- Zero Days: Symantec’s Endpoint Protection
- UK Man Indicted in U.S. for Hacking
- Contractor Hacked, Satellite Data Breached
- 1 Dead, 3 Hurt after Fish Oil Plant Blast
- Innominate Patches mGuard Hole
- Chemical Plants ‘Effectively Unregulated:’ Report
- Proactive Safety: Utility to Harden Lines
- Six Men Charged in Cyber Theft
Chemical Safety Incidents
Posts Tagged ‘social media’
Monday, June 9, 2014 @ 11:06 AM gHale
Attackers are exploiting commonly-used business applications to bypass security controls, a new report said.
Common sharing applications such as email, social media, and video remain the attack vehicles of choice for cybercriminals, but are often only the start of multi-phased attacks rather than the focus of threat activity, according to Palo Alto Networks’ Application Usage and Threat Report.
In one part of the report, 34 percent of the 2100 applications observed use SSL encryption. As a result, network administrators are unaware of what applications on their networks use unpatched versions of OpenSSL, which can leave them exposed to vulnerabilities such as Heartbleed.
In addition, Palo Alto Networks found 99 percent of all malware logs ended up generated by a single threat using UDP; attackers also use applications like FTP, RDP, SSL, and NetBIOS to mask their activities.
It is one thing to point out weaknesses, but it is another to offer ways to correct them. Palo Alto Networks said areas enterprises could improve include:
• Deploy a balanced safe enablement policy for common sharing applications. The way to ensure success is documentation of the policies, education of users, and periodically updating the policy.
• Control unknown traffic. Every network has unknown traffic that is small, averaging 10 percent of bandwidth, researchers said. This high-risk traffic can end up controlled. Controlling unknown UDP/TCP will cut out a significant volume of malware.
• Determine and selectively decrypt applications that use SSL. Selective decryption, in conjunction with enablement policies, can help businesses uncover and eliminate potential hiding places for cyber threats.
The Application Usage report comes from raw data occurring from activity happening on enterprise networks, and not through a user-based survey. The data gathered for the reports comes from evaluation units of the company’s firewalls deployed at potential customer locations. This most recent report ended up based on analysis of traffic data collected from 5,500 network assessments and billions of threat logs over a 12-month span between March 2013 and March 2014, the company said.
Click here to view the report visualization.
Friday, September 27, 2013 @ 06:09 PM gHale
Knowing compromised social media accounts can be highly valuable, cyber criminals are leveraging those accounts for reconnaissance and future attacks, a new report said.
That was just one of the findings in the IBM X-Force Research and Development team’s 2013 mid-year report on cyber security trends and risks. The results of the study are from the analysis of 4,100 new vulnerabilities, and 900 million new webpages and images.
“IBM X-Force expects to see these newer applications of social engineering become more sophisticated as attackers create complex internetworks of identities while refining the art of deceiving victims,” said Leslie Horacek, worldwide threat response manager for IBM X-Force and senior editor of the report on a blog.
“Users must adopt a mindset of guilty until proven innocent when it comes to social media and companies should engender suspicion to protect users and assets,” she added.
As far as vulnerabilities go, researchers found the number of new vulnerabilities reported in the first half of 2013 was similar to the number reported last year. However, the amount of web application vulnerabilities slightly decreased this year.
When it comes to web vulnerabilities, cross-site scripting (XSS) remains the most common type, accounting for over half of all security holes.
In 28 percent of the cases, successful exploitation of a vulnerability resulted in gaining access to a system or application.
The report names the United States as the country that hosts most malicious links at 42 percent. Germany (9.8 percent), China (5.9 percent) and Russia (4.5 percent) all follow the U.S.
The IBM X-Force report also covers mobile malware, watering hole attacks, Zero Day attacks, and distraction and diversion techniques.
Click here to download the complete report.
Friday, September 20, 2013 @ 06:09 PM gHale
Cyber threats are continuing to grow and get more sophisticated, a new report said.
Along those lines, there has been an increase in threats to the infrastructure through targeted attacks; mobile devices, and social media identity thefts carried out by cyber-criminals over Cloud services, according to the ENISA’s interim Threat Landscape 2013 report.
Some key trends identified in the study:
• Cyber-criminals increasingly use advanced methods to implement attack vectors that are non-traceable and difficult to take down. Anonymization technologies and peer-to peer systems play an important role in this. It is clear cyber criminals are increasingly exploiting mobile technology. Threats of all kinds encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
• The wide spread usage of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
• The availability of malware and cyber hacking tools and services, together with digital currencies and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.
There is a real possibility of large impact events when attacks combining various threats successfully launch.
As reported by ENISA in its report on major cyber attacks, cyber attack is the sixth most important cause of outages in telecommunication infrastructures, and it has an impact upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, there has been an increase in infrastructure threats in 2013, the report said.
The study identifies the following top threats with major impact since 2012:
Drive-by-exploits: Browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.
Code Injection: Attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber criminals. Cloud service provider networks see use as host tools for automated attacks.
Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.
A full ENISA Threat Landscape 2013 report is due by the end of the year.
This short, interim report informs security stakeholders as early as possible about developments in cyber threats, so that they are able to take countermeasures,” said Professor Udo Helmbrecht, the ENISA executive director.
Tuesday, August 20, 2013 @ 05:08 PM gHale
A California-based firm that two years ago used browser plugins to deliver ads by injecting them into Facebook and Google pages is working a similar program, researchers said.
