27 October 2011

DUQU: The precursor to the next Stuxnet



Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors, or those that have access to the Stuxnet source code, and appears to have been created after the last
Stuxnet file we recovered. Duqu’s purpose is to gather intelligence data and assets from entities such as industrial infrastructure and system manufacturers, amongst others, in order to more easily conduct a future
attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on various industries, including industrial control system facilities.  Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not selfreplicate. Our telemetry shows the threat has been highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other  organizations in a similar manner with currently undetected variants

.....


Duqu uses HTTP and HTTPS to communicate to a command and control (C&C) server at 206.183.111.97, which  is hosted in India.  As of October 18th this IP is inactive. To date this is the only C&C IP encountered and is a reliable indicator of Duqu activity on a network. Through the command and control server, the attackers were able to download additional executables, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly  encrypted and compressed local file, and then must be exfiltrated out. In addition to this infostealer, three more DLLs were pushed out by the C&C on October 18th.




Click here for full report 

Solutions : www.xcyss.in

Operation DarkNet: A Good Start, But There is More to Do


I saw in the news that Anonymous (factions thereof) have decided to go after the pxxdophiles using the hidden wiki and the “DarkNet” for their purulent files. The hack on the Lxlita City site was a success in that they got hold of user names and passwords.
Due to the nature of the site and its being in the hidden wiki (DarkNet) it is tough to know exactly where the systems sit that house/host the content, but, it seems that through certain techniques using TTL, they pretty much have a good idea of where the server may sit in the continental US

Click here to read more .

Solutions : www.xcyss.in

Hackers Interfered With Two U.S. Satellites, Draft Report Says

Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to the final draft of a report by a congressional commission
....


A Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, according to the report.
Hackers interfered with a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October of that year, the draft says, citing a closed-door U.S. Air Force briefing.
The draft report doesn't elaborate on the nature of the hackers' interference with the satellites
....
The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly managed by NASA and the U.S. Geological Survey, only after tracking the 2008 breach.

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/10/26/bloomberg_articlesLTOTAZ6K50YS.DTL#ixzz1bzZSNTkZ




 Solutions : www.xcyss.in

Israeli gov nabs 6 for leaking population register

An employee of the Israeli Social Affairs Ministry has been arrested on suspicion of copying the personal details of nine million citizens listed in the population registry, according to the Justice Ministry.
...

LITA said the employee stole the information, which included names, identification numbers, addresses, birth dates and relationships, and kept a copy of it at his home. After the man had been let go from his job, he gave a copy of the stolen data to a business associate, who passed it on to other people, who also passed it on, until it reached someone who created a software program called Agron 2006 with the information.
The Agron 2006 program allowed users to query the information of any of the listed citizens and was widely available to the public on file-sharing websites. According to the Justice Ministry, a website was even created to explain how to use the program and encourage others to distribute the information.
.....
"This is a very popular database. I noticed that a lot of people had it, so it didn’t occur to me that having a copy was prohibited," another suspect said. "I thought it was a basic names and addresses database. I didn't think it had sensitive or secret information."
.....


Click here to read more ....

 Solutions : www.xcyss.in

Japan's Parliament, defense contractor, pierced by hackers

Sensitive data belonging to 480 lawmakers and their staff may have been exposed for more than a month, after computers in Japan's Parliament were infected by malware, it was widely reported on Tuesday.
....
The data-stealing trojan compromised computers used by three members of the Lower House, and possibly a server, The New York Times said. It gained a foothold after a lawmaker opened a file attached to an email at the end of July, Japan's Asahi Shimbunnewspaper reported.
.....
The reports came a day after Asahipublished an article claiming that apreviously reported attack on the network of a Japanese maker of sensitive weapons systems exposed plans for fighter jets and other defense equipment, in addition to nuclear power plant designs and safety plans. The attackers, who included simplified Chinese characters in their code, infected 83 computers and servers at 11 locations.
.....


Click here to read more ....

 Solutions : www.xcyss.in   

Obama man: 'Global internet surveillance skyrocketing'


A top US government official believes that the internet is under fierce attack by authoritarian governments worldwide, and that the situation is rapidly deteriorating.
"Today we face a series of challenges at the intersection of human rights, connected technologies, business, and government. It's a busy intersection – and a lot of people want to put up traffic lights," said US Assistant Secretary of State Michael Posner, speaking at the Silicon Valley Human Rights Conference in San Francisco on Tuesday.
.......
"The result has been more censorship, more surveillance, and more restrictions," Posner said.
......

Click here to read more ....

