Security News for Thursday, July 24 2014

This article is reporting that an international crime ring compromised more than 1,000 accounts on StubHub and used the accounts to steal more than $10 million dollars in tickets which were later re-sold for profit. From the article:

Robert Capps, senior director of customer success for RedSeal Networks and formerly head of StubHub’s global trust and safety organization, said the fraud against StubHub — which is owned by eBay — largely was perpetrated with usernames and passwords stolen from legitimate StubHub customers. Capps noted that while banks have long been the target of online account takeovers, many online retailers are unprepared for the wave of fraud that account takeovers can bring.

According to this article, two researchers that have discovered methods for remotely hacking into computer control systems on newer vehicles are set to release details on a prototype device that mitigates this issue. From the article:

Last year the two Darpa-funded security researchers spent months cracking into a Ford Escape and a Toyota Prius, terrifying each other with tricks like slamming on the brakes or hijacking the vehicles’ steering with only digital commands sent from a laptop plugged into a standard data port under the dash. At the Black Hat security conference in Las Vegas next month, they’ll unveil a prototype device designed to foil the same unnerving tricks they’ve demonstrated: An intrusion-detection system for automobiles. “These attacks seemed serious enough that we should actually consider how to defend against them,” says Miller, who holds a day job as a security researcher for Twitter. “We actually wanted to do something to help solve this problem.”

Posted in Security News | Leave a comment

Security News for Friday, July 18 2014

Happy Friday!

The evolution of malware seems to have taken a big step forward. This article is reporting that “government grade” malware is now in the hands of cybercriminals that are adding the malware to rootkits and ransomware. From the article:

“Government-grade” malware, which lurks in computer systems undetected for long periods of time, is believed to be in the hands of hackers using it to make rootkits and ransomware more potent.

According to security researchers at Sentinel Labs, malware originally created for the purpose for government espionage, dubbed Gyges, is now undergoing a transformation as hackers are using the software to make their own rootkits and ransomware more sophisticated and harder to detect.

Posted in Security News | Leave a comment

Security News for Wednesday, July 16 2014

Search giant Google has revealed it has assembled a team of top security researchers whose job it will be to find zero-day exploits in software according to this article, and they won’t just be looking for flaws in their own products. From the article:

Unveiled on Wednesday as “Project Zero”, the team will hunt for bugs in the world’s most popular software, such as Google Chrome and Internet Explorer.

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Google security researcher Chris Evans said in a blog post.

If you are paranoid about using online banking on a Windows system that is susceptible to malware there are other alternatives available. This article discusses using a “Live CD” solution. Live CDs allow you to temporarily boot a Windows machine into a Linux environment which is much less likely to become infected with malware. From the article:

As I noted in my 2012 column, “Banking on a Live CD,” the beauty of the “Live CD” approach is that it allows you to safely bank online from any machine — even from a system that is already riddled with malware. That’s because it lets you boot your existing PC into an entirely different (read: non-Windows) operating system.

Posted in Security News | Leave a comment

Security News for Tuesday, July 15 2014

We’re back! We will resume posting to this blog on a regular basis.

This brief article provides a good overview of why an entity’s data is more expensive to replace than equipment. This is something many people do not even consider. From the article:

Data is expensive. We usually don’t think of it that way because it seems so ephemeral. If a laptop is stolen or lost, we worry about the replacement value. We don’t think as much about the cost of replacing the data. You can’t reach out and touch data in the way that you can an expensive laptop. The value of a laptop is easy to calculate. We can just look it up on the internet and order a replacement as easy as adding it to a shopping cart.

In the past we have mentioned the dangers associated with using public computers, such as those found in hotel business centers. This article provides some sound reasoning why it can be a bad idea to use a computer that you have no control over. From the article:

Proof of the dangers of publicly accessible PCs came up yet again when the US Secret Service last week warned that cybercrooks are installing keyloggers on the PCs in hotel business centers to steal personal and business information from travelers.

Posted in Security News | Leave a comment

Security News for Tuesday, July 1 2014

Notice: Due to vacations in the Information Security Office, this will be the last update to this blog until July 14th.

This article is reporting that a Russian group of hackers is targeting energy companies in the U.S. and Europe and could be capable of disrupting power according to researchers. From the article:

The hackers, also called “Dragonfly,” appear to have the resources, size and organization that suggest government involvement, security company Symantec Corp. (SYMC) said in a blog post yesterday. The attackers are targeting grid operators, petroleum pipeline operators, electricity generation firms and other “strategically important” energy companies, it said.

Those group’s activities highlight the increasing reach of cyberattacks as ever-larger parts of the economy become connected and controlled via the Web. They may also be symptomatic of governments using hacking to support political strategies. More than half of the infections found were in the U.S. and Spain, Symantec said, while Serbia, Greece, Romania, Poland, Turkey, Germany, Italy and France were also targeted.

This article discusses yet another ransomware variant dubbed Cryptowall seen in the wild. For the initiated, ransomware is malware that encrypts the data on your hard drive and forces you to pay a ransom in order to receive the decryption key. The article discusses how Cryptowall  is propagated as well as steps to take to prevent such an infection.

According to this post, Apple recently plugged a total of 60 unique vulnerabilities across iOS, OS X, Safari, and Apple TV.  From the post:

iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app, a problem first reported two months ago. The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.

Posted in Security News | Leave a comment

Security News for Wednesday, June 25 2014

This article discusses some best practices that can be used to avoid falling victim to ransomware. According to a recent report by security vendor, the use of ransomware has increased 91% year over year so this article would be worth taking a look at. From the article:

“The key is to remove power from the extortionists, and you do that by backing up your system regularly,” said Kenneth Bechtel, a malware research analyst with Tenable Network Security. “This basic best practice is cheap and easy, thanks to removable hard drives. With backups, there’s no need to pay the ransom to get your data back or interact with extortionists in any way.”

