RSA, one of the leading global manufacturers of cryptographic solutions, has apparently fallen prey to an attack in which data was stolen from its servers. According to a press release from RSA's CEO, Art Coviello, to RSA customers, part of the data included information about SecurID products, which could endanger their security.
SecurID is one of the oldest systems for two-factor authentication for safe logins on computers; most people are familiar with it as a hardware token that generates a one-time password (OTP) every 60 seconds. Worldwide, 40 million tokens are reportedly used by companies in addition to an estimated 250 million software versions on mobile devices, etc.
Continued : http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
Also:
RSA Hack Yields SecurID Secrets
RSA Warns SecurID Customers After Company Is Hacked
Security firm RSA warns that its servers have been hacked
Reply 1 : NEWS - March 18, 2011
We know what fake antivirus is: malware posing as real antivirus while hijacking your computer and wallet. Then there is real antivirus: applications such as avast! and our competitors.
And now there is a third category: semi-fake antivirus. It's not a blatant malware attack and may actually include a real antivirus application. From a strictly technical perspective, it might not even be called malware.
But one thing is clear: it is still taking money from consumers in a way that some would call fraudulent.
Recently, I got an email from the UK-based Computeractive about an irate customer wanting a refund on avast! Pro. It seems that the person went on the internet, searched for avast, and found a site offering special download services and videos. They ended up getting a messed-up computer and spending over $100.
Continued : https://blog.avast.com/2011/03/17/attack-of-the-semi-fake-antivirus/
And now there is a third category: semi-fake antivirus. It's not a blatant malware attack and may actually include a real antivirus application. From a strictly technical perspective, it might not even be called malware.
But one thing is clear: it is still taking money from consumers in a way that some would call fraudulent.
Recently, I got an email from the UK-based Computeractive about an irate customer wanting a refund on avast! Pro. It seems that the person went on the internet, searched for avast, and found a site offering special download services and videos. They ended up getting a messed-up computer and spending over $100.
Continued : https://blog.avast.com/2011/03/17/attack-of-the-semi-fake-antivirus/
Reply 2 : NEWS - March 18, 2011
Security specialist Michael Gough, best known for his attacks on VoIP systems, appears to have discovered a vulnerability in LAN-attached access control systems. The vulnerability apparently allows electronic locking systems to be opened without authorisation over a network. Working with developer Ian Robertson, Gough has developed an Android app called Caribou which exploits the vulnerability to unlock doors for which an RFID key card would normally be required.
All the Android app requires to carry out a successful attack is the IP address of the access control system. It follows that only systems which are accessible from the web or via Wi-Fi will be vulnerable to this attack. Gough has not revealed precise details of the attack and is working on the problem with US-CERT. He also has no intention of making the app publicly available at this time.
Continued : http://www.h-online.com/security/news/item/Open-sesame-Smartphone-hack-for-electronic-entry-systems-1210626.html
All the Android app requires to carry out a successful attack is the IP address of the access control system. It follows that only systems which are accessible from the web or via Wi-Fi will be vulnerable to this attack. Gough has not revealed precise details of the attack and is working on the problem with US-CERT. He also has no intention of making the app publicly available at this time.
Continued : http://www.h-online.com/security/news/item/Open-sesame-Smartphone-hack-for-electronic-entry-systems-1210626.html
Reply 3 : NEWS - March 18, 2011
Microsoft Corp claimed credit on Thursday for taking down one of the biggest producers of spam e-mail in a joint effort with federal authorities across the United States.
The world's biggest software company said its legal action against the operator of the Rustock 'botnet' -- or network of infected computers programed to send spam e-mail -- led to raids across the country on Thursday which effectively shut the network down.
Tech security bloggers who follow the activities of botnets worldwide noticed earlier on Thursday a sharp dip in spam e-mail coming from the Rustock network, which some estimate is responsible for almost half of the spam appearing in inboxes. However, they warned that total eradication requires long-term efforts.
After getting the go-ahead from federal court in Seattle, where Microsoft had filed a lawsuit against the botnet's operators, the company said it worked with the U.S. Marshals Service to raid hosting providers in seven U.S. cities early on Thursday, including Denver, Dallas, Chicago, Seattle and Columbus.
