hacking – Page 1175 – STE WILLIAMS

Getting the Most From Your Threat Intelligence

library
crime | hacking | security

Network Computing
Darkreading

Anomali’s Director of Security Strategy Travis Farral discusses how security pros can better use the threat intel feeds and tools they already have.

‘);
}

Comments

‘);
}

Live Events

Webinars

More UBM Tech
Live Events

Dark Reading Live EVENTS

0 Comments

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: “Windows 10 Paint 3D is awesome!”

Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Reports

[Strategic Security Report] Assessing Cybersecurity Risk

As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today’s enterprises evaluate the risks they face. This report also offers a look at security professionals’ concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.

7 Hardware Firmware Hacks Highlighted at Black Hat 2017

Best of Black Hat: 20 Epic Talks in 20 Years

IoT Security Incidents Rampant and Costly

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2017-0290Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within …

CVE-2016-10369Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version…

CVE-2016-8209Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

googletag.display(‘div-gpt-ad-961777897907396673-15’);

Tweet This
[close this box]

Article source: https://www.darkreading.com/getting-the-most-from-your-threat-intelligence/v/d-id/1329531?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Using Machine Learning to Combat Bots

library
crime | hacking | security

Network Computing
Darkreading

Splunk’s SVP and General Manager of Security Markets Haiyan Song talks about how enterprises need to apply data science and machine learning to thwart some of the most nefarious online attacks.

‘);
}

Comments

‘);
}

Live Events

Webinars

More UBM Tech
Live Events

Dark Reading Live EVENTS

0 Comments

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: “Windows 10 Paint 3D is awesome!”

Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Reports

[Strategic Security Report] Assessing Cybersecurity Risk

7 Hardware Firmware Hacks Highlighted at Black Hat 2017

Best of Black Hat: 20 Epic Talks in 20 Years

IoT Security Incidents Rampant and Costly

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

googletag.display(‘div-gpt-ad-961777897907396673-15’);

Tweet This
[close this box]

Article source: https://www.darkreading.com/using-machine-learning-to-combat-bots/v/d-id/1329532?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Optimizing Online Defenses Through Crowdsourcing

library
crime | hacking | security

With limited time and money, many organizations are hamstrung when it comes to cyber defense. AlienVault’s CTO Roget Thornton discusses how the company’s crowdsourced, open-source community product, the Open Threat Exchange (OTX), can help.

Article source: https://www.darkreading.com/optimizing-online-defenses-through-crowdsourcing/v/d-id/1329533?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Should You be Worried about Cloud Security?

library
crime | hacking | security

Network Computing
Darkreading

Skybox’s CMO Michelle Johnson Cobb talks about the current threats targeting the cloud — and how the difference between security of the cloud and security in the cloud.

‘);
}

Comments

‘);
}

Live Events

Webinars

More UBM Tech
Live Events

Dark Reading Live EVENTS

0 Comments

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: “Windows 10 Paint 3D is awesome!”

Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Reports

[Strategic Security Report] Assessing Cybersecurity Risk

7 Hardware Firmware Hacks Highlighted at Black Hat 2017

Best of Black Hat: 20 Epic Talks in 20 Years

IoT Security Incidents Rampant and Costly

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

googletag.display(‘div-gpt-ad-961777897907396673-15’);

Tweet This
[close this box]

Article source: https://www.darkreading.com/should-you-be-worried-about-cloud-security/v/d-id/1329534?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Can Machine Learning Help Organizations Improve Data Security?

library
crime | hacking | security

Network Computing
Darkreading

BitDefender’s Malware Researcher Cristina Vatamanu talks about the opportunities and limitations of using machine-learning technology to identify security threats.

‘);
}

Comments

‘);
}

Live Events

Webinars

More UBM Tech
Live Events

Dark Reading Live EVENTS

0 Comments

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: “Windows 10 Paint 3D is awesome!”

Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Reports

[Strategic Security Report] Assessing Cybersecurity Risk

7 Hardware Firmware Hacks Highlighted at Black Hat 2017

Best of Black Hat: 20 Epic Talks in 20 Years

IoT Security Incidents Rampant and Costly

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

googletag.display(‘div-gpt-ad-961777897907396673-15’);

Tweet This
[close this box]

Article source: https://www.darkreading.com/can-machine-learning-help-organizations-improve-data-security/v/d-id/1329535?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Android users: beware ‘Invisible Man’ malware disguised as Flash

library
crime | hacking | security

Android users have a new threat to worry about: keylogging malware that masquerades as a bogus Flash update and steals banking data. Needless to say, criminals in possession of your credentials will happily suck your bank accounts dry.

SophosLabs detects the malware as Andr/Banker-GUA and is blocking it from customers. Also known as “Invisible Man,” the malware is a variant of Svpeng whose original authors fell foul of Russia’s Ministry of the Interior in 2015.

The malware starts by checking your phone’s language settings. If the phone is set to Russian, the malware aborts. If it’s anything else then it proceeds to ask permission to use accessibility services.

Accessibility services are there to help users with disabilities but the access they allow can also be used for malicious ends.

Invisible Man uses accessibility services to draw things on your screen above other apps, and to install itself as the default SMS app.

That ability to draw something on screen above other apps is used to create invisible overlays that sit above legitimate banking apps. The overlay intercepts keystrokes the victim thinks they’re typing into the app underneath such as usernames and passwords.

If you try to open Google Play it pops up a credit card details page to hoover up your credit card details:

Defensive measures

For users, the first red flag should be when they receive a Flash Player download. Flash has long been a conduit for malware and has been the butt of endless jabs in the information security community.

Because of Flash’s numerous, well publicised security problems Flash is frequently updated and users have been told over and over that downloading the latest version is an important security precaution.

Malware authors play on this familiarity by dressing up their malicious software as Flash updates.

Android users (OK, all users) are well advised to give Flash a wide berth in any case. If you really, really need it on your phone you should only download the Flash player by following Adobe’s instructions for manually installing Flash on Android.

The second red flag, for users who don’t normally need them, is apps asking for permission to use accessibility services.

As noted above, Sophos detects this malware and blocks it. The continued onslaught of malicious Android apps demonstrates the need to use an Android antivirus such as our free Sophos Mobile Security for Android.

By blocking the install of malicious and unwanted apps, even if they come from Google Play, you can spare yourself lots of trouble.

Follow @NakedSecurity
Follow @BillBrenner70

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/yKaPOgCETXA/

News in brief: Facebook video chat; protecting Earth from aliens; do you want encryption?

library
crime | hacking | security

Your daily round-up of some of the other stories in the news

Facebook’s video chat device

Facebook Inc.’s experimental Building 8 lab will produce a device designed for video chat, according to Bloomberg.

The device is the first major hardware product expected to be developed by the lab. It will feature a laptop-sized touchscreen and is intended to follow Facebook founder and CEO Mark Zuckerberg’s mission to “bring users closer together” with the idea that the ability to interact will make users in different geographical locations feel like they’re in the same space.

The device is said to feature a wide-angle camera, built in microphone and speakers, and artificial intelligence tech to improve its photographic and audio options (with features like zooming in and focusing on faces).

The company is also said to be developing a smart speaker product like Amazon Echo and Google Home. Early rumors hinted that the chat device and smart speaker were a single, combined device but now appear to be separate offerings.

Planetary Protection Officer

The New York Post just trumpeted that a “NASA job opening to protect Earth from aliens has [a] 6-figure salary”, which certainly got our attention.

It’s not strictly true: the first part of the job is actually to protect aliens from us (OK, we’re extrapolating for effect).

The six-figure salary part is true, however, with an upper bound listed of $187,000 per year.

It’s a three-year gig, and you’ll be concerned with how to stop contaminants from earth making their way off the planet during space exploration missions.

But the New York Post is at least partly right, because you’ll also be worrying about what might come back with the mission along with all that moon dust, although that sounds less glamorous than “protecting Earth from aliens”.

The best thing about the job, though – aside from 187 large ones a year, of course – is how cool your business card will be, because the job title is Planetary Protection Officer.

That should put all those Senior Chief Space Research Scientists’ noses out of joint!

If you’re interested, you can apply online (you need to be a US citizen or US national).

Real users want…

Earlier today, we wrote about a claim from a senior British politician that “real people prefer ease of use […] to unbreakable security”.

