Doug Vitale Tech Blog

November-December 2014 News Archive

FBI Seeks Ethical Hackers to be ‘Cyber Special Agents’

Ars Technica, 30 Dec 2014 – The FBI said Monday it’s seeking technology experts — including those with experience in “ethical hacking” — to become “cyber special agents.” Such agents, the FBI said, should have the skills to “conduct multi-faceted investigations of high-tech crimes, including cyber-based terrorism, computer intrusions, online exploitation and major cyber fraud schemes.” [More]

NSA has VPNs in ‘Vulcan death grip’

Ars Technica, 30 Dec 2014 – The NSA’s Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. [More]

DNS attacks putting organizations at risk

SC Mag, 23 Dec 2014 – More than 75 percent of organizations in the U.S. and U.K. have experienced at least one DNS attack, and 66 percent of organizations in the U.S. experienced a DNS attack within the last 12 months. The DNS Security Survey is based on interviews with 300 IT decision-makers – 200 in the U.S. and 100 in the U.K. – who work for organizations with at least 1,000 employees in the financial services, IT, manufacturing and production, and retail, distribution and transport sectors. [More]

JPMorgan Chase was hacked via two-factor authentication blunder

Engadget, 23 Dec 2014 – The hackers who stole millions of depositors’ contact info from JPMorgan Chase earlier this year didn’t use any kind of sophisticated malware like the one that took down Sony Pictures’ computers. No, they managed to steal people’s info because the bank failed to upgrade one of its servers with two-factor authentication. [More]

Sony hackers lingered in network before unleashing malware

SC Mag, 22 Dec 2014 – The Sony Pictures hackers likely took months to do their dirty work—snooping around the company’s network and gathering passwords, before distributing wiper malware that took the system out. The report attributes Trend Micro for those revelations, made after conducting simulations on a copy of the virus responsible for crippling Sony, known as WIPALL or Destover. [More]

FBI used Metasploit Decloak To Expose TOR Users

HackRead, 18 Dec 2014 – According to a recent report from WIRED, FBI used a Flash code from an abandoned Metasploit side project “Decloaking Engine” to identify suspects hiding behind the TOR anonymity network. The tool was used in “Operation Torpedo,” a sting operation targeting three users of Dark Net child porn sites. An attorney for one of the defendants is now challenging the reliability of the hackerware as an admissible scientific evidence in the Supreme Court. [More]

7 Internet-of-Things Devices that Make Your Data Vulnerable

NetworkWorld, 16 Dec 2014 – There’s a new threat landscape to consider: the Internet of Things (IoT). And the endpoints in this landscape are vulnerable to attack. We decided to look at seven deadly devices that could someday cost a company millions in data loss. [More]

Sony leaks reveal Hollywood is trying to break DNS

Verge, 16 Dec 2014 – Most anti-piracy tools take one of two paths: they either target the server that’s sharing the files (pulling videos off YouTube or taking down sites like the Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that’s currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place? To do that, the MPAA’s lawyers would target DNS that directs traffic across the internet. [More]

Hack said to cause fiery pipeline blast could rewrite history of cyberwar

Ars Technica, 10 Dec 2014 – Bloomberg News is reporting evidence of a watershed event in the annals of cyberwarfare, a 2008 hack attack that caused a Turkish oil pipeline to spectacularly burst into flames. Attackers gained access to the pipeline’s computerized operational controls and increased the pressure of the crude oil flowing inside. [More]

Hackers reportedly strike Sony Pictures’ computer system

Fortune, 24 Nov 2014 – Sony Pictures reportedly suffered a cyber attack on its computer systems Monday morning. Hackers took control of the film company’s computer systems, forcing it to send employees home for the day, according to multiple outlets. [More]

‘Regin’ malware described as ‘groundbreaking and almost peerless’

CNN, 24 Nov 2014 – Experts don’t know where it came from, and aren’t quite sure what it does. But they do know this: a newly-uncovered cybersecurity threat isn’t your typical credit-card stealing operation. It appears to be a government spying tool, and is “groundbreaking and almost peerless.” [More]
Symantec: Regin: Top-tier espionage tool enables stealthy surveillance

‘DoubleDirect’ MitM attack affects iOS, Android and OS X users

SC Mag, 21 Nov 2014 – For at least six months, a security firm has seen a specific type of man-in-the-middle (MitM) attack, dubbed “DoubleDirect,” being leveraged, which puts iOS, Android and OS X users at risk. San Francisco-based Zimperium detailed the threat in a Thursday blog post, revealing that, like other MitM attacks, DoubleDirect could allow a saboteur to intercept sensitive data, like credentials, or deliver malware to vulnerable devices, by way of redirecting victim’s traffic to attacker-operated devices. [More]

