Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for March 2016

Glastonbury Headliner Adele Caught in Photo Hacking

Glastonbury Headliner Adele Caught in Photo Hacking

British singer Adele has suffered a breach of private photos, which includes a scan of her unborn baby and a photo of her three-year-old son.

The tranche also contained pictures from the singer’s childhood and the early days of her career not previously released to the public, according to the Sun on Sunday. The photos are believed to have been accessed by hacking her partner Simon Konecki’s email.

Brit, Grammy and Oscar winner Adele is in the middle of a six-night stint at The O2 Arena in London, as part of a 107-show world tour, and will headline the Glastonbury Festival this summer. The photos were discovered on a Facebook fan page and reported by a whistle-blower.

Jonathan Sander, VP of Product Strategy at Lieberman Software, said: “What's interesting about this breach of Adele's privacy is how closely it follows the pattern typical corporate breaches. They suspect the attacker gained access through a poorly secured partner's access.

“The breach itself was discovered by a third party and reported to the unsuspecting victim. These details closely mirror many corporate breaches and Target in particular, breached through their business partner and told by a third party.”

Mark James, Security Specialist at ESET suspected that the email account was compromised either through a phishing attack or insecure password.

“Email scams are very rife at present and you need to be extra careful when following any link you receive in an email,” he said. “Make sure you have good regular updating internet security software installed, keep your operating system and applications patched and updated and be very mindful of free Wi-Fi points that are not secure.”

Source: Information Security Magazine

IT Pros Are Choosing Between Productivity and Security

IT Pros Are Choosing Between Productivity and Security

In an era where operational agility can be a significant differentiator, IT shops face a dilemma: should they adopt security systems that tend to slow down networks and processes with inspections and filtering, or apply a lighter security framework in the name of productivity?

According to Barkly’s 2016 Cybersecurity Confidence Report, 41% of respondents said they are dissatisfied with their current solution because it slows down their system. For those shops, it could mean that colleagues are taking insecure shortcuts to improve efficiency, such as using unauthorized third-party apps or connecting unsanctioned devices to the network. For others that say their security hasn’t slowed them down, it could indicate a weakened security profile overall.

Barkly’s research draws a clear line between front-line IT pros’ and the C-suites’ opinions around security. Respondents indicated that they believe IT teams prioritize security higher than the C-level, with nearly two-in-five respondents stating that IT teams believe it to be an essential priority, compared to only 27% of C-level executives. Which could lead to productivity being prioritized over security.

“This report proves that from the CISO to the entry-level IT pro, organizations must be better aligned when it comes to security. When there’s a disconnect in priorities, level of understanding and measurement, even a seemingly strong security initiative is destined to fail,” said Jack Danahy, co-founder and CTO of Barkly. “Once teams understand each other's priorities and concerns around security, they can implement the tools they really need, that will best protect their endpoints from ever-increasing, complex threats.”

The survey also revealed that the biggest issues IT teams have with current solutions are that they require too many updates (36%), are too expensive (33%) and provide no protection against zero-day attacks (33%).

Despite increased spending on IT security, just half (50%) of survey respondents said they are confident in their current solution. More than half of respondents (54%) don’t believe their organization can effectively measure security ROI, and only a quarter (25%) have confidence in their colleagues’ cybersecurity awareness. While a majority of IT pros believe effective security is possible, the low confidence levels prove that organizations should be taking a closer look at improving their security posture.

There’s also a disconnect between IT teams and the C-level when it comes to their biggest concerns—while the C-level is more worried about insider threats, IT teams feel that careless, uninformed employees are a higher risk. When asked how they would improve security within their organizations, C-suite respondents said they would rather buy new software, while front-line IT pros would prefer to educate their colleagues.

Photo © LeoWolfert

Source: Information Security Magazine

'Porn Player' Creates a Malware Vortex

'Porn Player' Creates a Malware Vortex

About a week after an SMS Trojan posing as a porn video player was found duping Android users into loading it on their phones, another malicious app has been uncovered that uses pornography to attract users. This time it creates a veritable porn vortex that magnifies the malware propagation.

