blog trackingRealtime Web Statistics Hits | Gregory D. Evans | Worlds No. 1 Security Consultant - Part 5

Posts Tagged ‘hits’

Foreign cyber attack hits US infrastructure: expert

A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.

View full post on cyber terrorism – Yahoo! News Search Results

View full post on National Cyber Security

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Android Malware Hits Record Heights, Report Warns

Android malware has increased 472 percent since July, a new report from Juniper Networks warned earlier this week, with the months of October and November shaping up to see the fastest jump in Android malware ever discovered, the company stated.

The number of Android malware samples identified in September increased by 28 percent over the number of known samples, according to research by the Juniper Global Threat Center.

October, however, showed a 110 percent increase in malware sample collection over the previous month and a full 171 percent increase over what had been collected up to July 2011, Juniper stated.

Previously, Juniper reported a 400 percent increase in Android malware between 2009 and the summer of 2010.

‘The Vulnerabilities Remain’

At the same time, the malware used today is becoming increasingly sophisticated, Juniper noted.

For instance, last Spring, Juniper began seeing Android malware that was capable of leveraging one of several platform vulnerabilities, allowing the malicious code to gain root access on a device, in the background, and then install additional packages, which would extend the functionality of the malware, the company explained.

Since the vulnerabilities remain in about 90 percent of Android devices out there, just about every piece of malware currently released targets them, Juniper said.

Spyware and SMS Trojans

Most such malicious applications target communications, location or other personally identifying information, Juniper said.

Of the known samples to date, 55 percent act as spyware, and 44 percent are SMS Trojans, which send SMS messages in the background to the attacker’s premium-rate numbers. Once those messages are sent, the money is not recoverable, Juniper pointed out.

Android’s open applications store model is to blame for the prevalence of malware directed at the platform, Juniper concluded.

‘Anything Can Be Uploaded’

Indeed, “Apple locks everything down and inspects every app submission, and there’s only one channel where you can get those apps,” Chris Hazelton, research director for mobile and wireless with the 451 Group, told TechNewsWorld.

With Android, on the other hand, “no one inspects the apps,” Hazelton noted. “Anything can be uploaded to the Android Market,” and there are many ways to get Android apps.

While Google (Nasdaq: GOOG) has been very quick to remove offending apps from its store and from users’ devices once it learns about them, “I think they should be more proactive, with some tools in place to inspect these apps,” Hazelton suggested.

In addition, “there needs to be security at the device level too,” he added. “It could be antivirus, or it could be other tools. Hopefully there will be a new way of protecting these devices.”

Google earns far more from Android than hardware makers, carriers or app developers do thanks to the advertising revenue it collects, so “it has the most to gain by making Android more secure and Android apps more trustworthy,” Hazelton pointed out.

‘Google Has to Play a Role’

Indeed, “Google has to play a role in monitoring and protecting their users,” tech analyst Jeff Kagan agreed.

Meanwhile, Kagan also expects security firms like [Symantec] and McAfee to see “an enormous opportunity to expand their coverage,” he told TechNewsWorld.

“We have been warning users of the coming threat to the mobile world,” Kagan concluded. “It looks like it is finally here.”

‘Don’t Be the Early Adopter’

So what can users do to protect themselves in the wake of all this?

“Don’t be the early app adopter,” Hazelton warned. “If there are no downloads or ratings already, don’t download the app. You really can’t trust unknown developers.”

Users should also pay attention to what permissions Android apps request, Hazelton said.

“Question why they need access to certain data,” he suggested. “You can’t line-item veto particular features of an app, but maybe that’s something Google should address.”

Either way, “the worst-case scenario is your device is hacked and used to listen in on your conversations or follow where you’re going,” Hazelton noted. “That’s pretty scary.”

Article source:

View full post on National Cyber Security » Spyware/ Cyber Snooping

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Medicare card scam hits valley

Winnie Greenshields, volunteer coordinator of the local Senior Medicare Patrol, warns seniors that two local people have been contacted in a new scam to obtain Medicare card numbers.

View full post on credit card scam – Yahoo! News Search Results

View full post on National Cyber Security

Katherine hits out at ‘pathetic’ cyber bully

Katherine Jenkins has lashed out at a vicious cyber-bully over their “pathetic” attempts to “destroy” her character over the past year.

The outburst came in the wake of the mezzo soprano’s appearance on BBC cookery programme Something for the Weekend.

Jenkins, 31, recognised the name of her assailant when a question which had been sent in to the show was read out on air by host Tim Lovejoy.