At the time, the company, Sambreel, named the two plugins “PageRage” and “BuzzDock,” but today their names are “Easy YouTube Video Downloader” and “Best Video Downloader” which are part of a software browser tool suite provided by two subsidiaries of Sambreel, said the researchers from UK-based Spider.io.
“When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages,” the researchers said. “These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union.”
In one example, the injected ad sports a fake alert saying the user should update their Java, but clicking on the “OK” button will take them to a third-party site, the researchers said.
“This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these,” the researchers said. So, not only does the company hurt legitimate advertisers, but random users as well.
According to BBC News, one of the Sambreel subsidiaries said it discontinued one of the browser plugins, but that only occurred after the researchers made the company’s actions public.
A Google spokeswoman said the company is aware of the practice and banned all of them from using Google’s monetization and marketing tools.
According to Spider.io, 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this.
Monday, August 19, 2013 @ 04:08 PM gHale
Newer versions of the ZeuS malware are doing much more than just stealing sensitive information from computers.
One variant of the malware uses compromised systems to check for availability of Instagram usernames, said researchers at RSA.
Once it lands on a computer, the malware downloads several additional components. The hashes of the threat change often to avoid detection by antivirus solutions, but the size of the file is always the same.
After the additional malicious components end up downloaded and installed, ZeuS performs search engine queries, most likely in an effort to promote malicious websites in search engine results.
Then, it starts checking for the availability of Instagram usernames via the social media network’s mobile API.
“For servers and virtual machines running Windows operating systems, Instagram API calls are pushed into Instagram by spoofing User-Agent strings in an attempt to disguise the traffic as a Smartphone running an Android operating system,” said RSA senior researcher “Fielder.”
The threat checks usernames comprised of a dictionary word followed by a series of four or more random characters.
Experts believe the malware is checking the availability of Instagram usernames in an effort to create an army of fake Instagram users that can later end up sold as followers to individuals or organizations that want to boost their popularity.
In addition to checking for usernames, the malware is also capable of automatically liking photos posted on other Instagram accounts.
“The latest Zbot variant appears to be upping its game with new features and functionality. Search engine optimization abuse and Instagram account abuse could just be the beginning,” “Fielder” said.
Thursday, August 8, 2013 @ 07:08 PM gHale
In what has potential privacy issues written all over it, the U.S. Secret Service wants to improve the way it monitors social media and collects information from “open sources” on the Internet and elsewhere.
The Secret Service issued a solicitation July 29, completely for small business, for a software tool that can gather intelligence from a diverse group of publicly-available sources.
“The Government is seeking licenses for software solutions involving, but not limited to, real-time open source intelligence monitoring,” said the agency’s solicitation document.
The Secret Service, which typically would post the “statement of work” for a required contract on the FedBizOpps Web site, in this case is being more reticent in sharing the complete description of the required effort by the selected contractor. “The full Statement of Work (SoW) is being made available only to contractors that respond to this notice/solicitation…,” the Secret Service request said.
The agency envisions a firm-fixed-price contract that will cover a one-year base period of performance (running from Sept. 1, 2013 through August 31, 2014), plus four separate one-year option periods.
Even though no commercial company is currently performing this work, the Secret Service indicated in its solicitation the technical requirement itself is not new.
“There is not an incumbent contractor associated with this work,” said the agency, in reply to a prospective vendor’s question, adding, “This is not a brand-new requirement, as indicated in the solicitation.”
Tuesday, June 11, 2013 @ 03:06 PM gHale
In the cyber world Trojans usually live a short life and then new ones quickly replace them, but Zeus/Zbot continues moving forward with its variants continuing to perfect man in the middle (MitM) attacks, log keystrokes and grab information entered in online forms.
This Trojan usually spreads in exploit kits via drive-by-downloads, phishing schemes, and social media, however, Trend Micro researchers just found a variant that uses removable drives as another attack vector.
In this case, the malware variant delivers via a malicious PDF file disguised as a sales invoice document.
Potential victims that attempt to open the file with Adobe Reader get a notice saying it cannot open because “use of extended features is no longer available.”
But in the background, the malware has already silently dropped onto the system and run.
It first contacts its C&C center to download an updated copy of itself (if there is one available), but immediately after it checks whether there are any removable drives connected to the computer, and if there are, it drops a copy of itself in a hidden folder, then creates a shortcut to it.
Thursday, May 23, 2013 @ 03:05 PM gHale
As manufacturing automation firms work social media closer into their enterprise, security has to beef up even more. One of those social media outlets, Twitter, is looking to hike its security posture by introducing two-factor authentication.
Its two-factor authentication, which Twitter calls “login verification,” will make it more difficult for the bad guys to take over an account.
Twitter users can now opt in to login verification by checking the box under “Account security” on their account settings page. Once they add their mobile phone number to their account and activate login verification, they will have to enter a six-digit code sent by SMS in addition to their password every time they log into the service.
Users can generate a temporary password to authorize applications for Twitter and other devices when using two-factor authentication. Even if users have activated login verification, they should still use a strong password that is difficult to guess, said Jim O’Leary, a member of Twitter’s security team.
In the last few weeks, Josef Blatter, FIFA, the BBC, CBS, The Associated Press, the Guardian and the Financial Times have been just some of the victims of hacked accounts. A group called the Syrian Electronic Army claimed responsibility for the attacks, accusing western media of spreading wrong information about the civil war in Syria. The attack on AP ended up with its official Twitter account sending out false reports of explosions in the White House that injured President Barack Obama.
While not perfect, the new two-factor authentication mechanism is a good step toward a secure Twitter experience.