Subscribe to This Feed

Lizard Squad attacks Xbox, Twitch: Cyber Highlights August 28th

By Kelli Tarala | August 28, 2014

playstation Photo Credit: Sony

Ouch…right in the VIDEO GAME: Lizard Squad attacks Xbox, Twitch. Attackers calling themselves Lizard Squad launched distributed denial of service (DDoS) attacks against video game-streaming service Twitch and the Microsoft Xbox Live service August 26, disrupting service on Twitch for a time but failing to impact Xbox Live service.

Full Story:
http://www.theregister.co.uk/2014/08/27/lizard_squad_hacking_rampage/

Updated NetTraveler backdoor has encrypted configuration file
Researchers at Kaspersky Labs identified an updated variant of the NetTraveler (also known as Travnet or Netfile) malware being used in a spearphishing campaign that contains an encrypted configuration file. The NetTraveler malware has been used for as long as 10 years and is frequently used in attacks targeting diplomatic, government, military, and activist groups.

Full Story:
http://news.softpedia.com/news/Updated-NetTraveler-Backdoor-Has-Encrypted-Configuration-File-456602.shtml

470 million sites exist for 24 hours, 22% are malicious
Blue Coat researchers reported the results of an analysis of over 660 million unique hostnames requested by users and found that 71 percent of hostnames were sites that appeared for only 1 day, with around 22 percent found to be malicious sites used in short-lived attacks or botnet management. The largest number of 1-day sites were legitimate sites used by major online organizations.

Full Story:
http://www.net-security.org/secworld.php?id=17297

Commissioner accuses Xerox of “reckless” misuse of Medicaid data
The commissioner of the Texas Health and Human Services Commission stated that the agency filed a second lawsuit August 26 against Xerox Corp., for allegedly failing to protect patient confidentiality and for improperly retaining large quantities of medical records. The announcement comes several months after the State announced the first lawsuit against Xerox over allegations that the company paid out hundreds of millions of dollars for unnecessary dental work.

Full Story:
http://trailblazersblog.dallasnews.com/2014/08/janek-accuses-xerox-of-reckless-misuse-of-medicaid-data.html/

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Backoff PoS malware has at least eight variants: Cyber Highlights August 27th

By Kelli Tarala | August 28, 2014

pos

http://blog.kaspersky.com/ram-scrapers-and-other-point-of-sale-malware/

Researchers at Symantec conducted an analysis of the Backoff point-of-sale (PoS) malware and identified eight variants, with differences in registry entries and values, command and control servers, and the variants’ installation paths.

Full Story:
http://news.softpedia.com/news/Backoff-PoS-Malware-Has-At-Least-Eight-Variants-456433.shtml

Hardcoded password in Netis, Netcore routers offers backdoor to devices
Trend Micro researchers found that some routers sold under the Netis brand in the U.S. and other countries, and under the Netcore brand in China, contain a backdoor that can be accessed if the routers provide external access. The researchers also found a hardcoded password in the devices that can allow anyone with the password to access the router.

Full Story:
http://news.softpedia.com/news/Hardcoded-Password-in-Netis-Netcore-Routers-Offers-Backdoor-to-Device-456394.shtml

50 security flaws fixed in Google Chrome
Google released an update for its Chrome browser, addressing 50 security issues, including a series of critical vulnerability that could be exploited to execute arbitrary code outside of the Chrome sandbox.

Full Story:
http://threatpost.com/50-security-flaws-fixed-in-google-chrome

Researchers exploit flaw to tie Secret users to their secrets
Researchers from Rhino Security Labs demonstrated a proof-of-concept attack against the Secret app that could allow a user to deduce the identity behind a posting on the anonymous social network. The attack method was previously reported to Secret and closed before the researchers’ demonstration.

Full Story:
http://www.net-security.org/secworld.php?id=17291

Unlisted Comcast customer details exposed by the thousands
The personal information of more than 74,000 Comcast customers in California who had paid to have their details remain unlisted, including names, addresses, and phone numbers, was exposed due to a fault in an agreement with a third party that distributes and publishes Comcast residential directories. The company stated that the leak appeared to occur between July 2010 and December 2012, and affected customers were offered refunds and in some cases additional remediation actions.

Full Story:
http://news.softpedia.com/news/Unlisted-Comcast-Customer-Details-Exposed-by-the-Thousands-456369.shtml

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »

Credentials can be stolen in UI state inference attack: Cyber Highlights for August 25th

By Kelli Tarala | August 26, 2014

Credentials-Can-Be-Stolen-In-UI-State-Inference-Attack-456028-2 Photo Credit: University of California, Riverside

Credentials can be stolen in UI state inference attack
Researchers presenting at the USENIX Security Symposium published a paper outlining a new form of attack called a user interface (UI) inference attack that can steal Android users’ credentials by conducting a side-channel attack relying on a common shared-memory mechanism used by window managers. The attack uses a malicious app that does not require permissions and the researchers believe that the same vulnerability likely exists in other operating systems such as iOS, Windows, and OSX.

Full Story:
http://news.softpedia.com/news/Credentials-Can-Be-Stolen-In-UI-State-Inference-Attack-456028.shtml

University of Alaska internet outage caused by denial of service attack
University of Alaska campuses in Fairbanks, Anchorage, and Juneau experienced a network outage for several hours August 20 after hackers targeted the university’s servers with a distributed denial of service (DDoS) attack that came from multiple sources and consumed 490,000 of 500,000 available sessions on the university’s firewall. The outage caused off-campus users to lose access to the university’s Web sites and blocked Internet access for on-campus users.