Detekt: A New Malware Detection Tool That Can Expose State Surveillance

Electronic Frontier Foundation, 20 Nov 2014 – Recent years have seen a boom in the adoption of surveillance technology by governments around the world, including spyware that provides its purchasers the unchecked ability to target remote Internet users’ computers, to read their personal emails, listen in on private audio calls, record keystrokes and passwords, and remotely activate their computer’s camera or microphone. That’s why we’ve joined together to support Detekt, a new malware detection tool developed by security researcher Claudio Guarnieri. [More]

Gaming Will Level Up The Network

NetworkComputing, 19 Nov 2014 – The latest release in the popular Call of Duty series shows how video games are branching out and demanding network improvements. Clearly, gaming has become a different animal than it used to be. It’s not just the individual, sitting in front of a TV or a PC. It is an interactive, social experience that requires one heck of a network. In fact, the mass users of a game like Advanced Warfare have many of the same characteristics as a DDoS attack and can be a great way to stress test a large network. [More]

Cross-site scripting vulnerability in millions of web sites

CyberWarZone, 18 Nov 2014 – In August 2014 I found a severe cross-site scripting security vulnerability in the latest version (1.13.0) of the ‘jQuery Validation Plugin‘. This jQuery plugin which adds easy form validation functionality to a web site, is written by a core developer of the highly popular jQuery JavaScript framework. As of speaking this vulnerability still exists and hasn’t been patched. It seems that on first sight 6.000+ web sites are vulnerable. jQuery hasn’t responded to my report of this vulnerability. [More]

PCI Council looks to stem data breaches after bad year

ComputerWorld, 17 Nov 2014 – A consortium that develops guidelines for protecting payment card data is hoping that emerging security technologies will help prevent breaches that made this year one of the worst ever on the security front. As many as 2.3 billion records were compromised this year, a figure close to the populations of India and China combined. [More]

Internet Architecture Board: Encrypt the whole Internet

IAB, 15 Nov 2014 – The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258. [More]

Microsoft Security Intelligence Report for 2014 released

Microsoft, 12 Nov 2014 – Windows users who do not run updated anti-malware software are much more likely to be infected with malware. Microsoft released research this week to prove the point in the most recent version of its Security Intelligence Report. The data in the report is collected from telemetry from the Malicious Software Removal Tool which runs each month with Windows Update. [More]

Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half

Wired, 12 Nov 2014 – First, the good news: that unpatchable security flaw in USB devices first brought to light over the summer affects only about half of the things you plug into your USB port. The bad news is it’s nearly impossible to sort out the secure gadgets from the insecure ones without ripping open every last thumb drive. [More]

POS Malware Continues To Evolve

Dark Reading, 11 Nov 2014 – With a little over two weeks until the holiday shopping season kicks off, a picture of the evolution of point of sale (POS) malware has come into focus with a number of recent pieces of research of late. A common theme recurring throughout is that POS malware is increasingly maturing with different packages and families refined for specific attack scenarios. Just today, researchers with Cyphort Labs released a report that dissected three families of POS malware associated with three distinct breach incidents at Target, Home Depot, and UPS over the past year–BlackPOS, FrameworkPOS, and Backoff respectively. [More]

Windows vulnerability identified as root cause in Home Depot breach

SC Magazine, 10 Nov 2014 – In a detailed account of Home Depot’s breach, the Wall Street Journal disclosed that the compromised credit cards and emails could have been stolen as a result of a Windows vulnerability in the retailer’s main network. Attackers reportedly gained credentials from a third-party vendor and then navigated through the vendor’s system and Home Depot’s secure network by exploiting the vulnerability. [More]

‘Trojan Horse’ Bug Lurking in Vital US Computers Since 2011

ABC News, 6 Nov 2014 – A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security. National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat. [More]

Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

Ars Technica, 5 Nov 2014 – Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism. Nathaniel McHugh ran open source software known as HashClash to modify two separate images—one of them depicting funk legend James Brown and the other R&B singer/songwriter Barry White—that generate precisely the same MD5 hash, e06723d4961a0a3f950e7786f3766338. The exercise — known in cryptographic circles as a hash collision — took just 10 hours and cost only 65 cents plus tax to complete using a GPU instance on Amazon Web Service. [More]

Cybersecurity 2014: Breaches and costs rise, confidence and budgets are low

CSO, 5 Nov 2014 – In 2014, it seemed that no industry went unscathed. The data breaches this year were broad and deep. Despite it being yet another year of staggering data breaches, these breaches are costing enterprises more – and information security budgets aren’t keeping up with the threat. In some cases, they even have fallen slightly. It’s as if security teams manage to make a small foothold against cyber attacks one year, and the next year they slide back. [More]

Written by Doug Vitale

January 22, 2015 at 12:08 PM

%d bloggers like this: