NEWS - September 12, 2012

European Commission deploys crack Computer Emergency Response Team

The European Commission (EC) has deployed its anti-hacker Computer Emergency Response Team (CERT-EU) on a permanent basis at its largest institutions to combat the growing number of cyber threats it's facing.

CERT's are small teams of experts embedded within companies and organisations that are designed to help protect against cyber threats and manage data breaches and are increasingly common within private and public sector organisations.

The EU reportedly chose to test the tactic to help protect its Parliament, Commission and Council organisations from growing cyber threats.

"The EU institutions, like any other major organisations, are frequently the target of information security incidents. CERT-EU is helping us to improve our protection against these threats," said EU vice president Maros Sefcovic.

Continued :

EU gets Computer Emergency Response Team
Permanent Cybersecurity Team Established for EU Institutions
Cyber security strengthened at EU institutions
Discussion is locked
Reply to: NEWS - September 12, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - September 12, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Chip-and-PIN flaw blamed for cloned bank cards

"Cambridge security researchers have discovered serious problems with how ATMs authenticate transactions, though an industry group has shrugged off the method as too complex for scammers to use."

Security researchers say they have found a vulnerability in the ubiquitous chip-and-PIN system that could effectively allow bank cards to be cloned.

In a paper (PDF) presented to a cryptography conference in Belgium on Tuesday, the University of Cambridge researchers said the flaw undermined banks' claims that the chip-and-PIN or 'EMV' system was prohibitively expensive to clone.

"We can now explain at least some of the increasing number of frauds in which victims are refused refunds by banks which claim that EMV cards cannot be cloned and that a customer involved in a dispute must therefore be mistaken or complicit," the researchers said in the paper's abstract.

The researchers said their work began after hearing of the case of a Mr Gambin, "a Maltese customer of HSBC who was refused a refund for a series of transactions that were billed to his card and which HSBC claimed must have been made with his card and PIN at an ATM in Palma, Majorca on the 29 June 2011".


Continued :

A picked pocket in Mallorca reveals crack in chip-and-PIN security
Chip and skim flaw lets crooks fake credit card transactions
Chip And Pin Flaw Uncovered By Cambridge Boffins
Chip and PIN payment card system vulnerable to "pre-play" attacks

- Collapse -
Research Paints Shamoon Creators as 'Skillful Amateurs'

Despite seemingly endless pontification, it's still too early to definitively say whether there's a connection between the Shamoon malware and recent attacks on Middle Eastern oil firms, yet some of the attackers' intentions may be getting clearer.

Research suggests the creators behind the recent Shamoon malware weren't high profile programmers but instead "skillful amateurs" who may have had politically driven motivations.

A new post by Kaspersky Lab researcher Dmitry Tarakanov on the firm's Securelist blog helps break down the malware's technical details and shortcomings further.

In one part of the analysis Tarakanov notes that the malware's author used a capital "S" instead of a lowercase "s." This "silly error" lead to a "spring" function failure and made it impossible for the malware to drop a file, let alone execute one.

Elsewhere, two files, "f1.inf" and "f2.inf," are produced by the malware that pose a fragment of a JPEG of a burning U.S. flag - the presence of the image should be easily noticed and according to Tarakanov was meant to be found. The image continues to populate itself, overwriting the hard drive with the JPEG, crudely filling the entire disk with data.

Continued :

Also: Coding Errors in Shamoon Malware Suggest It May Be Work of Amateurs

- Collapse -
"Omg this is so cool!" Pinterest hack feeds spam to Twitter
.. and Facebook

Users of the social, image-sharing network Pinterest are complaining about widespread account takeovers that have spilled image spam onto adjoining social networks like Twitter and Facebook.

Though notice of the scam has picked up in the last day, there's evidence that the spam runs have been going on for more than a week, with spammers posting images promoting work-at-home schemes. [Screenshot]

The images were accompanied by messages such as "Omg this is so cool! Can't wait for more!" and "Omg this is so exciting! Too excited for next ones!" The messages were accompanied by links back to the spam images on compromised Pinterest accounts.

As of Wednesday, Pinterest had removed many of the offending images, though some could still be viewed.

Users who had linked their Pinterest account to adjacent social networks like Facebook and Twitter found that the spammers quickly took advantage of that access, blasting out tweets and wall posts linking to the spammy images.

