MIS 5214 - Section 001 - David Lanter
January 17, 2017 by David Lanter 69 Comments
Mansi Paun says
January 19, 2017 at 12:46 am
First Mac malware of 2017 : Quimitchin found targeting Scientific research
Researchers have described what they consider to be “the first Mac malware of 2017.” Which was discovered by an IT Admin upon noticing unusual traffic coming from a particular Mac. The malware is though to have a simple structure and includes some antiquated code. It however seems to have gone undetected for some time — perhaps even several years – and has possibly been targeting biomedical research institutions.
Its primary purpose seems to be screen captures and webcam access, making it a classic espionage tool. It is referred to as Quimitchin (named after Aztec spies who would infiltrate other tribes — the spies and the code are both ancient).
Quimitchin comprises two files: a .plist file that simply keeps the .client running at all times, and the .client file containing the payload. The .client file is a ‘minified and obfuscated’ perl script that is more novel in design. It combines three components, Thomas Reed, director of Mac offerings at Malwarebytes and author of the blog post told SecurityWeek: “a Mac binary, another perl script and a Java class tacked on at the end in the __DATA__ section of the main perl script. The script extracts these, writes them to /tmp/ and executes them.”
Since this has been seen infecting Macs at biomedical facilities, it is believed to having been used for espionage to steal scientific data.
Somewhat surprisingly the code uses antique system calls. “These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days,” he wrote in the blog post. “In addition, the binary also includes the open source libjpeg code, which was last updated in 1998.”
Part of the script provides a rudimentary remote control function. It includes an additional method for screen capture and getting the screen size and cursor position; and can receive commands that change the cursor position, and simulate mouse clicks and key presses.
Apple calls it ‘Fruitfly’, and has already released an update that will be automatically downloaded behind the scenes to protect against future infections.
Source : http://www.securityweek.com/new-quimitchin-mac-malware-emerges-targeting-scientific-research
Neil Y. Rushi says
January 21, 2017 at 11:11 pm
Great article Mansi! If I was a Mac owner, I would be prompted to quickly get the update to fix this issue because it’s scary to just think about storing sensitive medical info on a laptop that is used everyday on the job. And since it’s been out there for several years is a major concern too, but it’s good to hear there’s a solution to the problem.
Younes Khantouri says
February 12, 2017 at 9:57 pm
I like your post Mansi. for so many years, Malware was a virus that attacks PCs. According to this article, from this year and on, we have to work on securing our Macs as well as securing our PCs.
It’s a very scary topic for apple in my opinion, They’ve been making big sells numbers because so many consumers believe apple products are secured.
Seunghyun (Daniel) Min says
January 19, 2017 at 1:56 pm
Peace Sign Pics Could Give Hackers Your Fingerprints
Setting up a strong, reliable password is one of the best ways to secure your information assets. Speaking of password, a biometrics arises the next solution for creating a secured authentication for individuals. According to the article, however, there is a red light for fingerprints authentication. Researchers at Japan’s National Institute of informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined. The team was able to capture the fingerprints from the picture of a person taken about 3-meters away from the camera. That could bring a lot of attentions over the security of fingerprint-based authentication systems. Robert Capps, VP of business development at biometrics firm NuData Security argued that ” Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime. As the most stringent of authentication verifications deploy physical biometrics, such as immigration and banking, physical biometric data will become very desirable to hackers.”
Yulun Song says
January 21, 2017 at 4:26 pm
That is really interesting. One news I read before was about that when waving your hands, and someone could steal your fingerprints by taking a picture. I think 99% of people think fingerprints would be considered as a high-level secured way for our properties. But now, it becomes a red light for people.
Andres Galarza says
January 22, 2017 at 5:45 pm
This was always the risk of using biometric authentication. If you have a password or key fob that gets stolen, it’s not a big deal to change or replace it. You’re out of luck if your fingerprint (or something else that you are) gets compromised, since you can’t easily (if it all) grab a new set of retinas or fingerprints.
Noah J Berson says
January 22, 2017 at 11:09 pm
This made me wonder what would happen if retina data were stolen. Do we have the capability to replicate an eye well enough to fool a biometric scanner? Some quick research showed that researchers tested methods of holding up a photo to a camera to fool it but I doubt that would work for long. It would also be very high risk of being caught if your picture had even the smallest error on it and you set off some sort of alarm. One day way down the road we’ll be able to “print” body parts but the eye is one of the most complicated parts of our bodies.
