Feed aggregator

Schneider Patches Buffer Overflow in Wonderware Server

Threatpost for B2B - Fri, 01/09/2015 - 10:52
The Industrial Control System CERT released two advisories warning of serious vulnerabilities in Schneider Electric and Emerson industrial gear. Public exploits are available for one flaw.

Inside North Korea’s Naenara Browser

Threatpost for B2B - Fri, 01/09/2015 - 08:00
Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North […]

Root Command Execution Flaw Haunts ASUS Routers

Threatpost for B2B - Thu, 01/08/2015 - 17:21
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug […]

Credit Union Watchdog Shoots Down Data Encryption Rule

Threatpost for B2B - Thu, 01/08/2015 - 16:36
A trade association in charge of overseeing the needs of credit unions has shrugged off the idea of implementing a data encryption rule.

Microsoft Limits Advanced Patch Notifications to Premier Customers

Threatpost for B2B - Thu, 01/08/2015 - 15:50
Microsoft pulled the plug on its Advanced Notification Service (ANS), offering it going forward only to paying Premier customers.

First Public Mac OS X Firmware Bootkit Unleashed

Threatpost for B2B - Thu, 01/08/2015 - 13:59
At the recent 31C3 event, researcher Trammel Hudson unveiled the first public Mac OS X firmware bootkit that can be delivered over Thunderbolt peripheral devices.

FBI Director: Attribution Detractors ‘Don’t Have All the Facts’

Threatpost for B2B - Thu, 01/08/2015 - 12:41
FBI Director James Comey said at the International Conference on Cyber Security North Korea got sloppy with its proxies and revealed themselves in the Sony hack.

OpenSSL Fixes Eight Security Vulnerabilities

Threatpost for B2B - Thu, 01/08/2015 - 12:40
The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other […]

Bitcoin value plunges following $5M Bitstamp Heist

Secure List feed for B2B - Thu, 01/08/2015 - 11:02

The new year has started rather badly for the Bitcoin world. On January 4th, a cyber-attack against Bitstamp, one of the biggest bitcoin exchanges in the world, resulted in the loss of almost 19,000 BTC - the equivalent of more than $5 million.

While very little is known at the moment about how the attackers managed to pull off this latest bitcoin heist, Bitstamp is assuring their customers that all of their bitcoins remain safe. The company states that "this breach represents a small fraction of Bitstamp's total bitcoin reserves", so hopefully covering the losses shouldn't be a problem for them.

Because of the irreversible nature of bitcoin transactions, the only thing Bitcoin enthusiasts can do right now is to sit and watch how the attackers are emptying the address used to collect the stolen bitcoins.

You can follow the thieves' transactions by yourself here: https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf

Right now, the attackers are most likely trying to move those bitcoins around through as many addresses as possible, and then will proceed to launder the stolen coins by using so-called "mixing" services

Bitstamp seems to have been much better prepared for such an incident compared to Mt. Gox, so while the price of Bitcoin was of course impacted, the impact was not that big. Part of the reason is that bitcoins are currently trading at prices that haven't been seen since the autumn of 2013 anyway, between $250 and $300 for 1 BTC.

Bitcoin price in 2014 - source: ZeroBlock

Taking into account these cyber attacks, we conclude that in 2015 security will continue to remain the most important thing for Bitcoin exchanges and enthusiasts.

Our advice is to diversify and try and minimize the time in which your bitcoins are hosted by anyone else except yourself. Bitcoin exchanges and third party wallet providers seem to act as a magnet for attackers, so it's better to take the security of your bitcoins in your own hands.

Make sure to check out our tips on How to Keep Your Bitcoins Safe.

FTC Urges IoT Privacy, Security-by-Design at CES

Threatpost for B2B - Wed, 01/07/2015 - 16:54
The head of the Federal Trade Commissioned warned of a future where data collection has gone awry and avoid it at the Consumer Electronics Show.

Backdoors Found Leveraging Pastebin

Threatpost for B2B - Wed, 01/07/2015 - 14:12
Instead of relying on their own sites to host malware, hackers are using a series of strings of malicious backdoor code on Pastebin sites and calling upon it to execute malware.

Dridex Banking Trojan Spreading Via Office Macros

Threatpost for B2B - Wed, 01/07/2015 - 13:15
Spam campaigns in the U.K. are using Office macros to spread the Dridex banking Trojan, researchers at Trustwave report.

New Emomet Variant Targets Banking, Email Credentials

Threatpost for B2B - Wed, 01/07/2015 - 11:35
Security researchers are tracking a new version of the Emomet malware that is targeting users’ banking credentials and also has the ability to steal email usernames and passwords, which are then used to send spam from compromised accounts. The new variant of Emomet has mostly been seen targeting users in Germany, but researchers at Microsoft […]

The second round of CODE BLUE in Japan

Secure List feed for B2B - Wed, 01/07/2015 - 01:33

CODE BLUE@TOKYO, a cutting-edge IT security conference, was held from 18th -19th December. It was the second round, following its first occurrence in February 2014.

More than 400 people came together from all around the world, including one remotely participating in the conference via a drone. Heated discussions took place among researchers and engineers during intervals, lunchtime and coffee breaks - some were too enthusiastic they almost missed the next presentation (I admit I was one of them).

