Category: Warnings

Symantec’s detection network picked up just a handful of attempts, but the code used in the attacks is new and gives hackers a way to take over a system.

The Metasploit open-source hacking toolkit has published code that exploits the flaw, but whoever is behind these attacks isn’t using that software, Symantec Security Intelligence Manager Joshua Talbot, said.

http://www.pcadvisor.co.uk/news/index.cfm?RSS&NewsID=3225545

The leaked data — including customer and employee personal information — was left open to download after workers in the affected organisations decided to download content at work without really understanding what they were doing.

The offending organisations included schools, local governments, private corporations and small businesses.

The FTC issued a statement on this action, which is hopes will act as a wider warning against a real risk.

http://www.theregister.co.uk/2010/02/23/p2p_data_leak_warning/

“Some companies say there’s never been a successful attack against the grid, but that’s not true,” he says.

Doug Preece, senior manager for smart energy services at Capgemini, says he expects an uptick in hacking of smart grid devices during the next 12 months as more smart-grid pilot projects are launched at energy firms. “A closed communications network was difficult to breach.” “Their communications will be predominantly wireless, and it’s assumed they will be sniffed, penetrated, hacked, and service will be denied …So we’re designing mitigation techniques and security to address these things,” he says.

The best-case scenario of attack would be someone poking around the network for vulnerabilities so he can cut his energy bill, for example, says Eric Knapp, vice president of technical marketing for NitroSecurity. “The worst-case scenario would be an attacker compromising [the smart grid] and then controlling the distribution of power,” he says.

Patricia Titus, chief information security officer for Unisys Federal Systems and former CISO for the Transportation Security Administration (TSA), says energy firms need to “take a breath” and determine whether adopting smart grid technology will exacerbate or solve problems.

And it’s not that existing SCADA systems are all insulated from attack, even with their private lines.

The Grey Goose report calls out Russia, Turkish hackers, and China as the top threats to the power grid.

It just opens up another window that requires a higher level of sophistication [to breach].”

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=223000369

In August, NACHA- the Electronics Payments Association issued an alert, warning members about attacks involving the theft of online banking credentials, such as usernames and passwords mostly from small- and medium-size businesses. NACHA, with more than 11,000 financial institutions as members, oversees the Automated Clearing House (ACH) electronic payments network.

The alert identified organized cybercrime groups in Eastern Europe as predominantly responsible for illegally siphoning millions of dollars off corporate accounts and sending the money overseas via popular money and wire transfer services. In most instances, the crooks used sophisticated keystroke logging Trojan horse programs to steal login credentials from company employees authorized to initiate funds transfers on behalf of the business, the FBI noted. The malware copies the user’s ID, password and one-time password and immediately uses them to transfer funds, while the victim gets an error message on the computer screen.

For instance, a request to transfer a certain amount of money from one account to another could be modified so that the request the bank gets would be different from the request sent by the user.

“Other strong authentication methods, such as those using chip cards and biometric technology that rely on browser communications, can be similarly defeated,” she said.

Because any authentication method that relies on a browser can be attacked and defeated, banks need to start using server-based fraud detection to monitor transactions for suspicious behavior, she said.

http://www.cio.com/article/510954/Hackers_Are_Defeating_Tough_Authentication_Gartner_Warns?taxonomyId=3089

Kaspersky Lab, for instance, recently established its regional office in Johannesburg, South Africa, to oversee operations in sub-Saharan Africa, and especially in East Africa. The firm, which was founded over a decade ago, commands over six per cent of the endpoint market to set up a base in Africa. It already has a presence in 25 other countries across five continents. Chief security expert at Kaspersky Lab, Costin Raiu, says the Seacom cable will connect a huge part of Africa to India, the United Kingdom, France and United Arab Emirates, thus predisposing it to suspect software.

A 2009 web survey by McAfee titled Mapping the Mal Web found that the letter code at the end of a website address, referred to as the top level domain, determines chances of encountering malware, spam or other threats. “When registering their websites, cyber criminals look out for low prices, easy registration, lack of regulations or a ‘no questions asked’ policy,” states the report.

And as the continent gears up to host the World Cup in 2010, experts warn this could further expose it to Internet attacks.

http://allafrica.com/stories/200912141691.html

Trend Micro has written to the software developers involved in what looks like a case of misguided software design, rather than anything worse.

Pending a fix from software developers, Trend Micro has slapped a “hacking tool” warning on the rootkit-like component of the network security tool (called HKTL-BRUDEVIC).

It doesn’t name the developers except to say they are the same firm which bundles rootkit-like software with USB storage devices featuring fingerprint authentication.

http://www.theregister.co.uk/2008/11/28/network_security_rootkit/