According to Zscaler, the application in question is also presented as a porn player but works slightly differently. When the user clicks on the application icon, he or she will be presented with thumbnails to various adult videos. When the user tries to play one, the application will download three files in the background, and a shortcut will be placed on the main page of the device. The application also requests on-demand videos via SMS—costing the user money without them knowing.

The dropped files are also depicted as porn players, and when the user clicks on videos shown in these applications, they again drop more files to the device—resulting in a never-ending porn-tastic malware installation loop.

Some of these dropped files have icons that look similar to the Internet Explorer and Angry Birds applications for the sole purpose of scamming the user. However, these dropped applications are actually SMS stealers or fake installers.

Ultimately, the application divides the overall functionality between the various dropped files as a mechanism to evade detection by antivirus software. If one of the applications is detected by the AV, the other applications can continue with their work. Also, interestingly, each of these dropped applications tries to target different SIM operators in China.

“Noting that one in five mobile searches are related to porn, it’s no surprise that hackers continue to create fake porn apps to disguise malware,” said Zscaler researchers Lakshmi Devi and Shivang Desai, in an analysis. “There has been an increasing tendency of malware in disguise of adult-rated applications in order to attract victims. The best way to avoid such applications is to stick to official app stores like Google Play and the Amazon app store.

Users should also not trust any unknown links received via messages or emails. Additionally, disable the option of "Unknown Sources" under Settings, to disallow installation of apps from unknown sources.

Photo © Cathleen A. Clapper

Source: Information Security Magazine

TeslaCrypt 4.0: Bigger, Badder and Unbreakable

TeslaCrypt 4.0: Bigger, Badder and Unbreakable

The ransomware known as TeslaCrypt has enhanced its code—to include unbreakable encryption and a rash of upgrades.

TeslaCrypt was first designed to target computers that have specific computer games installed—but has since widened its purview. The trojan will encrypt all files and lock victims out of their systems, and then ask for ransom for the decrypt key, which can vary between $150 and $1000 worth of bitcoins.

TeslaCrypt 4.0, uncovered by Heimdal Security, has a nifty new feature: RSA 4096 for encrypting data. Consequently, the data held hostage will be impossible to recover if the victim doesn’t have a backup copy.

Also, “It’s important to know that the tool ‘TeslaDecoder‘ no longer works with Teslacrypt 4.0,” explained Heimdal security specialist Andra Zaharia, in an analysis. “Unfortunately, this is one of the many fixes that the cyber-criminals have included in the new version.”

So, in the case of data compromise, only two options remain: to restore the data from a secure backup or to pay the ransom (which is obviously not recommended).

The group behind TeslaCrypt has also fixed a bug related to encryption of large data files. In previous versions, files larger than 4GB would be permanently damaged when encrypted. This is no longer an obstacle for the attackers.

The new strain is also greedier: Once the malicious code is run, the attackers can extract even more data than before from the local machine. The harvested data is then compiled into a unique key, while, at the same time, the ransomware will recruit the affected PC into a central botnet.

Similar to previous campaigns, TeslaCrypt 4 is being dispersed through drive-by attacks carried out using the Angler exploit kit. Heimdal is blocking more than 600 domains spreading the EK, and it predicts that the daily average will increase up to 1,200 domains.

The first version of TeslaCrypt emerged in March 2015, while the creators launched the second version in November 2015. That second version was found to be borrowing from the Carberp trojan in the way that it attempts to obscure code to evade signature detection. It hit consumers and businesses hard back in December, accounting for 70,000 different incidents in the span of a week.

Since then, TeslaCrypt creators moved even faster: they launched TeslaCrypt 3.0 in January 2016, and now, only three months later, the fourth version is out.

“We can expect cyber attackers to iterate even faster, in order to block decryptors that can appear on the market and secure a constant revenue stream to fund their attacks,” Zaharia said.