Jianhui Chen says
January 22, 2017 at 8:00 pm
Thanks for sharing such interesting article. This article reminds me of an article called “7 ways to beat fingerprint biometrics” Apple dropped $356 million to buy the biometric security firm Authentec back in July, 2012. So nobody was surprised when the latest version of the iPhone, Apple’s 5S, introduced finger scanning technology to replace traditional alphanumeric passwords. Use of the technology is still limited but wide adoption of the fingerprint scanning technology could be a breakthrough moment for biometrics: giving the broad public its first real taste of biometrics and (maybe) heralding the end of typed passwords. Or not. The truth is that fingerprint scanning technology, tools and implementations vary widely. Despite vendor claims, there’s a long history of hackers fooling the devices with surprisingly simple hacks. Here are some ways hackers have figured out to fool them.
January 22, 2017 at 9:28 pm
This is really crazy and wonder how much unique ways someone can steal a person’s feature. A simple peace sign can cause biometric theft but how would they know what you own uses the biometric? Unless they steal your identity and do something that they require a fingerprint.
Binu Anna Eapen says
January 19, 2017 at 2:42 pm
Credential Stuffing: A growing method for hacking- could be a threat for 2017
With growing number of stolen credentials, criminals are using the credential stuffing attack to target large number of accounts on an uncompromised site.
Credential theft is when an attack is launched to steal users’ access information like user name and password. Credential spilling is when these credentials are made available to other criminals. Credential stuffing is the large scale use of automated means to test stolen passwords against other unrelated websites.
Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is made possible because of the tendency for users to use their passwords for multiple accounts. This means that if criminals can crack stolen passwords from one account, they have legitimate credentials that have quite likely been used on other accounts.
The term credential stuffing was coined by Shape Security co-founder Sumit Agarwal when he was serving as Deputy Assistant Secretary of Defense at the Pentagon. It is the combination of source credentials, an attack tool such as Sentry MBA, and a botnet delivery method. Sentry MBA cycles through the botnet to probe a target website with the spilled credentials. Since each IP within the botnet tries only one credential attempt at a time, there is nothing at the target end to suggest anything different to a normal user login attempt which either succeeds or fails. Even if an attack is suspected, Sentry MBA has moved on to the next botnet IP and blocking the suspect IP has no effect. Sentry MBA provides many techniques to defeat other defenses such as built-in optical character recognition to get through the CAPTCHA challenges.
As per Shape’s figures, return on credential stuffing can be anything between 0.1% and 2% which means that for every 1 million stolen credentials used by the criminals, an average of 10,000 accounts could be accessed because of user re-use of passwords.
The result is an attack methodology that is easy and effective, and can be operated by any person with just little technical skills. It involves just five steps: obtain the stolen credentials; choose a target; create an automation script to recognize whether the login attempt succeeds or fails; use a configurable credential stuffing tool; takeover accounts and steal assets.
Shape Security predicted that credential stuffing will become a major issue during 2017 as the 3.3 billion credentials and more spilled in 2016 present in the criminal system.
The ultimate solution to the problem as suggested in the article is simple: users must never reuse existing passwords. Ensuring that has so far been beyond both business and the security industry. In the meantime, business must seek other methods to protect against this growing threat.
January 21, 2017 at 11:16 pm
This is why in IT they suggest when creating an account, always use a different password for each one and to make it as strong as possible. So it’s harder to crack and for people using this method can’t really match a password to various accounts a person might hold.
Abhay V Kshirsagar says
January 22, 2017 at 10:28 am
Right. I agree with what Neil said. The password of the primary email listed should also be different from the account’s password. In a scenario, where your email is compromised, bad guys will not have access to the account or vice versa. But honestly, given the fact that people are still using “123456” as their passwords, I personally think that it will take a lot of time as they have to first be convinced to create strong passwords, let alone using multiple.
January 22, 2017 at 11:46 pm
I think taking password creation out of the user’s hands is a good thing. Google recently implemented this in Chrome where it will suggest a rather strong password for you when creating new accounts on a website. Most users will use when given the choice the same few passwords over and over. There is a bit of a limit to how many passwords the average user wants to memorize. I’m very much in favor of password vaults.
January 22, 2017 at 5:54 pm
I think it’s funny that by reusing the same login and password, you’re essentially creating a “dumb” single sign-on (SSO) system that carries similar risks to that of the actual LDAP, or some other protocol, based SSO methods.
