NSA Rogers: We Need Frameworks for Cyber, Circumventing Crypto

WASHINGTON, D.C.—In a conference-facing discussion with CNN’s Jim Sciutto this morning, NSA director and commander of U.S. Cyber Command, Mike Rogers, said legislators need to create a legal framework outside the NSA and FBI’s control that would establish norms of behavior for law enforcement and...

Dennis Fisher and Mike Mimoso Discuss the 2015 Security Analyst Summit

Dennis Fisher and Mike Mimoso discuss their takeaways from the SAS 2015 conference, including the Equation Group APT analysis, hacking car washes, indexing the dark web and hacking home appliances. Download: digitalunderground187.mp3 Music by Chris Gonsalves...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Gemalto Hack May Have Far-Reaching Effects

Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and...

Katie Moussouris on Starting a Bug Bounty Program

At last week’s Security Analyst Summit, HackerOne’s Katie Moussouris explains one of the key things that companies that want to start a bounty or vulnerability incentive program should know: There is no one size fits all...

Trey Ford on Mapping the Internet with Project Sonar

Trey Ford from Project Sonar describes the group’s initiative at Kaspersky’s Security Analyst Summit. The Rapid7 service scans public networks for applications, software, and hardware, then analyzes that cache of information to learn trends and gain insight on common vulnerabilities. Trey Ford...

Costin Raiu on the Equation Group APT

CANCUN–Dennis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT team about the researcher behind the Equation Group campaign, the group’s capabilities and why they seem to have gone dark now. READ Massive Decades Long Cyberespionage Campaign Uncovered READ Inside nls933w.dll, the Equation...

Lenovo Superfish Certificate Password Cracked

Lenovo laptop owners are at risk for man-in-the-middle attacks as a vulnerability disclosed in pre-installed Superfish adware went nuclear this morning. Researcher Rob Graham of Errata Security published a report in which he said he cracked the password protecting the digital certificate shipped...

TrueCrypt Audit Cryptanalysis Handed Off to NCC Group

The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly. NCC Group’s Cryptography Services has been contracted to do the...

'Yes, Your Car Wash is On Facebook'

CANCUN–When or if people think about the security of the devices they interact with and use on a daily basis, the machines that run their local car wash probably aren’t high up on that list. But, like everything else with a computer for a brain these days, those machines are connected to the...

Christofer Hoff on Mixed Martial Arts, Active Defense, and Security

CANCUN–In his keynote talk at the Kaspersky Security Analyst Summit Monday Christofer Hoff, the vice president and CTO of the security business at Juniper Networks stressed that in security and martial arts alike, it’s hard to be a skilled defender if you don’t understand how your adversaries pul...

Tracking Malware That Uses DNS for Exfiltration

CANCUN–Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data. Jaime Blasco, vice president and chief scientist at AlienVault, showed a handful of...

BadUSB Vulnerabilities in ICS Gear

CANCUN – BadUSB was the hot hack of the summer of 2014. Noted researcher Karsten Nohl delivered a talk at Black Hat during which he explained how USB controller chips in peripheral devices that connect over USB can be reprogrammed. The result is a completely compromised device hosting undetectabl...

Indexing the Dark Web One Hacking Forum At A Time

CANCUN–There are only so many ways to tip-toe around some of the Internet’s darker, seedier corners. Sites offering illegal drugs, DDoS for hire and other questionable merchandise are often laden with malware, hazardous to visit, and in turn, can be hard to fully get a grip on. But according to...

Encryption and Silence Can be Targets' Best Assets

CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy...

Desert Falcons: First Arabic Cyberespionage Operation Uncovered

CANCUN, Mexico — A Middle Eastern cyberespionage gang is capitalizing on subpar security practices in the region to backdoor a mix of business, political and military targets. Dubbed Desert Falcons, the gang is thought to be the first Arabic APT operation, according to researchers at Kaspersky La...