 Solutions : www.xcyss.in  

Tsunami Trojan: First Mac attack based on Linux crack


Malware writers have derived a new Trojan for Mac OS X by porting an older Linux backdoor Trojan horse onto another platform.
The newly discovered Tsunami Trojan is derived from an earlier Linux-infecting backdoor Trojan, called Kaiten, which phoned home from infected machines to an IRC channel for further instructions. Security firms are still in the process of analysing Tsunami but early speculation suggests it may be a DDoS attack tool.
......
"We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future. If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying. My advice to Mac users is simple: don't be a soft target, protect yourself.".....

Click here to read more ....

Solutions : www.xcyss.in

Swedish password hacking scandal widens

Sweden suffered its worst internet security breach in history, with over 210,000 login details across least 60 websites made public, including personal identity numbers of journalists, MPs and celebrities.On Tuesday, at least 90,000 passwords of the popular Swedish blog Bloggtoppen were exposed through a Twitter account of former Swedish Democrat and now independent MP William Petzäll. His lawyer told Swedish newspapers his Twitter account was also hacked. Bloggtoppen has been shut down temporarily. Its owner believes hackers "discovered a weakness in the code that lies behind the service".
......
Many login details belonged to Moderate Party members, including several MPs and party secretary Sofia Arkelsten, but members of the Liberal Party were also affected. Other victims include journalists from several major news publications.
....
Swedish newspaper Expressen contacted the hacker, known as sc3a5j, and was told: "I dumped this information to let people know that they handle their information wrongly. Many web pages are not up to scratch. And consumers need to know they should never use the same [passwords] for different services on the web. This is how we got into Twitter accounts as well.”
......

Click here to read more .... 

Solutions : www.xcyss.in

Insulin pump hack delivers fatal dosage over the air

In a hack fitting of a James Bond movie, a security researcher has devised an attack that hijacks nearby insulin pumps so he can surreptitiously deliver fatal doses to diabetic patients who rely on them.
.....
Jack's latest hack works on most recent Medtronic insulin pumps, because they contain tiny radio transmitters that allow patients and doctors to adjust their functions. It builds onresearch presented earlier this year that allowed the wireless commandeering of the devices when an attacker was within a few feet of the patient, and knew the serial number of his pump. Software and a special antenna designed by Jack allows him to locate and seize control of any device within 300 feet, even when he doesn't know the serial number.
.......


Click here to read more ....

Solutions : www.xcyss.in

Hackers could have TAKEN OVER Amazon Web Services

Security researchers have unearthed a flaw in Amazon Web Services that created a possible mechanism for hackers to take over control of cloud-based systems and run administrative tasks
......

A team of researchers from Germany's Ruhr University found that an XML signature-based attack can be used to manipulate SOAP messages in such a way that EC4 authentication systems fail to detect that they have been doctored – and thus action them as authentic.
The approach applies a class of security shortcoming, involving the modification of partially signed XML documents, that was first uncoveredin 2005 as affecting cloud-based systems, H Security reports.
.....
The researchers said Amazon was also vulnerable to cross-site scripting (XSS) attacks that could have allowed users logged onto its online store to hijack an AWS session, using injected JavaScript code. The researchers demonstrated the vulnerability, only possible because signing into Amazon store automatically creates a concurrent AWS cloud service session automatically, at an ACM workshop on cloud security during a presentation entitledAll Your Clouds are Belong to us.



Click here to read more .... 

Solutions : www.xcyss.in

12 October 2011

German Hackers: Gov't Trojan Capable of Planting Evidence, Cybercrime

Government scheme uses trojan virus, routes data through rented U.S. servers

Germany has been one of the seemingly strictest nations when it comes to corporate invasion of digital privacy.  It's taken companies like Facebook, Google, Inc. (GOOG), and Apple, Inc. (AAPL) to task for tracking and other intrusive technologies.

Yet, one of the most respected hacker groups -- Germany's Chaos Computer Club (CCC) -- appears to have caught German officials red-handed in a scheme that gives German authorities the tools necessary to conduct intrusive surveillance of their citizens, all while obfuscating the government's involvement.
I. German Government Caught Spreading Multifunctional Trojan
...
II. Trojan Could be Abused to Plant Evidence, Engage in Cybercrime


The CCC also points out that the trojan could be abused by the government -- or, thanks to the poor security, by malicious third parties -- to plant incriminating evidence on citizens computers.  Writes the CCC, "It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question."


......


Click here to read more .... 

 Solutions : www.xcyss.in

Fibre Watch: To Sydney, via Beijing?

Is it xenophobia, or a legitimate concern over potential spying by a superpower?

Concerns have been raised over the security implications of Chinese interests backing a planned second trans-Tasman submarine fibre cable.

Fears that Chinese telecommunications companies are some kind of front for cybercrime and espionage have been swirling around for several years.
 ......


