Thai government websites hit by denial-of-service attack

BBC News

Date Published: 1 October 2015

Excerpt:

"Several Thai government websites have been hit by a suspected distributed-denial-of-service (DDoS) attack, making them impossible to access.The sites went offline at 22:00 local time (15:00 GMT) on Wednesday.  Access was restored by Thursday morning.  It appeared to be a protest against the government's plan to limit access to sites deemed inappropriate. Tens of thousands of people have signed a petition against the proposal they call the "Great Firewall of Thailand"."

To read the complete article see:

<http://www.bbc.co.uk/news/world-asia-34409343>


How worried is Silicon Valley about Safe Harbour?

BBC News

Date Published: 7 October 2015

Excerpt:

"The Safe Harbour ruling made on Tuesday has potentially big implications for some giants of Silicon Valley when it comes to how they look after our private data. Safe Harbour was designed as a "streamlined and cost-effective" way for US firms to get data from Europe without breaking its rules. Companies in the US were able to self-certify that they had put the appropriate data privacy measures in place.   In the wake of the Snowden allegations, the top European court has ruled that Safe Harbour is invalid.   The question is - what's changed? I've spent the day canvassing the views of firms in Silicon Valley. Most didn't want to talk on the record and were taking a wait-and-see approach as to what happens next.  Of those that did have something to say, here's a selection."

To read the complete article see:

<http://www.bbc.co.uk/news/technology-34461682>


Vigilante Malware, Dark Knight or Dangerous Joke?

Team Cymru Blog

Date Published: 6 October 2015

Excerpt:

"It’s hard not to like the Batman story. Bruce Wayne, billionaire, playboy, philanthropist, bypasses the ineffectual and corrupt establishment to take the fight to the baddies. There’s something romantic about the notion of taking matters into your own hands and getting stuff done where others can’t.  Now, according to research by Symantec, it seems we have our very own virtual vigilante. Thousands of home routers and other devices have been found to be infected with the, seemingly benevolent, Linux.Wifatch malware.  Reports say that analysis of the code hasn’t revealed any modules linked to malicious activity. Quite the opposite, the malware actually applies security fixes. As a side note, what do we even call malware that doesn’t appear to be harmful? Benware?   Of course, it’s fairly common for attackers to close the hole they used to break into a system, so they can operate the compromised machine in peace, unhindered by other actors.  In this case, however, there’s no evidence that the malware author has abused the access that they’ve gained. Wifatch isn’t even particularly quiet about its presence on a device. For example, once it kills a Telnet process, it displays a message containing helpful security advice on subsequent login attempts.  So, who is the coder behind the mask, and what are their intentions? We don’t know, and therein lies the problem."

To read the complete article see:

<https://blog.team-cymru.org/2015/10/vigilante-malware-dark-knight-or-dangerous-joke/>


Do Attribution and Motives Matter?

Kyle Wilhoit, TrendLabs Security Intelligence Blog (Trend Micro)

Date Published: 6 October 2015

Excerpt:

"Whenever people think of APTs and targeted attacks, people ask: who did it? What did they want? While those questions may well be of some interest, we think it is much more important to ask: what information about the attacker can help organizations protect themselves better?

To read the complete article see:

<http://blog.trendmicro.com/trendlabs-security-intelligence/do-attribution-and-motives-matter/>


Ticked Off: Upatre Malware’s Simple Anti-analysis Trick to Defeat Sandboxes

Richard Wartell, Research Center Blog (Paloalto)

Date Published: 6 October 2015

Excerpt:

"The Upatre family of malware is frequently updated, with the authors adding new features and protecting the malware from detection in various ways. If you aren’t yet familiar with Upatre, it’s one of the most common downloaders in the wild today, typically infecting systems through phishing e-mails and downloading the Dyre banking Trojan to steal victim’s credentials. Recently, the authors of Upatre added a very simple anti-analysis measure in an attempt to defeat sandboxes, which dynamically analyze executables to identify malicious behavior.

The new anti-analysis trick involves using the Windows API GetTickCount.

GetTickCount returns the number of milliseconds that the system has been alive, up to a maximum of approximately 49 days. Programs can use this value to determine how long a system has been running and make decisions based on that value. The following image shows Upatre executing these instructions inside of a debugger:

The code calls GetTickCount and compares the returned value to 0xAFE74  (720,500 milliseconds, or ~12 minutes). If GetTickCount returns a value less than 0xAFE74, Upatre determines that the system has been running for less than 12 minutes and exits."

