Feed aggregator

Ships Infected With Ransomware, USB Malware, Worms

Slashdot security articles - Wed, 12/12/2018 - 19:30
An anonymous reader writes: IT systems on boats aren't as air-gapped as people think and are falling victims to all sorts of cyber-security incidents, such as ransomware, worms, viruses, and other malware -- usually carried on board via USB sticks. These cyber-security incidents have been kept secret until now, and have only been recently revealed as past examples of what could go wrong, in a new "cyber-security guideline" released by 21 international shipping associations and industry groups. One of the many incidents: "A new-build dry bulk ship was delayed from sailing for several days because its ECDIS was infected by a virus. The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship's master and officers. A producer technician was required to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus. The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case are unknown. The delay in sailing and costs in repairs totaled in the hundreds of thousands of dollars (U.S.)." The document also highlights an incident involving ransomware. "For example, a shipowner reported not one, but two ransomware infections, both occurring due to partners, and not necessarily because of the ship's crew," reports ZDNet. Another ransomware incident occurred because the ship failed to set up proper (RDP) passwords: A ransomware infection on the main application server of the ship caused complete disruption of the IT infrastructure. The ransomware encrypted every critical file on the server and as a result, sensitive data were lost, and applications needed for ship's administrative operations were unusable. The incident was reoccurring even after complete restoration of the application server. The root cause of the infection was poor password policy that allowed attackers to brute force remote management services successfully. The company's IT department deactivated the undocumented user and enforced a strong password policy on the ship's systems to remediate the incident.

President Trump To Use Huawei CFO As a Bargaining Chip

Slashdot security articles - Wed, 12/12/2018 - 15:30
hackingbear shares a report from Politico, adding: "This fuels the suspicion that the Chinese executive is held as a hostage for the ongoing trade negotiation with China." From the report: President Donald Trump said on Tuesday that he reserved the right to weigh in on the Justice Department's case against the CFO of Huawei, if it would help him close a trade deal with Beijing or would serve other American national security interests. "If I think it's good for what will be certainly the largest trade deal ever made -- which is a very important thing -- what's good for national security -- I would certainly intervene if I thought it was necessary," Trump told Reuters. Trump added that President Xi Jinping of China had not called him about the case, but that the White House had been in touch with both the Justice Department and Chinese officials. Huawei's CFO, Meng Wanzhou, was arrested in Canada earlier this month at the request of American authorities, who allege that she violated U.S. sanctions against Iran. Yesterday, a Vancouver judge ruled that Meng would be released on a $7.5 million bail if she remains in British Columbia.

Intel Unveils Roadmaps For Core Architecture and Atom Architecture

Slashdot security articles - Wed, 12/12/2018 - 08:40
Intel on Wednesday surprised a number of people when it shared not one roadmap on CPUs, but two. AnandTech: For the high performance Core architecture, Intel lists three new codenames over the next three years. To be very clear here, these are the codenames for the individual core microarchitecture, not the chip, which is an important departure from how Intel has previously done things. Sunny Cove, built on 10nm, will come to market in 2019 and offer increased single-threaded performance, new instructions, and 'improved scalability'. Willow Cove looks like it will be a 2020 core design, most likely also on 10nm. Intel lists the highlights here as a cache redesign (which might mean L1/L2 adjustments), new transistor optimizations (manufacturing based), and additional security features, likely referring to further enhancements from new classes of side-channel attacks. Golden Cove rounds out the trio, and is firmly in that 2021 segment in the graph. Process node here is a question mark, but we're likely to see it on 10nm and or 7nm. Golden Cove is where Intel adds another slice of the serious pie onto its plate, with an increase in single threaded performance, a focus on AI performance, and potential networking and AI additions to the core design. Security features also look like they get a boost. The lower-powered Atom microarchitecture roadmap is on a slower cadence than the Core microarchitecture, which is not surprising given its history. The upcoming microarchitecture for 2019 is called Tremont, which focuses on single threaded performance increases, battery life increases, and network server performance. Based on some of the designs later in this article, we think that this will be a 10nm design. Following Tremont will be Gracemont, which Intel lists as a 2021 product. Beyond this will be a future 'mont' core (and not month as listed in the image).