The concept of the meeting is "an international conference where the world's top class information security specialists gather to give cutting edge talks, and is a place for all participants to exchange information and interact beyond borders and languages." As this states, all the presentations were of high-quality technical research selected from topics submitted from researchers around the world. The security topics include: embedded technologies, penetration testing, vulnerabilities, malware, programming and more. It would be perfect if I could cover all the presentations, but to save my time and yours, I would like to pick up five of them.

  1. A security assessment study and trial of Tricore-powered automotive ECU

Dennis Kengo Oka (ETAS) and Takahiro Matsuki (FFRI) analyzed the behavior of ECU software running on TriCore, to attempt to verify the possibilities of attacks against it. Although they were not able to obtain the actual software itself for their testing, they created a test program on their own to show that the control system of TriCore was at risk of attack. There was a return address in a certain part of memory, and it was possible to transfer processing of the program to an arbitrary address if this was successfully overwritten. They proved the vulnerability by means of four demos, using an evaluation board. They said that they would need to obtain the ECU software actually used by TriCore in order to investigate whether or not the vulnerability could be a real threat.

  1. Physical [In]Security: It's not ALL about Cyber

Inbar Raz (Check Point) presented risks in cinema-ticketing machines, PoS machines and TVs in hospitals. Such devices have USB/LAN ports; and inserting USB keyboards or flash drives with LiveOS into those ports and booting them makes it possible to extract data stored on these devices. Since these devices often store credit card information or private keys for communications, this may pose risks. Through the presentation, Raz pointed out that special devices commonly used in public often lack protection against inappropriate access and could give away confidential data to malicious third parties.


  1. The story of IDA Pro

The keynote for Day 2, by Ilfak Guilfanov, was about the history of IDA from ver. 0.1 to IDA Pro. He outlined how IDA was created; which functionalities had been implemented; what issues have been resolved; and the existence of a pirated version of IDA Pro. Besides the future landscape of IDA Pro, the identity of the icon-lady was also revealed.

IDA Pro is widely used among engineers and malware researchers in their analysis of programs; I am not an exception.


  1. Drone attack by malware and network hacking

Dongcheol Hong (SEWORKS) pointed out the inadequate security settings of a drone system and showed that it was easy to hijack a drone. In his video he demonstrated experiments of malware infection via a smartphone app and an attack from an infected drone to a clean drone. At the end of the presentation, he warned that drones could possibly pose threats to other systems, since it may be possible to conduct a remote attack through PC, AP, or smart devices.


  1. Embedded Security in The Land of the Rising Sun

Ben Schmidt (Narf Industries) and Paul Makowski (Narf Industries) focused on routers commonly used in Japan, outlined which part of their code was vulnerable and demonstrated an attack on a router. According to them, there are a lot of home routers worldwide, which allow access to HTTP and UPnP ports from a WAN – Japan was number four on their worldwide list. They further pointed out that at the time of their presentation there were ~200,000 vulnerable routers which allowed HTTP and UPnP access from a WAN in Japan. Schmidt and Makowski sent me some additional comments after their presentation. They said: "Japanese embedded devices are attractive targets because Japanese Internet links are high bandwidth and low latency." They also emphasized the importance of quick patching of embedded devices.

David Jacoby from Kaspersky Lab GReAT was also a speaker at CODE BLUE. His presentation, entitled "How I Hacked My Home" ,was about the results of him hacking his own devices at home. His blog post is available in Securelist.

Kaspersky Lab Japan was Emerald Sponsor of CODE BLUE, as it had been for the first round.


Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients

Threatpost for B2B - Tue, 01/06/2015 - 17:19
Morgan Stanley says it has fired an employee who allegedly stole information from 10 percent of the firm's wealth management clients with the intent of selling that data online.

Malvertising Campaign Uses AOL Ad Network, Leads to Exploit Kit

Threatpost for B2B - Tue, 01/06/2015 - 15:25
Researchers have detected a malvertising campaign running on a pair of sites owned by Huffington Post that is using ads distributed through an AOL ad network. The attack is sending victims through a series of redirects that eventually brings them to a landing page that is running an exploit kit.

Inside Cryptowall 2.0 Ransomware

Threatpost for B2B - Tue, 01/06/2015 - 14:36
An analysis of Cryptowall 2.0 reveals that the ransomware relies on complex encryption routines and sandbox detection capabilities to survive. It also uses Tor for command and control, and can execute on 32- and 64-bit systems.

Users Report Malicious Ads in Skype

Threatpost for B2B - Tue, 01/06/2015 - 12:01
Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update.

Moonpig API Vulnerability Exposes Payment Card Data

Threatpost for B2B - Tue, 01/06/2015 - 11:32
A researcher has called out U.K.-based personalized greeting card vendor Moonpig for a 17-month-old vulnerability that puts customer and payment card data at risk.

CERT Warns of UEFI Hardware Vulnerabilities

Threatpost for B2B - Mon, 01/05/2015 - 17:11
The CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University issued three advisories today warning of serious UEFI vulnerabilities.
Syndicate content