Continued :
- Collapse -
Dancing Penguins: A Case of Organized Android Pay Per Instal

From the ESET Threat Blog:

For years, cyber criminals have organized their operations and traded resources through discussion forums and auction sites. One popular item to trade is access to virus infected PCs for cash. These trading schemes are often called pay-per install (PPI) programs. We have recently started an investigation on a new type of pay-per install program, this time threatening Android devices.

We began our investigation by looking at domain names and malicious files related to what appears to be a Russian web forum used by the cyber criminals for marketing and supporting their PPI scheme. The forum started operating at the end of 2011. From the information we could gather, actors who successfully install malicious software on Android devices get paid between 2 and 5 US dollars per installation. This is much higher than the typical price for Windows PCs. As shown in the image below, taken from the front page of this web forum, the administrators of this program have even prepared graphics to attract as many crooks as possible. [Screenshot]

The software that is installed on Android devices is usually in the Android/TrojanSMS malware family. These malicious programs send SMS messages to premium rate numbers, bringing monetary profit to the malware operators. Our colleagues at Quickheal have blogged about one of these applications. [Screenshot]

Continued :

- Collapse -
Antivirus programs often poorly configured, study finds

"Wide variaiton between vendors with Microsoft top"

How securely antivirus software has been configured varies widely between products with users of Microsoft's Security Essentials (MSE) the most likely to run protection using optimal settings, software certification firm OPSWAT has found.

Using numbers crunched from PC's running the company's OPSWAT's AppRemover tool (140,000 installations), MSE systems had realtime protection enabled in 94.6 percent of cases, slightly ahead of Avast, McAfee and Avira.

By contrast, Kaspersky Lab's Internet Security users only activated this important setting 65.5 percent of the time, with Norton Internet Security and Norton AntiVirus users not much better.

MSE users were also the best at updating frequency, with 94 percent updating in the previous week. Just under 65 percent of For Norton AntiVirus and McAfee VirusScan users had updated in the previous 60 days, something that would render the protection offered by the software moot.

Continued :

- Collapse -
FTC returns $2.3 million from online work-at-home scheme

The U.S. Federal Trade Commission has begun mailing 93,086 refund checks totalling nearly US$2.3 million to consumers who were allegedly charged hidden fees by a fake work-at-home service that used Google's name to advertise.

The online work-at-home operation, which operated under the names Google Money Tree, Google Pro and Google Treasure Chest, deceptively used Google's name and logo, the FTC said in a Tuesday press release. The operation promised that consumers could earn $100,000 in six months after signing up to receive a work-at-home kit for a shipping fee of under $4, according to the FTC and court records.

The operation was not affiliated with Google, the FTC said.

The operation didn't tell consumers that, by ordering the work-at-home kit, they were disclosing their account information and would be charged an additional $72.21 each month, the FTC said.

Under a settlement with the FTC, the defendants are banned from selling products through so-called negative option transactions, in which the seller interprets consumers' silence or inaction as permission to charge them. The defendants are also prohibited from making misleading or unsupported claims while marketing or selling any product or service.

Continued :

The FTC Release: FTC Returns More than $2 Million to Buyers of the "Google Money Tree" Work-at-Home Scam

Also: "Google Money Tree" Work-at-Home Scam Victims Refunded by FTC

- Collapse -
The Tinba/Tinybanker Malware

From TrendLabs Malware Blog:

Trend Micro and CSIS have released a joint white paper about the Tinba information-stealing malware. The paper contains a thorough technical analysis of the malware itself, as well as the architecture of its infrastructure, and its ties to other illegal activities.

What is Tinba?

Tinba got its name from its extraordinarily small size - its code is approximately 20 kilobytes in size, a remarkably small number for banking malware. Tinba is a combination of the words tiny and banker; the same malware is also known as Tinybanker and Zusy.

Tinba is delivered onto user systems via the Blackhole exploit kit, and is aimed primarily at users in Turkey. We estimate that there are more than 60,000 users affected by Tinba in Turkey.

The capabilities of this malware are broadly similar to other similarly sophisticated info-stealing malware families. Using web injects, it steals the login information from websites, particularly those located in Turkey. Some targets such as Facebook, GMX, Google, and Microsoft are hardcoded into the code of Tinba itself and are universally targeted by Tinba. Other institutions are targeted based on downloaded configuration files; frequent targets include key government portals and Turkish banks/financial institutions.

Continued :

CNET Forums