Attacks – Page 4 – SWITCH Security-Blog

IT-Security-Links #22

LivingSocial, the ‘daily deals’ site owned in part by Amazon, has suffered a massive cyber attack this week. More than 50 million accounts have been compromised. And again, it’s a good idea to use different passwords (and e-mail addresses) on different sites.
“For Their Eyes Only”: Citizen Lab released a 117-page report about the commercialization of digital spying: “The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.”
One finding in the Citizen Lab report: “We identify instances where FinSpy makes use of Mozilla’s Trademark and Code. The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest.” As a reaction Mozilla has sent Gamma (the FinSpy maker) a cease and desist letter.
Multiple Twitter accounts of The Guardian were hacked. The Guardian said that the attack started with phishing emails to staff. Twitter warns Journalists: “We believe that these attacks will continue“.
The Dutch government has announced plans to give police rights to hack into computers – including those located in foreign countries.
Robert Lemos wrote about the “Five Habits Of Highly …Successful Malware“.

Update

Boston-Spam: Malicious actors are exploiting the Boston Marathon explosions to spread malicious code, the US-CERT warns. The Internet Storm Center provides some details and how the spam campaigns are now changing over to the Waco plant explosion.
WordPress: Securi.net blogged details about the massive brute force attacks against WordPress websites over the past days.
Waiting desperately for Android Security Updates from your carrier? The American Civil Liberties Union has filed a complaint with the US Federal Trade Commission (FTC) concerning this issue.
According to Reuters, China and the United States will set up a working group on cyber-security. “Cyberspace should be an area where the two countries can increase mutual trust and cooperation.”
Symantec published their 58-page Internet Security Threat Report 2013 (PDF). Reviews can be found here and here.

U.S. banking institutions are now in the fifth week of distributed-denial-of-service attacks. Read the Lessons learned on bankinfosecurity.com
A more or less new malware called “Darkleech” infected thousands of Apache servers. The attackers retain control of the servers they infect by replacing the SSH daemon with a modified one. Read in the sucuri.net blog how to identify the infection.
Advanced Persistent Threats get more advanced, persistent and threatening. At least according to John Leyden who reviewed FireEye’s latest advanced threat report.
Even security professionals have bad password security habits. That’s the result of a survey done at RSA Conference 2013.

German:

Der SWITCH-CERT Security- und Privacy-Report (PDF) für März ist zum kostenlosen Download verfügbar.
Wie man USB-Sticks mit TrueCrypt verschlüsselt, dazu gibt es auf botfrei.de eine neue Anleitung.

“The quieter you become, the more you are able to hear.”: BackTrack, the well known tool suite for penetration testing is now called Kali Linux. Read more about what has changed here.
BlackHat: Xavier Mertens blogged a wrap-up of the first day at BlackHat Europe 2013 Security Conference.
Embedded Security: Cisco IP phones have a vulnerability that allows hackers to take complete control of the devices. A new Anti-Malware software which resides directly in the embedded system’s firmware, signal such attacks.
The NIST National Vulnerability Database has been hacked. Some sites have been taken down after malware was identified on a couple of web servers.
IPv6 Vulnerability: Kaspersky Internet Security 2013 freezes Operating System if it receives a crafted IPv6 packet. According to Heise a non-public patch is already available from Kaspersky.

German:

Wer kostenpflichtig Antivirenprodukte von Avast erworben hat, findet seine Kundendaten im Netz wieder. Und zwar inklusive Anschrift, Bankverbindung, Geburtsdaten sowie gehashtem Passwort. Wie letzte Woche schon beim Evernote-Case angemerkt: Betroffene Passwort-Reuser sollten ihre Passwörter auch andernorts ändern.

Pwn2Own: The results from the annual Pwn2Own hacking contest held at the CanSecWest Security conference in Vancouver are in.
Evernote hacked: The company is now officially a member of the recently attacked. Hackers gained access to user details including email addresses, usernames and encrypted passwords (with salt). Evernote wisely decided to carry out a password reset for all users. But as an Evernote user you should check if you use the same userid and password elsewhere.
You don’t worry about computer viruses because you’re using a Mac? Then I recommend this Network World article about Java and Flash vulnerabilities.
How to install malware on your system with a signed JAR file? A lesson about certificate revocation lists.

German:

Das SWITCH-CERT war diese Woche im Schweizer Fernsehen: Rundschau vom 6. März auf SRF (Bericht ab 20’40”)
Unser monatlich erscheinender SWITCH-CERT Security- und Privacy-Report (PDF) ist neu in der Ausgabe Februar 2013 verfügbar!
Am 25.3. gibt es abends einen SWITCH-CERT Vortrag zum Thema IPv6-Security und -Hacking in Zürich. Anmeldung hier.

Rapid 7 released a whitepaper about Universal Plug and Play Security Flaws as a result of a research project. They found millions of devices on the internet to be at risk. An UPnP FAQ is available here.
Contemplating the value of Antivirus in the context of targeted attacks: A nice overview of recent articles and a whitepaper done by the ncc group.
After the recent Security Alerts for Java: Watch out for fake Java updates! Microsoft warns their users.
The New York Times reports in detail how Chinese hackers have persistently attacked them over the past month. And the Wall Street Journal goes one better.
“Pentagon’s new massive expansion of ‘cyber-security’ unit is about everything except defense”, The Guardian says.
10th Anniversary of the Slammer Worm: A nice recapitulation by fsecure.

29c3 “Not My Department”: Lots of Conference Videos of the 29th installment of the Chaos Communication Congress are available for download.
And Stefano Ortolani wrote a report on the Chaos Communication Congress (securelist.com).
The Georgia Tech Cyber Security Summit released their 9-page Emerging Cyber Threats Report 2013 (PDF), a digest can be found here.
Turktrust CA: krebsonsecurity and nakedsecurity work off the latest Certificate Authority incident
EC³: New European Cybercrime Centre based at Europol headquarters in The Hague launched today.
Java vulnerable: A new Java zero-day vulnerability has been found. Another good reason to disable Java in your browser. (German readers find our tips here!)
Now online: the latest SWITCHcert Security Report (german)