This was Home Secretary Amber Rudd’s latest salvo in the argument about whether the UK ought to force software such as WhatsApp to open up to law enforcement.

Rudd wants to compel WhatsApp and others to make their encryption crackable (or perhaps abandon it altogether) to make it less secure for terrorists – and thus less secure for everyone else, too.

We’re not sure why “real people” (the only sort we’ve ever met, but perhaps we need to get out more?) would prefer ease of use over encryption, considering that they can have both, but that’s what Amber Rudd said.

We’re also not sure whether “real people” really are happy to see strong encryption brushed aside.

So we thought we’d let all you “real people” speak for yourselves:

Calling all “real people” – do you want unbreakable encryption?

— Naked Security (@NakedSecurity) August 2, 2017

What do you say?

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/PtMEBmATnNw/

FCC: We could tell you our cybersecurity plan… but we’d have to kill you

library
crime | hacking | security

America’s broadband watchdog, the FCC, has continued digging an ever-deeper hole over its claims it was subject to a distributed denial-of-service attack.

The latest shovel of BS came in a letter [PDF] to US Congress in which the FCC’s chief information officer David Bray said he could not tell Congressmen what the “additional solutions” he had previously claimed the federal regulator was putting in place to prevent future attacks were.

Why not? Because to do so “would undermine our system’s security to provide a specific roadmap of the additional solutions to which we have referred.”

That answer is just the latest in a long series of implausible responses from the federal regulator over its claim in May that its systems were “subject to multiple distributed denial-of-service attacks (DDoS)” that caused them to fall off the internet.

The web tsunami hit right after the FCC’s controversial plan to overturn net neutrality rules was featured on a popular late-night TV show. The host, John Oliver, actively encouraged readers to contact the FCC to register their disagreement.

Oliver pointed out that the process of filing a comment was much more complicated than previously and required a five-step process before a comment could be submitted. And so the show set up a specific URL – gofccyourself.com – that automatically redirected to the right FCC sub-page and only required a single click to comment.

The subsequent flood of people commenting on the proceedings caused the FCC’s public comment system to fall over.

Deja Poo

Which was embarrassing for the FCC, especially since the exact same thing had happened three years earlier when Oliver featured the issue of net neutrality and encouraged viewers to comment.

Rather than admit to its failure, however, the next day the FCC put out a press release that sought to paint the critical commenters as malicious actors and claimed it had been subject to an online attack.

“These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” the release [PDF] said. “These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”

That claim was met with extreme skepticism – especially since FCC chairman Ajit Pai and his office have repeatedly attempted to undermine or belittle opposition to their plans.

And so began a ridiculous game of cat-and-mouse in which journalists and congressman have taken the FCC at its word and acted as though it really had been subject to a denial-of-service attack.

I see…

The result has been an embarrassing series of efforts by the FCC to close the book on the incident without admitting its initial statement was incorrect. Since May, the FCC has:

Refused to provide any records to a FOIA request for information on the attack because they contain “commercially confidential details, copyrighted information, and internal agency notes.”
Been forced to admit it never wrote down its initial analysis of the DDoS attack because it stemmed from “real time observation and feedback.”
Redescribed the attack as a “non-traditional DDoS attack” – and then refused to explain what that term means.
Admitted that it did not report the attack through the normal channels – to the federal government through Homeland Security’s Hunt and Incident Response Team (HIRT) or to Congress through the Federal Information Security Management Act (FISMA) reporting system – because it did not reach the level of a “significant cyber incident.”
Increasingly upgraded the sort of damage that would have had to have occurred in the attack for the FCC to take official action (as opposed to drafting a press release). The FCC’s new claimed standard is an attack that causes “demonstrable harm to the national security interests, foreign relations, or economy.” Under this, it’s hard to imagine any attack on the FCC would ever need to be reported.

The simple fact is no one believes the FCC was really the target of a DDoS attack, with congressmen openly referring to it as an “alleged cyberattack.”

And if there is one piece of evidence (outside of the documents that the FCC refuses to hand over) that demonstrates that a federal regulator is actively and repeatedly misleading US citizens and Congress in order to try to undermine critics of its actions, it comes in the fact that the FCC website fell over a second time the next night after the original failure.

