Pharming Attack Targeting Brazilian Home Router Users

[sans.org] Attackers are targeting Brazilian Internet users, spying on web traffic by exploiting vulnerabilities in home routers [infosec,forensic,sans]

Litecoin-mining code found in BitTorrent app, freeloaders hit the roof

[theregister.com] Maybe buying that Blu-Ray in the first place was the better option, huh? μTorrent users are furious after discovering their favorite file-sharing app is quietly bundled with a Litecoin mining program.… [infosec]

Data and Goliath's Big Idea

[schneier.com] Goliath is a book about surveillance, both government and corporate. It's an exploration in three parts: what's happening, why it matters, and what to do about it. This is a big and important issue, and one that I've been working on for decades now. We've been on a headlong path of more and more surveillance, fueled by fear­--of [infosec]

Fareit trojan pwns punters with devious DNS devilry

[theregister.com] These are NOT the Flash updates you are looking for DNS tricks used by the Fareit trojan mean users are tricked into downloading malware, seemingly from Google or Facebook… [infosec]

Is Babar a Bunny?

[f-secure.com] Lately there has been a lot of research and publicity around a strange case of Babar, a malware connected to suspected high-level espionage operation called SNOWGLOBE. SNOWGLOBE was first brought to media attention about a year ago by French newspaper Le Monde , when they wrote about top secret SCEC slides leaked by, who else than Edward Snowden himself. In the set of slides, there are numerous claims about French-originating malware which internally calls itself Babar. It …

Air traffic control vulnerability could allow criminals to hack the skies

[eset.com]

Lysa Myers: “There are still only a handful of women in the security field”

[eset.com] There

Fix for Xen Flaws May Require Reboot

[sans.org] Flaws in the open source Xen virtualization hypervisor could be exploited and cloud companies need to take action quickly to apply patches and reboot systems before the Xen Project releases details of the vulnerabilities on March 10 [infosec,forensic,sans]

CIA re-orgs to build cyber-snooping into all investigations

[theregister.com] Because the USA has such a shortage of digital surveillance The United States Central Intelligence Agency (CIA) has decided to re-invent itself for the digital age, promising to “place our activities and operations in the digital domain at the very center of all our mission endeavours.”… [infosec]

Bitdefender to Patch Certificate Flaw

[sans.org] says it will release fixes for several of its products to address a flaw that allows revoked certificates to be replaced with legitimate certificates [infosec,forensic,sans]

BILLION email address spam scam: Feds collar two blokes, hunt another

[theregister.com] Servers hijacked in 'largest ever' US hack, claim prosecutors The US Department of Justice (DoJ) has shed light on what it's calling the largest computer security breach in American history – after three men were charged with hacking email hosting firms, stealing email addresses, and then using the businesses' data centers to run a spam operation.… [infosec]

Mind-reading DNS security analysis offers early warning for APT attacks

[theregister.com] Precog security tech looks to predict online typo terror The application of predictive algorithms to DNS data may be able to spot malware sites before they serve up nasties.… [infosec]

Mozilla Updates Firefox to Remove Superfish Certificate

[sans.org] A Firefox update released on Friday, February 27, scrubs the Superfish self-signed certificate from the browser [infosec,forensic,sans]

Payment Cards for Sale on Underground Sites Suggests Natural Grocers' Breach

[sans.org] used at Natural Grocers' stores across the country have been found for sale on underground sites, suggesting that the company's system suffered a security breach [infosec,forensic,sans]

Securing the Nation's Ports Against Cyberterrorism

[google.com] 15, the USCG held a maritime cybersecurity standards public meeting to discuss cyber threats to our nation's ports.cyberterrorism cyber security ports [infosec,cyber,security]

SANS Special Webcast: Forensic Update: What�s New and What�s Next - Monday September 16, 2013 (10:00 AM EST)

[sans.org] Please visit http://bit.ly/16wMPuf for complete information and to access this event [infosec,forensic,webcast,sans]

Pentagon 'network intruder', dozens more cuffed in British cops' cyber 'strike week'

[theregister.com] 'Just the first step', chuckles fraudbust bigwig A "strike week" against suspected hackers by the UK's National Crime Agency has resulted in 57 arrests.… [infosec]

Pay Pal buys Israeli cyber security start-up

[google.com] The deal for the Beersheba-based CyActive was signed last week and is expected to close shortly, the Israeli business daily Globes reported [infosec,cyber,security]