"With help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it," said Richard Boscovich, senior attorney at Microsoft's Digital Crimes Unit in a blog post on Microsoft's site.
Continued : http://news.yahoo.com/s/nm/20110318/tc_nm/us_microsoft_botnet
From Microsoft: Taking Down Botnets: Microsoft and the Rustock Botnet
Also: Spam Network Shut Down
Related : Rustock Botnet Flatlined, Spam Volumes Plummet
The world's biggest software company said its legal action against the operator of the Rustock 'botnet' -- or network of infected computers programed to send spam e-mail -- led to raids across the country on Thursday which effectively shut the network down.
Tech security bloggers who follow the activities of botnets worldwide noticed earlier on Thursday a sharp dip in spam e-mail coming from the Rustock network, which some estimate is responsible for almost half of the spam appearing in inboxes. However, they warned that total eradication requires long-term efforts.
After getting the go-ahead from federal court in Seattle, where Microsoft had filed a lawsuit against the botnet's operators, the company said it worked with the U.S. Marshals Service to raid hosting providers in seven U.S. cities early on Thursday, including Denver, Dallas, Chicago, Seattle and Columbus.
"With help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it," said Richard Boscovich, senior attorney at Microsoft's Digital Crimes Unit in a blog post on Microsoft's site.
Continued : http://news.yahoo.com/s/nm/20110318/tc_nm/us_microsoft_botnet
From Microsoft: Taking Down Botnets: Microsoft and the Rustock Botnet
Also: Spam Network Shut Down
Related : Rustock Botnet Flatlined, Spam Volumes Plummet
Reply 4 : NEWS - March 18, 2011
.. notification Emails
Websense Security Labs Threatseeker network has detected a new malicious email campaign that masquerades as originating from Facebook. The campaign appears to actually be originating from the Cutwail/Pushdo spam bot. This time round, the Cyber criminals employ two attack vectors: social engineering and an exploit kit. Both end up with the Zeus/Zbot Trojan installed on the targeted machines.
Here is an example of a malicious email in Spanish: [Screenshot]
The malicious email is spoofed to appear to be coming from Facebook.com and says: "Hi, someone loves your photo comments, please click on the link to see all comments". It provides a fake URL disguised as a formal Facebook link. Once clicked, the user is redirected to an attack page and is prompted to download and run an "update" from Facebook. The "update" file is a Zeus/Zbot Trojan variant. At the time of writing, the file had only a 7% detection. [Screenshot]
The attack isn't over yet. While the fake Facebook page loads, the user's machine is attacked silently with several exploits in the background. The exploits are sent via an iframe contained in the fake Facebook attack page. This process happens silently when the attack page is loaded. The exploits are loaded from one of the most prevalent exploit kits today - the Blackhole exploit kit. Any successful exploitation results in the Zeus/Zbot Trojan installed silently on the user's machine.
Continued : http://community.websense.com/blogs/securitylabs/archive/2011/03/18/zbot-and-blackhole-exploit-kit-all-in-facebook-comments-spam.aspx
Related : A New Playground for the BlackHole Exploit Kit
Websense Security Labs Threatseeker network has detected a new malicious email campaign that masquerades as originating from Facebook. The campaign appears to actually be originating from the Cutwail/Pushdo spam bot. This time round, the Cyber criminals employ two attack vectors: social engineering and an exploit kit. Both end up with the Zeus/Zbot Trojan installed on the targeted machines.
Here is an example of a malicious email in Spanish: [Screenshot]
The malicious email is spoofed to appear to be coming from Facebook.com and says: "Hi, someone loves your photo comments, please click on the link to see all comments". It provides a fake URL disguised as a formal Facebook link. Once clicked, the user is redirected to an attack page and is prompted to download and run an "update" from Facebook. The "update" file is a Zeus/Zbot Trojan variant. At the time of writing, the file had only a 7% detection. [Screenshot]
The attack isn't over yet. While the fake Facebook page loads, the user's machine is attacked silently with several exploits in the background. The exploits are sent via an iframe contained in the fake Facebook attack page. This process happens silently when the attack page is loaded. The exploits are loaded from one of the most prevalent exploit kits today - the Blackhole exploit kit. Any successful exploitation results in the Zeus/Zbot Trojan installed silently on the user's machine.