Chinese Spies Reportedly Behind Massive Marriott Hack

Slashdot security articles - Wed, 12/12/2018 - 05:00
An anonymous reader quotes a report from CNET: A Chinese intelligence-gathering effort was behind the massive Marriott hotels data breach that exposed the personal information for up to 500 million people, the New York Times reported Tuesday. The hackers are believed to have been working for China's Ministry of State Security, the Times reported citing sources who had been briefed on the investigation's preliminary results. The revelation emerges as the U.S. Justice Department is preparing to announce new indictments against Chinese hackers working for the intelligence and military services, the Times reported. The hotel chain revealed last month that it had discovered that hackers had compromised the guest reservation database of its Starwood division, whose brands include Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis. Marriott said some of the stolen information also included payment card numbers and expiration dates. Private investigators involved in a probe into the breach had previously discovered hacking tools, techniques and procedures that were used in earlier cyberattacks that have been linked to Chinese hackers.

Mapping Service Blurs Out Military Bases, But Accidentally Locates Secret Ones

Slashdot security articles - Wed, 12/12/2018 - 02:00
schwit1 shares a report from Popular Mechanics: A Russian online mapping company was trying to obscure foreign military bases. But in doing so, it accidentally confirmed their locations -- many of which were secret. Yandex Maps, Russia's leading online map service, blurred the precise locations of Turkish and Israeli military bases, pinpointing their location. The bases host sensitive surface-to-air missile sites and facilities housing nuclear weapons. The Federation of American Scientists reports that Yandex Maps blurred out "over 300 distinct buildings, airfields, ports, bunkers, storage sites, bases, barracks, nuclear facilities, and random buildings" in the two countries. Some of these facilities were well known, but some of them were not. Not only has Yandex confirmed their locations, the scope of blurring reveals their exact size and shape.

Canada Grants Bail For Arrested Huawei CFO Who Faces US Extradition

Slashdot security articles - Tue, 12/11/2018 - 16:21
A judge in Vancouver, British Columbia, has set a $7.5 million U.S. bail for Huawei CFO Meng Wanzhou, who was arrested last week on suspicion of violating U.S. trade sanctions against Iran. "The United States had asked the Vancouver court to deny bail for Meng, whose father is a billionaire and a founder of Huawei, calling her a flight risk," reports CNBC. From the report: Canada has been expected to extradite Meng to the United States over charges that the company improperly took payments from Iran in violation of sanctions against the country. Meng's next moves will be closely watched, but it is likely with her corporate and family connections that she will be able to make bail. The $10 million CAD ($7.5 million USD) includes $7 million CAD ($5.2 million USD) cash and $3 million CAD ($2.2 million USD) more from five or more guarantors, presented by Meng and her attorney's as sureties that she would remain in the country. As conditions of the bail agreement, Meng must surrender her passports, wear a GPS tracking device and be accompanied by security detail whenever she leaves her residence.

Border Agents Fail To Delete Personal Data of Travelers After Electronic Searches, Watchdog Says

Slashdot security articles - Tue, 12/11/2018 - 15:40
The Department of Homeland Security's internal watchdog, known as the Office of the Inspector General (OIG) found that the majority of U.S. Customs and Border Protection (CBP) agents fail to delete the personal data they collect from travelers' devices. Last year alone, border agents searched through the electronic devices of more than 29,000 travelers coming into the country. "CBP officers sometimes upload personal data from those devices to Homeland Security servers by first transferring that data onto USB drives -- drives that are supposed to be deleted after every use," Gizmodo reports. From the report: Customs officials can conduct two kinds of electronic device searches at the border for anyone entering the country. The first is called a "basic" or "manual" search and involves the officer visually going through your phone, your computer or your tablet without transferring any data. The second is called an "advanced search" and allows the officer to transfer data from your device to DHS servers for inspection by running that data through its own software. Both searches are legal and don't require a warrant or even probable cause -- at least they don't according to DHS. It's that second kind of search, the "advanced" kind, where CBP has really been messing up and regularly leaving the personal data of travelers on USB drives. According to the new report [PDF]: "[The Office of the Inspector General] physically inspected thumb drives at five ports of entry. At three of the five ports, we found thumb drives that contained information copied from past advanced searches, meaning the information had not been deleted after the searches were completed. Based on our physical inspection, as well as the lack of a written policy, it appears [Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers' data should thumb drives be lost or stolen." The report also found that Customs officers "regularly failed to disconnect devices from the internet, potentially tainting any findings stored locally on the device." It also found that the officers had "inadequate supervision" to make sure they were following the rules. There's also a number of concerning redactions. For example, everything from what happens during an advanced search after someone crosses the border to the reason officials are allowed to conduct an advanced search at all has been redacted.

