data

now browsing by tag

 
 

Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside

Source: National Cyber Security – Produced By Gregory Evans

People who are worried about their security will use a secure phone, lock down their computer, and use strong passwords for their online accounts. But how many people have considered that their car could be leaking their most sensitive data?

A researcher who recently decided to investigate his car’s infotainment system found that it was not designed using modern software security principles, yet it stored a lot of personal information taken from his phone that could be valuable to hackers.

Executing code on the car’s infotainment unit was extremely easy by connecting a USB flash drive with specially crafted scripts. The system automatically picked up those files and executed them with full administrative privileges.

Car enthusiasts have used the same method in the past to customize their infotainment systems and run non-standard applications on them, but Gabriel Cîrlig, a senior software engineer at security firm Ixia, wanted to understand the security implications of this technique.

What he found was a major privacy issue where call histories, contacts, text messages, email messages, and even directory listings from mobile phones that had been synchronized with the car, were being stored persistently on the infotainment unit in plain text.

Mobile operating systems like Android and iOS go to great lengths to protect such data by restricting which applications have access to it or by allowing users to encrypt their devices. All that security could be undone if people pair their devices over Bluetooth with an infotainment system like the one found in Cîrlig’s car.

Cîrlig and an Ixia colleague Ștefan Tănase decided to go even further and investigate how the car’s infotainment unit could be potentially abused by an attacker or even law enforcement to track users and obtain information about them that they couldn’t otherwise get from their mobile devices.

The researchers presented their findings Friday at the DefCamp security conference in Bucharest, but declined to disclose the car make or model because they’re still in the process of reporting the privacy issue they found. However, they mentioned that the car was made by a Japanese manufacturer.

Cîrlig told me that there is a firmware update available that blocks the USB attack vector on his car, but installing it requires going to a dealership. This means that a large number of cars will likely never be patched.

The infotainment system itself is a hacker’s paradise and is more powerful than most embedded devices, including home routers. It has a Cortex-A9 CPU with 1GB of RAM, as well as Wi-Fi and GPS. The operating system is based on Linux and has a fully functional Bash command-line shell with all its usual utilities. On top of that, there are various debugging tools, including for the GPS, that the system’s developers did not bother to remove, according to Cirlig.

It looks like technology that was created in a rush without any concern for security engineering, Cîrlig told me. “A production system, at least for a car, should be completely locked down.”

He thinks that some of the software design choices were driven by convenience, like the storing of unencrypted user sensitive data indefinitely instead of requesting it again from the phone when the device is in proximity.

In addition to data copied from mobile devices, Cîrlig found other sensitive information on the infotainment unit, such as a list of favorite locations the car has been driven to or from, voice profiles, vehicle status information, and GPS coordinates.

For their presentation, Cîrlig and Tanase showed a proof-of-concept malware program—a Bash script—that when executed via USB, continuously looked for open Wi-Fi hotspots, connected to them and could exfiltrate newly collected data. By combining this malware with location data from the GPS, an attacker could also track the car in real time on a map.

To make things worse, the rogue script is installed as a cron job—a scheduled task on Linux—and is persistent. Even if the infotainment system is reset to factory defaults, cron jobs are not removed, the researchers said.

Hackers could take the attack even further and create a USB worm, where a compromised infotainment system could infect all USB dongles plugged into it and potentially spread the infection to other cars, Cîrlig said. Or the car could be used in a wardriving scenario, trying to automatically exploit Wi-Fi networks and other systems it encounters, he said.

The development of infotainment systems is usually outsourced to third-party electronic component suppliers and not made by the automobile manufacturers themselves. Other researchers have shown in the past that there are ways to jump from the infotainment systems to more critical electronic control units (ECUs)—the specialized embedded computers that control a car’s functions.

The auto industry continues to work using outdated programming principles and very old technology stacks that would be unacceptable today in a modern software development environment; and that needs to change, Cîrlig said. “For someone like myself who has a software development background, that style of coding looks ancient, from the age of the dinosaurs.”

The post Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches

Source: National Cyber Security – Produced By Gregory Evans

Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect.

Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used the same username and password on multiple online accounts.

While data breaches are bad news for internet users, Google’s study finds that phishing is a much more dangerous threat to its users in terms of account hijacking.

In partnership with the University of California Berkeley, Google pointed its web crawlers at public hacker forums and paste sites to look for potential credential leaks. They also accessed several private hacker forums.

