now browsing by tag
In early October, the Russian hacking group, infamous for infiltrating the computer networks of the Democratic National Committee (DNC) last year, launched a new operation targeting potential attendees of an upcoming US cybersecurity conference, research suggests.
The Kremlin-linked unit, known as APT28 or Fancy Bear, weaponised a real Word document titled “Conference_on_Cyber_Conflict.doc” with a reconnaissance malware known as “Seduploader” to target delegates from Washington DC-based Cyber Conflict US, or CyCon.
The two-page file, lifted from the conference’s website, was created on 4 October and threat researchers from Cisco Talos, who first spotted the malware, said that attacks peaked three days later.
“Due to the nature of the document, we assume that the targeted people are linked or interested by the cybersecurity landscape,” three Talos experts wrote in a joint report (22 October).
High profile speakers billed to talk at CyCon, which is set to take place on 7-8 November, includes former US National Security Agency director Keith Alexander and current commanding general of the US Army’s Cyber Command, Paul Nakasone.
The Fancy Bear hackers, known to Talos as “Group 74”, has been linked to the Seduploader in the past and regularly uses real-world events as the launch pad for attacks.
Multiple cybersecurity analysts believe the hackers are associated with Russian intelligence.
“In this case, Group 74 did not use an exploit or any 0-day but simply used scripting language embedded within the Microsoft Office document,” Talos said.
Zero-day exploits are typically used in sophisticated attacks and exploit a gap in security previously unknown to anyone, including vendors and manufacturers.
“We could suggest that they did not want to utilise any exploits to ensure they remained viable for any other operations,” the team continued.
“Actors will often not use exploits due to the fact that researchers can find and eventually patch [fix] these which renders the actors’ weaponised platforms defunct.”
If the Fancy Bear cyberattack was successful, the team would attempt to siphon any secretive data from victims’ computers. In one of its most famous attacks, it exfiltrated tens of thousands of emails from the DNC network, which were later leaked online for the world to see.
A US military spokesperson told The Daily Beast that it was aware of the attempted hacks and had launched an investigation. “We will publish details as appropriate,” he added.
News of the Fancy Bear operation was published in the wake of a report from US-Cert, a division of homeland security, which said officials had observed attempted hacks on “government entities and organisations in the energy, nuclear, water, aviation, and critical manufacturing sectors”.
These were also linked, at least on first analysis, to Russian cyber-espionage operatives.
View full post on National Cyber Security Ventures
Four remote code execution holes patched along the way
Mozilla has given the widely-used cURL file transfer library a thumbs up in a security audit report that uncovered nine vulnerabilities.
Of those found in the free security review were four
The post Mozilla hackers audit cURL file transfer toolkit, give it a tick for security appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
It’s not news anymore that hackers like to target WordPress sites, but a recent report from Check Point can help some webmasters get an insight into how they operate. The security firm analyzed telemetry data from its security products and looked at attacks against WordPress plugins and themes alike. What the company discovered is that […] View full post on AmIHackerProof.com | Can You Be Hacked?
Attackers can search easily through shortened URL services that use only 5 to 7 characters, producing a small search space, making them vulnerable to brute-force hacking, Cornell researchers discovered.
Shortened URLs are convenient for sharing long Web addresses in email messages and through social media, but at the same time, pose a privacy hazard as the URLs produced by popular services are so short they are vulnerable to brute-force searching, a Cornell Tech research effort found.
In a paper published in April, two researchers revealed that the 5- and 6-character URLs produced by popular shortening services could be easily searched to discover sensitive documents inadvisedly shared by their owners. Attackers could scan shortened URLs at a sustained rate of 2.6 lookups every second, and would only have to pay $36,700 to rent the cloud computing time necessary to do so, co-authors Martin Georgiev and Vitaly Shmatikov stated in the report.
The lesson for users is that the obfuscation of a shortened link does not add security, Shmatikov, a professor of computer science at Cornell Tech, told eWEEK via email.
“When you share a short link, you should assume that you are sharing with everybody … whether it’s [a] OneDrive document or driving directions from your home address,” he said. “When cloud services offer users to generate a short link—like OneDrive did until recently—they should warn the users that by generating the link they are making the content public.”
The researchers found more than 70 million URL mappings on Bit.ly and almost 24 million URL mappings on Google Maps through their technique. To study the privacy implications, the researchers focused on Microsoft’s OneDrive cloud storage offering. They found that nearly 20,000 URLs linked to a file or folder on Microsoft’s OneDrive or SkyDrive service. The accounts could be traversed by anyone with the shortened URL who uses a brute-force search, to discover other files on the sharer’s cloud space.
Many of the accounts allowed anyone with the shortened URL to write to the folder, change a file and save it, raising concerns that attackers could embed malware into the files.
The shortening services need to make the URLs at least eight characters to make the space of all possible URLs computationally difficult to search, Shmatikov said.
“Given computing and scanning capabilities available today, eight characters or longer should be reasonably safe for now,” he said.
After Georgiev and Shmatikov notified Google of the security risk, the company increased the number of characters used by the shortened URLs produced by Google Maps to at least 11. eWEEK confirmed that Google Maps currently assigns shortened URLs of 12 characters.
Microsoft, on the other hand, did not acknowledge the weaknesses, but made two changes: It removed the “shorten link” option from OneDrive and blocked the systematic enumeration of files and folders by users with a shortened link, the researchers said.
“The only change in this respect is that having discovered one shared document; it is no longer trivial to discover all other shared documents in the same account since the account traversal methodology described in the paper no longer seems to work,” Shmatikov said.
Cornell Tech is a New York City-based graduate and research institution founded by Cornell University.
The post Cornell Researchers Find, Shortened URLs Make File Sharing Less Secure appeared first on AmIHackerProof.com.
View full post on AmIHackerProof.com
HARTFORD — Families of those affected by by the 2012 Sandy Hook Elementary School shootings on Wednesday filed an elections complaint against the National Rifle Association, charging that the NRA illegally used money from its federal political action committee to oppose Gov. Dannel P. Malloy’s gubernatorial campaign last year.
The complaint, which also alleges improper funding of dozens of legislative campaigns dating back to 2003, was presented to the State Elections Enforcement Commission by Carlos Soto of Stratford, whose sister, Victoria Soto, was a teacher who was killed while trying to protect her class of first-graders; by Read More
View full post on Parent Security Online
It’s tax season! You might not want to put off filing your taxes this year. If you’re not quick, you might find that someone else has already filed a fraudulent tax return in your name. There are only a few things someone needs to file a tax return as you. Armed with your name, address, and Social Security number it’s relatively easy to file a tax return in your name. The details beyond that don’t matter too much, and the hacker can receive the refund dollars and have them spent before you even realize the fraudulent return was filed. Here are four things you should do to guard against a fraudulent tax return being filed in your name, and to protect your credit and identity in general: File your returns as early as possible. Tax season began on January 31st and runs through April 15th. In order to prevent someone else from filing under your name, submit your tax returns as soon as possible. Watch out for phishing scams. If you receive an email or text message from the IRS asking for any personal information, do not reply nor click on any links. All correspondence originating from the IRS will […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Quick! File your taxes before a hacker does it for you appeared first on National Cyber Security.
View full post on National Cyber Security
parentsecurityonline.com – More voices of support are coming out for the student involved in the “rape bait” case at Sparkman Middle School. A band of 33 women’s groups have come together and submitted a brief to the federal…
View full post on Hi-Tech Crime Solutions Weekly