Spyware, Viruses, & Security forum


NEWS - March 01, 2011

by Carol~ Forum moderator / February 29, 2012 10:27 PM PST
More Than Half of Organizations Take Months or Years to Discover a Breach, Verizon Says

Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.

Called the Verizon 2011 Investigative Response Caseload Review (pdf), it compiles statistics from 90 data breach cases investigated by the company's incident response team last year, and provides a preview of Verizon's larger annual report that will contain data collected from additional sources like national CERTs and law enforcement agencies.

The report concludes that 92 percent of data breach incidents have had an external cause, which conflicts with the findings of other security vendors, according to whom most data breaches are the result of internal threats.

"I think that's a bit of a myth in the security community," said Wade Baker, director of risk intelligence for Verizon Business. "There's fewer people inside of an organization than there are outside and I think it stands to reason that, by the numbers, we will have more external incidents."

Continued : http://www.pcworld.com/businesscenter/article/251068/more_than_half_of_organizations_take_months_or_years_to_discover_a_breach_verizon_says.html

Verizon offers glimpse of its 2011 security investigations
Verizon Previews Data Breach Investigations Report
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 01, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 01, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Interpol arrests 25 alleged Anonymous members
by Carol~ Forum moderator / February 29, 2012 11:02 PM PST
In reply to: NEWS - March 01, 2011

"The suspected hackers were arrested in Argentina, Chile, Colombia and Spain"

Interpol said Tuesday that 25 people suspected of being affiliated with the Anonymous hacking group were arrested in four countries in South America and Europe, with authorities seizing IT equipment, payment cards and cash.

The arrests were made across 15 cities in Argentina, Chile, Columbia and Spain, Interpol said in a news release. They followed an investigation called "Operation Unmask" that began in mid-February following cyberattacks directed at Columbia's Ministry of Defense and the president's website, and Chile's Endesa electricity company and its national library.

Authorities searched 40 premises and seized 250 items including computer equipment and mobile phones. An investigation continues into how the alleged hackers' activities were funded, Interpol said.

A prominent Twitter account linked to Anonymous, AnonOps, hinted that the group had been attacking Interpol's website in retaliation on Wednesday. One tweet read, "Tango Down II 404 Interpol."

Continued : http://news.techworld.com/security/3341113/interpol-arrests-25-alleged-anonymous-members/

UPDATE: Interpol Operation Leads to Arrest of 25 Suspected Anons
Interpol Site Knocked Offline Following Anonymous Arrests
Police arrest four suspected Anonymous hacktivists
INTERPOL Says 25 Suspected 'Anonymous' Members Arrested In Global Operation

Collapse -
HTTPS Everywhere reaches 2.0, comes to Chrome as beta
by Carol~ Forum moderator / February 29, 2012 11:02 PM PST
In reply to: NEWS - March 01, 2011

Version 2.0 of the HTTPS Everywhere browser extension has been released. Where possible, the add-on automatically redirects users to more secure HTTPS connections when they access certain web pages. HTTPS Everywhere 2.0 includes an optional "Decentralised SSL Observatory" feature that detects weaknesses in encryption.

When the extension detects an encryption issue, such as weak keys, it notifies users that the site they are visiting may contain security vulnerabilities that could be used to for man-in-the-middle (MITM) attacks. "This is an extra level of protection that we encourage Firefox users to download, install, and use" said Electronic Frontier Foundation (EFF) Technology Projects Director Peter Eckersley.

The updated extension is available for Mozilla's Firefox and has been translated into 12 languages. A beta version is now available for Google's Chrome browser. The new beta Chrome version includes the same features as older versions of HTTPS Everywhere; however, it does not yet include the functionality to notify users of weak key vulnerabilities and other certificate problems.

Continued : http://www.h-online.com/security/news/item/HTTPS-Everywhere-reaches-2-0-comes-to-Chrome-as-beta-1445615.html

Also: New "HTTPS Everywhere" for Firefox and a beta for Chrome

Collapse -
Tick-like banking Trojan drills into Firefox, sucks out info
by Carol~ Forum moderator / February 29, 2012 11:02 PM PST
In reply to: NEWS - March 01, 2011

A new banking Trojan is spreading in the UK and the Netherlands, Symantec warns.

Neloweg operates much like its more famous cybercrime toolkit predecessor ZeuS, but with a couple of subtle twists.

"Like Zeus, Neloweg can detect which site it is on and add custom JavaScript. But while Zeus uses an included configuration file, Neloweg stores this on a malicious webserver," Symantec analyst Fred Gutierrez explains.

The malware is designed to snatch online login credentials, primarily (but not exclusively) those for online banking sites. It infects machines by tricking Microsoft Windows users into installing it via a drive-by-download, spam or targeted email, or with the help of other malware.