Within half an hour of the show ending, Jenkins took to Twitter where she wrote a long post slamming the stalker’s behaviour.

She wrote: “I find it very sad that even as an adult you think it’s ok to bully someone.

“You have no right to harass me as you’ve done over the past year with comments like ‘bring out the dead daddy story again’.”

The barb is a reference to the singer’s loss of her father to lung cancer when she was 15-years-old.

“You’ve set up a false account in my name where you slate and destroy my character” she added.

“After blocking you, you still tried to find a way to get to me and this morning was one step too far.

“Sending in a question to be read on live TV (which didn’t even make any sense!) to ‘make me look clueless’ is utterly pathetic you clearly failed.

“I’ve tried to ignore you but after this it’s time to stand up to you.”

Jenkins refused to name her attacker on the grounds that they would find the attention gratifying.

“The sad thing is you’ll probably enjoy the attention which is why I haven’t mentioned your twitter name but I know you know who you are,” she said.

The revelation completed a bad week for Jenkins who also had a £25,000 poppy made of black diamonds and rubies stolen shortly before she was due to sing in front of the Queen in the Festival of Remembrance at London’s Royal Albert Hall.

Jewellers Garrard, who had produced the broach as a one-off piece for the occasion, have pledged to replace the poppy which was to be auctioned to provide funds for injured servicemen.

Jenkins declined to comment further on the cyber-bullying incident.

But last night her management released a statement saying that: “Bullying of any kind is unacceptable.

“Katherine loves Twitter as it is one of the many ways she speaks and connects to her friends and fans.

“It’s a shame that a minority use it as a way to cyber bully.”


})();//call anonymous function

Article source:

View full post on National Cyber Security

Suspicion falls on Israel as new computer ‘supervirus’ hits Iran

Iran says its defence computer systems have been infected with a “supervirus” similar to one believed to have been created by Israel which severely damaged Tehran’s nuclear program last year.

Anti-virus experts have identified a virus called Duqu that they said shared properties with the Stuxnet worm apparently created by Mossad, the Israeli security service. It was thought to have targeted the nuclear program’s centrifuges, the devices that enrich uranium to create nuclear fuel.

It was not clear from the Iranian statement whether Duqu had also struck nuclear facilities, but it was the regime’s first admission of damage.

“We are in the initial phase of fighting the Duqu virus,” said Gholamreza Jalali, the head of Iran’s civil defence program. “The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet. All the organisations and centres that could be susceptible to being contaminated are being controlled.”

Mossad and other Western intelligence agencies have made no comment on sabotage operations against Iran, as Western leaders continue to argue about whether military action would justified. A report by the International Atomic Energy Agency last week claimed that Iran was developing technology to fit nuclear warheads to missiles.

William Hague, the British Foreign Secretary, said that Britain was not yet “calling for, or advocating, military action”, but added: “At the same time, we are saying that all options are on the table.” Guido Westerwelle, the German foreign minister, said harsh sanctions were unavoidable but he would not consider military intervention.

Even Israel is split, with Benjamin Netanyahu, the prime minister, and Ehud Barak, the defence minister, said to be in favour, but a majority against.

The Stuxnet virus altered the speed at which the enrichment centrifuges spun until they were out of control. It was so sophisticated that experts said it must have been the work of an advanced, probably national, sabotage program. Duqu operates differently, though using some of the same code to infiltrate computers, sending back information to its handlers rather than breaking down systems. The virus was spread through an infected Microsoft Word document.

Symantec, the computer security firm, which has led investigations into Stuxnet and Duqu, said the new virus seemed to be intended to gain remote access to computer systems.

“The authors had access to the Stuxnet source code,” Symantec said. “The attackers are looking for information such as design documents that could help mount an attack on an industrial control facility. Duqu is essentially the precursor to a Stuxnet-like attack.”

Israel has done little to hide its glee at a series of “problems” faced by Iran’s weapons and nuclear programs.

An explosion at a missile base on Saturday killed 17 members of Iran’s Revolutionary Guard, including Hassan Moghaddam, the brigadier-general in charge of missile development. Its similarity to an explosion at a base in October last year caused speculation that both were the work of Mossad. “I don’t know the extent of the explosion,” said Mr Barak on Sunday night. “But it would be desirable if they multiply.”

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Gergory Evans

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Hacker hits chemical and defense firms

Hackers have hit dozens of companies in the chemical industry and defense sector, and snaffled company secrets, according to a report from Symantec.

The attacks, it says, started in late July and continued until mid-September. Before that, says Symantec, the same individuals were targeting human rights-related NGOs.

