pinning.

[net-security] US announces transition of oversight over Internet’s domain name system

The US Commerce Department’s National Telecommunications and Information Administration (NTIA) announced its intent to transition key Internet domain name functions to the global multistakeholder community. 

[infosecinstitute] Hunting Shylock

Malware analysis is not a new topic for security analysts, and all engineers are pretty aware of the process and procedures that need to be followed, which are neatly explained in other articles. I would like to showcase the process by citing an example of the Shylock Trojan.

[infosecinstitute] Approaches to Information Gathering in Physical Penetration Testing – Part I: Gathering Information via Photography

1. Introduction

The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered one of the most critical steps when carrying out an attack. But while most articles discuss information gathering through means such as Internet queries, social engineering, dumpster diving, domain name searches and non-intrusive network scanning, the first part of this article discusses information gathering through photography for physical penetration purposes. You can think of yourself as acquiring or trying out a new hobby – street photography.

[infosecurity-magazine] Amid Crimea Tension, Russian Hackers Hit NATO with Website Outage

Just as a controversial referendum in Crimea was taking place, which saw over 90% of voters choose to quit Ukraine for Russia, a group of pro-Russian hackers called “Cyber Berkut” hit NATO with a distributed denial-of-service (DDoS) attack.

[infosecurity-magazine] Hollywood Likely to be Targeted by Chinese Hackers

Hollywood appears to be emerging as a prime target not just for video pirates, but for Chinese hackers. This is the conclusion of security researchers who have examined the probable attitude of China toward the cultural impact of Hollywood.

[infosecurity-magazine] (ISC)² Opens Nominations for US Government Security Awards

The (ISC)² body of certified information and software security professionals is now accepting nominations for its 2014 US Government Information Security Leadership Awards (GISLA).

[defensesystems] NRL wants to beam solar power from satellite arrays

Military units have been exploring alternative energy sources for years in an effort to reduce the Defense Department’s considerable dependence of fossil fuels.

[defensesystems] 6 greatest cybersecurity myths and why you should avoid them

Cybersecurity is, without a doubt, becoming one of the dominant security topics (and concerns), not only for security professionals, but also for any executives or managers who want to protect their organizations.

[defensesystems] Watch: How Marines use small drones for situational awareness

Soldiers don’t always need a big-picture view of the battle space. Sometimes, what they need is “over the hill” reconnaissance. Engineers and Marines at Quantico recently demonstrated how they use small drones — called Wasp, Raven and Puma — to gain situational awareness in the field, and included it in a video posted on the Armed With Sciencewebsite.  

Sunday, March 16, 2014

[securityaffairs] Ukrainian hacktivists hit NATO websites with DDoS attack

The group of hacktivists Cyber Berkut hit several NATO websites with DDoS attacks while in the Crimea is being a referendum on annexation to Russia.

[securityaffairs] Nearly 7600 critical infrastructure vulnerable to bugs in Yokogawa App

Security experts at Rapid7 firm have public disclosed a series of flaws affecting several thousands of critical infrastructure using Yokogawa software.

[securityaffairs] Syrian Electronic Army hacked the US CENTCOM

Syrian Electronic Army hacked the US CENTCOM and it is threatening to leak secret documents due US decision to hit Syria with electronic warfare attacks.

[securityaffairs] A sophisticated phishing scheme is targeting Google Docs Users

Security Researchers at Symantec detected a new Sophisticated Phishing Scam that is targeting the Google Docs Users with complex social engineering tricks.

[securityintelligence] Mikko Hypponen at TrustyCon: Governments as Malware Authors

Reviving keynotes

If we are to win this battle of Cyber Security we have to keep thinking strategically, learning from past and present and getting ready for tomorrow. I find a lot of value in learning from the leaders we have in the InfoSec community, they bring a wealth of experience and thought leadership to the table and this is often well expressed as part of their keynotes at conferences. Often the message may get lost during edutainment and networking at conferences.
I think there is a value for myself, researchers and leaders in the community to revive the keynotes and continue the discussion. I intend to blog about one keynote every month, let’s say every second Friday of the month (#GoalsShouldBeSpecific). The idea is to summarize the data, thoughts, proposed solutions, open questions and challenges from the talk, add my $0.02 too and engage in an interesting and productive conversation with the community.

Mikko’s “Government as Malware Authors” version at TrustyCon

For the first one in this series, I have picked the last keynote that I have watched and that was given by Mikko Hypponen (@mikko) CRO at FSecure at TrustyCon. There is a history behind this talk which is well known and well talked about and to avoid diverting your own attention from the main purpose of this entry I would not comment on it.
The talk is available at TrustyCon’s official youtube channel as part of one long recording of conference or as an extracted segment by embedded below.

Interesting points raised:

  • Security vendors commit to providing secure environments to their clients, we are trusted for it if we break that trust what’s left? Trust can be broken intentionally or via having their infrastructure compromised (RSA breach?)
  • There are various entities with their business success depending on being able to break our systems (VUPEN, Hacking Team, Defense Contractors, etc), they clearly are not here to make our systems securer, and can’t be classified as malicious parties either?
  • Many governments are getting into authoring malware / APT attacks / cyber warfare, not only the obvious ones US, China, Russia, Israel, even Iran is not a big surprise, but we have now seen this in India vs Pakistan and to add to list we (very likely) have some Spanish speaking country as well.
  • Are or will security vendors white list government malware?
  • Doesn’t this all make security vendors legitimate military targets?
  • It is easier to protect customers from cyber crime which is analogous to protecting from street robbers but to protect from governments trying to break in is very hard just like protecting you from James Bond, as shown below from one of last slides of his talk.

My $0.02

(Note the use of ‘we’ below is for us as users, vendors, CISOs, and analysts)
  • Our community has to continue to uncover, track and educate on APT / government malware, and work with policy makers, human right groups, international peace organizations to set up policies, procedures, accountability and consequences for violations.
  • We need to think about who is discovering APT and who is not, and why not? (intentional oversight, warning signs lost in noise, lack of investment in flagged for review?) 
  • What else can we do better detect and attribute the Stuxnet, Flame, Careto, etc in the future?
  • How can we make deniability harder for those responsible and then have appropriate national and international laws be enforced?
  • Along with this I think we can raise the bar pretty high with user education, security by design, running secure operations, rewarding for pro security attitude and penalizing otherwise.
Finally, I would like to thank Robert Freeman, for his valuable feedback for this entry.