The blackhat search turned up 1.9 billion credentials exposed by data breaches affecting users of MySpace, Adobe, LinkedIn, Dropbox and several dating sites. The vast majority of the credentials found were being traded on private forums.

Despite the huge numbers, only seven percent of credentials exposed in data breaches match the password currently being used by its billion Gmail users, whereas a quarter of 3.8 million credentials exposed in phishing attacks match the current Google password.

The study finds that victims of phishing are 400 times more likely to have their account hijacked than a random Google user, a figure that falls to 10 times for victims of a data breach. The difference is due to the type of information that so-called phishing kits collect.

Phishing kits contain prepackaged fake login pages for popular and valuable sites, such as Gmail, Yahoo, Hotmail, and online banking. They’re often uploaded to compromised websites, and automatically email captured credentials to the attacker’s account.

Phishing kits enable a higher rate of account hijacking because they capture the same details that Google uses in its risk assessment when users login, such as victim’s geolocation, secret questions, phone numbers, and device identifiers.

The researchers find that 83 percent of 10,000 phishing kits collect victims’ geolocation, while 18 percent collect phone numbers. By comparison, fewer than 0.1 percent of keyloggers collect phone details and secret questions.

The study finds that 41 percent of phishing kit users are from Nigeria based on the geolocation of the last sign-in to a Gmail account used to receive stolen credentials. The next biggest group is US phishing-kit users, who account for 11 percent.

Interestingly, the researchers found that 72 percent of the phishing kits use a Gmail account to send captured credentials to the attacker. By comparison, only 6.8 percent used Yahoo, the second most popular service for phishing-kit operators. The phishing kits sent were sending 234,887 potentially valid credentials every week.

Gmail users also represent the largest group of phishing victims, accounting for 27 percent of the total in the study. Yahoo phishing victims follow at 12 percent. However, Yahoo and Hotmail users are the largest group of leaked credential victims, both representing 19 percent, followed by Gmail at 12 percent.

They also found most victims of phishing were from the US, whereas most victims of keyloggers were from Brazil.

The researchers note that two-factor authentication can mitigate the threat of phishing, but acknowledges that ease of use is an obstacle to adoption.

The post Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Source: National Cyber Security – Produced By Gregory Evans

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Hackers have once again targeted Verticalscope, a Canadian firm that manages hundreds of popular web discussion forums with over 45 million user accounts. The breach has compromised at least 2.7 million user accounts. The Toronto-based company runs a network of support forums and online community websites catering to a wide range of interests, from outdoor and automotive to sports and technology.

In June 2016, Verticalscope admitted that it had suffered a data breach that saw at least 45 million user accounts compromised and their data leaked in a blog post on Leakedsource.com.

The latest breach impacted six websites, including Toyotanation.comJeepforum.com – the company’s second-most popular website – and Watchuseek.com, security expert Brian Krebs first reported.

Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope.com and a number of other sites operated by the company.

Holden initially suspected that a nefarious actor was just trying to resell data stolen in the 2016 breach.

“That was before he contacted one of the hackers selling the data and was given screen shots indicating that Verticalscope.com and several other properties were in fact compromised with a backdoor known as a ‘Web shell’,” Krebs wrote. “With a Web shell installed on a site, anyone can remotely administer the site, upload and delete content at will, or dump entire databases of information — such as usernames, passwords, email addresses and Internet addresses associated with each account.”

The hackers reportedly obfuscated certain details in the screenshots that allowed him to locate at least two backdoors on Verticalscope’s website and Toyotanation.com, one of the company’s most popular forums.

Krebs reported that a simple search on one of Verticalscope’s compromised domains led to a series of Pastebin posts that have since been deleted “suggesting that the individual(s) responsible for this hack may be trying to use it to advertise a legally dicey new online service called LuiDB”.

“Similar to Leakedsource, LuiDB allows registered users to search for account details associated with any data element compromised in a breach — such as login, password, email, first/last name and Internet address,” Krebs noted. “The first search is free, but viewing results requires purchasing a subscription for between $5 and $400 in Bitcoin.”

“The intrusion granted access to each individual website files,” Verticalscope said in a statement to Krebs. “Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.”

The company did not provide any details regarding when and how the attack took place or who carried out the hack. IBTimes UK has reached out to Verticalscope for further details.

