Thursday, July 8, 2010

Repeat of SKorea, US cyberattacks does no damage:

Repeat of SKorea, US cyberattacks does no damage: Hundreds of computers that helped cause a wave
of outages on U.S. and South Korean government websites last July launched new attacks on the same sites,
but no major interference was reported, police said Thursday. The computers were programmed to attack
every July 7, according to police, so this year's assault appeared to be a continuation of last year's, which began over the July 4 holiday weekend in the U.S. but reached South Korea on July 7. More than 460
computers infected with malicious computer codes assaulted 25 websites, including those of the White House
and South Korea's presidential Blue House, on Wednesday, said Jeong Seok-hwa, a police officer handling
investigations of the cyberattacks. … [T]he computers apparently attacked again this year because last year's
malware hadn't been removed, not because another assault was launched. Date: 8 July 2010; Source: more..

Scammers hack into senator's Yahoo account:

Scammers hack into senator's Yahoo account: Bob Dvorsky, a Democrat senator for the state of Iowa, is
the latest public figure to have had his email system broken into by cybercriminals. The politician would
probably not have realised that his Yahoo account had been broken into unless they had sent a scam email to
his friends and online contacts. The fraudulent email claimed that Senator Dvorsky was stranded in Scotland,
and needed to be wired money in order to return to his home. According to a report by KCRG TV News,…
hackers managed to get their paws on the senator's Yahoo password after he was sent a phishing email.
[Date: 8 July 2010; more..]

Symbian malware creates mighty zombie army:

Symbian malware creates mighty zombie army: Mobile malware that affects Symbian Series 60 handsets
is being used to create a botnet. Security firm NetQin claims as many as 100,000 smartphones have been
compromised with the malware, which typically poses as a game and affects Series 3 and % Symbian
devices. … "These botnets do one of two things; send messages to all the contacts of the address book
directly, or send messages to the random phone numbers by connecting to a server,” NetQin explains in a
blog posting. “The viruses will delete the sent messages from the user’s Outbox and SMS log. All messages
contain URLs linked to malicious sites that users won’t be able to see until after they’ve fallen into the virus
trap.” The Symbian Foundation said that the certificate used to sign has been revoked, so providing
revocation checking is enabled on a phone the malware will not run. Symbian downplayed the threat of the
malware which a spokesman described as posing only a "very minor threat"…. [Date: 8 July 2010; Source:
more..]

Ubuntu closes root hole:

Ubuntu closes root hole: A flaw in the module pam_motd (message of the day), which displays the daily
motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights.
Attackers can exploit this vulnerability to gain root access. Ubuntu has already provided a patch for the flaw.
Operators of multi-users systems should install it as soon as possible because directions are already in
circulation via Twitter on how to exploit the flaw to get access rights to the password file /etc/shadow. The file
can then not only be read, but changed. … According to the developers, the problem only occurs on Ubuntu;
other Linux systems are reportedly not affected. Ubuntu has remedied the flaw by taking root rights away
from the module for access to the file motd.legal-notice (under .cache). [Date: 8 July 2010; Source:
more..]

Workplace Snooping and Data Theft on the Rise:

Workplace Snooping and Data Theft on the Rise: Thirty-five percent of companies believe that their
organisation's sensitive information has been given to competitors, according to a new survey. Cyber-Ark
Software's "Trust, Security and Passwords" global survey also found that 37 percent of IT professionals
surveyed cited former employees as the mostly likely source of this loss. However, human error followed
second, with 28 percent of respondents saying this was the most likely cause, followed by 10 percent who
believed that it was a result of an external hack, and 10 percent who cited the loss of a mobile device or
laptop. The survey found that the most popular sensitive information to be shared with competitors was the
customer database (26 percent) and R&D plans (13 percent). … In addition, Cyber-Ark's survey found that IT
professionals are increasingly using their privileges to access sensitive or confidential information. A total 41
percent of respondents admitted to abusing administrative passwords to do so, an increase from 33 percent
in 2008 and 2009. [Date: 7 July 2010; Source: hmore..]

Pirate Bay Hack Exposes User Booty:

Pirate Bay Hack Exposes User Booty: Security weaknesses in the hugely popular file-sharing Web site
thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate
Bay users, according to information obtained by KrebsOnSecurity.com. An Argentinian hacker named Ch
Russo said he and two of his associates discovered multiple SQL injection vulnerabilities that let them into the
user database for the site. Armed with this access, the hackers had the ability to create, delete, modify or
view all user information, including the number and name of file trackers or torrents uploaded by users.
Russo maintains that at no time did he or his associates alter or delete information in The Pirate Bay
database. But he acknowledges that they did briefly consider how much this access and information would
be worth to anti-piracy companies. … Russo said The Pirate Bay administrators appear to have removed the
Web site component that facilitated access to thepiratebay.org user database…. [Date: 7 July 2010; Source:
more..]

Report: US building system to detect cyber-attacks:

Report: US building system to detect cyber-attacks: The U.S. National Security Agency is building a
system that would help detect cyber-attacks on critical U.S. infrastructure, according to a report in the Wall
Street Journal that cites unnamed sources. The system would monitor both private U.S. companies and
government agencies that operate infrastructure such as electricity grids and nuclear power plants…. It
would use sensors placed in computer networks that would be triggered by activity signaling a cyber-attack.
The story says that Raytheon has won a contract for the first phase of the project that is worth $100 million.
The NSA declined to comment on the report. Raytheon did not reply to a request for comment about the
reported system. Neither commented publicly in the Wall Street Journal article. The U.S. government is
increasingly aware and wary of intrusions from overseas into public and private networks, particularly for the
purpose of espionage. [Date: 7 July 2010; Source: more..]