Dutch Semi-Conductor Company Admits Breach

[sans.org] computer chip company ASML has acknowledged that its systems were breached [infosec,forensic,sans]

The Message: Consent Matters

[f-secure.com] Go read this: Privacy is non-negotiable: We have the right to cover our arse — or expose it A post by Laura — whom I'm very proud to have as a colleague. On 02/02/15 At 05:15 PM

CTB-Locker Infections on the Rise

[f-secure.com] We have recently observed a significant increase in infections from a nasty strain of file-encrypting ransomware called CTB-Locker. Daily CTB-Locker infections in relation to the total number of such infections this year. CTB-Locker is most commonly spread through email spam. These emails usually contain an attached .zip file that contains a second .zip file that finally contains an .scr executable file. This executable is a malicious downloader known as Dalexis. If the use…

The Ear of Sauron

[f-secure.com] A recent story by The Daily Beast seems to have ignited a real firestorm over Samsung's "smart" television terms and conditions. Which is somewhat surprising to us as we read about it months ago via Mikko. But anyway, things that listen are topical. So… do the words "always-listening voice search" sound good to you? Or do they give you the creeps? Because that's the potential future of Google's Chrome browser: Image: How-To Geek The "always-listening" feature is curr…

ACLU Obtains Warrant Revealing FBI Knew Stingray Disrupted Devices Near Target

[sans.org] The US Justice Department has maintained that the secrecy surrounding stingray cell phone surveillance technology was necessary to prevent criminals from figuring out how to elude its reach [infosec,forensic,sans]

FREAK: Security Rollback Attack Against SSL

[schneier.com] This week we learned about an attack called "FREAK" -- "Factoring Attack on RSA-EXPORT Keys" -- that can break the encryption of many websites. Basically, some sites' implementations of secure sockets layer technology, or SSL, contain both strong encryption algorithms and weak encryption algorithms. Connections are supposed to use the strong algorithms, but in many cases an attacker can force [infosec]

Ransomware Report: The Rise of BandarChor

[f-secure.com] This week, we have received a number of reports on yet another ransomware, BandarChor. This ransomware is not exactly fresh. The first infections that we've noticed related to this family came in already last November. We have had reports of BandarChor being spread via email and have seen indicators that it may have been distributed by exploit kits. Upon execution, the malware drops a copy of itself in Startup directory as well as the ransom notification image. Then it proc…

Analysis of a Cybercrime Infrastructure

[techworld_security] Security researchers have finally published an analysis that exposes the inner workings of Cybrecrime operations targeting online banking credentials for banks in the US and Europe. Download this white paper get a rare glimpse at the inside view of the infrastructure, tools and techniques used by cybercriminals [infosec]

Pharming Attack Targeting Brazilian Home Router Users

[sans.org] Attackers are targeting Brazilian Internet users, spying on web traffic by exploiting vulnerabilities in home routers [infosec,forensic,sans]

Fareit trojan pwns punters with devious DNS devilry

[theregister.com] These are NOT the Flash updates you are looking for DNS tricks used by the Fareit trojan mean users are tricked into downloading malware, seemingly from Google or Facebook… [infosec]

Litecoin-mining code found in BitTorrent app, freeloaders hit the roof

[theregister.com] Maybe buying that Blu-Ray in the first place was the better option, huh? μTorrent users are furious after discovering their favorite file-sharing app is quietly bundled with a Litecoin mining program.… [infosec]

Data and Goliath's Big Idea

[schneier.com] Goliath is a book about surveillance, both government and corporate. It's an exploration in three parts: what's happening, why it matters, and what to do about it. This is a big and important issue, and one that I've been working on for decades now. We've been on a headlong path of more and more surveillance, fueled by fear­--of [infosec]

Adobe crowdsources its bug-hunting, but no rewards offered

[eset.com] Adobe,

Magnet Forensics Expands Support in EMEA

[forensicfocus.com] Waterloo, ON., March 4, 2015 - Magnet Forensics is pleased to introduce Carl Tinker as the new Business Development & Channel Manager for Europe, the Middle East, and Africa (EMEA). Carl joins the Magnet team to provide focused support for our resellers and rapidly expanding customer base in the region. “I’m excited that Carl has joined us to lead our sales and marketing efforts in EMEA. Carl has an excellent track record and reputation within the digital forensics industry… [infosec]

Is Babar a Bunny?

