Three New Cyber Security Threats in One Day

Internet crooks never cease to surprise me. The inventiveness in being bad is super. If these guys lent their thinking power to the economy, the economic crisis would be solved within a week.

Today I ran into three brand new cyber security threats that were reported on. In one day. So I thought to share them with you.

1. Samsung’s smart tv wide open to criminals

Who would have thought. The moment I read about TVs connecting to the Internet, I thought: trouble. Despite the fact that just about everything that connects to the Internet for the first time was hacked before the TV, e.g. printers, digital photo frames, cell phones, Playstations, etc., etc., apparently no one in the TV world thought that a layer of defence might be necessary. Perhaps it’s time to work with sanctions or develop some standards before a device is allowed to connect?

What is next? Sorry if I’m a bit sarcastic here.

2. QR codes that lead to malicious sites

QR stands for Quick Response (see Wikipedia). Recently these codes were all over the place, making the life of end users easier to live or that of businesses of course.

In The Netherlands they have found stickers on QR codes in the public domain leading to malicious websites for infections or phishing. So, from now on the public can never trust another QR code again as there’s no way of telling if one is false or true. Please check whether it is stickered on, please, before use?

3. Blue tooth devices in skimming

Now the public is more alert for skimming apparently there’s a new generation working via blue tooth. Interesting.

Luckily the FBI dismantled a botnet with the help of Facebook, so there is some good news also in the balance.

The moral

Cyber crime is about opportunity and this window of opportunity needs to be closed as soon as possible. That way there is less money to be gained, so most criminals will go elsewhere. In order to achieve this, cooperation is adamant. On which I expect to write more in the near future. But also, it’s time and I repeat, to think security through before decisions towards connectivity are made. Don’t do something just because you can!!!

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement


Original news article at https://www.circleid.com/topics/ on December 12, 2012 at 10:24PM

Bypassing Two-Factor Authentication

Yet another way two-factor authentication has been bypassed:

For a user to fall prey to Eurograbber, he or she must first be using a computer infected with the trojan. This was typically done by luring the user onto a malicious web page via a round of unfortunate web surfing or email phishing attempts. Once infected, the trojan would monitor that computer’s web browser for banking sessions. When a user visited a banking site, Eurograbber would inject JavaScript and HTML markup into their browser, prompting the user for their phone number under the guise of a “banking software security upgrade”. This is also the key to Eurograbber’s ability to bypass two-factor authentication.

It’s amazing that I wrote about this almost eight years ago. Here’s another example of the same sort of failure.


Original news article at https://www.schneier.com/blog/ on December 11, 2012 at 12:34AM

36 million euros stolen from banking customers across Europe using mobile malware

(LiveHacking.Com) –  A sophisticated and complex attack has been used to systemically steal millions from banking customers, both corporate and private, across Europe. By using a combination of malware for the PC and malware for mobile, the attackers have been able to  intercept SMS messages used by banks as part of their two-factor authentication process. First the attackers would infect the victim’s PC and […]


Original news article at https://www.livehacking.com on December 10, 2012 at 11:56AM

Hong Kong cops open £700k cyber security centre

https://en.wikipedia.org/wiki/Hong_Kong

The Hong Kong government has thrown HK$9 million (£730,000) at a new Cyber Security Centre in a bid to tackle the growing threat to critical infrastructure in the Special Administrative Region of China.

Police commissioner Tsang Wai-hung said at the opening ceremony last Friday that the 27-man centre would be staffed by officers from the small Technology Crime Division and heralded it as the first step towards working more closely with public and private sector organisations.


Original news article at https://news.hitb.org/ on December 10, 2012 at 02:59PM

Over Half Of Chief Information Officers Fail To Test Cloud Vendors’ Security Systems & Procedures

https://www.flickr.com/photos/wili/201307000/

Cybersecurity tops CIO’s concerns, with 84% of CIOs stating that they are either concerned or very concerned about the risks associated with IT security breaches. Yet while security issues remain the biggest concern that CIOs have about migrating their technology functions to the cloud, less than half (45%) test cloud vendors’ security systems and procedures.

Tags: 


Original news article at https://news.hitb.org/ on December 10, 2012 at 02:56PM

DLP: Discover First or Monitor First?

Should I DISCOVER where sensitive/regulated data resides in my environment OR DETECT when it is being leaked? Storage DLP first or network DLP first? Data-at-rest (DAR) first or Data-in-motion (DIM) first? What is more important, knowing WHAT can be stolen and from where OR WHAT is being sent out today?

Sorry, but “IT DEPENDS.” As many tough questions in life, this one has no single right answer. Successful data protection projects, whether for regulated data or corporate secrets, often start from a discovery sweep of an internal network. Looking for PANs, SSNs, known secret documents, customer records or whatever else allows the DLP conversation to start and the “lay of the data land” to become more clear. At the same time, they also often start from observing sensitive and regulated data flows out of your environment via email, FTP, web uploads, etc. This helps jumpstart the DLP discourse and creates a sobering realization of “Whaaaat!? This is going on RIGHT NOW!!?” Both are common and reasonable.

