Hacking & Security

Fear the golden ticket attack!

InfoWorld.com [Security] - 19 Srpen, 2014 - 12:00

Credit: Joseph Francis/Andrey Pokomeda

Kategorie: Hacking & Security

Fear the golden ticket attack!

InfoWorld.com [Security] - 19 Srpen, 2014 - 12:00

Credit: Joseph Francis/Andrey Pokomeda

Kategorie: Hacking & Security

Linux kernel source code repositories get better security

LinuxSecurity.com - 19 Srpen, 2014 - 11:54
LinuxSecurity.com: Almost three years ago, crackers broke into the kernel.org, Linux's most important site. While no damage was done, it was still worrisome. So, at the Linux Kernel Summit, the Linux Foundation announced that it was securing Linux's Git source code repositories with two-factor authentication.
Kategorie: Hacking & Security

State-of-the-art spear phishing and defenses

LinuxSecurity.com - 19 Srpen, 2014 - 11:50
LinuxSecurity.com: The number of phishing sites was up 10.7-percent as of Q1 this year (over last year) while at the same time almost 32.7-percent of PCs globally were infected with malware, including adware and spyware, indicating that phishing is an increasing issue for the enterprise, according to a report from the Anti-Phishing Working Group of the Internet Engineering Task Force.
Kategorie: Hacking & Security

'Google Is Worse Than the NSA' — Rupert Murdoch

The Hacker News - 19 Srpen, 2014 - 11:49
The United States National Intelligence Agency (NSA) or the largest Internet giant Google - According to you, which one is the worse? NSA? But, according to the popular Media tycoon Rupert Murdoch (@rupertmurdoch), Google is worse than the NSA. <!-- adsense --> Murdoch, founder of global media holding company News Corporation - the world's second-largest media conglomerate, currently
Kategorie: Hacking & Security

Microsoft Says to Uninstall August Patch Updates, Causing 'Blue Screen of Death'

The Hacker News - 19 Srpen, 2014 - 11:29
Microsoft on Friday quietly urged its users to uninstall the most recent round of security updates, after reports emerged that it crippled their computers with the infamous “Blue Screens of Death” (BSoD), which is really a matter of shame for one of the largest technology giants. Microsoft released security updates on its August Patch Tuesday that addressed privilege escalation
Kategorie: Hacking & Security

Why would Chinese hackers want US hospital patient data?

Computerworld.com [Hacking News] - 19 Srpen, 2014 - 02:06
The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft.
Kategorie: Hacking & Security

New website aims to publicly shame apps with lax security (UPDATED)

Ars Technica - 18 Srpen, 2014 - 23:15
HTTP Shaming's ethos is even on a fridge. Tony Webster, HTTP Shaming

The amount of personal data traveling to and from the Internet has exploded, yet many applications and services continue to put user information at risk by not encrypting data sent over wireless networks. Software engineer Tony Webster has a classic solution—shame. 

Webster decided to see if a little public humiliation could convince companies to better secure their customers' information. On Saturday, the consultant created a website, HTTP Shaming, and began posting cases of insecure communications, calling out businesses that send their customers' personal information to the Internet without encrypting it first.

One high-profile example includes well-liked travel-information firm TripIt. TripIt allows users to bring together information on their tickets, flight times, and itinerary and then sync it with other devices and share the information with friends and co-workers. Information shared with calendar applications, however, is not encrypted, Webster says, leaving it open to eavesdropping on public networks. Among the details that could be plucked from the air by anyone on the same wireless network: a user's full name, phone number, e-mail address, the last four digits of a credit card number, and emergency contact information. An attacker could even change or cancel the victim's flight, he says.

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security

Hackers steal data on 4.5 million U.S. hospital patients

InfoWorld.com [Security] - 18 Srpen, 2014 - 22:59

A major U.S. hospital operator says hackers based in China broke into its computer systems and stole data on 4.5 million patients.

Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place.

Kategorie: Hacking & Security

Hackers steal data on 4.5 million U.S. hospital patients

InfoWorld.com [Security] - 18 Srpen, 2014 - 22:59

A major U.S. hospital operator says hackers based in China broke into its computer systems and stole data on 4.5 million patients.

Community Health Systems said the attack occurred in April and June of this year, but it wasn't until July that it determined the theft had taken place.