Photo © underworld

Source: Information Security Magazine

UK Gov. Must Address Automotive Cybersecurity, Says Intel

UK Gov. Must Address Automotive Cybersecurity, Says Intel

Following the FBI’s official warning of cyber hacks on connected and driverless cars, Raj Samani CTO EMEA Intel Security, has spoken of the seriousness of the issue, urging UK government and defense to address the problem.

In a Public Service Announcement the FBI outlined the risks that now surround automotive cybersecurity and stated the importance for both consumers and manufacturers to maintain an awareness of these threats.

Many modern motor vehicles often have new connected technologies in the form of electronic control units which are designed to improve safety features and fuel economy, allowing for the monitoring of vehicle status and provide a more convenient driving experience.

However, the FBI made it clear that added connectivity also provides portals which can be targeted by malicious adversaries who may be able to remotely attack things like vehicle controls and systems. In the same way, third-party devices linked to a vehicle, such as via the diagnostics port, introduce vulnerabilities which did not previously exist.

Samani said: "Alongside encouraging the usage of driverless vehicles within the UK, as announced in the Spring Budget, it’s crucial that the UK government makes real moves towards defining the regulatory changes that need to be addressed in order to mitigate the risks of cybercrime within this industry.”

“Whenever new technology is developed, hackers are fast to react – identifying vulnerabilities and potential avenues for attack. As the Internet of Things becomes a reality and our world becomes ever-more connected, so too do the risks of such attacks from cyber-criminals.”

Whilst Samani was quick to point out that we are yet to see potential vehicle hacking manifest into actual attacks in the UK, like any crime, it is just a matter of motive – and these are often driven by financial gain or political, personal or social activism.

“If driverless and connected vehicles are to become commonplace in the UK, as suggested by Osborne, it is just a matter of time before attackers find a means to use this as an opportunity to fulfill one of these motives,” he added.

“It’s crucial that security is a key consideration right from the manufacturing stage of connected vehicles and the Automotive Security Review Board welcomes input and collaboration with the government to advise best practices for tackling this issue together.”

Source: Information Security Magazine

Symantec Calls Vulnerability Warning a "Routine Advisory"

Symantec Calls Vulnerability Warning a "Routine Advisory"

Symantec has recommended users update their systems in what it has described as a “routine advisory”.

In an advisory, Symantec warned that the management console for its Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized, but less-privileged user gaining elevated access to the Management Console.

“SEPM contained a cross-site request forgery vulnerability that was the result of an insufficient security check in SEPM,” it said. “An authorized but less-privileged user could potentially include arbitrary code in authorized logging scripts. When submitted to SEPM, successful execution could possibly result in the user gaining unauthorized elevated access to the SEPM management console with application privileges.

“There was a SQL injection found in SEPM that could have allowed an authorized but less-privileged SEPM operator to potentially elevate access to administrative level on the application.”

The issue has been deemed critical enough for US CERT to issue an update, where it encouraged users and administrators to review the advisory from Symantec and apply the necessary update.

In a statement issued to Infosecurity, the company said: “This is a routine advisory. We recommend customers update to the latest version to keep their information secure.”

Paul Farrington, senior solution architect at Veracode, said that despite SQL Injection having been around for more than a decade and regularly featuring on the OWASP Top 10 list, the prevalence of the SQL injection vulnerability remains disturbingly high, with many businesses leaving themselves exposed to data loss and brand damage.

“Organizations can mitigate SQL injection with the right care and attention. All organizations need to be working to gain full visibility into its web application perimeter and run frequent scans on all existing applications to ensure that it remains protected from the threats that new or changed applications introduce, or from newly-discovered vulnerabilities. Indeed, this case shows that no company is above testing applications for vulnerabilities.”

Source: Information Security Magazine

US, Israel and UK Strengthen Cyber Cooperation

US, Israel and UK Strengthen Cyber Cooperation

The US Department of Defense and Israeli Ministry of Defense have entered an agreement to increase cyber-defense cooperation between the nations.

According to Army Technology, representatives discussed a number of ways to further strengthen cooperation on a range of issues, and the deal will see the USA deploy the US National Guard's cyber squadrons against ISIS.