The post Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Data Analytics: The #New Tool To Prevent #Cyber Security #Attacks

Source: National Cyber Security – Produced By Gregory Evans

Data Analytics: The #New Tool To Prevent #Cyber Security #Attacks

Cyber attacks and security breaches are now a constant threat for businesses. Costing the global economy $450 billion in 2016, they’re now occurring with increased regularity, which in turn has forced businesses to focus more on cybersecurity protocols to protect their key data.

A report issued by Malwarebytes showed that over one billion Malware-based incidents manifested between June and November of 2016, and it’s expected that most of those incidents actually went unnoticed until they had breached a network.

A primary target for cybercriminals are the gaps found when big data files are stored, and following the introduction of the cloud, with its unlimited storage facilities, a new avenue has been opened for hackers to penetrate a system. Allowing for the storage of larger datasets in one place, which can then be simultaneously accessed by numerous people, it’s this transition from data centre storage to the cloud that cybercriminals are looking to target. If security protocols of a business are not enforced and up-to-date then a system can be breached.

However, it isn’t only big data storage systems that now harbor potential threats. Cybercriminals have now begun to utilize smartphones and wearable technology to breach a company network. With statistics showing that four out of five UK adults now own a smartphone, many of which access secure work WiFi networks on a daily basis, it has opened up as the next route that hackers are choosing to exploit.

As the threat from cybercriminals increases, businesses can’t take data security lightly, as cybercriminals are constantly finding new ways to access a system.

Detecting a threat as soon as it penetrates a security firewall is not an easy task by any means, and when a breach does happen there’s no simple fix. They are, however, manageable, and it’s data analytics that has become the newest line of security to help stop threats and increase protection.

A recent survey found that 53% of businesses use data analytics to detect high-security threats to their business. This is a figure which should increase, as findings from a report by the Ponemon Institute shows that an organisation is 2.25 times more likely to recognise a threat within hours or minutes if they implement data analytics.

What is data analytics?

The process of data analytics involves data specialists examining large sets of data to uncover anomalies that are not normally seen by the naked eye. Analysts will sift through data searching for unknown correlations in figures or hidden patterns, and from the information collected, they’re able to perform a comprehensive analysis, and use their findings to identify and deter cyber attacks.

To identify if and when a security breach may happen, analysts will apply predictive analysis techniques to data when it’s under examination. Using statistical methods such as predictive modelling, it enables analysts to use statistics to predict potential outcomes. Partnered with data mining, in which analysts sift through large amounts of historical data, they are then able to cross-examine it with real-time data in order to firm up their predictions.

If a threat area is identified, security protocols will then be implemented, alongside algorithms relevant to the data type or structure which are placed in the development code. This should then close the vulnerability and stop firewall breaches instantaneously.

What can it do for your business?

Despite the ability for data analytics to offer a solution to a daily problem, it’s still something that hasn’t been put to full use by businesses. But with software now available that can be used to aid analysis of larger datasets such as Hadoop, it’s becoming a more mainstream solution.

The data gathered during the analytics process will provide a business with a better understanding of cyber attacks arming them with the correct tools to ultimately stop them from happening. It also allows IT security teams to protect businesses from the inside out.

Larger organisations often have an in-house team constantly monitoring security. But for smaller businesses, there are still options to increase your security protocols. Systems such as managed security service providers offer some network security management, which can be used if your business simply doesn’t have the resources to hire a large team of experts.

Data analytics can also help to quash the potential threats from inside your organisation. Using a security information and event management system (SIEM), businesses are able to monitor devices that are connected to the network, and through the data collected, if a security risk is identified it can be halted.

Implementing data analytics is a practice that every business can use to protect themselves against cyber attacks, increasing their front line of defence, the information collected can help improve security on a business network, and could – in the future – mean an end to the unpredicted breaches to security systems.

Source:

The post Data Analytics: The #New Tool To Prevent #Cyber Security #Attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure

FormBook is the new malware from attackers targeting manufacturing, defense, and aerospace firms in the South Korea and the United States.

According to the expert FireEye researchers, Formbook was identified in numerous distribution campaigns attacking the U.S. with emails containing unauthentic XLS, DOC, or PDF files. Even similar attacks from FormBook have been identified in South Korea through emails containing malicious files in ZIP, ACE, ISOS, and RAR formats.

