Security News for Friday, September 19 2014

Home Depot released a statement yesterday revealing details on their recent breach. According to the statement, 56 million unique payment cards were compromised in the attack. This surpasses the Target breach late last year where 40 million credit card and debit card numbers were compromised. The statement also goes on to say that the malware that was discovered on Home Depot systems was “unique, custom-built malware”  and was not the same malware that compromised Target as initially reported.

According to this article, and based on a recently released report by the US Senate Armed Services Committee, Chinese hackers breached systems for military contractors at least 20 times in one year. From the article:

The committee’s investigation identified gaps in cyber-incident reporting requirements at the US Transportation Command (TRANSCOM), which is responsible for moving US troops and equipment, including to and from war zones.

Posted in Security News | Leave a comment

Security News for Thursday, September 18 2014

This article provides some detail into the recently announced compromise of Home Depot customer data. According to the article, Home Depot tried to shore up its defenses in the wake of the Target breach late last year but it may have been too late. From the article:

By January, the group had produced recommendations that included new technology to fully encrypt payment card data at the chain’s 2,200 U.S. and Canadian stores. But it wasn’t until April—after months of testing—that Home Depot signed a more than $7 million contract with a data security provider to begin the work.

By then, the hackers might already have cracked the fourth-largest retailer’s payment systems. And by early September, when the company says it became aware it was hacked, the encryption system had only been rolled out to a quarter of its stores.

It is obvious why hackers would target organizations like Target and Home Depot, the info they are after includes customer and credit card data.  This article discusses why hackers may target an organizations customer relationship management (CRM) data which might not be as obvious. From the article:

CRM data may not seem to be the low hanging fruit of, say, a nationwide sweep of Home Depot customer accounts, but a closer look suggests it is – and possibly even more lucrative for hackers. CRM data can contain everything from financial records, corporate email addresses, notes and documents about late-paying customers, intellectual property and sales forecast data.

Posted in Security News | Leave a comment

Security News for Monday, September 15 2014

One of the new features Apple is touting along with the release of the iPhone 6 is Apple Pay. This feature will allow users to pay for items from their iPhone. This article discusses the safety of using the iOS platform for making purchases. From the article:

So there is no copy of your credit card data, stored or used, that could be extracted, RAM scraped or skimmed by a crook, as happens in traditional credit card breaches. (Even Chip-and-PIN cards typically have a fallback magnetic stripe that can be skimmed to reveal data that a crook could misuse in subsequent online transactions.)

According to this article, and based on a study by a “group of national privacy and data protection bodies from all around the world”, the vast majority of smartphone apps provide inadequate information on the privacy implications associated with using these apps. From the article:

The study, conducted by the Global Privacy Enforcement Network (GPEN), looked at over 1200 apps with participants each tasked with looking at a handful developed in, or targeting users in, their own region.

It found that only 15% provided clear information on how the app gathers, uses and shares private data on the user, to an extent that the user could feel confident in their understanding of how it works.

More and more devices are being connected to the Internet which can be convenient but these devices are then exposed to remote hacking. This article discusses a proof-of-concept remote hack against a Cannon Pixma printer where a researcher installed and ran the game Doom on it. From the article:

Mr Jordon found that the Canon Pixma printer he used can be accessed via the internet using a web interface to check on queued jobs, device status and so on. The interface has no user name or password and is open to discovery. While this kind of info might not be particularly sensitive Jordon found that the printer firmware was also updatable via this web interface. He reverse engineered the encrypted firmware to reveal the computer code and thus discovered how to replace it with his own firmware which would in turn be accepted as authentic.

Posted in Security News | Leave a comment

Security News for Wednesday, September 11 2014

A new phishing attack and a new silly name for it: tabnapping. According to this post, tabnapping involves  taking over the background tab on a users web browser in order to trick them into entering their login credentials. The site linked above goes on to provide more details of this attack.

According to this article, a hacker has seized control of the email account of Satoshi Nakamoto, the secretive creator of Bitcoin and are threatening to sell the creators personal information for 25 Bitcoin (approximately $12,000).

Posted in Security News | Leave a comment

Security News for Wednesday, September 3 2014

In what is becoming too commonplace, Home Depot is admitting they may have been the victim of one of the largest data breaches to affect a retailer according to this article. From the article:

“It’s like that old saying, ‘Why do you rob a bank? It’s where the money is,’” said CBS News financial analyst Mellody Hobson. “Cyber thieves know they’re the new organized crime. There’s a lot of money to be made online because 60 percent of us are banking online. Most of us are shopping online. So when they get these numbers, they can sell them.”

This article discusses performing forensics on the hard drive removed from a copier machine. Years ago, copier companies started introducing security features that would automatically wipe any data that was stored on the drive so you would think that it would not be possible to retrieve and data from the hard drive but in this case, the analyst was able to recover data that should have been purged.

