15 total posts
Interpol arrests 25 alleged Anonymous members
"The suspected hackers were arrested in Argentina, Chile, Colombia and Spain"
Interpol said Tuesday that 25 people suspected of being affiliated with the Anonymous hacking group were arrested in four countries in South America and Europe, with authorities seizing IT equipment, payment cards and cash.
The arrests were made across 15 cities in Argentina, Chile, Columbia and Spain, Interpol said in a news release. They followed an investigation called "Operation Unmask" that began in mid-February following cyberattacks directed at Columbia's Ministry of Defense and the president's website, and Chile's Endesa electricity company and its national library.
Authorities searched 40 premises and seized 250 items including computer equipment and mobile phones. An investigation continues into how the alleged hackers' activities were funded, Interpol said.
A prominent Twitter account linked to Anonymous, AnonOps, hinted that the group had been attacking Interpol's website in retaliation on Wednesday. One tweet read, "Tango Down II 404 Interpol."
Continued : http://news.techworld.com/security/3341113/interpol-arrests-25-alleged-anonymous-members/
UPDATE: Interpol Operation Leads to Arrest of 25 Suspected Anons
Interpol Site Knocked Offline Following Anonymous Arrests
Police arrest four suspected Anonymous hacktivists
INTERPOL Says 25 Suspected 'Anonymous' Members Arrested In Global Operation
HTTPS Everywhere reaches 2.0, comes to Chrome as beta
Version 2.0 of the HTTPS Everywhere browser extension has been released. Where possible, the add-on automatically redirects users to more secure HTTPS connections when they access certain web pages. HTTPS Everywhere 2.0 includes an optional "Decentralised SSL Observatory" feature that detects weaknesses in encryption.
When the extension detects an encryption issue, such as weak keys, it notifies users that the site they are visiting may contain security vulnerabilities that could be used to for man-in-the-middle (MITM) attacks. "This is an extra level of protection that we encourage Firefox users to download, install, and use" said Electronic Frontier Foundation (EFF) Technology Projects Director Peter Eckersley.
The updated extension is available for Mozilla's Firefox and has been translated into 12 languages. A beta version is now available for Google's Chrome browser. The new beta Chrome version includes the same features as older versions of HTTPS Everywhere; however, it does not yet include the functionality to notify users of weak key vulnerabilities and other certificate problems.
Continued : http://www.h-online.com/security/news/item/HTTPS-Everywhere-reaches-2-0-comes-to-Chrome-as-beta-1445615.html
Also: New "HTTPS Everywhere" for Firefox and a beta for Chrome
Tick-like banking Trojan drills into Firefox, sucks out info
A new banking Trojan is spreading in the UK and the Netherlands, Symantec warns.
Neloweg operates much like its more famous cybercrime toolkit predecessor ZeuS, but with a couple of subtle twists.
The malware is designed to snatch online login credentials, primarily (but not exclusively) those for online banking sites. It infects machines by tricking Microsoft Windows users into installing it via a drive-by-download, spam or targeted email, or with the help of other malware.
Neloweg also targets browsers that utilise the Trident (Internet Explorer), Gecko (Firefox) and WebKit (Chrome/Safari) browser engines. In the case of Firefox, the Trojan buries itself, becoming an integral component of the browser on infected machines - rather than a simple extension - a development that makes the Neloweg more stealthy than previous strains of banking malware.
Continued : http://www.theregister.co.uk/2012/03/01/neloweg_banking_trojan/
NASA: Hackers Targeted Us 5,408 Times in 2010 and 2011
A written testimony of Paul K. Martin, Inspector General at NASA, before the agency's Subcommittee of Investigations and Oversight reveals some interesting aspects regarding the Space Agency's cybersecurity issues.
Not a week passes in which we don't learn of another hacker that finds a flaw in one of NASA's many online domains, but now, we are presented with the exact number of incidents that affected the organization's infrastructure.
It turns out that 5,408 computer security incidents were recorded during 2010 and 2011.
"These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," Martin wrote.
Apparently, these intrusions damaged thousands of computing devices, the total estimated cost to NASA being more than $7 million (4.9 million EUR).
The Inspector General admits that the organization is far behind other agencies when it comes to protecting the laptops utilized by personnel. In the timeframe between April 2009 and April 2011, 48 laptops and other mobile devices were stolen.
As a result of these incidents, not only personally identifiable information was leaked, but also some even more important data, such as the algorithms used to control the International Space Station (ISS), and secret data on NASA's Constellation and Orion projects.
