11 total posts
Facebook disables some legitimate apps while targeting
.. malicious ones
The use of tools to detect malicious patterns in apps led Facebook to temporarily disable some legitimate third-party apps that integrate with the social networking website, it said Thursday.
On Tuesday, a number of users complained that their Facebook developer accounts and apps were unavailable.
Facebook said it uses automated systems to identify and disable malicious apps to protect its platform and users. These techniques identify a malicious pattern, find the apps that match that pattern, and then disable those apps.
"This normally results in thousands of malicious apps being disabled and improves our automated systems' ability to detect similar attacks in the future," Facebook employee Eugene Zarakhovsky wrote in a blog post.
But on Tuesday, Facebook started with a broad pattern that correctly matched many thousands of malicious apps but also matched many high-quality apps.
Continued : http://www.computerworld.com/s/article/9241671/Facebook_disables_some_legitimate_apps_while_targeting_malicious_ones
"Bloodsucking leech" puts 100,000 servers at risk of potent
"Think IPMI admin tool is secure and no one connects it to public addresses? Nope."
At least 100,000 Internet-connected servers sold by Dell, HP, and other large manufacturers contain hardware that is vulnerable to potent remote hack attacks that steal passwords and install malware on their host systems, researchers said.
The threat stems from baseboard management controllers that are embedded onto the motherboards of most servers. Widely known as BMCs, the microcontrollers allow administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. But serious design flaws in the underlying intelligent platform management interface, or IPMI, make BMCs highly susceptible to hacks that can cascade throughout a network, according to a paper presented at this week's Usenix Workshop on Offensive Technologies.
Heightening the risk, a recent Internet scan detected at least 100,000 IPMI-enabled servers running on publicly accessible addresses, despite long-standing admonitions from security professionals never to do so.
Continued : http://arstechnica.com/security/2013/08/remote-admin-tool-imperils-servers/
Department of Energy Hacked; PII Stolen
Malicious hackers have broken into computer systems of the U.S. Department of Energy (DOE) to hijack sensitive personally information (PII) for about 14,000 past and current employees.
In a brief statement, the DOE confirmed the breach, which occurred at the end of July. "[It] resulted in the unauthorized disclosure of federal employee Personally Identifiable Information (PII)," the department said.
This is the second major hack at the DOE this year, coming on the heels of a February 2013 incident that penetrated 14 computer servers and 20 workstations at the DOE headquarters.
In the most recent hack, the DOE, which manages the country's nuclear energy programs, insists that no classified data was targeted or compromised.
A December 2012 report from the office of inspector general slammed the Department of Energy for lacking a department-wide cyber-security incident management system, five years after auditors flagged problems in how the department manages cyber-security incidents.
Continued : http://www.securityweek.com/department-energy-hacked-pii-stolen
Energy Dept. hacked; 14,000 employees affected
US Department of Energy Hacked for Second Time This Year [WSJ]
Deja vu all over again? DOE to workers: We've been hacked
Beware the scammers' crocodile tears!
Kaspersky Antivirus Research Weblog:
Having realized that users are getting wise to their scams involving unclaimed inheritances of multi-millionaire African princes, so-called Nigerian scammers have resorted to other outlandish stories from their arsenal of social engineering. We recently caught a few messages in our traps that suggest the scammers are not only unscrupulous and greedy but also engage in self-irony.
In particular, we detected some mailings supposedly sent by the FBI and its agents. The messages state that in the course of a large-scale investigation they identified users who had fallen victim to spammers, fake "Nigerian brides", the organizers of non-existent lotteries, and bogus lawyers of deceased millionaires. The recipient of the "FBI" message was listed as a victim, and he/she could now receive compensation for any losses. The next step in the scam is most likely to be a request to send a payment to cover the costs of processing the compensation request, such as filling in all the necessary documentation. In other words, it uses the typical Nigerian scam scenario. [Screenshot]
At the very least, this message should set the alarm bells ringing because the mailbox of these supposedly diligent fighters of cybercrime is hosted on a free, publicly available resource and not on an FBI server.
In another mailing the fraudsters go even further...
Continued : http://www.securelist.com/en/blog/8130/Beware_the_scammers_crocodile_tears
NSA internal audit reveals thousands of privacy violations
An internal NSA audit document and several other seen by The Washington Post journalists prove that there have been over a 1,000 violations of FISA and presidential executive orders each year since the agency was granted broader surveillance powers in 2008.
"The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance," Barton Gellman pointed out.
"In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence."
Some of the violations were caused by computer errors and other by operators. For example, in 2008, a computer mistake has resulted in the interceptions of calls made from Washington D.C. (US area code 202) instead of those made from Egypt (international dialing code 20). As a reminder: 2008 was an election year.
Continued : http://www.net-security.org/secworld.php?id=15418
Also: Newly published leaks show NSA's thousands of privacy violations
Targeted Attacks Delivering Fruit
Symantec Security Research Blog:
Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT.
Frutas RAT is not new and has been around for quite some time now. Back in February we released a blog about this: Cross-Platform Frutas RAT Builder and Back Door.
