07 June 2013

Chinese hacked Obama, McCain campaigns, took internal documents, officials say

The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking  units backed by the People’s Republic of China, prompting  high level warnings to Chinese officials to stop such activities,  U.S. intelligence officials tell NBC News.
....
“There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue,” said Shawn Henry, who headed up the FBI’s probe of the 2008 attacks as the bureau’s chief of cyberinvestigations. 


Click here to read more ....

Microsoft and FBI strike blow against $500m cyber crime ring

Microsoft and the FBI say they have significantly disrupted a ring of botnets that has stolen $500 million in the last 18 months. 

The Citiadel botnet ring was made up of 1,400 individual botnets - networks of malware-infected PCs

....The ring had amassed some 5 million infected machines in over 90 countries. Organisations affected include American Express, Bank of America, Citigroup, Credit Suisse, PayPal and HSBC......

.....Citadel was developed using augmented source code from the Zeus toolkit. .....

....“Creating successful public-private partnerships –in which tools, knowledge and intelligence are shared– is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI," McFeeley said......

Click here to read more ....

06 June 2013

Hackers to be denied US entry under House cyber security Bill

.....Computer hackers who target US agencies and companies on behalf of countries such as China and Russia would be denied entry into the US and have their bank accounts frozen under legislation to be unveiled on Thursday.....

....This is putting a face to the criminals, Knight said in an interview. If you’re a foreign agent working on behest of a nation and participating in cybercrime, you will not be allowed a visa into the country, nor will your family.....


Click here to read more..

05 June 2013

Researchers prove that light, sound can activate mobile malware


....Researchers have discovered a way to trigger and control malware on smartphones using sensory channels, like light, vibrations, music or other sounds...

.....The paper, titled “Sensing-Enable Channels for Hard-to-Detect Command and Control of Mobile Devices,” described one example in which music that blares from a speaker could cause compromised smartphones to carry out malicious activities at a sports event.
Attackers could instruct the malware to perform actions such as launch distributed denial-of-service attacks, interfere with other non-mobile networks in range....
...So, if an attacker was clever enough to make use of these tricks, it would make for an interesting story, or possibly bragging rights, but wouldn't give them a pass to wreak havoc undetected.

Drupal breach compromises nearly one million accounts

.....Hackers ransacked the servers of Drupal.org, an open source content management platform, to plunder the sensitive information of nearly one million accounts. .....

......In a Wednesday blog post, Ross said usernames, email addresses, country information, and hashed passwords were exposed in the incident. All passwords were hashed, while only some were salted, an additional security layer where a sequence of symbols is added to passwords before they're hashed......

......As a safety measure, the company reset all passwords for its nearly one million accounts. ......

04 June 2013

Cyber War: U.S. Electric Grid is Riddled With Cyber Security Holes

.....a report released by Reps. Ed Markey (D-Mass.) and Henry A. Waxman (D-Calif.), it had been discovered that malicious computer worms have been attacking electric grids, causing the companies involved to have losses in both energy and money.....

......A computer worm has the ability to replicate itself, allowing the worm to create hundreds or even thousands of copies of itself. However, consuming too much system memory could lead to network servers, Web servers, and the like to becoming unresponsive....

.....To control this issue, he says to "install firewalls, apply patches and to always perform upgrades." If something isn't done soon, the nation could be at risk for a massive power outage, resulting in millions going without the basic needs that electricity satisfies.....

Click here to read more ....

McAfee: Cyber criminals using Android malware and ransomware the most


 .....the company witnessed a 40 increase in Android malware, a near-300-percent jump in instances of Facebook-threat Koobface, and a steady rise in ransomware and reported infections. Add to that an increase in AutoRun malware, malware that attacks MBRs (master boot records), and a doubling of spam worldwide, and the state of security looks bleak.....

....Among the key findings in report, McAfee revealed that it now has a total of 50,926 mobile malware samples in its database, 28 percent of which arrived this year.....

.....McAfee has witnessed more instances of malicious spyware being combined with botnets. Among them is Android/Ssucl.A, a Trojan that poses as a system cleanup utility but is really a botnet client. It not only steals user and SMS data, it also launches phishing attacks for Dropbox and Google log-ins. It tries to infect PCs using an autorun.inf attack too.....

....... "Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly targeted attacks are achieving new levels of sophistication.".....

Click here to read more ....

Now LinkedIn rolls out two-factor authentication


LinkedIn is the latest website to add two-factor authentication as a measure to prevent account takeovers....

.....The feature works similarly to the two-step verification recently pushed out by Twitter, which had been experiencing high-profile account compromises......

.......The site's more than 200 million members can enable the capability by visiting "Settings," then selecting the "Account" tab and clicking "Manage Security Settings.".......

Click here to read more.