 To read the complete article see:

<http://researchcenter.paloaltonetworks.com/2015/10/ticked-off-upatre-malwares-simple-anti-analysis-trick-to-defeat-sandboxes/>


Journalist guilty of helping Anonymous deface Los Angeles Times

Dave Lee, BBC News

Date Published: 8 October 2015

Excerpt:

"An American journalist has been found guilty of helping hacktivist group Anonymous deface the website of the Los Angeles Times.  Prosecutors said Matthew Keys, 28, provided the hackers a password to access systems belonging to Tribune Co, the newspaper's parent company.   Prosecutors said Keys used online chat channels to encourage the hacktivists.   Sentencing will take place in January, but he is not expected to receive the maximum possible sentence of 25 years.  A spokesman for the US Justice Department told Reuters the sentence would likely be less than five years."  

To read the complete article see:

 <http://www.bbc.co.uk/news/technology-34471982>


Hackers who targeted LoopPay may be looking to track individuals

Stephen Lawson, ComputerWorld

Date Published: 7 October 2015

Excerpt:

"The security breach at Samsung subsidiary LoopPay was probably more about spying than about gathering consumer data for profit, and the worst could be yet to come, a security analyst said Wednesday.  Samsung acknowledged the attack on LoopPay, which it acquired in February for technology that it uses in its Samsung Pay service. It said hackers only breached LoopPay's office network, not systems used by Samsung Pay. The affected servers have been isolated and no personal payment information was put at risk, according to Samsung.  However, if the breach was carried out by the notorious Codoso Group in China, as The New York Times reported, it probably wasn't intended to steal consumer data for sale, said Ken Westin, a senior security analyst at threat-detection software company TripWire."

To read the complete article see:

<http://www.computerworld.com/article/2990481/security/hackers-who-targeted-looppay-may-be-looking-to-track-individuals.html>


Windows Phone Store Distributes Fake Apps Infected with Adware

Catalin Cimpanu, Softpedia

Date Published: 6 October 2015

Excerpt:

"After the Apple App Store and the Google Play Store were used to distribute all kinds of malware to users' phones, it seems that now's the time for Microsoft's Windows Phone Store to be abused as well.  While Apple and Google's stores were used to push quite dangerous malware, Microsoft's store seems to be affected by a much less critical issue, allowing developers to upload fake apps that only force-feed users with adware.  According to Avast, Windows Phone users are in danger of being duped into installing fake apps that are repackaged versions of legitimate applications, retooled to serve ads and redirect users to buy or download specific products."

To read the complete article see:

<http://news.softpedia.com/news/windows-phone-store-distributes-fake-apps-infected-with-adware-493851.shtml>


Kemoge Android Adware Campaign Can Lead to Device Takeover

Michael Mimoso, Threat Post (Kaspersky Labs Blog)

Date Published: 7 October 2015

Excerpt:

"Google has been busy removing a number of apps from Google Play that are disguised as popular selections that are actually pushing what starts out as adware but eventually turns more malicious.  Google has already yanked down a file-transfer app called ShareIt, developed by Zhang Long of China, who was posting benign versions of his app to Google Play, but hosting malicious versions on third-party sites.  The Google Play version contacted the same command and control server as the malicious samples, but was stripped of eight root exploits that targeted either certain Android devices from different manufacturers, or certain kernel-level vulnerabilities.   FireEye uncovered the campaign, which is called Kemoge because its command and control domain is aps[.]kemoge[.]net. Researchers there said Kemoge has certain behaviors—one sample uninstalls antivirus protection on the device—that could lead to complete takeover of an Android device; FireEye said it has identified victims in 20 countries, some in critical industries including government agencies."

To read the complete article see:

<https://threatpost.com/kemoge-android-adware-campaign-can-lead-to-device-takeover/114946/>


Hacking enterprise wireless Printers with a drone or a vacuum cleaner

Pierluigi Paganini, Security Affairs

Date Published: 7 October 2015

Excerpt:

"A group of researchers from the iTrust, a research center at the Singapore University of Technology and Design, has demonstrated how to use a Drone to intercept wireless printer transmissions from outside an office building. The drone carries a smartphone which runs two custom apps that are capable of intercepting wireless traffic of the printer which contain sensitive data

To read the complete article see:

<http://securityaffairs.co/wordpress/40813/hacking/hacking-wireless-printers-drone.html>


Zero-Day Exploit Found in Avast Antivirus

Catalin Cimpanu, Softpedia

Date Published: 7 October 2015

Excerpt:

"One of Google's security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched.