This article examines cybercrime’s cost to businesses. Part of the problem with trying to put a dollar figure on the cost of cybercrime is that it is often security vendors trying to sell products that release these figures. From the article:

One well-known example of fudging was the 2009 report by the Center for Strategic and International Studies, which estimated hacking costs to the global economy at $1 trillion. President Barack Obama, various intelligence officials and members of Congress have cited this number when pressing for legislation on cybercrime protection.

Posted in Security News | Leave a comment

Security News for Tuesday, June 24 2014

For the Max OS X users, here is an article that offers 5 tips to provide better security when using the operating system. From the article:

Unfortunately, Apple doesn’t have a good reputation for transparency about security updates.

Unlike Microsoft, which has a long-standing and regular process for providing security updates, Apple simply provides updates when it feels like it.

This can leave many users unaware of the updates and even unconcerned with their own security.

Posted in Security News | Leave a comment

Security News for Monday, June 23 2014

We covered the demise of the popular (and free) encryption application TrueCrypt here in early June of this month. This blog post takes a fresh look and offers some new perspective as to why the project may have been shut down. from the post:

Conspiracy theories abounded:

  • The NSA made them shut it down, because the product was too secure!
  • Hackers got into their website and stole their code signing key, then set about destroying the product to push users onto tainted alternatives!
  • Malicious actors forced them to introduce covert backdoors, and this was the way of telling us without actually saying so!
  • It was all a bit of a hoax to raise awareness of encryption, so keep calm and carry on!

This article discusses a tactic that is gaining popularity with the bad guys, holding data hostage. From the article:

The perpetual cat-and-mouse game between computer hackers and their targets is getting nastier. Cybercriminals are getting better at circumventing firewalls and antivirus programs. More of them are resorting to ransomware, which encrypts computer data and holds it hostage until a fee is paid. Some hackers plant virus-loaded ads on legitimate websites, enabling them to remotely wipe a hard drive clean or cause it to overheat. Meanwhile, companies are being routinely targeted by attacks sponsored by the governments of Iran and China. Even small start-ups are suffering from denial-of-service extortion attacks, in which hackers threaten to disable their websites unless money is paid.

According to this article, a cloud-based code-hosting and project management services provider was recently forced to shutter its operations after malicious hackers broke into its infrastructure and deleted customer data. From the article:

The customers of, run by a company based in Wayne, New Jersey, called AbleBots, were informed Wednesday that their data might have been permanently lost following the compromise of the company’s account on Amazon’s Elastic Compute Cloud (EC2).

The devastating security breach happened over a span of 12 hours and initially started with a distributed denial-of-service attack followed by an attempt to extort money from the company.

It is worth mentioning that not only was customer data deleted but also most of the company’s backups. This is an important lesson as to why local backups are essential for cloud-based service providers.


Posted in Security News | Leave a comment

Security News for Friday, June 20 2014

Happy Friday!

It is fairly common knowledge that many people choose weak passwords to protect their accounts. According to this article, many hackers also choose weak passwords. From the article:

Analysis by security researchers at anti-virus firm Avast has revealed that hackers appear to be using weak passwords just like everyone else. Using a sample of nearly 40,000 passwords collected from years of analyzing malware, Avast’s Antonín Hýža found that only 10 percent of passwords were “beyond normal capabilities of guessing or cracking.” The rest provide some interesting statistics around hackers password choices. Almost none of the unique passwords from the samples contained uppercase characters, despite regular warnings by security experts to use a mix of upper- and lowercase characters for passwords.

This post is reporting on an effort by Google and Microsoft to add “kill switches” to their mobile operating systems in order to disable stolen mobile devices. From the post:

Despite industry opposition to mandatory mobile device kill switch laws, new crime statistics show that Apple’s addition of remote device locking to iOS 7 just might be having an effect on iPhone theft.

Incidences of iPhone thefts have shot down sharply in several cities since September 2013, when Apple added the kill switch features called Activation Lock.

According to this article, Facebook suffered a 31 minute outage yesterday afternoon. While Facebook has yet to divulge the cause of the outage, many believe it was the result of a distributed denial-of-service (DDos) attack. From teh article:

DDoS attacks, which crash websites by bombarding them with so much artificial traffic that it overloads their servers, are regularly used to bring down major websites.
The “attack map” created by cyber security company Norse reportedly showed a spike in activity during the Facebook outage which could indicate a DDoS attack on the site originating from China.

Posted in Security News | Leave a comment

Security News for Wednesday, June 18 2014

This is a great example of how *not* to handle personally identifiable information (PII). An employee of the Riverside Community College District accidentally sent thousands of confidential student records to the wrong email address. From the article:

The employee tried to send the data through the protected RCCD system, but the file was too large. The employee then used a personal email account to send the file to the researcher’s personal email address, but mistyped the correct address and sent the data.

In a statement, the district emphasized that there was no outside intrusion into the system; human error was at fault.

By now most people are probably at least somewhat familiar with cryptocurrencies such as Bitcoin. This article is reporting that a hacker installed mining software on thousands of compromised systems and was able to mine more than $600,000 in Dogecoin. From the article:

A German hacker generated more than $620,000 in cryptocurrency after hijacking an unknown number of network storage devices and turning them into digital slaves to mine Dogecoin, researchers said today.

“This wasn’t unique, we’ve seen other malware install [cryptocurrency] miners, but we haven’t seen anything this big before,” said Pat Litke, a researcher at Dell SecureWorks’ Counter Threat Unit (CTU). “That was mostly due to the infection vector. He could just walk in the door.”

If you have no idea as to how cryptocurrencies work, there is a good infographic here that explains Bitcoin.

Posted in Security News | Leave a comment