[f-secure.com] Lately there has been a lot of research and publicity around a strange case of Babar, a malware connected to suspected high-level espionage operation called SNOWGLOBE. SNOWGLOBE was first brought to media attention about a year ago by French newspaper Le Monde , when they wrote about top secret SCEC slides leaked by, who else than Edward Snowden himself. In the set of slides, there are numerous claims about French-originating malware which internally calls itself Babar. It …

Air traffic control vulnerability could allow criminals to hack the skies

[eset.com]

Lysa Myers: “There are still only a handful of women in the security field”

[eset.com] There

The TSA's FAST Personality Screening Program Violates the Fourth Amendment

[schneier.com] New law journal article: "A Slow March Towards Thought Crime: How the Department of Homeland Security's FAST Program Violates the Fourth Amendment," by Christopher A. Rogers. From the abstract: FAST is currently designed for deployment at airports, where heightened security threats justify warrantless searches under the administrative search exception to the Fourth Amendment. FAST scans, however, exceed the scope of [infosec]

UK police arrest 57 people including alleged Yahoo and US Department of Defense hackers

[techworld_security] Mega-bust dragnet [infosec]

Mandarin Oriental coughs to credit card breach

[theregister.com] Swanky hotel chain left with Michelin-starred egg on face Upmarket hotel chain Mandarin Oriental has admitted to a credit card breach.… [infosec]

France fingered as source of Syria-spying Babar malware

[theregister.com] Crack team of malware boffins think DGSE coded reconware France's spy agency has been fingered as the likely author of complex reconnaissance malware, researchers say.… [infosec]

Fujitsu image-processing tech able to identify blurry people in CCTV footage

[techworld_security] The company claims the technology could be used by a business owner to plan the layout of a shop or restaurant [infosec]

GoPro cameras' WiFi security is GoAmateur

[theregister.com] Slurp sick sports selfies without getting off your skateboard Net nuisances can harvest the cleartext SSIDs and passwords of wireless networks accessed by sports selfie box GoPro.… [infosec]

Now Corporate Drones are Spying on Cell Phones

[schneier.com] The marketing firm Adnear is using drones to track cell phone users: The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns. "Let's [infosec]

Online bank Trojans declined in 2014 as arrests and takedowns bite

[techworld_security] UK is still the second most targeted country [infosec]

BILLION email address spam scam: Feds collar two blokes, hunt another

[theregister.com] Servers hijacked in 'largest ever' US hack, claim prosecutors The US Department of Justice (DoJ) has shed light on what it's calling the largest computer security breach in American history – after three men were charged with hacking email hosting firms, stealing email addresses, and then using the businesses' data centers to run a spam operation.… [infosec]

Mind-reading DNS security analysis offers early warning for APT attacks

[theregister.com] Precog security tech looks to predict online typo terror The application of predictive algorithms to DNS data may be able to spot malware sites before they serve up nasties.… [infosec]

Low Hanging Fruit: Flash Player

[f-secure.com] Flash Player version 16.0.0.296 is now available . In Windows, you can check what version you have installed via Flash's Control Panel applet. According to Adobe Security Bulletin APSA15-01 , users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days. We're not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended. And not only that, but more. A…

Apple iOS 8.1.3 Terms and Conditions

[f-secure.com] This may already be old news since everybody always reads the terms and conditions of the software they install, but we sometimes don't — and we think this section of iOS 8.1.3's terms to be of interest. Privacy: Location Services part we kind of assumed. But automatically including your zip code? New to us. We didn't notice that bit earlier. Anyway… now you know. On 29/01/15 At 01:18 PM

Payment Cards for Sale on Underground Sites Suggests Natural Grocers' Breach

[sans.org] used at Natural Grocers' stores across the country have been found for sale on underground sites, suggesting that the company's system suffered a security breach [infosec,forensic,sans]

Pentagon 'network intruder', dozens more cuffed in British cops' cyber 'strike week'

[theregister.com] 'Just the first step', chuckles fraudbust bigwig A "strike week" against suspected hackers by the UK's National Crime Agency has resulted in 57 arrests.… [infosec]

CIA Planning Overhaul To Handle Modern Cyber Threats

[google.com] These will oversee the agency's cyber operations, including monitoring ... in its 67-year history in part to respond to the growing threat of cyber warfare [infosec,cyber,security]