Full Story:
http://www.newsminer.com/news/local_news/university-of-alaska-internet-outage-caused-by-denial-of-service/article_a44f2834-2905-11e4-939e-0017a43b2370.html

Vulnerability found in Google Wallet, Alipay payment SDKs
Researchers with Trend Micro identified and reported a security vulnerability in the in-app payment SDKs for Google Wallet and Alibaba Alipay in Android that can be exploited by attackers using intent-filters to display phishing messages and obtain user credentials. Alibaba and Google both released updates to their apps after being informed by the researchers May 27.

Full Story:
http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks

Vulnerability in Akeeba Backup for Joomla went undetected for years
Sucuri researchers found a vulnerability in the Akeeba Backup extension for Joomla that has existed for years and could allow a skilled attacker to access backup files created with Akeeba and download them. The researchers stated that the security risk presented by the vulnerability was low due to the difficulty in exploiting it, and the newest version of Akeeba is no longer vulnerable.

Full Story:
http://news.softpedia.com/news/Vulnerability-in-Akeeba-Backup-for-Joomla-Went-Undetected-for-Years-455961.shtml

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Cryptolocker flogged on YouTube: DHS Cyber Highlights August 21st

By Kelli Tarala | August 21, 2014

cryptolocker

Two researchers reported that cybercriminals have been observed to use purchased ad space on YouTube in order to redirect users to malicious sites serving the Cryptolocker ransomware. The researchers are scheduled to present at the Virus Bulletin 2014 conference detailing how legitimate ad networks could be used to spread malware.

Full Story:
http://www.theregister.co.uk/2014/08/20/cryptolocker_flogged_on_youtube/

Vulnerability in WordPress Mobile Pack exposes password-protected posts
Researchers with dxw Security identified and reported a vulnerability in the Mobile Pack plugin for WordPress that could allow access to password-protected posts. The vulnerability was reported July 24 and closed August 19 with the release of Mobile Pack version 2.0.2.

Full Story:
http://www.securityweek.com/vulnerability-wordpress-mobile-pack-exposes-password-protected-posts

‘Reveton’ ransomware upgraded with powerful password stealer
Avast researchers analyzed a new variant of the Reveton ransomware that now includes the Pony password and virtual currency stealer and a Papras family password stealer that can also disable security programs. The new variant was also programmed to check if an infected user had visited the Web sites of 17 German banks.

Full Story:
http://www.networkworld.com/article/2466981/reveton-ransomware-upgraded-with-powerful-password-stealer.html

Bug in iOS Instagram app fixed, impacts Facebook accounts
IOActive researchers reported that an issue in the Instagram app for iOS could leave users open to having their Facebook access token intercepted over public Wi-Fi due to the app sending the token in plain text. The issue was fixed in Instagram version 6.0.4 and users were advised to update to the latest version.

Full Story:
http://www.scmagazine.com/bug-in-ios-instagram-app-fixed-impacts-facebook-accounts/article/367039/

Restaurant Mizado Cocina says customer credit card data breached by hacker
The New Orleans restaurant Mizado Cocina notified about 8,000 customers that their payment card information, including names, card numbers, and CVV security codes, may have been breached after the business discovered that a hacker installed malware known as Backoff on the restaurant’s point of sale system May 9. The restaurant’s IT company replaced affected computer hardware and the business’s point of sale system was secured July 18.

Full Story:
http://www.nola.com/business/index.ssf/2014/08/restaurant_mizado_cocina_says.html

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: DHS Infrastructure Reports | No Comments »

Four-year old flaw exploited by Stuxnet still targeted: DHS Highlights August 20th

By Kelli Tarala | August 21, 2014

stuxnetSource:  http://www.digitaltrends.com

Kaspersky Lab researchers found that vulnerability CVE-2010-2568 leveraged in the Stuxnet attacks was still present on many systems 4 years after it was patched, with tens of millions of exploits targeting the vulnerability observed between November 2013 and June 2014. The researchers also found that other older vulnerabilities are still frequently targeted, and that around 53 percent of 15.06 million detected exploits targeted Java vulnerabilities.

Full Story:
http://www.securityweek.com/four-year-old-flaw-exploited-stuxnet-still-targeted

Nuke regulator hacked by suspected foreign powers
A report on cybersecurity at the U.S. Nuclear Regulatory Commission (NRC) stated that NRC systems were compromised in 3 attacks during the past 3 years, with attacks conducted from abroad and 1 from an unknown individual using targeted phishing attacks and the compromise of an NRC employee email account. A NRC representative stated that computers used by employees that fell for phishing attacks were cleaned and user profiles changed as a precaution.

Full Story:
http://www.nextgov.com/cybersecurity/2014/08/exclusive-nuke-regulatorhacked-
suspected-foreign-powers/91643/

Tennessee-based hospital network hacked, 4.5 million records stolen
Community Health Systems, which operates 206 hospitals in 28 States, announced August 18 that the personal information, including Social Security numbers, of 4.5 million patients was stolen in April and June by China-based hackers who used sophisticated malware. The company cleared their computer systems of the malware and implemented protections against future breaches.

Full Story:
http://wreg.com/2014/08/18/tennessee-based-hospital-network-hacked-4-5-million-records-stolen/

New attack binds malware in parallel to software downloads
Researchers at Ruhr University developed a proof-of-concept attack that can inject malicious code into a legitimate download that runs parallel to the original and does not modify the code, taking advantage of security deficiencies present in some free and open source software. An attacker using the attack would need to control an intermediate network node between the client and the download server, such as compromising a router, using a network redirection attack, or compromising an insider through social engineering.

Full Story:
http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-downloads

Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm.  Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.

Topics: Uncategorized | No Comments »


« Previous Entries