The researcher is Tavis Ormandy, one of Google's Project Zero engineers, the same man that discovered a similar zero-day exploit in Kaspersky's antivirus exactly a month ago.   According to Ormandy's research, the bug manifested itself when users would access Web pages protected through HTTPS connections.  Avast was performing a "legal" MitM for SSL connections.   Because the Avast antivirus would tap into encrypted traffic so it could scan for threats but was using a faulty method for parsing X.509 certificates, this would have allowed attackers (if aware of the issue) to execute code on the users' computer."

To read the complete article see:

<http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-493958.shtml>


Backdoor in Cisco's WebVPN Service Allowed Hackers to Steal Corporate Passwords

Catalin Cimpanu, Softpedia

Date Published: 9 October 2015

Excerpt:

"Cisco's Web-based VPN service has been dealt a heavy blow by security researchers at Volexity which found at least two methods through which hackers installed backdoors on the service, stealing corporate accounts passwords as employees were logging into their accounts.  The backdoors were loaded through different snippets of JavaScript code loaded on Cisco's ASA WebVPN service, performing a simple XSS attack on the logon.html page, right where corporate users were entering their username and password combos.   Attackers were exploiting the CVE-2014-3393 vulnerability to load these JavaScript snippets, and then they were modifying the login page so they could record what users typed in the login fields."

To read the complete article see:

<http://news.softpedia.com/news/backdoor-in-cisco-s-webvpn-service-allowed-hackers-to-steal-corporate-passwords-494161.shtml>


Apple removes some apps from online store over security concerns

Julia Love, Reuters

Date Published: 8 October 2015

Excerpt:

"Apple Inc said on Thursday that it had removed "a few" applications from its App Store, expressing its concern that the security of some users' personal data could be compromised in certain circumstances.  The company said the apps threatened users' security by installing certificates that can expose data to monitoring by third parties. The company did not specify the precise number of apps at issue.  "Apple is deeply committed to protecting customer privacy and security,"  an Apple spokeswoman said in a statement. "We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.""

To read the complete article see:

<http://www.reuters.com/article/2015/10/09/us-apple-apps-privacy-idUSKCN0S307V20151009>


Code Signing certificates becoming popular cybercrime commodity

Pierluigi Paganini, Security Affairs

Date Published: 9 October 2015

Excerpt:

"A recent phenomenon tracked by IBM Security X-Force researchers is the CaaS (Certificates as a service). Cybercriminals would use the Dark Web for selling high-grade code certificates -which they have obtained from trusted certificate authorities- to anyone that is interested in purchasing them.  Sales of code signing certificates have increased considerably over the past few months, according to X-Force researchers who have also provided some best practice guides on checking for trusted certificates."

To read the complete article see:

<http://securityaffairs.co/wordpress/40866/cyber-crime/code-signing-certificates.html>


How to NOT be a Victim of Social Engineering [Infographic]

Marc Larson, Cyveillance Blog (QinetiQ)

Date Published: 8 October 2015

Excerpt:

"Despite spending millions of dollars on state-of-the-art perimeter and end-point security controls, determined actors are still finding their way inside company networks every day by exploiting the human factor.  While bad actors have many techniques for attacks at their disposal, social engineering is still one of the most effective means of compromise. In fact, recent security studies suggest that just one percent of employees are responsible for 75 percent of enterprise security risks. This includes users sharing plain-text passwords via email, accidentally downloading malware, clicking on phishing links, using risky applications, reusing passwords, and engaging in other types of dangerous behaviors.

To read the complete article see:

<https://blog.cyveillance.com/how-to-not-be-a-victim-of-social-engineering/>


The malicious side of online ads - how unpatched servers hurt us all

Paul Ducklin, Naked Security (Sophos Blog)

Date Published: 8 October 2015

Excerpt:

"You've almost certainly heard or seen the word malvertising. Here's the way malvertising often plays out: You visit an unexceptionable web page - one that your IT department approves of. Heck, maybe even one the IT guys read themselves.  The page content appears just fine and dandy, so you start reading it.  The page includes a few ads, which you sometimes glance at, but mostly tend to ignore. As the ads start to appear...BOOP! Your anti-virus pops up! Malicious content via one of the ads!  That's malvertising, and cybercrooks love it.  Firstly, it's almost as good as hacking the site on which the malicious ads appear, without actually having to break into that brand's web servers at all."

To read the complete article see:

<https://nakedsecurity.sophos.com/2015/10/08/the-malicious-side-of-online-ads-how-unpatched-servers-hurt-us-all/>


Thai military's plan for 'Great Firewall' risks Internet competition

Date Published: Thursday October 8, 2015 MYT 4:14:00 PM

Excerpt :

A proposal by Thailand's junta for a single Internet gateway to allow authorities to monitor content would destroy competition and was reminiscent of the most authoritarian measures to stifle free speech, a former information minister said.