Neloweg also targets browsers that utilise the Trident (Internet Explorer), Gecko (Firefox) and WebKit (Chrome/Safari) browser engines. In the case of Firefox, the Trojan buries itself, becoming an integral component of the browser on infected machines - rather than a simple extension - a development that makes the Neloweg more stealthy than previous strains of banking malware.

Continued : http://www.theregister.co.uk/2012/03/01/neloweg_banking_trojan/

Collapse -
NASA: Hackers Targeted Us 5,408 Times in 2010 and 2011
by Carol~ Forum moderator / February 29, 2012 11:02 PM PST
In reply to: NEWS - March 01, 2011

A written testimony of Paul K. Martin, Inspector General at NASA, before the agency's Subcommittee of Investigations and Oversight reveals some interesting aspects regarding the Space Agency's cybersecurity issues.

Not a week passes in which we don't learn of another hacker that finds a flaw in one of NASA's many online domains, but now, we are presented with the exact number of incidents that affected the organization's infrastructure.

It turns out that 5,408 computer security incidents were recorded during 2010 and 2011.

"These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Martin wrote.

Apparently, these intrusions damaged thousands of computing devices, the total estimated cost to NASA being more than $7 million (4.9 million EUR).

The Inspector General admits that the organization is far behind other agencies when it comes to protecting the laptops utilized by personnel. In the timeframe between April 2009 and April 2011, 48 laptops and other mobile devices were stolen.

As a result of these incidents, not only personally identifiable information was leaked, but also some even more important data, such as the algorithms used to control the International Space Station (ISS), and secret data on NASA's Constellation and Orion projects.

Continued : http://news.softpedia.com/news/NASA-Hackers-Targeted-Us-5-408-Times-in-2010-and-2011-255951.shtml

Stolen NASA Laptop Contained Commands For International Space Station
NASA Still Falling Short on IT Security

Collapse -
Loophole in iOS Allows Developers Access to Users' Photos
by Carol~ Forum moderator / March 1, 2012 2:15 AM PST
In reply to: NEWS - March 01, 2011

A recently discovered hole in Apple's iOS allows third-party developers access to users' iPhone, iPad or iPod Touch photos by exploiting the device's location data, according to a report from the New York Times' Nick Bilton on the Bits blog yesterday.

The loophole lies in the way that applications use certain photo location data. Assuming an iPhone user approves any app that accesses the location data of photos, the app's developers will be able to capture any of the users' images while that app is open.

The Times had an unnamed developer create a proof of concept application app to do just this, according to the blog post. The app, called PhotoSpy, was never submitted to the App Store for approval but asked users for access to location data. After granting it, the app began transferring photos and location data from the phone to a remote server.

Apple first allowed apps access to photo libraries in 2010 with the fourth build of their operating system. The move was intended to allow photo apps better access to let users share and edit photos.

While Apple didn't immediately respond to a request for comment on Wednesday, they have gone on record regarding any apps that may use a users' contact information without notification:

Continued : http://threatpost.com/en_us/blogs/loophole-ios-allows-developers-access-users-photos-022912

Also: iOS loophole gives developers access to photos, sources say a fix is coming

Collapse -
New Firefox Plugin Shows Who's Tracking Your Web Browsing
by Carol~ Forum moderator / March 1, 2012 2:15 AM PST
In reply to: NEWS - March 01, 2011

The Mozilla Foundation has released a new plugin for their Firefox web browser designed to show you how your web surfing is tracked and aggregated. Called Collusion, the plugin "allows you to see all the third parties that are tracking your movements across the Web." It looks at the cookies that web sites send to your browser, and then shows, "in real time, how that data creates a spider-web of interaction between companies and other trackers."

We tried out the plugin, and quickly noticed not only that many sites set several tracking cookies, but that there was "collusion" among some of them. [Screenshot]

What happens is that different sites use the same "behavioral tracking sites," and:

" Because the same cookies were transmitted to the same advertisers when you visited both sites, those advertisers effectively track you across them. "

The whole tracking issue has come to the forefront recently. The question of a "do not track" header was raised last year, and Google recently added a "do not track" feature to its Chrome browser, but web site support is spotty at best. (A Macworld article, What you need to know about Do Not Track gives some answers to common questions about this technology.)

Continued : http://blog.intego.com/new-firefox-plugin-shows-you-whos-tracking-your-web-browsing/

Also: Mozilla introduces Collusion, a new tracking mapper add-on

Collapse -
Linsanity Leads to Targeted Malware Attacks
by Carol~ Forum moderator / March 1, 2012 2:15 AM PST
In reply to: NEWS - March 01, 2011

From TrendLabs Malware Blog:

When there are celebrity stories such as the death of Whitney Houston in the press, we expect to see BlackHat SEO attacks and other cybercriminal campaigns using these themes to distribute malware. However, a recent targeted attack (PDF) caught our attention. The lure in this case was the story of Jeremy Lin, the NBA star whose outstanding play for the New York Knicks has drawn international attention. He recently made the front cover of Time magazine with the simple headline "Linsanity".