Click here to read more ....
 Solutions : www.xcyss.in

Zeus Trojan gang member gets jail for huge UK fraud

The most complex cybercrime investigation ever undertaken by UK police has resulted in another member of a gang that used the Zeus Trojan to raid online bank accounts being sentenced to two years behind bars.
......

Latvian Karina Kostromina was originally arrested as part of Operation Lath in September 2010 along with 19 other mostly Ukrainian and Belarussians nationals, 13 of whom were eventually charged with offences.
Found guilty of money laundering for the gang, Kostromina was also married to alleged gang ringleader, Yevhen Kulibaba, who has still to be sentenced.
Exactly how much money the gang managed to steal using the keylogged bank logins of UK and US targets remains unclear but could run into tens of millions. What is clear is the staggering ease with which the gang looted money remotely. Between September 2009 and March 2010 the gang are known to have taken at almost £2.9 million, with the attempted theft of £4.3 million in total.
However, police have suggested that the true sum could be over £20 million or perhaps even higher still.
......

Click here to read more .... 

 Solutions : www.xcyss.in

Ghana to establish public internet registry to address cyber crime, virus attacks

The government of Ghana led by the Ministry of Communications is facilitating moves to establish a public Internet Registry that will improve the governance and security of the internet in the country.
An Internet registry is an organization that manages the allocation and registration of Internet number resources within a particular region of the world. Internet number resources include Internet Protocol (IP) addresses and autonomous system (AS) numbers, according to Wikipedia.

Click here to read more ....

 Solutions : www.xcyss.in

Hacker of Pakistan Supreme Court website tracked



ISLAMABAD, Oct 11: The Federal Investigation Agency (FIA)`s cyber crime wing has tracked the hacker of Supreme Court website.
The hacker, `Zombie KSA`, defaced the website of the apex court on September 27 and left derogatory remarks against the judiciary in general and the chief justice of Pakistan in particular, demanding an immediate ban on pornographic sites in the country. “This was the second hacking of the website and it was a huge concern for us,” a senior official of the FIA told Dawn on condition of anonymity.
It may be recalled that the Supreme Court`s website was also hacked by two boys in September 2010, who were granted bail by the court on April 11 as they were less than 18 years of age.
.........


Click here to read more ......

 Solutions : www.xcyss.in

Industry underestimating risk of cybercrime

Survey results show infosecurity is a low concern, but industry expert says otherwise
Only 42% of chief risk officers are concerned about electronic communications risk and information security, according to a survey carried out by insurer Zurich and the Harvard Business Review. The survey of 1,400 chief risk officers ranked information security last out of a list of 10 significant risks. 

.....
However, Tom Richardson, head of customer relationship management at Zurich Global Corporate UK, told the Federation of European Risk Management Associations (Ferma) forum in Stockholm today that there had been a noticeable change of awareness when it comes to cyber-terrorism.


"If you talk to people now about what they're worried about, it's not the security of the data or compensation they're concerned about, it's the reputational risk," he said

Read more: http://www.risk.net/operational-risk-and-regulation/news/2114890/industry-underestimating-risk-cybercrime-forum-hears#ixzz1aa3O82ul
Risk.net - Financial risk management news and analysis. Take a 1 month free trial to Risk now!



 Solutions : www.xcyss.in

05 October 2011

Solution to protect children in cyberspace


October 04, 2011
(New Straits Time (Malaysia) Via Acquire Media NewsEdge) KUALA LUMPUR: DiGi Telecommunication Bhd, which has 5.5 million active broadband users, has come out with a package that allows parents to monitor the content of Internet that their kids surf, even when they are not at home.
DiGi head of broadband Mohd Nazeem Mohd Nasir said the company has teamed up with world's largest software security company McAfee Inc to offer McAfee Internet Security and McAfee(R) Family Protection software.

"The solution is available to our customers and allows parents the flexibility of setting control parameters to prevent exposure to objectionable context such as inappropriate videos and explicit music lyrics, while still providing the kids access to appropriate ones.
Click here to read more ....

Solutions : www.xcyss.in

What’s at stake in the cloud?


By Gen. Michael Hayden - 10/04/11 07:39 PM ET
The new federal strategy for implementing cloud-computing solutions is called “Cloud First”— and with good reason. We now systematically prefer cloud-computing solutions to those based on local servers and laptops. The allure of efficiencies, economies of scale, high-end services and — most importantly — reduced costs are almost irresistible.
But, as American governments at the federal, state and local levels rush headlong toward cloud computing, wouldn’t it be wise to pause and ask, “What’s at stake?”

Click here to read more ....

Solutions : www.xcyss.in