Android Trojan Steals Money From PayPal Accounts Even With 2FA On

Slashdot security articles - Tue, 12/11/2018 - 09:23
ESET researchers have discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal's two-factor authentication. A report elaborates: At the time of writing, the malware is masquerading as a battery optimization tool, and is distributed via third-party app stores. After being launched, the malicious app terminates without offering any functionality and hides its icon. This video, courtesy of ESET, demonstrates the process in practice.

Super Micro Says Review Found No Malicious Chips in Motherboards

Slashdot security articles - Tue, 12/11/2018 - 06:10
Computer hardware maker Super Micro Computer told customers on Tuesday that an outside investigations firm had found no evidence of any malicious hardware in its current or older-model motherboards. From a report: In a letter to customers, the San Jose, California, company said it was not surprised by the result of the review it commissioned in October after a Bloomberg article reported that spies for the Chinese government had tainted Super Micro equipment to eavesdrop on its clients.

Huawei Executive Arrest Inspires Advance Fee Scams

Slashdot security articles - Mon, 12/10/2018 - 18:45
UnderAttack writes: Scammers are attempting to trick Chinese victims into sending thousands of dollars in order to secure the release of Chinese Huawei executive Meng who was arrested in Canada last week. The messages claim to originate from Ms. Meng and suggest that she found a corrupt guard who will let her go for a few thousand dollars. Of course, there will be riches for anybody who is willing to help (and more). The scam is reportedly targeting people via WeChat, which may have a higher success rate than more widely distributed scams. One of the messages reads (translated): "Hello, I am MENG Wanzou. Currently, I have been detained by Canadian customs. I have limited use of my phone. Right now CIA is trying to get me into the hands of the US government. I bribed the guard of my room, and urgently need US$2000 to get out of here. Once I am out, I will reward you 200,000 shares of Huawei. I will be good on my word. if you are single, we can also discuss the important thing in life. The guard's name is David, the account number is 52836153836252, swift 55789034. I will be good on my word."

House Panel Issues Scathing Report On 'Entirely Preventable' Equifax Data Breach

Slashdot security articles - Mon, 12/10/2018 - 14:40
An anonymous reader quotes a report from The Hill: The Equifax data breach, one of the largest in U.S. history, was "entirely preventable," according to a new House committee investigation. The House Oversight and Government Reform Committee, following a 14-month probe, released a scathing report Monday saying the consumer credit reporting agency aggressively collected data on millions of consumers and businesses while failing to take key steps to secure such information. "In 2005, former Equifax Chief Executive Officer (CEO) Richard Smith embarked on an aggressive growth strategy, leading to the acquisition of multiple companies, information technology (IT) systems, and data," according to the 96-page report authored by Republicans. "Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable." The report blames the breach on a series of failures on the part of the company, including a culture of complacency, the lack of a clear IT management operations structure, outdated technology systems and a lack of preparedness to support affected consumers. "A culture of cybersecurity complacency at Equifax led to the successful exfiltration of the personal information of approximately 148 million individuals," the committee staff wrote. "Equifax's failure to patch a known critical vulnerability left its systems at risk for 145 days. The company's failure to implement basic security protocols, including file integrity monitoring and network segmentation, allowed the attackers to access and remove large amounts of data." The Oversight staff found that the company not only lacked a clear management structure within its IT operations, which hindered it from addressing security matters in a timely manner, but it also was unprepared to identify and notify consumers affected by the breach. The report said the company could have detected the activity but did not have "file integrity monitoring enabled" on this system, known as ACIS, at the time of the attack.

ESET Discovers 21 New Linux Malware Families

Slashdot security articles - Mon, 12/10/2018 - 14:00
In a report published last week by cyber-security firm ESET, the company detailed 21 "new" Linux malware families. All operate in the same manner, as trojanized versions of the OpenSSH client. From a report: They are developed as second-stage tools to be deployed in more complex "botnet" schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions.

Google Will Shut Down Google+ Four Months Early After Second Data Leak

Slashdot security articles - Mon, 12/10/2018 - 10:40
Google+ has suffered another data leak, and Google has decided to shut down the consumer version of the social network four months earlier than it originally planned. From a report: Google+ will now close to consumers in April, rather than August. Additionally, API access to the network will shut down within the next 90 days. According to Google, the new vulnerability impacted 52.5 million users, who could have had profile information like their name, email address, occupation, and age exposed to developers, even if their account was set to private. Apps could also access profile data that had been shared with a specific user, but was not shared publicly.

Can the US Stop China From Controlling the Next Internet Age?