The decision follows a meeting between US Defense Secretary Ash Carter and Israeli Minister of Defense, Moshe Ya'alon, where Carter reaffirmed the unshakeable US commitment to Israel's security and the importance of the US-Israeli defense relationship.

Tim Erlin, director of security and risk at Tripwire, told Infosecurity that information sharing is a key component to successful cyber-defense, whether between corporations or nations.

“The addition of cyber-attacks to theater of war is a growing trend,” he said. “We shouldn’t be surprised that existing international defense cooperation might be extended to this new battlefront.”

Paul Fletcher, cybersecurity evangelist at Alert Logic, said: “It’s possible that there has already been some collaboration between these two military cyber-teams in the past, and this announcement is a way to formalize the relationship and establish specific protocols for communication and information sharing."

“This cooperative partnership shows a maturation of the strategy for the US DoD to partner with foreign governments and acknowledgement of their technical contribution. This is especially interesting to me, a veteran, because several years ago the US DoD wouldn’t consider purchasing from any technology vendors from any foreign country (this policy may have changed by now). To the point that when Check Point Firewall-1 was the leading firewall technology, but the USA military couldn’t use the product because Check Point was based in Israel. Clearly, this public statement shows the DoD’s willingness to move their cybersecurity capabilities forward and working together for the greater good.

“Yes, this joint capability will certainly help fight cyber-terrorism threats. It will help just from the perspective of adding more highly skilled cybersecurity professionals in the fight against cyber-terrorists. Only time will tell if this strategy will be more effective than trying to install backdoors in technology.”

The news follows an announcement in February that the UK and Israel planned to extend their cooperation in defending national infrastructure installations from cyber-attacks. According to the Jewish News, the two nations are extending collaboration by strengthening the relationship between their Cyber Emergency Response Teams, and by launching a new academic engagement in the emerging field of cyber-physical security.

Leo Taddeo, chief security officer at Cryptzone, said: “Information and intelligence-sharing are critical to success in cyber-warfare. No single country can collect and process all of the data necessary to maintain strategic and tactical superiority.”

Source: Information Security Magazine

UK Online Banking Fraud Soars 64% in 2015

UK Online Banking Fraud Soars 64% in 2015

Online banking and e-commerce fraud both saw major spikes over the past year, growing faster than total payment card fraud, according to the latest industry figures.

The Year-End 2015 Fraud Update from Financial Fraud Action UK revealed that the value of e-commerce fraud jumped 19% from 2014 to 2015 to reach £261.5 million.

When including mail order and telephone fraud – which spiked 22% – the figure for total card not present (CNP) losses amounts to an even higher £398.2m.

Financial Fraud Action UK tried to soften the blow by suggesting the jump in fraud could be explained by an increase in online card spending over the period by 21% to £211 billion.

It’s clear that fraudsters are continuing to exploit the online channel as they have a higher chance of success than with face-to-face transactions.

Bearing this out, fraud on contactless cards and mobile devices – for example those using Apple Pay – amounted to losses of just £2.8 million during 2015, compared to spending of £7.75 billion over the same period.

However, it was online banking that saw the biggest spike in fraud last year. Losses jumped a massive 64% to reach £133.5m in 2015, while the volume of cases reported increased 23%. This proves criminals are increasingly targeting “high-net-worth and business customers,” the report claimed.

In some good news, however, 40% of losses were recovered after the incident.

Financial Fraud Action UK blamed an increase in phishing, corporate data breaches an “impersonation and deception scams” as the main drivers in the uptick in online fraud.

John Lord, managing director of identity data intelligence firm GBG, argued that a single fraud incident can often have a far reaching impact for the victim as many experience additional problems because a key account gets blocked.

“If someone who recently experienced a card fraud is attempting to make payments to an online retailer, for instance, the organization should be able to request additional, uncompromised personal information in order to authenticate the customer, rather than simply stop the transaction entirely,” he added.

“In the battle against fraud, we actually need access to more personal data – not less. Otherwise how can you validate that what you have been told by the customer is authentic?”