Continued : http://community.websense.com/blogs/securitylabs/archive/2011/03/18/zbot-and-blackhole-exploit-kit-all-in-facebook-comments-spam.aspx
Related : A New Playground for the BlackHole Exploit Kit
Reply 5 : NEWS - March 18, 2011
Computer viruses have been around for a long, long time - pretty much as long as personal computing and mainstream software development - and they've been making international news since the Internet graduated from a researcher's toy to a tool for consumers.
If you've ever wondered what the first viruses were like and just how bad or dangerous they were, this infographic should be an interesting read for you. And the Space Invaders graphics will be easy on your nerdy eyes, too.
While the first virus in this brief history coincided with the birth of the 3.5-inch floppy disk, a lot of the malware we see these days relies on social media or mobile apps for transmission, adequate proof (as if any was needed) that with any innovation comes an opportunity for exploitation.
The twist these days is that more viruses are specifically targeted to steal personal data and make money for their creators, which was not necessarily a goal for many of the virus-writing hackers of the late 1980s and early 1990s. In fact, according to this data, the first money-making computer virus didn't hit PCs until 2003.
Infographic - Click image to view the full-size version.
http://mashable.com/2011/03/16/history-of-computer-viruses/
The Infographic is from F-Secure. See: Infographic - COMPUTER INVADERS
If you've ever wondered what the first viruses were like and just how bad or dangerous they were, this infographic should be an interesting read for you. And the Space Invaders graphics will be easy on your nerdy eyes, too.
While the first virus in this brief history coincided with the birth of the 3.5-inch floppy disk, a lot of the malware we see these days relies on social media or mobile apps for transmission, adequate proof (as if any was needed) that with any innovation comes an opportunity for exploitation.
The twist these days is that more viruses are specifically targeted to steal personal data and make money for their creators, which was not necessarily a goal for many of the virus-writing hackers of the late 1980s and early 1990s. In fact, according to this data, the first money-making computer virus didn't hit PCs until 2003.
Infographic - Click image to view the full-size version.
http://mashable.com/2011/03/16/history-of-computer-viruses/
The Infographic is from F-Secure. See: Infographic - COMPUTER INVADERS
Reply 6 : NEWS - March 18, 2011
RSA, the security division of EMC Corp. has warned customers to be on the lookout for targeted attacks, including suspicious messages and links sent over social media networks in the wake of a sophisticated attack that spilled confidential information about the workings of the company's SecurID strong authentication product.
In a letter to RSA SecurCare customers, the company said that the information stolen about the SecurID product "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." It advised customers to pay increased attention to signs of a targeted attack, scrutinizing social media applications and suspicious e-mail attachments, among other steps.
The letter was disclosed in a federal 8-K filing with the U.S. Securities and Exchange Commission (SEC) on Thursday. In it, the company lays out a list of recommendations to customers, which are described as "overall recommendations." It said it is also providing "immediate remediation steps for customers" to "strengthen RSA SecurID implementations." The company declined to say what those steps are. An RSA spokesperson said the company cannot comment beyond the information provided in the letter to customers and a blog post by Executive Chairman Art Coviello because there is an active criminal investigation regarding the breach.
Continued : https://threatpost.com/en_us/blogs/rsa-warns-customers-targeted-attacks-wake-hack-031811
Also:
RSA SecurID Customers Need to Boost Vigilance, Other Network Defenses
RSA breach report lacks depth: Kaminsky
[Related to the first post in this thread]
In a letter to RSA SecurCare customers, the company said that the information stolen about the SecurID product "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." It advised customers to pay increased attention to signs of a targeted attack, scrutinizing social media applications and suspicious e-mail attachments, among other steps.
The letter was disclosed in a federal 8-K filing with the U.S. Securities and Exchange Commission (SEC) on Thursday. In it, the company lays out a list of recommendations to customers, which are described as "overall recommendations." It said it is also providing "immediate remediation steps for customers" to "strengthen RSA SecurID implementations." The company declined to say what those steps are. An RSA spokesperson said the company cannot comment beyond the information provided in the letter to customers and a blog post by Executive Chairman Art Coviello because there is an active criminal investigation regarding the breach.