Inside nls_933w.dll, the Equation APT Persistence Module

CANCUN – The names called out like beacons from the screen: Samsung; Seagate; Western Digital; Hitachi; Maxtor. Hardware makers were in the crosshairs of the Equation APT group and it was perhaps the worst possible scenario imagined by researchers looking at the frightening and extensive storehou...

APT Groups Emerging in Middle East

CANCUN–Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game ...

Examining the Risks and Advantages of Biohacking

CANCUN – Hannes Sjoblad of the Swedish Biohacking Association throws a mean implant party, the latest of which was held today on stage at the Security Analyst Summit. Povel Torudd, head of European PR at Kaspersky Lab, bravely volunteered to have a NFC implant the side of a grain of rice shot int...

Preventing Silent Data Exits a Workable Problem for Businesses

CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve...

Massive, Decades-Long Cyberespionage Framework Uncovered

CANCUN–Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. The attackers, known as the Equation Group, used two of the zero...

Lessons Learned in Building a Vulnerability Coordination Program

CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software. Wrong. “The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at...

Securing DNS Essential to Web's Future, Dan Kaminsky

CANCUN – “2015 got weird… really weird.” Those were some of the first words spoken by Dan Kaminsky in his talk today at the Kaspersky Security Analyst Summit Monday. He was referring to a few key events from the last several weeks: the Sony hack debacle, or what he called “North Korean or...

Hackers' Op-Sec Failures Important Clues to Uncover APT Gangs

CANCUN – Sophistication, resourcefulness and ingenuity are characteristics usually associated with state-sponsored espionage hacker groups. But they’re certainly not infallible. Like most detective work, security analysts generally are able to toss back the covers on APT campaigns and major...

Evolution and Adaptation in the Security Jungle

CANCUN—One of the more difficult aspects of defending a network or system is trying to keep up with the new tactics and techniques that attackers use. They modify their techniques constantly, and security teams must do they same or they won’t survive. Evolve or die has become the rule. Of course,...

Carbanak Ring Steals $1 Billion from Banks

CANCUN, Mexico – Hackers in Eastern Europe are bleeding banks dry, stealing as much as $1 billion from more than 100 financial institutions in a string of attacks that borrow heavily from targeted attacks against sensitive government and industrial targets. Researchers from Kaspersky Lab on Monda...

Google Project Zero Vulnerability Disclosure Grace Period

Google’s unwavering vulnerability disclosure deadlines are the latest chapter in a decades-long debate about how to best inform affected users that there’s a security problem with their software. Since the start of the year, Google’s 90-day clock has most notably ticked down to zero on a trio of...

Dennis Fisher and Mike Mimoso Discuss Patch Tuesday, Facebook's ThreatExchange and More

Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla’s extension signing plan, plus questions from readers! Music by Chris Gonsalves Download: digitalunderground185.mp3...

Apple Extends Two-Factor Authentication to iMessage, FaceTime

Apple extended two-factor authentication 2FA yesterday to its iMessage and FaceTime services, adding an extra layer of security to the popular iOS apps. The move, which Apple has taken to calling “two-step verification,” follows the company’s enabling of 2FA on its iCloud storage service back in...

Rig Exploit Kit Source Code Leaked

A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some...

Lack of CSPRNG Threatens WordPress Sites

WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a new bug that’s been disclosed i...

Windows Kernel-Mode Driver Flaw Exploitable With One Bit

The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems. Sounds like most...

Ryan Naraine on SAS 2015

Dennis Fisher talks with Ryan Naraine, the long lost co-founder of Threatpost, about the upcoming Kaspersky Security Analyst Summit in Cancun and how much the conference has grown in the last few years. Music by Chris Gonsalves Download: digitalunderground184.mp3...

Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days

A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year. The group’s aim was to gain access to computers at several U.S. defense and financial...

Mozilla to Enforce Signing for Firefox Extensions Soon

In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future. As much of users’ computing has moved into their browsers in the last few years, extensions and...

Facebook Opens ThreatExchange Information Sharing Platform

Facebook, with its giant infrastructure and its equally wide view into Internet attacks, has built an information-sharing platform that it hopes will entice other big technology companies to join and contribute threat data and indicators of compromise. The platform, called ThreatExchange, already...

