Feed aggregator

Dennis Fisher talks with Bruce Schneier about the effects of the Boston Marathon bombing, how the psychology of fear plays into people’s reactions to these events and what the political aftermath could be.

Download: threatpost_schneier_4_16_20131.mp3

Podcast and Downloads threatpost_schneier_4_16_2013.mp3

Dennis Fisher talks with Bruce Schneier about the effects of the Boston Marathon bombing, how the psychology of fear plays into people's reactions to these events and what the political aftermath could be.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

Throw another log onto the proverbial Android malware fire: According to mobile security firm NQ Mobile, infections targeting devices running the Google-based operating system doubled in 2012. That translates to a 163 percent increase from 2011 and accounts for over 65,000 different types of malware discovered, up 30,000 from 25,000 the year before.

This is at least per the firm’s 2012 Security Report, an annual review of malware scanned by NQ Mobile and its Security Lab, released Monday.

A handful of other trends are discussed in the report, including a decrease in malware targeting Symbian-based devices, and China being responsible for the lion’s share of infections globally.

The report also breaks down three of the most prevalent malware attack vectors, like how attackers are still taking genuine apps from Google’s Play marketplace, adding malicious code and then uploading the tweaked app to third party app stores.

Attackers are also using malicious URLs and SMS phishing, or smishing to thwart Android users.

Attacks on Android devices are a fairly regular occurrence these days, and have grown exponentially, at one point in 2011, even up 742 percent over the course of three months. In China, botnets, some 100 million strong, composed entirely of Android devices thrive, while in Japan, malicious apps litter messageboards and phony app marketplaces.

Samsung-branded devices have shared the brunt of Android’s troubles as of late. SMS vulnerabilities and password bypass flaws have been discovered on a handful of Samsung Galaxy devices over the past month or so, forcing the vendor to work on a patch to address the issue.

For those interested in the full NQ Mobile report, it can be viewed here. (.PDF)

Throw another log onto the proverbial Android malware fire: According to mobile security firm NQ Mobile, infections targeting devices running the Google-based operating system doubled in 2012. That translates to a 163 percent increase from 2011 and accounts for over 65,000 different types of malware discovered, up 30,000 from 25,000 the year before.

read more

The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the company’s database, source code and customers’ credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.

The attack on Linode was described by the company on Monday, a few days after it said that one of its customers was compromised. The details of the attack are quite similar to other attacks that have resulted in password leaks and database breaches, aside from the use of the ColdFusion zero day. Many of these operations tend to be executed through the use of stolen or compromised credentials or a known bug in one of the targeted systems.

The ColdFusion vulnerability used in the Linode attack was patched by Adobe on April 9.

“As a result of the vulnerability, this group gained access to a web server, parts of our source code, and ultimately, our database. We have been working around the clock since discovering this vulnerability. Our investigation reveals that this group did not have access to any other component of the Linode infrastructure, including access to the host machines or any other server or service that runs our infrastructure,” Linode officials said. 

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption. The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically. Along with the encrypted credit card, the last four digits are stored in clear text to assist in lookups and for display on things like your Account tab and payment receipt emails. We have no evidence decrypted credit card numbers were obtained.”

The company said that customer passwords are not stored in the Linode database. However, the company does store salted hashes of those passwords, and that’s what the attacker accessed. Those hashes should be of no use to the attacker, but the company decided to reset all customer passwords anyway.

The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the company's database, source code and customers' credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.

read more

Google has fixed a series of serious vulnerabilities in its Chrome OS, including three high-risk bugs that could be used for code execution on vulnerable machines. As part of its reward program, Google paid out more than $30,000 to a researcher who found three of the vulnerabilities.

read more

Months of distributed denial of service attacks against major U.S. banks have evolved in magnitude and ferocity causing service disruptions for online banking customers. They’ve also shown the way for other attackers to adapt and evolve techniques used in those attacks.

read more

Podcast and Downloads 04_gary_mcgraw.mp3

Dennis Fisher talks with Gary McGraw, CTO of Cigital, about his childhood as a violin prodigy, his early introduction to personal computers with the Apple II, his start in software security and the state of the discipline today.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialize correctly.

read more

In the lucrative world of online gambling, many poker rooms – especially those that rely on the user to download a client to play – are marred by insecurities.

read more

Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. After discovering that the company-s servers were infected, we began to clean them up in conjunction with the company-s system administrator, removing malicious files from the corporate network. This took a while because it was not clear at first exactly how the cybercriminals had penetrated the corporate network; we couldn-t find a way to completely stop attacks penetrating the network and malicious files kept appearing. An analysis performed by the gaming company itself led us to the conclusion that the infection started after establishing working contacts with a South Korean gaming company. This was also confirmed by our research: as we wrote before, the Winnti group is most active in East Asia and we identified 14 infected gaming companies in South Korea.

Today is the second and last day of Infiltrate 2013 which is taking place in Miami Beach. It's my first time at Infiltrate and so far I've been really impressed with the quality of the conference.

The assault against Free Tibet and Uyghur supporters is unrelenting as another watering hole attack has been uncovered, this time against a caregiver site supporting Tibetan refugee children.

read more

MIAMI BEACH--Stephen Watt was involved in a series of attacks on retailers and restaurants that federal prosecutors called the largest identity theft in U.S. history. He wrote the sniffer used by some of his friends to steal millions of credit card numbers. After federal agents raided his apartment, confiscated all of his computer equipment, he eventually was indicted on a series of charges related to the attacks on TJX, Dave & Buster's and others and was facing several years in prison. So he took a plea deal, hoping to reduce his prison time and the financial burden on his family. In all of that, what he regrets most is taking the plea.

read more

Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen. Microsoft recommends users uninstall the patch, which is also causing compatibility with some endpoint security software.

read more

A German security company spent 18 months analyzing malware among millions of Web sites ranked by the world's most popular search engines and concluded Google was safer than Bing.

read more

A new-ish Flash exploit is on the loose for attack around the web. This time, the attackers have compromised a caregiver site providing support for Tibetan refugee children and are spreading malware signed with Winnti stolen certificates with Flash exploits.

A new-ish Flash exploit is on the loose for attack around the web. This time, the attackers have compromised a caregiver site providing support for Tibetan refugee children and are spreading malware signed with Winnti stolen certificates with Flash exploits.

A form of spyware first seen in 2008 and known for siphoning away users’ bank account credentials, emails, screenshots and various other bits of information has surfaced again – this time targeting computer users in India.

read more