The crafted emails used in this campaign contain two files - the first one is a decoy (.pdf) and the second is the actual threat (.jar). Sample email subject lines used include:
• Subject: Obama Releases Three Declassified Spying Docs
• Subject: U.S. Consul General Hart Arrives in Hong Kong
• Subject: UK-Northern Ireland-Japan InfoSec Agreement
[Screenshot: Example Email]
If the social engineering is successful and the .jar file is executed, it will gather the following information from the compromised computer and connect to a command-and-control (C&C) server:
Scam: Pedigree Food Kills Dogs, Fake Animal Control Officers
Scam Alert: Pedigree Food Kills Dogs, Fake Animal Control Officers
Pedigree has published a notice on its website to warn customers of bogus Facebook posts that claim the company's products are responsible for the death of two dogs in Tampa, Florida.
Hoax Slayer provides a sample of the scam post which reads something like this (all in uppercase letters):
"If there is a chemist who can help, I have this bag of Pedigree dog food that killed my dogs, and need to know what poison was in there. Oh yes, Ii am angry. Pedigree dry dog food would be my answer.. 271 complaints 2013 online.. Symptoms similar to Parvo.
Vomit yellow bile, lethargic, then just before death. Just lost my precious dogs... happened so fast, within 48 hours. Tainted bag of pedigree dry small breed formula in my case. Epidemic. Buyer beware. No recall. If this happened in your family, get word out as there is no recall. I am hiring an attorney."
Both Hoax Slayer and Pedigree highlight the fact that the picture of the dog contained in the Facebook posts was actually taken over two years ago.
"The dog in the photo is unrelated to this situation and unrelated to our food. Like you, we are disheartened to see this photo cause confusion among our dog-loving community but we're glad to report that the dog in the photo is doing fine," Pedigree [urll=http://www.pedigree.com/update/]stated.
Continued : http://news.softpedia.com/news/Scam-Alert-Pedigree-Food-Kills-Dogs-Fake-Animal-Control-Officers-376019.shtml
Hackout: Philips Smart Lightbulbs Go Dark In Remote Attack
Add lightbulbs to the list of everyday technology that is 1) Internet connected and 2) vulnerable to crippling remote attacks.*
Writing on Tuesday, security researcher Nitesh Dhanjani disclosed a proof of concept hack against HUE lightbulbs, a brand of wi-fi enabled bulbs manufactured by the firm Philips. The vulnerability discovered by Dhanjani allows a remote attacker to use her mobile device to control HUE.
HUE wi-fi enabled bulbs are sold at Apple stores and allow users to control the function and color of the bulbs using iPhone and Android mobile apps. Dhanjani published his findings in a paper, "Hacking Lightbulbs," which calls the HUE system of bulbs and a wireless bridge "wonderfully innovative," but also prone to hacking.
The most serious flaw discovered would allow a remote attacker to impersonate a white-listed (or "allowed") mobile device, sending commands to HUE bulbs that could cause them to turn off or manipulate the bulb's color. In a detailed report (PDF), Dhanjani said he discovered that the wireless bridge that relays commands to the deployed HUE bulbs relies on a list of allowed "tokens" to validate the HTTP-format requests from authorized administrators. However, in the case of the iOS app that is used with HUE devices, those tokens are merely an MD5 hash of the whitelisted mobile device's Machine Access Code (or MAC) - a publicly broadcast and easily retrievable bit of identifying information.
Continued : https://securityledger.com/2013/08/hackout-philips-smart-lightbulbs-go-dark-in-remote-attack/
Security Flaw in Philips Lighting System Lets Hackers Keep You in the Dark
Philips Light Bulb Vulnerability Could Leave Some In the Dark
NY Post and SocialFlow are latest victims of Twitter hackers
ESET's "We Live Security" Blog:
The New York Post has become the latest victim of a prolific hacking campaign targeting the social media accounts of worldwide media outlets - and SocialFlow, a social media company used by the Post and other media outlets, has also fallen victim.
The Syrian Electronic Army claimed responsibility for the attack - which compromised the newspaper's official Facebook and Twitter accounts, as well as accounts for individual journalists, according to reports in Computing and elsewhere.
Sports writer Mike Puma's account was used to post the message, "Syrian Electronic Army was here" and a link to the group's own Twitter profile.
Posts on the official site for the hacktivist group showed off posts on the hacked acccounts, and that the group had also hacked SocialFlow, a social media platform used by the New York Post. "The Syrian Electronic Army hacked today "Social Flow" company website/accounts. SocialFlow is a social media optimization platform for leading brands and publishers. All of AlJazeera, WashingtonPost, New York Post and many media organizations uses Social Flow," the group said in a statement on its official site.
Continued : http://www.welivesecurity.com/2013/08/15/new-york-post-and-socialflow-are-latest-victims-of-twitter-hackers/
Wait, what? Twitter is a terrorist?
Foreign Policy magazine ran an article this week that positions Twitter as a recruiter for Al-Qaeda:
There's a new jihadist recruiter on the Internet. Based in San Francisco and backed by a multimillion dollar bankroll, the recruiter orchestrates thousands of introductions every day, connecting people at risk of radicalization with extremist clerics and terrorist propagandists - even facilitating online meetings with hardcore al Qaeda members.
The recruiter is Twitter, and it's shaking up the world of online radicalization in ways both large and small.
This is ridiculous on its face, of course. Twitter is no more an Al-Qaeda recruiter than Craigslist is a pimp.
Yes, terrorists use Twitter as a recruiting tool, and if the author of the article is to be believed, it works well. But Twitter also works well for organizing protests against totalitarian regimes, discussing the latest security topic, immersing yourself in popular culture and sharing a link to your favorite cat video.
Continued : http://nakedsecurity.sophos.com/2013/08/16/wait-what-twitter-is-a-terrorist/