Continued : https://threatpost.com/en_us/blogs/rsa-warns-customers-targeted-attacks-wake-hack-031811
Also:
RSA SecurID Customers Need to Boost Vigilance, Other Network Defenses
RSA breach report lacks depth: Kaminsky
[Related to the first post in this thread]
Reply 7 : NEWS - March 18, 2011
A hole has been spotted in Internet Explorer 9's do-not-track technology, and Microsoft says it's a feature not a bug.
In response to a US government call for greater protection of consumers' privacy online, Microsoft added a Tracking Protection Lists (TPLs) feature to IE9. Netizens can use one or more lists to prevent certain ad networks and websites from tracking their behavior online. But when an IE9 user downloads multiple TPLs and a site's blocked on one list but allowed on another, IE9 will allow the site, letting it to track the user's activities.
The hole was flagged up by UK consumer watchdog Which?. Tracking Protection Lists are available from four Microsoft IE9 partners: Abine, EasyList, PrivacyChoice, and Truste.
An existing Microsoft TPL Q&A here at the foot of the IE9 test drive site mentions briefly what happens if there's a conflict. It's also illustrated as part of a video on Microsoft's IE blog that announces TPLs. While that might count as forewarning, this is not a capability that Microsoft has explicitly called out or explained in any great detail when it has talked about TPLs.
Continued : http://www.theregister.co.uk/2011/03/18/microsoft_ie9_tpl_site_blocker/
In response to a US government call for greater protection of consumers' privacy online, Microsoft added a Tracking Protection Lists (TPLs) feature to IE9. Netizens can use one or more lists to prevent certain ad networks and websites from tracking their behavior online. But when an IE9 user downloads multiple TPLs and a site's blocked on one list but allowed on another, IE9 will allow the site, letting it to track the user's activities.
The hole was flagged up by UK consumer watchdog Which?. Tracking Protection Lists are available from four Microsoft IE9 partners: Abine, EasyList, PrivacyChoice, and Truste.
An existing Microsoft TPL Q&A here at the foot of the IE9 test drive site mentions briefly what happens if there's a conflict. It's also illustrated as part of a video on Microsoft's IE blog that announces TPLs. While that might count as forewarning, this is not a capability that Microsoft has explicitly called out or explained in any great detail when it has talked about TPLs.
Continued : http://www.theregister.co.uk/2011/03/18/microsoft_ie9_tpl_site_blocker/
Reply 8 : NEWS - March 18, 2011
..for Code Theft
A former Goldman Sachs programmer convicted of stealing the bank's high-speed trading software was sentenced Friday to eight years in prison.
Sergey Aleynikov, 41, was convicted in December of theft of trade secrets and then unsuccessfully sought to have the conviction set aside. The Russian-born Aleynikov was ordered remanded in custody until his sentencing because he was considered a flight risk.
Prosecutors had sought 8 to 10 years, while Aleynikov asked for probation.
Aleynikov worked for Goldman Sachs until June 2009 when authorities say he siphoned source code for the company's valuable software on his way out the door to take a new job with another company. The software is used to make sophisticated, high-speed, high-volume stock and commodities trades and earns the company "many millions of dollars in profits" each year, according to prosecutors.
Aleynikov, a naturalized American citizen from Russia who immigrated to the United States in 1991, earned nearly $400,000 a year as a vice president with Goldman Sachs, but his new job with Teza Technologies would have paid him about $1.2 million. He was arrested in July 2009 at the Newark Airport in New Jersey as he returned from a trip to Chicago, where he'd met with his new employers at Teza.
Continued : http://www.wired.com/threatlevel/2011/03/aleynikov-sentencing/
A former Goldman Sachs programmer convicted of stealing the bank's high-speed trading software was sentenced Friday to eight years in prison.
Sergey Aleynikov, 41, was convicted in December of theft of trade secrets and then unsuccessfully sought to have the conviction set aside. The Russian-born Aleynikov was ordered remanded in custody until his sentencing because he was considered a flight risk.
Prosecutors had sought 8 to 10 years, while Aleynikov asked for probation.
