12 total posts
Cash Claws, Fake Fascias & Tampered Tickets
Credit and debit card skimmers aren't just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are turning up on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.
Recently, at least five countries reported skimming attacks against railway or transport ticket machines, according to the European ATM Security Team (EAST), a not-for-profit organization that collects data on skimming attacks. Two countries reported skimming attacks at parking machines, and three countries had skimming incidents involving point-of-sale terminals. EAST notes that Bluetooth devices increasingly are being used to transit stolen card and PIN data wirelessly. [Screenshot]
The organization also is tracking a skimming trend reported by three countries (mainly in Latin America) in which thieves are fabricating fake ATM fascias and placing them over genuine ATMs, like the one pictured below. After entering their PIN, cardholders see an 'out-of-order' message. EAST said the fake fascias include working screens so that this type of message can be displayed. The card details are compromised by a skimming device hidden inside the fake fascia, and the PINs are captured via the built-in keypad, which overlays the real keypad underneath. [Screenshot]
Continued : http://krebsonsecurity.com/2013/03/cash-claws-fake-fascias-tampered-tickets/
Pirated software use triples - leaving PC users at risk
.. of infection
From the ESET blog:
Use of pirated and counterfeit Windows software has tripled since 2006, according to analysts IDC - creating a fertile breeding ground for malware.
For the report, entitled 'The Dangerous World of Pirated and Counterfeit Software', IDC analysts conducted 533 tests on counterfeit software from P2P and web sources.
The tests found that counterfeit software led to infection with Trojans and malicious adware in 36% of cases. The research was commissioned and sponsored by Microsoft.
The problem afflicts business as well as consumers, thanks to employees installing their own software - with a quarter of American firms reporting that workers had done so within the past two years.
Continued : http://www.welivesecurity.com/2013/03/28/use-of-pirated-software-triples-leaving-pc-users-at-risk-of-infection/
Does your breach email notification look like a phish?
From the SANS ISC:
With the continual cycle of systems being compromised and customer data being stolen, using email notification is a fast, easy and direct method to send out warnings and advice to the unfortunate victims. It's the one way, other than physical interaction (Phone calls, personal visits while offering a warm cup of tea and a sad smile or hiring street criers calling out the names of the afflicted in every town in the land...) that means all the right people do get notified, well, if they read their emails. It's a defacto standard to communication so surely we've worked out how to use it properly.
One group that uses email to great success are phishers. Here at the ISC, we get plenty phishing emails: Reader submitted and those sent directly to us, from the nonsensical, incoherent jibber-jabber to those carefully and professional crafted. The recent Mandiant report [1 (pdf)] goes to highlighting that even the top end of attackers uses phishing emails, making awareness programmes to anyone that has an email address something that needs tick off the to do list one of these days.
So what this got to do with breach notification emails? Glad you asked.
Continued : https://isc.sans.edu/diary.html?storyid=15508
Wedding-Inspired Spam Leads to Kuluoz Infection
From ThreatTrack Security:
Weddings, no doubt, are always special. It is celebrated in more ways than one, depending on the culture, country, religious affiliation and tradition a couple belongs or wish to adhere to. However it is practiced, one thing is certain: the preparations and plannings behind it have been grueling, stressful and time consuming.
Thanks to technology and human ingenuity, wedding preparation is more manageable and a lot quicker to pull off than before. For one thing, there are services available online that cater to the soon-to-be-wedded who opt for the modern way of sending out wedding invitations in the form of e-cards.
Our researchers in the AV Labs captured a malicious spam appearing to be a wedding invitation purportedly from White Wedding Agency, a business entity in Prague: [Screenshot]
Continued : http://www.threattracksecurity.com/it-blog/wedding-inspired-spam-leads-to-kuluoz-infection/
From ESET: Don't save that date - bogus wedding invitations are latest spam trend
8 in 10 companies suffered web-borne attacks
The vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords, according to Webroot.
The study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.
Top-level corporate study findings:
• 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
• 88% of Web security administrators say Web browsing is a serious malware risk
• Phishing is the most prevalent Web-borne attack, affecting 55% of companies.
Continued : http://www.net-security.org/secworld.php?id=14680
Android Malware Spreads Via IRS Spam Campaign
Researchers at Dell SecureWorks say a multi-function piece of Android malware is spreading through a spam campaign that uses this year's tax season as part of a lure.
Known as Stels, the trojan was spotted by Dell SecureWorks Counter Threat Unit (CTU) research term being spread by the same spam campaigns blasted out by the Cutwail botnet. Once on a device, the malware is capable of stealing a victim's contact list, sending and intercepting text messages, making phone calls and installing more malware.
