Sunday, September 24, 2017

Cyber

Exploding the urban myths about how to stay safe online

Are we wising up to the dangers lurking online? Or are phishing, spam and hacking just words that we still do not understand and we hope will not happen to us. Ofcom recently revealed that one in four British people still use the same password for all their activities online, suggesting we still have some way to go to fully understand computer security. Here Prof Alan Woodward explores some of the misconceptions about how we stay safe online. While there is still a long way to go in raising awareness of the risks inherent in surfing the net, word is spreading. Unfortunately, some urban legends have arisen that are leading to a false sense of security. Probably the most common of these myths is that your computer cannot be infected simply by visiting a website containing malicious code. The story goes, that you are only going to get malware on …

Read More »

Sudden death of U.S. engineer in Singapore linked to cyber espionage?

For years, the U.S. intelligence community has warned that cyber attacks from China and other countries are the biggest threat to our national security. Now, some are wondering whether the death of an engineer from California could be linked to cyber espionage. In 2010, 29-year-old Shane Todd moved to Singapore for an engineering job with a government research firm called the Institute of Micro Electronics or IME. “He was a young man that wanted an adventure and thought it would be super-cool to live in a foreign country and he really liked it when he first got there,” Mary Todd, his mother, recalled. But 18 months later in June of 2012, Shane Todd was found dead inside his apartment. Police and the coroner believe Todd hanged himself in the bathroom, leaving two suicide notes on his computer. But his family doubts that story. “We have already gone to Singapore twice …

Read More »

Operation Red October Attackers Wielded Spear Phishing

The Red October malware network is one of the most advanced online espionage operations that’s ever been discovered. That’s the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October–“Rocra” for short–in October 2012. “The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America,” according to research published by the security firm. The attackers, who appear to speak Russian but to have also used some Chinese-made software, seem to have focused their efforts on stealing diplomatic and government information, as well as scientific research, from not just PCs and servers but also mobile devices. The Red October attacks began in 2007, and remained active at least through Sunday, which was the day before Kaspersky Lab first publicly detailed its research into the espionage operation. In a more …

Read More »

NSA targeting domestic computer systems in secret test

The National Security Agency’s Perfect Citizen program hunts for vulnerabilities in “large-scale” utilities, including power grid and gas pipeline controllers, new documents from EPIC show. Newly released files show a secret National Security Agency program is targeting the computerized systems that control utilities to discover security vulnerabilities, which can be used to defend the United States or disrupt the infrastructure of other nations. The NSA’s so-called Perfect Citizen program conducts “vulnerability exploration and research” against the computerized controllers that control “large-scale” utilities including power grids and natural gas pipelines, the documents show. The program is scheduled to continue through at least September 2014. The Perfect Citizen files obtained by the Electronic Privacy Information Center and provided to CNET shed more light on how the agency aims to defend — and attack — embedded controllers. The NSA is reported to have developed Stuxnet, which President Obama secretly ordered to be used …

Read More »

Security team finds USB smart cards hijacking malware

A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet. The malware installs a special driver on the infected computer which allows for the USB devices connected to it to be shared over the Internet with the attacker’s computer. n the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to perform operations with the victim’s card as if it was attached to his own computer, said Paul Rascagneres, an IT security consultant at Luxembourg-based security auditing and consulting firm Itrust Consulting, last week. Rascagneres is also the founder and leader of a malware analysis and engineering project called malware.lu, whose team designed this USB sharing malware. There are already documented cases of malware that hijacks smart card devices on the local …

Read More »

Smartphone malware secretly creates 3D model of your surroundings

A university experiment has proven that mobile malware can used your smartphone to remotely map the interior of your house or office. Until now, the idea that your smartphone’s camera could be used to secretly build a 3D model of your home or office, upload teh data to a remote server, and allow them to virtually snoop around your home, was the preserve of works of science fiction and fantasy. However researchers at the School of Informatics and Computing at Indiana University have shown that this is, in fact, a reality, and have created a simple camera app for the Android platform which criminals could use to remotely burgle your home or office. In a paper titled PlaceRaider: Virtual Theft in Physical Spaces with Smartphones,  the researchers outline how a simple app called PlaceRaider can take dozens of photos every minute on your smartphone, analyse these along with data from the phone’s other sensors and …

Read More »

All major banks hit with biggest cyberattacks in history

NEW YORK (CNNMoney) — There’s a good chance your bank’s website was attacked over the past week. Since Sept. 19, the websites of Bank of America (BAC, Fortune 500),JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday’s victim, PNC’s website, was inaccessible at the time this article was published. Security experts say the outages stem from one of the biggest cyberattacks they’ve ever seen. These “denial of service” attacks— huge amounts of traffic directed at a website to make it crash — were the largest ever recorded by a wide margin, according to two researchers. Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned. “The volume of traffic sent to these …

Read More »