Continued : http://news.softpedia.com/news/NASA-Hackers-Targeted-Us-5-408-Times-in-2010-and-2011-255951.shtml
Stolen NASA Laptop Contained Commands For International Space Station
NASA Still Falling Short on IT Security
Loophole in iOS Allows Developers Access to Users' Photos
A recently discovered hole in Apple's iOS allows third-party developers access to users' iPhone, iPad or iPod Touch photos by exploiting the device's location data, according to a report from the New York Times' Nick Bilton on the Bits blog yesterday.
The loophole lies in the way that applications use certain photo location data. Assuming an iPhone user approves any app that accesses the location data of photos, the app's developers will be able to capture any of the users' images while that app is open.
The Times had an unnamed developer create a proof of concept application app to do just this, according to the blog post. The app, called PhotoSpy, was never submitted to the App Store for approval but asked users for access to location data. After granting it, the app began transferring photos and location data from the phone to a remote server.
Apple first allowed apps access to photo libraries in 2010 with the fourth build of their operating system. The move was intended to allow photo apps better access to let users share and edit photos.
While Apple didn't immediately respond to a request for comment on Wednesday, they have gone on record regarding any apps that may use a users' contact information without notification:
Continued : http://threatpost.com/en_us/blogs/loophole-ios-allows-developers-access-users-photos-022912
Also: iOS loophole gives developers access to photos, sources say a fix is coming
New Firefox Plugin Shows Who's Tracking Your Web Browsing
The Mozilla Foundation has released a new plugin for their Firefox web browser designed to show you how your web surfing is tracked and aggregated. Called Collusion, the plugin "allows you to see all the third parties that are tracking your movements across the Web." It looks at the cookies that web sites send to your browser, and then shows, "in real time, how that data creates a spider-web of interaction between companies and other trackers."
We tried out the plugin, and quickly noticed not only that many sites set several tracking cookies, but that there was "collusion" among some of them. [Screenshot]
What happens is that different sites use the same "behavioral tracking sites," and:
" Because the same cookies were transmitted to the same advertisers when you visited both sites, those advertisers effectively track you across them. "
The whole tracking issue has come to the forefront recently. The question of a "do not track" header was raised last year, and Google recently added a "do not track" feature to its Chrome browser, but web site support is spotty at best. (A Macworld article, What you need to know about Do Not Track gives some answers to common questions about this technology.)
Continued : http://blog.intego.com/new-firefox-plugin-shows-you-whos-tracking-your-web-browsing/
Also: Mozilla introduces Collusion, a new tracking mapper add-on
Linsanity Leads to Targeted Malware Attacks
From TrendLabs Malware Blog:
When there are celebrity stories such as the death of Whitney Houston in the press, we expect to see BlackHat SEO attacks and other cybercriminal campaigns using these themes to distribute malware. However, a recent targeted attack (PDF) caught our attention. The lure in this case was the story of Jeremy Lin, the NBA star whose outstanding play for the New York Knicks has drawn international attention. He recently made the front cover of Time magazine with the simple headline "Linsanity".
A malicious document named "The incredible story of Jeremy Lin the NBA new superstar.doc", detected by Trend Micro as TROJ_ARTIEF.LN, was sent on February 16th 2012. It exploits a vulnerability in Microsoft Office (CVE-2010-3333) in order to drop malware on the target's system. The dropped malware is detected by Trend Micro as BKDR_MECIV.LN. After successful exploitation, a clean document is opened so that the target doesn't suspect that anything malicious occurred. [Screenshot]
This attack is actually part of the LURID campaign (often known as Enfal) that we documented last year. The victims of that campaign were primarily in Eastern Europe and Central Asia. This "Linsanity" attack continues that trend.
We decoded the information that is sent back to the command and control server:
Continued : http://blog.trendmicro.com/linsanity-leads-to-targeted-malware-attacks/
Fake AV: .ru sites used for redirections
From the Zscaler ThreatLab Blog:
This past month, I've seen an increase in hijacked sites redirecting to a Fake AV page. These attacks typically involves three separate phases:
1 - The hijacked website redirects users coming from a Google search to an external domain.
3 - The fake AV page is delivered.
I demonstrated last year that the Blackhat SEO attacks had migrated from the most popular searches to more specific searches like buying software online where up to 90% of the links returned are malicious. It comes as no surprise that about 95% of the hijacked sites were found for searches like "purchase microsoft word", "achat windows" ("buy Windows" in French), "precio office 2007" (Italian), etc.
There were 12 hijacked sites being used, with 3 domains representing 90% of the hijacked sites redirecting to a fake AV page:
• politicalcampaignexpert.com (WordPress)
• www.extralast.com (WordPress)
• www.ukresistance.co.uk (blocked by Google Safe Browsing)
Continued : http://research.zscaler.com/2012/02/fake-av-ru-sites-used-for-redirections.html
Cybercriminal By Day, Cyber Spy By Night?