Aleynikov worked for Goldman Sachs until June 2009 when authorities say he siphoned source code for the company's valuable software on his way out the door to take a new job with another company. The software is used to make sophisticated, high-speed, high-volume stock and commodities trades and earns the company "many millions of dollars in profits" each year, according to prosecutors.
Aleynikov, a naturalized American citizen from Russia who immigrated to the United States in 1991, earned nearly $400,000 a year as a vice president with Goldman Sachs, but his new job with Teza Technologies would have paid him about $1.2 million. He was arrested in July 2009 at the Newark Airport in New Jersey as he returned from a trip to Chicago, where he'd met with his new employers at Teza.
Continued : http://www.wired.com/threatlevel/2011/03/aleynikov-sentencing/
Reply 9 : NEWS - March 18, 2011
The web host to a PlayStation online forum moved Thursday to quash a subpoena connected to Sony's lawsuit against George Hotz, the man who released the first full-fledged PlayStation 3 hack.
SoftLayer Technologies, which counts psx-scene.com among its hosted sites, is objecting to a records demand seeking server logs and other information related to site-user Hotz. Sony is suing the 21-year-old New Jersey man on charges that he breached the Digital Millennium Copyright Act by publishing an encryption key and software tools in January that allow PlayStation 3 owners to gain complete control of their consoles.
Dallas-based SoftLayer is the only company so far to object to subpoenas in the hotly contested Hotz case. The judge has signed off on Sony subpoenas to Twitter, YouTube, Google and PayPal as part of the console-maker's scorched-earth litigation tactics to win an unspecified amount of monetary damages from Hotz.
Continued : http://www.wired.com/threatlevel/2011/03/ps3-forum-subpoena-quash/#more-24549
Related : Sony wins subpoena for PS3 hacker's PayPal records
SoftLayer Technologies, which counts psx-scene.com among its hosted sites, is objecting to a records demand seeking server logs and other information related to site-user Hotz. Sony is suing the 21-year-old New Jersey man on charges that he breached the Digital Millennium Copyright Act by publishing an encryption key and software tools in January that allow PlayStation 3 owners to gain complete control of their consoles.
Dallas-based SoftLayer is the only company so far to object to subpoenas in the hotly contested Hotz case. The judge has signed off on Sony subpoenas to Twitter, YouTube, Google and PayPal as part of the console-maker's scorched-earth litigation tactics to win an unspecified amount of monetary damages from Hotz.
Continued : http://www.wired.com/threatlevel/2011/03/ps3-forum-subpoena-quash/#more-24549
Related : Sony wins subpoena for PS3 hacker's PayPal records
Reply 10 : NEWS - March 18, 2011
Microsoft yesterday urged users of older Office suites to install and run a complicated tool to protect themselves against ongoing attacks exploiting an unpatched bug in Adobe's Flash Player.
"For users of Office prior to 2010, the Enhanced Mitigation Experience Toolkit (EMET) can help," said Andrew Roths and Chengyun Chu, a manager and security engineer, respectively, with the Microsoft Security Response Center (MSRC). "Turning on EMET for the core Office applications will enable a number of security protections called 'security mitigations'," the pair wrote in a Thursday post to the company's Security Research & Defense blog.
EMET is a tool designed for advanced users, primarily enterprise IT pros, that manually enables ASLR (address space layout randomization) and DEP (data execution prevention) for specific applications. ASLR and DEP are two anti-exploit technologies included with Windows.
Continued : http://www.computerworld.com/s/article/9214795/Microsoft_urges_Office_users_to_block_Flash_Player_attacks
"For users of Office prior to 2010, the Enhanced Mitigation Experience Toolkit (EMET) can help," said Andrew Roths and Chengyun Chu, a manager and security engineer, respectively, with the Microsoft Security Response Center (MSRC). "Turning on EMET for the core Office applications will enable a number of security protections called 'security mitigations'," the pair wrote in a Thursday post to the company's Security Research & Defense blog.
EMET is a tool designed for advanced users, primarily enterprise IT pros, that manually enables ASLR (address space layout randomization) and DEP (data execution prevention) for specific applications. ASLR and DEP are two anti-exploit technologies included with Windows.
Continued : http://www.computerworld.com/s/article/9214795/Microsoft_urges_Office_users_to_block_Flash_Player_attacks
No comments:
Post a Comment