So, why discover first?

  • Learn the extent of sprawl of a particular type of data
  • Assess the complexity of the upcoming data protection effort
  • Gather ammunition for identifying and then engaging the data owners
  • Learn what to include in monitoring policies next

Why monitor first?

  • Observe (and, then, hopefully, stop) the most blatant and obvious leaks
  • Assess the priority of needed data protection efforts based on ongoing data movement
  • Easily get a taste of content-aware DLP technology without too much hard work (!)
  • Learn what to include in discover scans next

As a side note, few organizations would venture into “enforce first” as you need to know BEFORE you can act. Control comes after visibility (and, by the way, in some domain it never really comes…). One can discover first and then reduce, secure, monitor and protect what is discovered. One can also monitor first and then evolve to reduce the exposure. A sole exception I’ve seen is about enforcing something trivial like ‘block all USB access on endpoints’ which is hardly at the core of content-aware DLP.

Finally, if you’d absolutely push me to the wall and make me give a simple answer to a complex question, then go do network monitoring first… mostly because it is easier (= the most similar to netsec technologies) and often produces nasty (and thus deeply motivating) surprises.

P.S. this discussion does not remove the requirement to understand what you are trying to do with DLP and with data security in general. The real FIRST action is always ‘think’, not ‘buy’ or ‘deploy’. Don’t get those ideas :-)

Related posts:


Original news article at https://blogs.gartner.com/anton-chuvakin on December 07, 2012 at 10:15PM

New Accounting System Hack Could Cause ‘Mayhem’

Accounting systemsAttacks against massive and proprietary enterprise accounting systems, in particular financial software such as SAP and Oracle, have been few and far between. That changed at this week’s Black Hat Abu Dhabi conference where a pair of researchers presented proof-of-concept code that could change the dynamic of the financially motivated attack landscape.

read more


Original news article at https://threatpost.com/en_us/frontpage on December 07, 2012 at 09:03PM

MaskMe: create disposable email addresses on the fly

When you register a new account on a website or service you are usually asked to provide it with an email address. You may receive a verification email after the registration, or it may be used to send you notifications or make sure you are a unique user and not the same guy who has created a dozen accounts already on the site.

You can enter your main email address whenever you do that, but that increases the chance that you will be swarmed with spam in the future as some services will sell your information to the highest bidder to make money. A secondary email address for that purpose, or a disposable address that gets created on the fly, is the second option that you have. The benefit here is that you protect your main email address to keep it as spam free as possible.

MaskMe is an extension for the Google Chrome browser that helps you create masked emails, that is unique random email addresses that you have no affiliation with, whenever you need them. While you may still use your main email address when signing up on some sites, you get the option to create a new masked email address instead at other times.

mask email

MaskMe displays a popup below the email field on registration pages that gives you the option to register using your main email address, which you select when you create a MaskMe account after installation or a randomly generated unique address that is generated on the fly.

The random email address forwards all emails to your main email address until you block the process in the management console. That’s actually a great way of dealing with it, as you get options to switch between forward and block there as often as you want. You may want to keep forward enabled for instance until you receive the verification message. Once you did, you can switch to block so that no mails get forwarded anymore to your main email address. Should the need arise to receive emails again, for instance when you have lost your account password and need to reset your account, you simply enable forwarding again here to do so.

disposable emails

You can create custom email addresses on the MaskMe account page as well, which is useful if you need to register in third party programs for instance where the automatic generation does not work in for obvious reason.

You may want to check out the service’s settings after installation to make sure everything is set in order. The program can generate strong passwords for you for instance and will also check if the password you have entered during registration may not be strong enough. If you do not need that reminder, for instance if you are using a password manager that does that for you, you can disable that feature in the settings.

The program keeps track of your privacy while you are online, and displays what it records in a privacy timeline on your account page. It basically helps you keep track of where and when you have shared personal information on the Internet. A paid upgrade is available that adds masked phone numbers and mobile access for $5 a month.

Here is a visual demonstration of how MaskMe works


Original news article at https://www.ghacks.net on December 09, 2012 at 12:42AM

Top Security Predictions for 2013

WatchGuard Reveals Top Security Predictions for 2013 — Cyber Attacks Resulting in Human Death, Android Pick-Pocketing Attempts and Rise in Browser-Infecting Malware All Forecasted Next Year SEATTLE, December 5, 2012 — WatchGuard Technologies, a global leader in manageable business security solutions, [has] revealed its annual security predictions … (more)


Original news article at https://www.topix.com/tech/computer-security on December 08, 2012 at 03:42AM