According to SecureWorks, the spam campaigns attempt to trick users into clicking links that redirect users to the Blackhole exploit kit. Since the Blackhole kit is unable to exploit Android devices, the attackers are using a fake Adobe Flash Player update to trick victims into downloading and executing the Stels trojan.
"The CTU research team has observed a shift away from Android malware being distributed through alternative marketplaces (i.e., outside of the official Google Play app store)," blogged Brett Stone-Gross, senior security researcher at CTU. "In particular, attackers have been orchestrating spam campaigns to distribute Android malware such as the NotCompatible and Stels trojans. Stels uses lures such as fake email messages from the U.S. Internal Revenue Service (IRS) and recommendations from a "friend."
Phishing Campaign Using Military, Illicit Attachments
Look out for email attachments offering better sex tips and news about newly developed Chinese stealth frigates, because they are loaded with malware, according to a Securelist report written by Kaspersky Lab expert, Ben Godwood.
The malware is fairly old and not particularly advanced, but a lot of it has been trying to pass through the Kaspersky security network lately and on a very regular basis. Godwood advises that you just don't open attached documents with titles like: "EAT FOR BETTER SEX.doc," "How to last longer in bed.doc," "6 Awkward Sex Moments, Defused.doc," "9 ways to have better, hotter, and more memorable sex.doc," and "10 Ways to Get More Sex.doc."
You'll also want to avoid these potentially fascinating attachments: "Stealth Frigate.doc," "The BrahMos Missile.doc," and "How DRDO failed India's military.doc"
There is also a third category of malicious documents with roughly the same subjects, but written in Cyrillic characters:
Continued : https://threatpost.com/en_us/blogs/phishing-sex-tips-and-naval-hardware-specs-032913
A Peek At The Future Of Botnet Evolution
Botnets weren't always malicious. According to a report by Symantec called The Evolution of IRC Bots (pdf), botnets were originally designed to automate basic tasks on IRC and allowed IRC operators to link instances of the bot together and manage its power. Eventually, botnets were used to perform DoS attacks and other malicious activities as computer users realized the potential collective power botnets had.
According to Richard Henderson, a security strategist and threat researcher for Fortinet's Fortiguard Labs, botnet authors are "leveraging real-world business models in order to expand their presence online." Writing code for botnets has become their full-time job.Authors watch closely when vendors patch a vulnerability. As soon as the patch details are released, they update their code to infect computers that haven't been updated yet. Botnet authors will also hire groups of affiliates in order to spread malware and generate revenue using different methods.
Mobile Botnets on the Rise
Critical Flaw in Bind9 Software Can Kill DNS Servers
A freshly-discovered flaw in the Berkley Internet Name Daemon (BIND) could allow an attacker to bring the DNS server to a grinding halt through the use of regular expressions.
The vulnerability is known as CVE-2013-2266 and affects Linux and Unix versions of BIND from 9.7.x, 9.8.0 to 9.8.5b1 and 9.9.0 to 9.9.3b1, but not similar versions running on Windows. When successfully exploited, the named process starts eating up computer memory until it runs out and the system crashes, along with other services running on the same server.
"Programs using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition. Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used," reads the advisory posted by the Internet Systems Consortium.
Continued : http://www.hotforsecurity.com/blog/critical-flaw-in-bind9-software-can-kill-dns-servers-5806.html
Critical Flaw Threatens Millions of BIND Servers
Critical vulnerability in BIND 9 regular expression handling
Sprint, Softbank to shun China's networking equipment
"National security fears lead to restrictions on proposed merger."
Sprint Nextel and its new owner will limit their use of technology made by Chinese companies, and allow US national security officials to monitor changes to their equipment. The pending agreement will help them gain US approval of SoftBank's $20 billion acquisition of Sprint.
US officials have accused Chinese firms Huawei and ZTE of having close ties with the Chinese government and military. They claim the companies' equipment raises the threat of "cyber-espionage" or attacks on US communications networks, although a White House review last year found no clear evidence that Huawei spied for China.
The New York Times last night quoted anonymous government officials as saying that Sprint Nextel and the Japanese SoftBank "are expected to enter an agreement with American law enforcement officials that will restrict the combined company's ability to pick suppliers for its telecommunications equipment and systems." Further, "The agreement would allow national security officials to monitor changes to the company's system of routers, servers and switches, among other equipment and processes, the officials said. It would also let them keep a close watch on the extent to which Sprint and SoftBank use equipment from Chinese manufacturers, particularly Huawei Technologies."
Continued : http://arstechnica.com/security/2013/03/sprint-softbank-to-shun-chinese-networking-equipment/
Sprint and SoftBank promise not to use Chinese networking equipment, says lawmaker
Sprint and SoftBank vow to drop Huawei equipment