The attacks, dubbed Nitro, were apparently carried out using social engineering, with an email carrying a malicious attachment, presented as an Adobe Flash or anti-virus update. The malware used was a version of the remote access Trojan PoisonIvy.

Symantec says it’s been able to trace the attacks to a virtual private server in the US.

“However, the system was owned by a 20-something male located in the Hebei region in China,” it says in the report.

“He attended a vocational school for a short period of time specializing in network security and has limited work experience, most recently maintaining multiple network domains of the vocational school.”

The company’s dubbed him Covert Grove, based on a literal translation of his name. It says it can’t tell whether he was working on his own, or acting on behalf of another party – such as the Chinese government.

In any case, says Symantec, other hackers are targeting the same companies, although it says it can’t find any connection between the two.

“Simply restricting permissions would be enough to stunt the spread of an attack like this,” points out Chester Wisniewski of Sophos.

“Additionally, the behavior of this malware is quite easy for HIPS or behavioral anti-virus to detect and block. With the multitude of techniques being used by the bad guys, analyzing the behavior of applications is critical.”


Article source:

View full post on National Cyber Security » Computer Hacking

Cyber Attack Hits 760 Companies

(MENAFN – Qatar News Agency) A massive cyber-attack that led to earlier this year also victimized Google, Facebook, Microsoft and many other big-named companies, according to a new analysis released …

View full post on cyber attack – Yahoo! News Search Results

View full post on National Cyber Security

RSA SecurID token attack hits Australian companies

The aftermath of the RSA SecurID token attack which occurred in March and led to the replacement of thousands of tokens, has continued with the revelation that customers of Australian Internet service providers, including Telstra and iiNet, may have been compromised.

This was because hackers used the same command and control techniques that infiltrated RSA to target 760 companies around the world.

US-based security blogger, Brian Krebs, who has compiled a list of the companies targeted, wrote that many of the network owners listed are ISPs and were included because some of their subscribers were hit.

“It is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims,” Krebs wrote.

“Finally, some of these companies, such as the anti-virus vendors, may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.”

RSA president, Tom Heiser, recently said the attacks were sophisticated: they used advanced techniques to connect to RSA’s systems and used different malware, some of which was compiled just hours before an attack. The information stolen was compressed and encrypted before it was exfiltrated, making it more difficult to identify.

The two hacker groups stole specific information about SecurID, but RSA has declined to explain what was stolen.

In August, RSA’s ANZ general manager, Andy Solterbeck, said that the attack was committed by a nation state and that it was still a few months away from replacing all of the SecurID tokens in the Australian marketplace.

The company has offered large customers, such as ANZ Banking Group, an early renewal of their contracts along with new devices, while smaller users were able to get free contract extensions. It has also offered to help with risk mitigation.

Article source:

View full post on National Cyber Security » Computer Hacking

Mario Kart on Facebook? Fast-spreading scam hits many users’ accounts

Facebook users are tricked into believing that they can play Mario Kart on the social network.

In reality, they’re helping to put money into the pockets of scammers.Mario Kart on Facebook? Fast-spreading scam hits many users’ accounts, Blog, hits, Facebook, Many, Scam, Accounts, Users’, Mario, Kart, Fastspreading

View full post on Naked Security – Sophos

View full post on National Cyber Security

Gergory Evans

Computer virus hits U.S. drone fleet

Many Reapers and Predators, pictured above at the Creech Air Force Base in 2009, don't encrypt the video they transmit.

(WIRED) — A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

Drones have become America’s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki – part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.

But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.

The lion’s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a “ground control station,” or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot’s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield.

Some of the GCSs are classified secret, and used for conventional warzone surveillance duty. The GCSs handling more exotic operations are top secret. None of the remote cockpits are supposed to be connected to the public internet. Which means they are supposed to be largely immune to viruses and other network security threats.

But time and time again, the so-called “air gaps” between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.

Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives. “That meant rebuilding them from scratch” — a time-consuming effort.

The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”

However, insiders say that senior officers at Creech are being briefed daily on the virus.

“It’s getting a lot of attention,” the source says. “But no one’s panicking. Yet.”

Subscribe to WIRED magazine for less than $1 an issue and get a FREE GIFT! Click here!

Copyright 2010

Computer virus hits U.S. drone fleet, Blog, computer, U.S., hits, virus, drone, Fleet

Share this on:

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Page 5 of 7« First...«34567»

My Twitter

Gregory D. Evans On Facebook