Posted in Security News | Leave a comment

Security News for Monday, August 25 2014

This article takes a look at 5 excuses people use for doing nothing about computer security, as well as some points that can be used to argue why these excuses are baseless. This article would be great to share with family/friends/colleagues who might not be very computer savvy.

There has been a lot of news lately about businesses falling victim to malware that infects their PoS (point-of-sale) systems. This article examines  how malicious hackers are taking control of PoS systems in order to steal customer credit card data. From the article:

In order to have a constant source of new credit card information that can be sold, groups of hackers focus on stealing POS credentials. With a set of POS credentials at hand, their “shop” never runs out of “merchandise” and they can benefit from long periods of credit card data validity, as compromised POS credentials are usually discovered late, and media exposure of such incidents is lower than the media exposure of major data breaches.

Posted in Security News | Leave a comment

Security News for Friday, August 22 2014

This article discusses new stealthy razor-thin credit card skimmers that were recently discovered on an ATM machine in southern Europe. These skimmers are much harder to detect than the older type which were mounted over the existing card slot.

According to this article, a group of Chinese hackers spent 4 years stealing everything from trade secrets to trial data from the U.S. health-care industry. From the article:

The group infiltrated one U.S. drugmaker by hacking into a company it was about to acquire, said a security consultant who asked not to be identified because of a confidentiality agreement. In other cases, the hackers accessed pharmaceutical labs through their connections with university researchers, scooping up trial data and other trade secrets, said Aaron Shelmire, a threat researcher for Dell SecureWorks.

Posted in Security News | Leave a comment

Security News for Tuesday, August 19 2014

This article is reporting on a new Android app designed by a team from Georgia Tech that encrypts communications between applications. From the article:

The researchers describe the technology as a “transparent window” over apps that prevents unencrypted messages from leaving the user’s device.

Data breaches are becoming a common occurrence in the news as of late. This article answers some questions as to why we are seeing so many data breaches affecting brick-and-mortar stores. From the article:

Why do we keep hearing about breaches involving bricks-and-mortar stores?

Credit and debit cards stolen from bricks-and-mortar stores (called “dumps”) usually sell for at least ten times the price of cards stolen from online merchants (referred to in the underground as “CVVs” or just “credit cards”). As a result, dumps are highly prized by today’s cyber crooks, and there are dozens of underground “card shops” online that will happily buy the cards from hackers and resell them on the open market.

Posted in Security News | Leave a comment

Security News for Thursday, August 14 2014

According to this article, the Electronic Frontier Foundation held a hacking competition against home routers at the annual Defcon Security Conference and the results were alarming. A total of 15 zero-day vulnerabilities were discovered in 4 popular home and small business routers. From the article:

The EFF contest challenged participants to hack 10 home routers. Four of the 10 were compromised:  the ASUS RT-AC66U; Netgear Centria WNDR4700; Belkin N900, and TRENDnet TEW-812DRU. However, others stood the test, including the Linksys EA6500; Netgear WNR3500U/WNR3500L; TP-Link TL-WR1043ND; D-Link DIR-865L, and the Electronic Frontier Foundation’s Open Wireless Router firmware – though it is unclear whether those platforms were not vulnerable to attack, or just escaped scrutiny in the contest.

This article is reporting on a new Symantec report that states malware is becoming much “smarter” about infecting virtual machines and in some cases can even break out of a vm and infect the host system. From the article:

For a recent example, O’Murchu pointed to CVE-2014-0983; a “guest-to-host” breakout exploit for Vupen’s VirtualBox. He explained that by escaping the added layer or protection provided by virtual environments, malware gains longevity and can gain access to the network.

Posted in Security News | Leave a comment

Security News for Wednesday, August 13 2014

This article discuses an interesting occurrence that took place on the Internet yesterday. Due to arbitrary routing limits being exceeded on the backbone of the Internet, mass outages were reported around the world. From the article:

As part of the outage, punters experienced patchy – or even no – internet connectivity and lost access to all sorts of cloud-based services. The LastPass outage is being blamed by many on 512KDay, though official confirmation of this is still pending. I have been tracking reports of inability to access cloud services such as Office365 through to more localised phenomena from around the world, many of which look very much like they are 512KDay related.

This brief article is reporting that a recently released “ultra-secure” mobile phone, the Blackphone, was hacked in five minutes at a security conference last week. From the article:

The hack allowed root access to the phone – and was performed on stage at the DEF CON security conference, according to Gizmodo. TeamAndIRC found three vulnerabilities according to Tweaktown – although each had its own weakness. One required an unpatched version of PrivatOS and another required direct user interaction. Slashgear reported that users faced no “imminent danger.”

Posted in Security News | Leave a comment