A malicious document named "The incredible story of Jeremy Lin the NBA new superstar.doc", detected by Trend Micro as TROJ_ARTIEF.LN, was sent on February 16th 2012. It exploits a vulnerability in Microsoft Office (CVE-2010-3333) in order to drop malware on the target's system. The dropped malware is detected by Trend Micro as BKDR_MECIV.LN. After successful exploitation, a clean document is opened so that the target doesn't suspect that anything malicious occurred. [Screenshot]

This attack is actually part of the LURID campaign (often known as Enfal) that we documented last year. The victims of that campaign were primarily in Eastern Europe and Central Asia. This "Linsanity" attack continues that trend.

We decoded the information that is sent back to the command and control server:

Continued : http://blog.trendmicro.com/linsanity-leads-to-targeted-malware-attacks/

Collapse -
Fake AV: .ru sites used for redirections
by Carol~ Forum moderator / March 1, 2012 2:16 AM PST
In reply to: NEWS - March 01, 2011

From the Zscaler ThreatLab Blog:

This past month, I've seen an increase in hijacked sites redirecting to a Fake AV page. These attacks typically involves three separate phases:

1 - The hijacked website redirects users coming from a Google search to an external domain.
2 - A website redirects users to the Fake AV page or to a harmless site (mostly bing.com and google.com) depending upon the referer in step #1. This page adds a cookie using JavaScript, and reads it immediately, to make sure the page was accessed by a real browser that supports both JavaScript and cookies.
3 - The fake AV page is delivered.

Hijacked sites

I demonstrated last year that the Blackhat SEO attacks had migrated from the most popular searches to more specific searches like buying software online where up to 90% of the links returned are malicious. It comes as no surprise that about 95% of the hijacked sites were found for searches like "purchase microsoft word", "achat windows" ("buy Windows" in French), "precio office 2007" (Italian), etc.

There were 12 hijacked sites being used, with 3 domains representing 90% of the hijacked sites redirecting to a fake AV page:

• politicalcampaignexpert.com (WordPress)
• www.extralast.com (WordPress)
• www.ukresistance.co.uk (blocked by Google Safe Browsing)

Redirection site

Continued : http://research.zscaler.com/2012/02/fake-av-ru-sites-used-for-redirections.html

Collapse -
Cybercriminal By Day, Cyber Spy By Night?
by Carol~ Forum moderator / March 1, 2012 3:14 AM PST
In reply to: NEWS - March 01, 2011

"New research shows a link between espionage malware and Black Hat SEO -- and with the RSA attackers"

RSA CONFERENCE 2012 -- San Francisco, Calif. -- New research appears to raise questions over the conventional wisdom that pure nation-state cyberspies rarely if ever dabble in traditional financial cybercrime. Dell SecureWorks here yesterday shared details of a complex study it conducted of two families of espionage malware that have infected government ministry computers in Vietnam, Brunei, Myanmar, Europe, as well as an embassy in China.

Joe Stewart, director of malware research for SecureWorks counter threat unit research team, and his team dug into the domains shared by these malware families, which appear to have been registered by an individual whose physical address they traced to a P.O. box in the fictional location of "Sin Digoo," California.

The domains were registered under the names of "Tawyna Grilth" and "Eric Charles" with a specific Hotmail address during 2004 and 2011. Malware samples using the Tawyna Grilth domains are tied to advanced persistent threat (APT) activity, according to SecureWorks. But the researchers also found that "Tawnya's" domain hosted a Black Hat search engine optimization service.

Continued : http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232601861/cybercriminal-by-day-cyber-spy-by-night.html

Espionage malware with ties to RSA hack snags scores of government PCs
How to catch an Internet cyber thief

Collapse -
Google privacy change taking effect today is illegal, EU
by Carol~ Forum moderator / March 1, 2012 3:14 AM PST
In reply to: NEWS - March 01, 2011
.. officials say

European regulators today claimed that Google's new privacy policy violates European law, but Google has started rolling it out to users anyway. Google announced the new policy in January, stating that it would take effect by March 1, and it was implemented today as scheduled.

Yet the policy faces legal threats. In the US last month, the Electronic Privacy Information Center filed a lawsuit against the Federal Trade Commission, saying that Google's new privacy policy violates a consent order the company signed with the FTC in March 2011 after the Google Buzz controversy.

A French data protection commission investigating Google's privacy policy on behalf of the EU said this week that the privacy policy violates the European Data Protection Directive and that both the French "and the EU data protection authorities are deeply concerned about the combination of data across services and will continue their investigations with Google's representatives."