Mustafa Aydin says
January 20, 2017 at 11:45 am
Nearly Two Million Annual Cybercrime Incidents
According to Office of National Statistics’ (ONS) latest report, there were nearly two million cybercrime incidents in the UK in the year ending September 2016, and a similar number related to online fraud. The ONS cautioned that it’s Crime Survey for England and Wales included only “Experimental Statistics” for fraud and cybercrime, however statistics represent a decent snapshot into the current level of these crimes in the UK.
The ONS survey revealed 1.97 million cybercrime incidents, the vast majority of which were related to the category of “computer virus” (1.3m), with the remainder featuring “unauthorized access to personal info” (667,000). According to survey, there were almost 1.6 million victims of these crimes – aged 16 or over – in the report period. As for fraud, there were 3.6 million incidents and 2.9 million victims in total, with the majority (53%) coming via online channels.
Sundeep Tengur, financial crimes specialist at analytics firm SAS, argued that fraud affects businesses of all sizes. “In light of recent and ongoing regulatory focus around securing electronic payments, mitigating cyber threats and improving data governance, businesses are being urged by policy-makers to do more to protect their customers from the scourge of fraud,” he added.
January 22, 2017 at 11:28 pm
I like the term they use of “experimental statistics” as it shows how uncertain the online world can be. Hard statistics are very difficult to come by as most people don’t report breaches to any authority. Even some companies withhold the information that they’ve had some kind of incident. To collect any kind of data would be a laborious task unless you are Microsoft. While they wouldn’t have fraud statistics, they probably know internally how often their systems are compromised with a virus. There would be a disincentive for Microsoft to reveal this information to the public as that may reduce trust in their OS.
January 23, 2017 at 1:12 am
Good post, It was speculated 2016 would see even more cybersecurity activity than 2015, and it did not disappoint. Consider the $81 million stolen from Bangladesh Bank, the 500 million accounts swiped from Yahoo, or the 19,000 emails leaked from Democratic Party officials in the run-up to the election. Not to mention the IoT-powered botnets launching record-breaking DDoS attacks that have brought down major parts of the Internet.
Paul Linkchorst says
January 20, 2017 at 3:14 pm
According to the article written by Brian Krebs, it is believed that the author of the Mirai botnet has been identified. The Mirai botnet is a recent form of malware that takes over poorly protected Internet of Things (IoT) devices and uses these devices in large cyber-attacks. For students who were part of the program last semester, we discussed this botnet throughout many classes since this botnet has been the cause of some of the largest denial of service attacks known to date. One of the victims of Mirai includes Brian Krebs, whose site was knocked offline by a historic level DDoS. Likewise, it was confirmed that the Mirai botnet was the primary source of the attack against Dyn, the internet performance management company. This attack on Dyn knocked offline internet services such as Spotify, Twitter, and Reddit. After some investigative journalism, Krebs points his finger at Paras Jha, who is a student at Rutgers University studying computer science and provides DDoS mitigation services for server hosts of popular video games such as Minecraft. As part of his claim, Krebs identifies that the author of Mirai (Anna-Senpai) and Paras share similar skillsets and could identify code used in the Mirai botnet to code published by Paras on GitHub. Along with that, Krebs identified that former colleague Ammar Zuberi has stated that Paras admitted to being the author of Mirai.
While Brian Krebs has quite an extensive report on why he believes that Paras is the author of the Mirai botnet, the article does lack conclusive evidence. What I find to be most interesting with the article is that Brian Krebs had to put his reputation by doxing the potential creator of the Mirai botnet. Doxing is when you search and/or publicize private or identifiable information on a user. Doxing can be performed for malicious attempts, however, in this case Krebs has doxed the potentially Mirai creator. The risky part is that while Krebs does provide some evidence on the potential creator, it is not concrete and that identifying a potential innocent individual could hurt his reputation as well as could be defamation. Krebs had to be confident that Paras was behind the Mirai botnet to even publish this article. For myself, I am curious as to what happens next. Does this spark an investigation on Paras by federal agencies such as the FBI? If it is found that Paras is behind Mirai, are there criminal charges? Or will this investigative journalist pieces only further increase the number of Mirai denial of service attacks? It will be interesting to see how this piece of journalism will influence the security community.
January 22, 2017 at 6:01 pm
I’m glad you brought this article up.