Wednesday, July 7, 2010

Apple bans fraudulent developer from iTunes:

Apple bans fraudulent developer from iTunes: Apple has confirmed that iTunes accounts were
compromised to make fraudulent purchases, and has banned the developer at the centre of the scam. Thuat
Nguyen managed to briefly push 42 of his releases into the top 50 book apps in the US iTunes Store last
week, triggering suspicions of foul play. After earlier suspending the Vietnamese developer's account, Apple
has brought the ban-hammer down on Nguyen for violations of its Developer Program License Agreement….
In a statement, Apple said the 400 accounts were compromised to make fraudulent purchases. … Security
firms reckon the scam bears the hallmarks of a phishing attack, where victims are tricked into handing over
login credentials. [Date: 7 July 2010; Source: more..]

Trojan skewers security software with Windows:

Trojan skewers security software with Windows: Security watchers have discovered a Trojan that uses
built-in Windows functionality to overwrite security software and compromise systems. The malware…uses
Windows input method editor (IME) to inject a system, technology that normally creates a means for users to
enter characters not supported with their input device. For example, PC users with a 'Western' keyboard
would take advantage of the technology to input Chinese or Japanese characters. Security firm Websense,
which has written a detailed write-up of the malware, explained: "The trojan can install itself as an IME, then it
kills any running antivirus processes and deletes the installed antivirus executable files. The original
executable file of this trojan disguises itself as an antivirus update package." As Websense notes, the attacks
show that malware writers have begun using Windows input methods to infect vulnerable systems. [Date: 7
July 2010; Source: more..]

Suspicious Facebook app may be spam launch pad:

Suspicious Facebook app may be spam launch pad: A suspicious application circulating on Facebook
has attracted nearly 300,000 fans whose profiles could be used as launching pads for spam…. The
application, called "I will NEVER text again," lures Facebook users by offering a video, said Graham Cluley,
senior technology consultant for security vendor Sophos. When someone clicks on a link advertising the
application, the application asks for permission to access their basic information and post to their Wall. If a
user grants permission, the link is then posted to the user's Wall and goes out in the person's news feed,
which then gets read by other friends and potentially added to their profiles…. So far the application hasn't
done anything malicious, and many Facebook applications ask for the same access to a person's information
and Wall. But it has some suspicious characteristics. Although it promises a video, the video does not work,
Cluley said. [Date: 6 July 2010; Source: ]

Password stealers and Conficker top June malware:

Password stealers and Conficker top June malware: June proved to be another hot month for malware
with by a surge in attacks by a password-stealing bot and the return of old nemesis Conficker, according to a
report released Tuesday by security software maker Sunbelt. Designed to ferret out cached passwords and
log-in credentials for banking sites, "Trojan-Spy.Win32.Zbot.gen" was the second-most prevalent piece of
malware detected by Sunbelt last month, up from the No. 5 spot in May. The top spot, grabbing more than a
quarter of all detections, was held by "Trojan.Win32.Generic!BT," a generic form of malware with hundreds of
variations and sometimes associated with scareware and rogue security software, noted Sunbelt. The month
also marked a return engagement of Conficker, this time in the form of a variant called Downadup. Following
the path of the original Conficker, the new variant jumps on a weakness in Windows Server that allows code
to be executed remotely when file sharing is turned on, according to Sunbelt. [Date: 6 July 2010; Source:
more..]

Database admin sentenced for hacking employer's network:

Database admin sentenced for hacking employer's network: A former senior database administrator at a
Houston electricity provider was sentenced today to a year in prison for hacking into his former employer's
computer network, the U.S. Department of Justice said. Steven Jinwoo Kim, 40, of Houston, pleaded guilty
on Nov. 16 to one count of intentionally accessing a protected computer without authorization and recklessly
causing damage. … On April 30, 2008, after he was fired, Kim used his home computer to connect to Gexa
[Energy]'s computer network and to a database containing information on about 150,000 Gexa customers, the
DOJ said. Kim damaged the computer network and the database in the process, the DOJ said. [Date: 6 July
2010; Source: more..]

Microsoft investigating new Windows flaw:

Microsoft investigating new Windows flaw: Microsoft said on Tuesday that it is looking into reports of a
new Windows flaw that could compromise the security of machines running older versions of the operating
system. In an advisory on its Web site, Secunia said that the vulnerability is due to a boundary error in a
function included in Windows XP and Windows 2000 that, if exploited, could allow malicious code to be
executed. The firm rated the vulnerability as "moderately critical." "Microsoft is investigating new public
claims of a possible vulnerability in Windows 2000 and Windows XP," group manager Jerry Bryant said in a
statement. Bryant said Microsoft is unaware of any attempts so far to build an attack based on the
vulnerability and included Microsoft's standard language that it will take appropriate action, which could
include releasing an update as part of the company's monthly patches or issuing an unscheduled update.
[Date: 6 July 2010; Source: more..]

U.S. cybersecurity R&D needs a master plan:

U.S. cybersecurity R&D needs a master plan: The federal government’s cybersecurity research and
development programs lack needed leadership and coordination, according to government auditors.
According to the Government Accountability Office, the government doesn’t have a prioritized national
cybersecurity research and development agenda. Officials also don't have the ability to track all active and
completed cybersecurity programs and a process to sufficiently share key information between government
and industry, auditors wrote in a report released today. “Without a current national cybersecurity R&D
agenda, the nation is at risk that agencies and private sector companies may focus on their individual
priorities, which may not be the most important national research priorities,” auditors wrote. … The lack of a
national agenda makes it more likely that programs won’t reflect national priorities, important decisions will be
postponed, and agencies will lack overall direction, GAO said. [Date: 6 July 2010; Source:
more..