Continued : http://arstechnica.com/tech-policy/news/2012/03/google-privacy-change-taking-effect-today-is-illegal-eu-officials-say.ars

Also: Google rolls out privacy policy, snubs Euro outcry
Collapse -
Google's new privacy policy: what has changed & what you..
by Carol~ Forum moderator / March 1, 2012 5:25 AM PST

"Google's new privacy policy: what has changed and what you can do about it"

Today's the day Google's broad new privacy policy goes into effect. European regulators are claiming it violates data protection laws, but it's here and it may be here to stay.

There are some not-completely-foolproof ways to hide from Google, but first let's talk about what's changed. Prior to today, Google had more than 70 privacy policies for its various products. But with the company trying to create a seamless experience across search, Gmail, Google+, Google Docs, Picasa, and much more, Google is consolidating the majority of its policies down into just one document covering most of its products. This will make it easier for Google to track users for the purpose of serving up personalized ads.

"The main change is for users with Google Accounts," Google said at the time of its January announcement. "Our new Privacy Policy makes clear that, if you're signed in, we may combine information you've provided from one service with information from other services. In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience."

Continued : http://arstechnica.com/tech-policy/news/2012/03/googles-new-privacy-policy-what-has-changed-and-what-you-can-do-about-it.ars

Collapse -
Free iPad 3? It doesn't exist! Beware of scams
by Carol~ Forum moderator / March 1, 2012 3:16 AM PST
In reply to: NEWS - March 01, 2011

It is widely anticipated that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th.

An invitation sent to journalists, inviting them to an event organised by Apple, has fueled speculation even further as it appears to show a close-up of someone using an iPad. [...]

Could it be the new iPad with a much lusted for improved display and souped-up processor? Only time will tell..

Of course, one group that isn't bothering to wait are the spammers and scammers who frequently tempt the unwary into clicking on their links, or completing their revenue-generating surveys, by offering the latest Apple gear.. for free.

And even though the iPad 3 doesn't exist yet (and who can forget the iPhone 5 scams that all looked a bit silly once Apple actually announced the iPhone 4S instead?) we are seeing plenty of examples of Facebook pages and tweets that appear to be attempting to trick users into thinking they can get one for free.

Continued : http://nakedsecurity.sophos.com/2012/02/29/free-ipad-3-scams-bewar/

Collapse -
$2.1 million stolen with clever social engineering
by Carol~ Forum moderator / March 1, 2012 3:16 AM PST
In reply to: NEWS - March 01, 2011

An unnamed fraudster managed to steal $2.1 million from a hospital chain's Wells Fargo Bank escrow account by faxing a money transfer signed with a copied-and-pasted signature he has taken off the Internet.

The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests.

To understand what happened, you must know that Catholic Healthcare West, the hospital chain in question, signed a contract with Merced County, California, to operate a medical center in the San Joaquin Valley.

In order to be able to do that, the chain had to maintain an escrow account with $7.5 millions in it. At the same time, it decided to change banks, but needed the approval of the county's Board of Supervisors to do that. They did approve but, unfortunately, the county put a partial copy of this agreement on its official website, complete with the signatures of the chain's CFO Michael Blaszyk and the Merced County Director of Public Health Tammy Chandler.

Armed with the name of the bank where Catholic Healthcare West had the account and the name and signature of the chain's CFO, the fraudster put the plan in motion in December 2011, Forbes reports.

Continued : http://www.net-security.org/secworld.php?id=12516

Collapse -
Banker Trojan Zbot Allies With Well-Known Exploit
by Carol~ Forum moderator / March 1, 2012 5:30 AM PST
In reply to: NEWS - March 01, 2011

From Bitdefender's Malware City Blog:

Please wait page is loading... a Zbot

Bitdefender labs have just stumbled upon a website that presents extreme dangers to users, infecting systems with Zbot.

Once accessed, the site opens an apparently innocent HTML page (Trojan.JS.QOS). The simple "Please wait page is loading..."content hides, however, a tricky JavaScript that redirects users to another malicious JavaScript. [Screenshot: Infected page redirecting user]

This second JavaScript file (Trojan.JS.Redirector.YF) is called js.js and is stored in a folder with a randomly generated name. It appears this malicious JS file has been planted on a multitude of servers that host otherwise clean websites, probably as a result of FTP credentials theft. This script has the sole purpose of redirecting the user to the exploit page, the final stop in this redirection trip.

The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) - a front for a well-known exploit (CVE-2010-0840) which now is used to download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised systems.

Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with backdoor and server capabilities, known to collect from its victims bank-related information, login data, history of the visited Web sites and other sensitive details. Some versions may even snatch screenshots of the compromised machine's desktop.

Continued : http://www.malwarecity.com/blog/banker-trojan-zbot-allies-with-well-known-exploit-1263.html

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Big screens for the big game

Still looking for the best TV deals ahead of Sunday's game? Here are our top three big screen picks.