With functional payloads, Formbook creates grabber to steal the data, the same being advertised in various hacking forums since 2016. Keylogging, tracking HTTP/SPDY/HTTPS/HTTP2 forms, network requests, stealing passwords from the browsers, email clients, clipboard monitoring, and taking screenshots are some of the prominent capabilities of FormBook.

There have been wide assortments of distribution mechanisms leveraged by the attackers of such email campaigns to distribute the information from FormBook malware, as posted on 9th October 2017 on the australiandefence.com.

As confirmed by the FireEye experts, an important and exclusive feature of this malware is that is can read ‘Windows ntdl.dll module’ to memory from the disk. This is the exported function of the FormBook making ineffective the API monitoring and user-mode hooking mechanisms.

There is a self-extracting RAR file that delivers the payload execution to the FormBook. During the instigation of launch,an AutoIt loadersrun and compile the script. This script decrypts the files from FormBook payload into a memory and then carry the execution process, confirm the researchers.

But overtime the researchers have identified that FormBook can also download NanoCore, which is a remote access Trojan or RAT that was first witnessed in 2013 and readily sold on the web. Taylor Huddleston, the author of the same was arrested for this in March 2017.

Besides the United States and South Korea, the malware has targeted other countries, such as United Kingdom, France, Poland, Ukraine, Hungry, Russia, Australia, Germany, and Netherlands.Even the archive campaign has hit the prominent countries of the world like United States, Belgium, Japan, Saudi Arabia, France, Sweden, Germany, and India.

The FormBook holds the potential to hit Windows devices, and hence it has become an urgent need for the high-end institutions to look to a more secure solution and upgrade their Windows operating system. As for now, it is announced strictly to not open any suspicious emails or click on unidentified links or download any unknown attachments from any unrecognized email address.

Source:

The post CyberSecurity Alert in South Korea and the United States as Data Stealing Malware Attacks the Infrastructure appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Source: National Cyber Security – Produced By Gregory Evans

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Hackers hit Pizza Hut earlier in October and reportedly stole customers’ financial information. Pizza Hut said that its website was hacked and some of its customers who used the fast food chain’s website and app were affected by the breach.

Although Pizza Hut reportedly sent out emails notifying its customers of the breach, the alerts came two weeks after the company’s website was hacked. Some users took to Twitter to complain about the delayed notification. Some customers also reported fraudulent card transactions, which they suspect may have occurred due to the Pizza Hut hack.

“Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” the company said in an email sent to affected customers, Bleeping Computer reported.

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the fast food chain added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”

It is still unclear as to how many users may have been affected by the breach and whether the hackers were able to get their hands on any corporate data. IBTimes UK has reached out to Pizza Hut for further clarity on the incident and will update this article in the event of a response.

Source:

The post Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Craigslist Sides With LinkedIn In Battle Over Users’ Data

Source: National Cyber Security – Produced By Gregory Evans

Listings service Craigslist is backing LinkedIn in a fight with startup HiQ Labs over scraping. Website operators “have every right to employ technological measures” to block scraping by outside companies, Craigslist argues in a friend-of-the-court brief filed this week with the 9th Circuit Court of Appeals. Craigslist’s involvement marks the…

The post Craigslist Sides With LinkedIn In Battle Over Users’ Data appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Blockchain Could Help Us Reclaim Control of Our Personal Data

Source: National Cyber Security – Produced By Gregory Evans

It’s a strange world we live in when large companies such as Experian, Equifax, and TransUnion are able to store huge quantities of our personal data and profit from it in a way that doesn’t always benefit us. And when those same companies lose our personal data and make us…

The post Blockchain Could Help Us Reclaim Control of Our Personal Data appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers can steal data off your Android phone via Bluetooth

Hackers can steal data off your Android phone via BluetoothAs always with new security issues affecting mobile devices, it’s Android users who have to worry about the newly discovered Bluetooth hack. Windows and iOS phones are protected against it but only if you’ve installed the September 12th security patch on Windows or run iOS 9.3.5 or laters. A security… View full post on National […] View full post on AmIHackerProof.com | Can You Be Hacked?

How data analytics can boost health IT security

Source: National Cyber Security – Produced By Gregory Evans

It’s frightening to consider that the new generation of combat might extend to the very hospital beds of our wounded veterans. But no less than that is at risk when we talk about security of health IT systems. Because of development and acquisition cycles, a medical device is already three…

The post How data analytics can boost health IT security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures