Hacking & Security
Společnost Microsoft uvolnila dočasnou bezpečnostní záplatu pro potvrzenou zranitelnost nultého dne, která je aktivně používána útočníky při limitovaných, cílených útocích využívajících nebezpečných powerpointových dokumentů zasílaných obětem prostřednictvím e-mailových zpráv.
Analytici společnosti TrendMicro objevili kyberšpionážní kampaň, která používá malware nazvaný Drigo k vysátí dat přes Google Drive. Drigo je schopný krást běžné soubory jako Excel, Word, PDF, text a PowerPoint, včetně dat z koše a složky s uživatelskými dokumenty, a nahrávat je na Google Drive.
Neznámý útočník/ci hacknuli v Chile elektronický platební systém (Tarjeta BIP!) založený na NFC. Šíří aplikaci pro Android, která umožňuje uživatelům znovu nabít jejich kredit pro jízdy, ovšem zcela zdarma.
Analytici nalezli velké množství síťových zařízení (SOHO routerů), která jsou zranitelná kvůli špatné implementaci či konfiguraci služby Network Address Translation - Port Mapping Protocol (NAT-PMP).
Exploit zranitelnosti Flash Playeru, která byla záplatována společností Adobe teprve před týdnem, již byla kyberzločinci přidána do exploit kitu Fiesta.
Novinka dokáže podle výrobce zjistit zranitelné domácí směrovače, které bývají příčinou krádeže identity a ztráty soukromí uživatelů.
In the interests of full disclosure: Sourcebooks – the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.
Fortunately, this breach does not affect readers who have pre-ordered Spam Nation through the retailers I’ve been recommending — Amazon, Barnes & Noble, and Politics & Prose. I mention this breach mainly to get out in front of it, and because of the irony and timing of this unfortunate incident.
From Sourcebooks’ disclosure (PDF) with the California Attorney General’s office:
“Sourcebooks recently learned that there was a breach of the shopping cart software that supports several of our websites on April 16, 2014 – June 19, 2014 and unauthorized parties were able to gain access to customer credit card information. The credit card information included card number, expiration date, cardholder name and card verification value (CVV2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the extent of this breach.”
So again, if you have pre-ordered the book from somewhere other than Sourcebook’s site (and that is probably 99.9999 percent of you who have already pre-ordered), you are unaffected.
I think there are some hard but important lessons here about the wisdom of smaller online merchants handling credit card transactions. According to Sourcebooks founder Dominique Raccah, the breach affected approximately 5,100 people who ordered from the company’s Web site between mid-April and mid-June of this year. Raccah said the breach occurred after hackers found a security vulnerability in the site’s shopping cart software.
“Shopping cart software is extremely complicated and tricky to get right from a security perspective,” said Jeremiah Grossman, founder and chief technology officer for WhiteHat Security, a company that gets paid to test the security of Web sites. “In fact, no one in my experience gets it right their first time out. That software must undergo serious battlefield testing.”
Grossman suggests that smaller merchants consider outsourcing the handling of credit cards to a solid and reputable third-party. Sourcebooks’ Raccah said the company is in the process of doing just that.
“Make securing credit cards someone else’s problem,” Grossman said. “Yes, you take a little bit of a margin hit, but in contrast to the effort of do-it-yourself [approaches] and breach costs, it’s worth it.”
What’s more, as an increasing number of banks begin issuing more secure chip-based cards — and by extension more main street merchants in the United States make the switch to requiring chip cards at checkout counters — fraudsters will begin to focus more of their attention on attacking online stores. The United States is the last of the G20 nations to move to chip cards, and in virtually every country that’s made the transition the fraud on credit cards didn’t go away, it just went somewhere else. And that somewhere else in each case manifested itself as increased attacks against e-commerce merchants.
If you haven’t pre-ordered Spam Nation yet, remember that all pre-ordered copies will ship signed by Yours Truly. Also, the first 1,000 customers to order two or more copies of the book (including any combination of digital, audio or print editions) will also get a Krebs On Security-branded ZeusGard. So far, approximately 400 readers have taken us up on this offer! Please make sure that if you do pre-order, that you forward a proof-of-purchase (receipt, screen shot of your Kindle order, etc.) to email@example.com.
In September we came across mentions of people in Africa suffering from the Ebola virus and unusual invitations to a conference of the World Health Organisation (WHO) in the subject line of so-called "Nigerian" emails. The aim of the conmen was, as usual, to swindle money from trusting recipients who entered into conversation with the authors of the letters.
In October it was the turn of the cybercriminals, who used the tumult around the Ebola virus to send letters containing malware. Once again the WHO was indicated as the sender of the letters, which is unsurprising as this is the organisation that deals with various diseases and epidemics on a worldwide level.
In the text of the letters we detected the evildoers tried to convince recipients that the WHO has prepared a file with general information and security measures that will help protect users and those around them from the deadly virus and other diseases. Furthermore the recipient was also asked to distribute this information to help the WHO.
To mask the real link a link abbreviation service was used, which finally redirected users to a popular cloud data storage service. There the criminals had stored the malware program Backdoor.Win32.DarkKomet.dtzn disguised as a document from the WHO. This malware is designed to steal personal data. We note that access to the file was blocked quite quickly by the service administrators and, probably for that reason, the evildoers decided to change their letter. The very next day our traps caught a similar communication supposedly from the WHO, only this time the archive with the same malware program was inserted into the letter itself.
Cybercriminals rarely miss a chance to use current events and the names of famous organisations to trick the recipients of their spam. And so, having fallen for the convincing header and failed to pay attention for even a moment, users risk compromising their personal data and surrendering control of their computer to criminals. It is worth remembering that modern anti-virus solutions provide protection but it is only the considered actions of users that can keep their personal data safe.