"New research shows a link between espionage malware and Black Hat SEO -- and with the RSA attackers"
RSA CONFERENCE 2012 -- San Francisco, Calif. -- New research appears to raise questions over the conventional wisdom that pure nation-state cyberspies rarely if ever dabble in traditional financial cybercrime. Dell SecureWorks here yesterday shared details of a complex study it conducted of two families of espionage malware that have infected government ministry computers in Vietnam, Brunei, Myanmar, Europe, as well as an embassy in China.
Joe Stewart, director of malware research for SecureWorks counter threat unit research team, and his team dug into the domains shared by these malware families, which appear to have been registered by an individual whose physical address they traced to a P.O. box in the fictional location of "Sin Digoo," California.
The domains were registered under the names of "Tawyna Grilth" and "Eric Charles" with a specific Hotmail address during 2004 and 2011. Malware samples using the Tawyna Grilth domains are tied to advanced persistent threat (APT) activity, according to SecureWorks. But the researchers also found that "Tawnya's" domain hosted a Black Hat search engine optimization service.
Continued : http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232601861/cybercriminal-by-day-cyber-spy-by-night.html
Espionage malware with ties to RSA hack snags scores of government PCs
How to catch an Internet cyber thief
There are some not-completely-foolproof ways to hide from Google, but first let's talk about what's changed. Prior to today, Google had more than 70 privacy policies for its various products. But with the company trying to create a seamless experience across search, Gmail, Google+, Google Docs, Picasa, and much more, Google is consolidating the majority of its policies down into just one document covering most of its products. This will make it easier for Google to track users for the purpose of serving up personalized ads.
Continued : http://arstechnica.com/tech-policy/news/2012/03/googles-new-privacy-policy-what-has-changed-and-what-you-can-do-about-it.ars
Free iPad 3? It doesn't exist! Beware of scams
It is widely anticipated that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th.
An invitation sent to journalists, inviting them to an event organised by Apple, has fueled speculation even further as it appears to show a close-up of someone using an iPad. [...]
Could it be the new iPad with a much lusted for improved display and souped-up processor? Only time will tell..
Of course, one group that isn't bothering to wait are the spammers and scammers who frequently tempt the unwary into clicking on their links, or completing their revenue-generating surveys, by offering the latest Apple gear.. for free.
And even though the iPad 3 doesn't exist yet (and who can forget the iPhone 5 scams that all looked a bit silly once Apple actually announced the iPhone 4S instead?) we are seeing plenty of examples of Facebook pages and tweets that appear to be attempting to trick users into thinking they can get one for free.
Continued : http://nakedsecurity.sophos.com/2012/02/29/free-ipad-3-scams-bewar/
$2.1 million stolen with clever social engineering
An unnamed fraudster managed to steal $2.1 million from a hospital chain's Wells Fargo Bank escrow account by faxing a money transfer signed with a copied-and-pasted signature he has taken off the Internet.
The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests.
To understand what happened, you must know that Catholic Healthcare West, the hospital chain in question, signed a contract with Merced County, California, to operate a medical center in the San Joaquin Valley.
In order to be able to do that, the chain had to maintain an escrow account with $7.5 millions in it. At the same time, it decided to change banks, but needed the approval of the county's Board of Supervisors to do that. They did approve but, unfortunately, the county put a partial copy of this agreement on its official website, complete with the signatures of the chain's CFO Michael Blaszyk and the Merced County Director of Public Health Tammy Chandler.
Armed with the name of the bank where Catholic Healthcare West had the account and the name and signature of the chain's CFO, the fraudster put the plan in motion in December 2011, Forbes reports.
Continued : http://www.net-security.org/secworld.php?id=12516
Banker Trojan Zbot Allies With Well-Known Exploit
From Bitdefender's Malware City Blog:
Please wait page is loading... a Zbot
Bitdefender labs have just stumbled upon a website that presents extreme dangers to users, infecting systems with Zbot.
The second HTML page (Trojan.HTML.Downloader.Agent.NBF) the user finally reaches embeds a Java applet (Exploit.Java.CVE-2010-0840.P) - a front for a well-known exploit (CVE-2010-0840) which now is used to download and install a Zbot variant (Trojan.Zbot.HTQ) on the compromised systems.
Zbot a.k.a Zeus, ZeusBot or WSNPoem, is a banker Trojan rigged with backdoor and server capabilities, known to collect from its victims bank-related information, login data, history of the visited Web sites and other sensitive details. Some versions may even snatch screenshots of the compromised machine's desktop.
Continued : http://www.malwarecity.com/blog/banker-trojan-zbot-allies-with-well-known-exploit-1263.html