Kategorie: Hacking & Security

Pro-Syrian Malware Increasing in Number, Complexity

Threatpost - 18 Srpen, 2014 - 21:48
Malware deployed against activists in Syria is increasing as the groups deploying these remote access tools become more sophisticated and utilize more complex tactics.
Kategorie: Hacking & Security

Microsoft Yet to Deliver Fix for Faulty Patch Tuesday Update

Threatpost - 18 Srpen, 2014 - 21:07
Microsoft said it is still working on a fix for a broken patch released last Patch Tuesday that is causing Blue Screens of Death and system crashes.
Kategorie: Hacking & Security

About 4.5M face risk of ID theft after hospital network hacked

Computerworld.com [Hacking News] - 18 Srpen, 2014 - 21:07
About 4.5 million people in 28 states face the risk of identity theft due to a massive data breach at Community Health Systems (CHS) a Franklin, Tenn., based health network.
Kategorie: Hacking & Security

Siemens Patches DoS Vulnerability in SIMATIC S7 PLC

Threatpost - 18 Srpen, 2014 - 20:15
Siemens released an update for its SIMATIC S7-1500 CPU last week, patching a denial of service vulnerability in the programmable logic controller.
Kategorie: Hacking & Security

New Attack Binds Malware in Parallel to Software Downloads

Threatpost - 18 Srpen, 2014 - 18:21
Open source software distribution systems that lack security processes and integrity checks are prone to a new attack that binds malware to a download without modifying the original application.
Kategorie: Hacking & Security

ZeroLocker won't come to your rescue

Kaspersky Securelist - 18 Srpen, 2014 - 17:16

In recent times we've been seeing a lot of file-encrypting ransomware activity.

One of the new ones we've seen pop up in the last couple weeks is called ZeroLocker. There's indication the C&C configuration contains some errors which would prevent successful decryption. This is why we urge people not to pay up even more so than normal.

So far we've observed a limited amount of detections through our Kaspersky Security Network. The actors behind ZeroLocker are initially asking $300 worth of BTC for decrypting the files. This goes up to $500 and $1000 as time passes:

ZeroLocker adds a .encrypt extension to all files it encrypts. Unlike most other ransomware ZeroLocker encrypts virtually all files on the system, rather than using a set of pre-defined filetypes to encrypt. It doesn't encrypt files larger than 20MB in size, or files located in directories containing the words "Windows", "WINDOWS", "Program Files", "ZeroLocker" or "Desktop". The malware gets executed at boot from C:\ZeroLocker\ZeroRescue.exe.

Though there's a Bitcoin wallet hardcoded inside the binary the malware tries to fetch a new wallet address from the C&C. This is most likely done to make it more difficult to trace how successful the operation is and where the money goes.

We've gathered several Bitcoin wallet addresses and at the time of writing none had any transactions associated with them. As the C&C server is providing the Bitcoin wallet information it's possible the attackers are able to use a unique wallet for each victim.

The malware generates one random 160-bit AES key to encrypt all the files with. Due to the way the key is generated the key space is somewhat limited, though still large enough to make general brute forcing unfeasible. After encryption the malware runs the cipher.exe utility to remove all unused data from the drive, making file recovery much harder. The encryption key, together with a CRC32 of the computer's MAC address, and the associated Bitcoin wallet is sent to the server.

Interestingly enough, the encryption key along with the other information is sent through a GET request, rather than a POST. This results in a 404 on the server. This could mean that the server is not storing this information. That means victims who pay up may likely not see their files restored.

Several other URLs that the malware tries to get result in 404s as well, which indicates this particular operation may still be in its infancy. When those errors are fixed we may see ZeroLocker deployed on a larger scale. These operations rely on people paying up. Don't do it. Make sure you have backups instead.

We detect current ZeroLocker samples as Trojan-Ransom.MSIL.Agent.uh.

Microsoft's new approach to Windows updates is all marketing sizzle no steak

InfoWorld.com [Security] - 18 Srpen, 2014 - 13:56

Microsoft spokesman Brandon LeBlanc published a nifty blog on Aug.

Kategorie: Hacking & Security

Microsoft's new approach to Windows updates is all marketing sizzle no steak

InfoWorld.com [Security] - 18 Srpen, 2014 - 13:56

Microsoft spokesman Brandon LeBlanc published a nifty blog on Aug.

Kategorie: Hacking & Security

Microsoft yanks botched Black Tuesday patches KB 2982791, KB 2970228, KB 2975719, and KB 2975331

InfoWorld.com [Security] - 18 Srpen, 2014 - 13:25

The saga that started last Tuesday continues, with Microsoft finally acknowledging that some Windows 7 machines have

Microsoft yanks botched Black Tuesday patches KB 2982791, KB 2970228, KB 2975719, and KB 2975331

InfoWorld.com [Security] - 18 Srpen, 2014 - 13:25

The saga that started last Tuesday continues, with Microsoft finally acknowledging that some Windows 7 machines have

Syndikovat obsah