Week in review: Tor users targeted with spyware, secure mail providers close up shop
Here’s an overview of some of last week’s most interesting news, reviews and articles:
Working as an ethical hacker
The majority of people in the security industry use the term interchangeably with the term “white hat” – a computer hacker that performs all kinds of penetration testing against an organization’s information systems, at the behest of that same organization and so that it can secure those systems against black hats (straight up “bad guys” hacking for money) and grey hats
Tor users targeted with spyware following anonymous Web-host shutdown
The news that the alleged owner of Freedom Hosting, the internet host for a great number of Tor hidden services, has been arrested and is accused of distributing and promoting child pornography has resounded across the Internet and has explained why there were mass outages of Tor hidden services. But that was not the end of it.
Cross-platform backdoor created with RAT available online
For malware authors and attackers, the ideal malware is that which works on as many platforms as possible. As Java is used in a wide variety of computing platforms, it stands to reason that applications written in Java make the perfect malware delivery method.
Decoy water plant attracts hackers, Chinese APT1 crew
A Trend Micro researcher that has lately concentrated on finding out just how often industrial control systems are attacked and from where has shared the latest findings of his research involving decoy systems as honeytraps, and says that one of them has been targeted by the infamous APT1 Chinese hacking crew.
Top destinations for cyber security pros
According to the report, cyber security professionals earn on average $116,000 annually, but are driven by more than a paycheck – they want to work for an employer with a reputation for honor and integrity.
Advice on Tor use in wake of Freedom Hosting compromise
In the wake of the discovery that someone has compromised Tor hidden services hosted by Freedom Hosting and injected malicious JavaScript aimed at de-anonymizing specific users, the Tor Project has advised Tor users to keep their Tor Browser Bundle (TBB) updated, switch away from Windows, and disable JavaScript.
NSA tips off law enforcement, asks them to keep the practice secret
Just days after the NYT wrote about the NSA denying other federal intelligence agencies access to their surveillance tools comes the disclosure that a US Drug Enforcement Administration unit called Special Operations Division (SOD) has been channeling information collected by the NSA to law enforcement agencies in order to help them start investigations of suspected criminals.
Researchers create DIY IDS for identifying hacked smartphones
A group of researchers from LMG Security has leveraged a Verizon Samsung femtocell – a small cellular station for extending cell phone coverage range indoors or at the cell edge – to create a relatively cheap cellular intrusion detection system that enables enterprises and private individuals to test their or their employees’ smartphones for malware.
Black Code: Inside the Battle for Cyberspace
If anyone knows what’s really going on in cyberspace and which forces threaten its stability and security, it’s Ronald Deibert and his colleagues from the well known Citizen Lab.
This book couldn’t have been published in a more appropriate moment – just in time for many of the things it reveals to be confirmed by the documents leaked by NSA whistleblower Edward Snowden and the subsequent leaks and revelations they triggered.
Expect more Android security issues in 2013
Android vulnerabilities, increased online banking threats and availability of sophisticated, inexpensive malware toolkits are among the growing concerns cited in Trend Micro’s Q2 2013 Security Roundup Report.
Twitter turns to app-based two-factor authentication
When Twitter finally offered 2-factor authentication for its users in May, many were disappointed by the offering as its usefulness hinged on verification codes being delivered via SMS, and the feature didn’t work with many mobile carriers. But as it turns out, the solution was only temporary, and now a much stronger and easier to use alternative has been added.
Compromising Google Accounts and enterprises via flaw in Android SSO2
When it comes to Android, Google has traded security for convenience, says Tripwire security researcher Craig Young. During his recent presentation at Def Con in Las Vegas, he demonstrated that a security flaw in Android’s single sign-on (SSO) feature can result in attackers compromising users’ Google Apps account and through it even the organization that employs them.
Most companies don’t have data breach cyber insurance
Companies now rank cyber security risks as greater than natural disasters and other major business risks, according to a new Ponemon Institute study. While only 31 percent of companies are insured today, there are a growing number of companies exploring policies. This indicates a larger appetite for financial protection in the wake of a breach.
Analyzing the Fort Disco bruteforce campaign
In recent months, several researchers have highlighted an uptick in bruteforce password guessing attacks targeting blogging and content management systems. Arbor ASERT has been tracking a campaign they are calling Fort Disco that began in late May 2013 and is continuing. They’ve identified six related command-and-control (C&C) sites that control a botnet of over 25,000 infected Windows machines.
Defending against the BREACH attack
When Juliano and Thai disclosed the CRIME attack last year, it was clear that the same attack technique could be applied to any other compressed data, and compressed response bodies (via HTTP compression) in particular. But it was also clear that—with our exploit-driven culture—browser vendors were not going to do anything about. Progress will be made now that there is an exploit to worry about because, this year at Black Hat, a group of researched presented BREACH, a variant of CRIME that works exactly where it hurts the most, on HTTP response bodies.
Linux banking Trojan offered for sale
Windows users are by far the most targeted ones by malware-wielding criminals, but that doesn’t mean that OS X and Linux users should feel impervious.
Security intelligence through configuration auditing
Modern systems have a multitude of configuration elements that, ideally, meet the IT business requirements of the organization. The danger of having poorly configured systems in place is real, due especially to their increasing complexity.
Chrome not the only browser that stores plain-text passwords
When choosing to import his Safari bookmarks and settings into Google’s Chrome browser, software developer Elliot Kember discovered that although it seemed like he could opt out of importing his saved passwords, he had no choice but to do it.
Facebook rolls out Graph Search for English speaking users
Graph Search is still a work in progress, but this is a perfect moment to review privacy settings on your account if you don’t want potentially embarrassing things about yourself to be accessible to anyone.
Reveton changes tack, relies on fake AV
When it comes to the infamous Reveton ransomware, cyber crooks are forever coming up with additional ways to bilk money from users: pairing it up with banking Trojans, playing threatening voice messages, adding password stealing to its arsenal. This time, Reveton does not ask for money to unlock the infected computer’s desktop – in fact, it doesn’t lock it at all.
Secure mail providers close up shop to prevent govt spying
Texas-based secure webmail service Lavabit has unexpectedly closed up shop on Thursday, followed by Washington-based Silent Circle, which has also preemptively shut down Silent Mail, its encrypted email offering.
Beware of bogus Facebook account hack tool offer
If, for whatever reason, you wish to hack into someone else’s Facebook account, searching online for ways to do it will likely bring you grief.
Netwrix updates its configuration auditing software
Netwrix Corporation announced Netwrix Auditor 5.0, a configuration auditing solution for security, compliance and operations across the entire IT infrastructure. It provides alerts on critical changes, such as who changed password policy, and assess system configuration, such as group membership, at any point in time.
NSA sysadmins to be replaced with computers
NSA director and commander of US Cyber Command General Keith Alexander has announced that the intelligence agency is planning to drastically scale down the number of its systems administrators.