Source: Information Security Magazine

Rights Groups Petition DoJ and FCC on Police Stingrays

Rights Groups Petition DoJ and FCC on Police Stingrays

Some 45 rights groups have delivered a letter and over 34,000 petition signatures to the FCC and Department of Justice calling on them to investigate the use of controversial mobile phone surveillance technology by law enforcers without a warrant.

The groups have decided to voice their concerns after reports emerged last month that New York police have used International Mobile Subscriber Identity (IMSI) catchers, or ‘stingray’ technology, over 1,000 times over the past seven years without the need to obtain a warrant and with no guidelines in place governing their use.

There have also been allegations that law enforcers have used the technology improperly to spy on lawful protesters in violation of their constitutional rights.

Stingrays mimic mobile phone base towers, allowing their operators to locate specific devices/users and intercept communications. More worrying from a privacy perspective is that they also lift data from innocent bystanders.

The letter continued:

“Information about Stingray devices’ use and functions has been routinely withheld from courts and the public, and the numerous privacy and legal concerns raised by these devices have already received significant attention in national media and other outlets … We wish to highlight another serious concern: when used by law enforcement, Stingrays and other surveillance technologies do not affect all Americans equally.”

The letter goes on to allege that tools like this serve to amplify the bias in law enforcement for stopping, searching and monitoring “people of color,” eroding civil liberties.

The DoJ released new guidelines last year stating federal investigators and any local or state police they partner with must obtain a warrant for Stingray use and that procedures must be put in place to prevent unlawful retention of data on innocent bystanders.

However, that doesn’t apply to police departments acting on their own.

“Therefore, the DOJ must take further steps to ensure that all states and localities that deploy Stingrays do so in a way that is transparent, accountable, and consistent with the constitution, and encourage other agencies to put policies in place to minimize harm to historically disadvantaged communities. They could do this by ending the FBI’s practice of requiring state and local law enforcement agencies to sign nondisclosure agreements for Stingrays and could link the agency’s technology funding to a mandate that state and local agencies comply with the DOJ’s Stingray guidance.”

The letter was signed by several high profile rights groups including the EFF and Open Technology Institute.

Source: Information Security Magazine

Cybersecurity Folks Most-Sought After Contractors in the UK

Cybersecurity Folks Most-Sought After Contractors in the UK

The skills shortage in the IT security field continues to plague businesses that try to keep up with the fast-evolving threat landscape. But those who choose to walk that employment path are finding themselves in the catbird seat: cybersecurity professionals are the most sought-after contractors within the UK’s growing jobs market, according to new research from Sonovate.

Research from the recruitment specialist reveals that overall growth for contract security roles has reached a year-on-year high of 19%, and this level of demand is set to grow by 30% over the course of 2016.

The highest month-on-month demand is for consultants (52%), with network security engineers (26%) and analysts (24%) a close second and third respectively. And they make impressive money: IT security consultants command an average day rate of £539. Information security officers, despite having a more executive role, aren’t that far ahead, at £647 per day.

Engineers meanwhile make around £441 per day and analysts are paid an average of £460.

As for where the jobs are, demand is unsurprisingly the highest in London (45% of recruitment efforts), followed by the southeast of the country (26%), with single-digit demand elsewhere.

The data, based on the number of active roles advertised either directly or via recruitment agencies, highlights that the next most-looked-for skill sets lag behind: No. 2 is for roles in the user experience field (a 17% year-on-year growth), followed distantly by architecture specialists (5% growth).

“IT security has always been important for companies looking to protect their business interests—something which has only been reinforced by the recent spate of high-profile data breaches and cyber-attacks,” said Richard Prime, co-CEO and co-founder of Sonovate. “In addition, changing attitudes to work have resulted in a burgeoning contractor market.”

Prime added: “There’s a real appetite for high-quality contractors at the moment. This research says one thing loud and clear: it’s a great time to be an IT security recruiter, especially one with an eye for opportunity.”

Photo © 3d Pictures

Source: Information Security Magazine