Microsoft Group Policy Flaw Affects All Windows Computers

Enterprises that support remote workers need to prioritize a Microsoft security bulletin released yesterday that addresses a critical vulnerability in Group Policy. The vulnerability exposes Windows machines, all the way back to Windows Server 2003, to man-in-the-middle attacks and remote code...

Google Play Bug Can Allow Code Execution

Using a combination of vulnerabilities in the Google Play store and the Android stock browser, attackers can install malicious apps remotely on some Android devices. The attack is the result of a failure on the part of Google’s Play Store Web application to completely enforce the X-Frame-Options...

Microsoft February 2015 Patch Tuesday security bulletins

Microsoft’s first foray into patching Internet Explorer in 2015 is still short one zero day fix. Today’s Patch Tuesday security bulletins included a monster IE rollup taking care of 41 vulnerabilities in the browser, and another bulletin patching a Windows zero day publicly disclosed by Google’s...

New Cyber Threat Center May Face Challenges

In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats. The center will analyze intelligence contributed by several agencies, along with the private sector, a model that...

Researcher Tries to Get Ahead of CFAA Changes, Dumps 10M Sanitized Passwords

The Obama administration’s proposed changes to Computer Fraud and Abuse Act CFAA have security researchers on edge. The amendments, spurred on by 2014’s seemingly never-ending stream of data breaches, contain vagaries in their language that threaten legitimate research done in the name of improvi...

Markey Car Security Report Just the Start for Automakers

This may come as a surprise to one of you, but it turns out that computers and, by extension, things that contain computers, are vulnerable to attackers. That includes cars, something that the United States government has now discovered, and Sen. Edward Markey is now warning consumers that...

Creaking Patch Tuesday's Viability Rests with Quality, Speed

Today is Patch Tuesday, the 11-year-old procession of security bulletins from Microsoft streamed out automatically to consumers of Windows Update, and pulled en masse by enterprise admins worldwide needing to test each for compatibility. This is how it’s been done since shortly after Bill Gates’...

Researchers: PlugX More Prominent Than Ever

Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...

Intuit Suspends Turbo Tax, Investigating Fraudulent Returns

UPDATE: This story has been updated with commentary from Intuit. Intuit last Thursday suspended its Turbo Tax e-filing service after a dramatic increase in suspicious filings and criminal attempts to leverage stolen identities in order to claim tax refunds. Intuit has since restored Turbo Tax and...

Cryptowall 3.0 Slims Down, Removes Exploits From Dropper

A slimmed down version of Cryptowall is in circulation, and this one contains no built-in exploits, confirming a growing trend that most ransomware will be spread almost exclusively via exploit kits. Kits such as Angler, Nuclear, and most recently Hanjuan, have been busy incorporating Flash...

Government Requests for Twitter User Data Continue to Grow

The appetite for Twitter user data from governments around the world continues to grow, with the volume of such requests increasing by 40 percent in the second half of 2014. Requests from the United States government alone went up 29 percent, the company said in its latest transparency report...

Siemens Fixes Critical Flaws in Some WinCC Versions

More than two months after the original advisory went out, Siemens has released patches for a pair of critical vulnerabilities in some versions of its Simatic WinCC SCADA product that remained vulnerable. Both of the vulnerabilities are remotely exploitable and have potentially damaging...

Ghost glibc Vulnerability Affects Enterprise Applications

What drove IT admins crazy about the Bash vulnerability was that it was difficult to determine—and patch—everything that was making a Bash call. It was everywhere. Apparently, some of that angst applies to the Ghost vulnerability in the GNU C library, known as glibc. At first, experts believed th...

Analyzing Angler: World's Most Sophisticated Exploit Kit

The Angler exploit kit was ahead of the game when it began detecting antivirus and virtual machines and deploying encrypted dropper files. It’s repeatedly proven itself the fastest kit to incorporate newly released zero-days and its malware runs from memory, without having to write to the...