Slashdot security articles - Sun, 12/09/2018 - 12:00
Tech executives worry China will turn to tit-for-tat arrests of Americans in response to the detention of Meng Wanzhou. And the worries don't stop there. Kara Swisher, writing at The New York Times: Imagine, if you will (and you should), a big American tech executive being detained over unspecified charges while on a trip to Beijing. That is exactly what a number of Silicon Valley executives told me they are concerned about after the arrest this week of Meng Wanzhou, the chief financial officer of the Chinese telecom company Huawei, in Canada at the behest of United States officials. "It's worrisome, because it's an escalation we did not need," one executive said, referring to the already tense trade talks between the two countries. "What China will do, given all the existing tensions, is anyone's guess." No one I spoke to would talk on the record, out of fear of antagonizing either side and also because no one knows exactly what is happening. But many expressed worry about the possibility of tit-for-tat arrests. While everyone focuses on the drama of the arrest -- Ms. Meng was grabbed while changing planes at the airport -- and its effect on the trade talks and stock prices, to my mind there is a much more important fight brewing, and it is about tech hegemony. Specifically, who will control the next internet age, and by whose rules will it be run? Until recently, that answer was clearly the United States, from which the Internet sprang, wiring the world together and, in the process, resulting in the greatest creation of power and wealth in history. While China has always had a strong technology sector, in recent years it has significantly escalated its investment, expertise and innovation, with major support from the government. That hand-in-glove relationship creates obvious issues, and the Trump administration is right to stop pretending that China does not present a threat both from security and innovation perspectives. Further reading: China summons U.S. ambassador, warns Canada of 'grave consequences' if Huawei executive Meng Wanzhou is not released.

Electron and the Decline of Native Apps

Slashdot security articles - Sun, 12/09/2018 - 06:00
SwiftOnSecurity, regarding Microsoft's switch to Chromium as Windows's built-in rendering engine: This isn't about Chrome. This is about ElectronJS. Microsoft thinks EdgeHTML cannot get to drop-in feature-parity with Chromium to replace it in Electron apps, whose duplication is becoming a significant performance drain. They want to single-instance Electron with their own fork. Electron is a cancer murdering both macOS and Windows as it proliferates. Microsoft must offer a drop-in version with native optimizations to improve performance and resource utilization. This is the end of desktop applications. There's nowhere but JavaScript. John Gruber of DaringFireball: I don't share the depth of their pessimism regarding native apps, but Electron is without question a scourge. I think the Mac will prove more resilient than Windows, because the Mac is the platform that attracts people who care. But I worry. In some ways, the worst thing that ever happened to the Mac is that it got so much more popular a decade ago. In theory, that should have been nothing but good news for the platform -- more users means more attention from developers. The more Mac users there are, the more Mac apps we should see. The problem is, the users who really care about good native apps -- users who know HIG violations when they see them, who care about performance, who care about Mac apps being right -- were mostly already on the Mac. A lot of newer Mac users either don't know or don't care about what makes for a good Mac app.

Linux.org's DNS Got Hijacked

Slashdot security articles - Sun, 12/09/2018 - 04:34
Linux.org reports: Wednesday afternoon around 5pm EST someone was able to get into the registrar account for our domain and point DNS to another server -- as well as lock us out from changing it. They pointed the domain name to a pretty rude page for most of the evening until Cloudflare stepped in and blocked the domain for us. After a lot of back and forth with our registrar, we were able to get things back under our control. I'd like to point out that our server environment was not touched so there are no worries about your data. We've gone over security protocols and are tightening things up that may have slipped through in the past. Thanks for your support! Linux.org apparently pointed to a page exclaiming "G3T 0WNED L1NUX N3RDZ", which also included a NSFW picture, some abusive language, a shout-out to recently-deceased programmer Terry Davis, and a link to an article about Linus Torvalds' controversial apology for "his hostile behavior towards others in the community." Long-time Slashdot reader Grady Martin says he also saw the page pointing to "presumably doxed info" about the creator of Linux's code of conduct, a fact confirmed by a report in the Register. "As for how it was hacked, [Linux.org owner Mike] McLagan blames the public Whois displaying his partner's email address -- presumably the hacker worked their way into the Yahoo email account listed as the admin of the site and from there requested a password change in her Network Solutions account to gain access to the domain."