For more info:

http://www.thestar.com.my/Tech/Tech-News/2015/10/08/Thai-militarys-plan-for-Great-Firewall-risks-Internet-competition/


ATM Skimmer Gang Firebombed Antivirus Firm

Brian Krebs, KrebsOnSecurity

Date Published: 29 September 2015

Excerpt:

"It’s notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs.  The threats began not long after December 18, 2013, when Russian antivirus firm Dr.Web posted a writeup about a new Trojan horse program designed to steal card data from infected ATMs. Dr.Web received an email warning the company to delete all references to the ATM malware from its site.  The anonymous party, which self-identified as the “International Carders Syndicate,” said Dr.Web’s ATM Shield product designed to guard cash machines from known malware “threatens activity of Syndicate with multi-million dollar profit.”

...

In an interview with KrebsOnSecurity, Dr.Web CEO Boris Sharov said the company did not comply with the demands. On March 9, 2014, someone threw a Molotov cocktail at the office of a third-party company that was distributing Dr.Web’s ATM Shield product. Shortly after that, someone attacked the same office again. Each time, the damage was minimal, but it rattled company employees nonetheless."

To read the complete article see:

<http://krebsonsecurity.com/2015/09/atm-skimmer-gang-firebombed-antivirus-firm/>


European aviation body warns of cyber-attack risk against aircraft

Rene Millman, SC Magazine

Date Published: 12 October 2015

Excerpt:

"The chief of Europe's top airline safety agencies warned that cyber-criminals could hack into critical systems on an airplane from the ground.  Patrick Ky, director of the European Aviation Safety Agency, told European aviation journalists at a meeting of the Association des Journalistes Professionnels de l'Aéronautique et de l'Espace (AJPAE) that his organisation had hired a penetration tester to find and exploit vulnerabilities in the ACARS (Aircraft Communications Addressing and Reporting System) used to transmit messages between aircraft and ground stations."

To read the complete article see:

<http://www.scmagazineuk.com/european-aviation-body-warns-of-cyber-attack-risk-against-aircraft/article/444487/>


Dow Jones & Company experiences data breach

Karl Thomas, WeLiveSecurity

Date Published: 12 October 2015

Excerpt:

"Dow Jones & Company has become the latest big name victim of a cyberattack, the publishing and financial information firm revealed in a letter to its customers.  It explained that it had recently discovered that “unauthorized access”  to its systems had taken place, possibly compromising as many as 3,500 individuals.  While it has yet to find any evidence that suggests data – such as card details and contact information – has been stolen, it is adopting an extremely cautious approach.  Both current and former customers are being provided with information documenting the kind of “support” that will be available to them as a result of this incident."

To read the complete article see:

 <http://www.welivesecurity.com/2015/10/12/dow-jones-company-experiences-data-breach/>


Cyber insurance premiums rocket after high-profile attacks

www.thestar.com.my

Date published : Monday October 12, 2015 MYT 3:56:00 PM

Excerpt :

A rash of hacking attacks on US companies over the past two years has prompted insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover.

For more info :

http://www.thestar.com.my/tech/tech-news/2015/10/12/cyber-insurance-premiums-rocket-after-high-profile-attacks/


Cyber-attack warning after millions stolen from UK bank accounts

www.theguardian.com

Date Published : Tuesday 13 October 2015 22.04 BST

Excerpt :

Top crime agency delivers advice after virus used to access online banking details, with UK losses estimated to hit £20m.

For more info :

http://www.theguardian.com/technology/2015/oct/13/nca-in-safety-warning-after-millions-stolen-from-uk-bank-accounts?CMP=share_btn_tw


IGP wants UKM to provide courses on cyber threats

www.thestar.com.my

Date published : Saturday October 24, 2015 MYT 12:00:00 AM

Excerpt :

Police are looking into collaborating with Univer­siti Kebangsaan Malaysia (UKM) to provide courses focused on increa­sing officers’ capacity in handling cyber security and cyber crimes.

For more info:

http://www.thestar.com.my/News/Nation/2015/10/24/IGP-wants-UKM-to-provide-courses-on-cyber-threats/


TalkTalk gets ransom demand after hit by cyberattack

www.thestar.com.my

Date published : Friday October 23, 2015 MYT 9:27:00 PM

Excerpt :

British broadband provider TalkTalk said it had received a ransom demand from an unidentified party claiming responsibility for a cyberattack that could have led to the theft of personal data from its more than 4 million customers.

For more info :

http://www.thestar.com.my/Tech/Tech-News/2015/10/23/TalkTalk-gets-ransom-demand-after-hit-by-cyberattack/>