It just so happened that John Oliver’s segment was re-airing at the same time. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/08/02/fcc_ddos_cybersecurity_plan/

Cardiff did Nazi that coming: Hackers slap Trump, swastikas, Sharia law on e-sign

library
crime | hacking | security

Shoppers in Cardiff got an eyeful this week when mystery hackers took control of an electronic billboard overlooking the main shopping street and broadcasted a string of images, including Nazi swastikas.

The billboard, on Queen Street in the Welsh capital, began displaying pictures of the Nazi symbol, and a sign declaring: “Warning. This is a Sharia controlled zone. No alcohol. No gambling. No porn.” Anyone who has been in Cardiff on a Saturday night knows this Sharia statement is a non-starter.

Other pictures included the Big Brother sign from the film 1984 and Pepe the Frog memes, including the alt-reich symbol dressed as a wizard and as President Trump. 4chan /pol/ denizens were amused…

Some Anons from /pol/ were able to hack into a billboard in Cardiff, Wales.

As you can see, they had a little fun. pic.twitter.com/z7qNDzgAZa

— /pol/ News Forever (@polNewsForever) August 2, 2017

“On Tuesday evening South Wales Police received a number of calls relating to concerns regarding messages being displayed on the screens in Queen Street, Cardiff,” the coppers told Wales Today. “We alerted the city council and will investigate any crimes which may have been committed.”

It’s fairly obvious that some kind of hacking crime has been committed – either that or the billboard’s owners blowUP Media have some very unusual clients. The local council has said it is investigating the matter. ®

PS: No, Wales is not an imaginary place nor an ocean theme park nor a suburb of London. It’s part of the UK.

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/08/02/welsh_electronic_billboard_hacked/

Chrome web dev plugin with 1m+ users hijacked, crams ads into browsers

library
crime | hacking | security

A popular Chrome extension was hijacked earlier today to inject ads into browsers, and potentially run malicious JavaScript, after the plugin’s creator was hacked.

Chris Pederick, maker of the Web Developer for Chrome extension, is urging anyone who uses his programming tool to update to version 0.5 or later. That’s because miscreants apparently phished his Google account, updated the software to version 0.4.9, and pushed it out to its 1,044,000 users.

That booby-trapped build fetched JavaScript code from the web and ran it within people’s browsers: the code forcibly slapped ads on pages, and may have done worse. If you installed v0.4.9, you should upgrade to the clean v0.5 replacement immediately, and consider changing passwords or nullifying login tokens and cookies used on sites visited while using the infected extension.

It’s understood the software was compromised about five to six hours ago, around 6am Pacific Time, pulled down from the Chrome store around 8am PT, and fixed about an hour later. Here’s the key tweets from Pederick, a software engineer based in San Francisco:

The Web Developer for Chrome account has been compromised and a hacked version of the extension (0.4.9) uploaded 😞

— Chris Pederick (@chrispederick) August 2, 2017

Version 0.5 of Web Developer for Chrome is now live which removes the compromised code. Please update immediately.

— Chris Pederick (@chrispederick) August 2, 2017

I stupidly fell for a phishing attack on my Google account 😞

— Chris Pederick (@chrispederick) August 2, 2017

With over a million users, the compromised code would have allowed the crooks behind the scam to bank a sizable commission from the ads during the few hours the evil JS was active. Not every machine running the extension was affected, it seems – here’s an example of the injected advertising:

Weird thing is I could only get 2 machines out of 10 to generate the ads. All had 0.4.9 on them. pic.twitter.com/ZG0L1h75qT

— ᕦ[ •́ ﹏ •̀ ]⊃-]═── (@SEOMalc) August 2, 2017

The Firefox version of the plugin is not believed to have been compromised. The cause of the incident, Pederick believes, was a phishing email that resulted in the loss of his developer credentials. Folks have posted various negative reviews on the Chrome plugin’s page, complaining of ads and Google Analytics tracking suddenly appearing in the software.

The tool normally “adds a toolbar button to the browser with various web developer tools.” It’s a Swiss army knife for coders.

We’ve asked Pederick for comment, and will update this piece with more information as it becomes available, such as what was the situation with his Google account and two-factor authentication. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/08/02/chrome_web_developer_extension_hacked/