DHS Looking Into Tracking Monero and Zcash Transactions

Slashdot security articles - Fri, 12/07/2018 - 12:30
The US Department of Homeland Security (DHS) is interested in acquiring technology solutions that can track newer cryptocurrencies, such as Zcash and Monero. From a report: According to a pre-solicitation document [PDF], the DHS wants to know if this is possible, before filing an official solicitation request later down the line. The DHS said that "prior efforts have addressed Bitcoin analytics," but now the agency and the law enforcement agencies under its supervision are looking into similar cryptocurrency analytics solutions that can be used to track so-called privacy coins -- cryptocurrencies that support anonymous transactions. "A key feature underlying these newer blockchain platforms that is frequently emphasized is the capability for anonymity and privacy protection," the DHS document said. "While these features are desirable, there is similarly a compelling interest in tracing and understanding transactions and actions on the blockchain of an illegal nature. This proposal calls for solutions that enable law enforcement investigations to perform forensic analysis on blockchain transactions," it added.

Chinese Mobile App Companies Are a National Security Risk, Says a Top Democrat

Slashdot security articles - Fri, 12/07/2018 - 10:20
Chinese mobile app companies pose the same national security risk to the US as telecom giants like Huawei and ZTE, Sen. Mark Warner said in an interview. From a report: Recent US legislation largely banned Huawei and ZTE from use by the government and its contractors, due to concerns about surveillance and other national security risks. Now Warner, the top Democrat on the Senate Intelligence Committee, is signaling that Chinese app developers may face similar scrutiny from lawmakers, corporate America, and the intelligence community. Warner's comments follow a recent BuzzFeed News report that popular apps from China's Cheetah Mobile and Kika Tech were exploiting user permissions to engage in a form of ad fraud. Eight Android apps with more than 2 billion total downloads were said to be engaging in a form of app-install ad fraud. Google subsequently removed two of the apps from the Play store and said it continues to investigate. Cheetah and Kika deny engaging in app-install fraud. "Under Chinese law, all Chinese companies are ultimately beholden to the Communist Party, not their board or shareholders, so any Chinese technology company -- whether in telecom or mobile apps -- should be seen as extensions of the state and a national security risk," Warner said in an interview this week with BuzzFeed News. Further reading: Sen. Warner calls for US cyber doctrine, new standards for security.

Europe Should Be Afraid of Huawei, EU Tech Official Says

Slashdot security articles - Fri, 12/07/2018 - 06:08
The European Union should be worried about Huawei and other Chinese technology companies because of the risk they pose to the bloc's industry and security, the EU's technology commissioner said on Friday. From a report: "Do we have to be worried about Huawei or other Chinese companies? Yes, I think we have to be worried about those companies," Andrus Ansip told a news conference in Brussels, days after a top executive at Chinese tech giant Huawei was arrested in Canada as part of an investigation into alleged bank fraud. Huawei, which generated $93 billion in revenue last year and is seen as a national champion in China, faces intense scrutiny from many Western nations over its ties to the Chinese government, driven by concerns it could be used by Beijing for spying. Ansip said he was concerned because Chinese technology companies were required to cooperate with Chinese intelligence services, such as on "mandatory back doors" to allow access to encrypted data. He also said those companies produce chips that could be used "to get our secrets." "As normal, ordinary people we have to be afraid," he said, adding he did not have enough information about the recent arrest in Canada.

Eastern European Banks Were Attacked Via Backdoors Directly Connected To Local Networks, Report Finds

Slashdot security articles - Thu, 12/06/2018 - 14:20
An anonymous reader writes: Karspesky security researcher Sergey Golovanov writes about recent cybertheft incidents involving hardware backdoors planted by criminals. Each attack had a common springboard: an unknown device directly connected to the company's local network. In some cases, it was the central office, in others a regional office, sometimes located in another country. At least eight banks in Eastern Europe were the targets of the attacks, which caused damage estimated in the tens of millions of dollars. Hardware backdoors are cheap and immune to antivirus. A firmware modified OpenWrt based router can provide covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Will a flashlight and a ladder be common tools of computer security someday? After the cybercriminals entered a organization's building, connected a device to the local network and scanned the local network seeking to gain access to the resources, they proceeded to stage three. "Here they logged into the target system and used remote access software to retain access," writes Golovanov. "Next, malicious services created using msfvenom were started on the compromised computer. Because the hackers used fileless attacks (PDF) and PowerShell, they were able to avoid whitelisting technologies and domain policies. If they encountered a whitelisting that could not be bypassed, or PowerShell was blocked on the target computer, the cybercriminals used impacket, and winexesvc.exe or psexec.exe to run executable files remotely."
Syndicate content