I hadn’t read the whole thing (it’s a lengthy article) so I wasn’t aware that the evidence wasn’t concrete against the accused. I’m tempted to believe Brian Krebs, given his previous body of work, but it is concerning that it’s not absolutely certain that he doxed the real creator of Mirai.
I’m also curious to see what law enforcement does with the information provided by Brian. This is certainly a story worth keeping tab on.
January 23, 2017 at 12:08 pm
I just came across an article on NJ.com. It states that the FBI is continuing their investigation on Paras Jha and his involvement in the malware. Likewise, Rutger’s is now investigating Paras’ involvement in the denial of service attacks against the university. I am under the impression that Paras was under investigation by the FBI prior to the article, however, I am not sure if the recent article by Brian Kreb’s revived that investigation or not. As you put it, a story worth following.
January 24, 2017 at 9:53 am
I have to read through the Krebs article again. I’m guessing he has to have opened himself up to litigation from Jha.
Vaibhav Shukla says
January 20, 2017 at 5:07 pm
Ukraine’s Power Grid Gets Hacked , a Worrying Sign for Infrastructure Attacks
A power blackout in Ukraine’s capital Kiev last month was caused by a cyber attack .When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.
Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station “North”, were influenced by external sources outside normal parameters.The hackers apparently sent malware via e-mail to employees, allowing them to steal login credentials and shut down substations. All told, the attack took out 200 megawatts of capacity—about 20 percent of the city’s nighttime energy consumption.
A similar incident hit the Ivano-Frankivsk region of Ukraine last December. At the time, it was widely viewed as the first major assault on a nation’s power grid.
The attacks against Ukraine’s power grid are widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.
January 22, 2017 at 11:34 pm
This is one of the most worrying things that has happened as of late. These kind of infrastructure attacks are usually tested on weak systems in other countries with the intention of eventually using them on more advanced countries like the U.S. The U.S. power grid isn’t as secure as we wish to believe. Some companies draw power from multiple grids because they can’t risk any blackouts at their business.
Said Ouedraogo says
January 21, 2017 at 3:57 am
MongoDB Ransom Attack – Just The Beginning
After multiple attackers hijacking MongoDB (a free and open source cross-platform document-oriented database program) databases for ransom, Cryptzone, a provider of security solutions, suggests the attack will give start to much broader database attacks in 2017. In fact, according to Jason Garbis (Cryptzone VP of Products) “the MongoDB ransom attack is just a precursor to the much broader database attacks we’re going to see in 2017.”
The fact that attackers understand how easy it is, any unsecured database is going to be attacked and compromised. As the victims’ databases are exposed to the entire internet, without any user authentication required it makes easier for attackers to compromise databases. These systems should require user authentication, and developers should confirm that before deploying the systems.
Mr. Garbis suggests that we must ensures that all users are validated before they obtain any access. This kind of security architecture will protect databases and other assets from unauthorized user access even if they don’t have authentication enabled.
Brou Marie Joelle Alexandra Adje says
January 22, 2017 at 2:46 am
Said, it’s crazy how MongoDB Ransom Attacks are becoming more and more “popular’/frequent. I remember reading that a hacker going by the handle Harak1r1 is accessing, copying and deleting unpatched or badly-configured MongoDB databases and then threatening administrators to ransom in exchange of the lost data.
i think as of now, the best way to prevent this is to enable authentication that provides users ‘Defense in depth’ if their network is compromised. They can also use firewalls in order to disable remote access to the MongoDB, if possible.
January 22, 2017 at 12:43 pm
It seems that over 10,000 Mongo databases have been compromised with some reports stating that number much closer to 30,000. I would agree with you and I am surprised that this did not happen sooner. In today’s age, I think anyone who has a database or application that is connected to the internet but has no authentication in any form should expect that the malicious attacks will be made. After reading the Krebs article, it seems that MongoDB’s default settings “allows anyone to browse the database, download them, or even write over them and delete them”. This suggests that MongoDB as a platform is not security oriented and users could possibly be unaware that the default settings are insecure. Doing some research, it seems that MongoDB has been behind in regards to security for several years now and that this sort of malicious attacks was predicted. Regardless, it will be interesting how these strings of attacks bring forth newer attacks on different types of databases.
January 23, 2017 at 1:23 am
Nice post, said,
The present attacks against MongoDB seek out installations made accessible to the Internet without a set administrator password. The bad guys take over these accounts, upload the data on the databases, delete that data, and replace it with a ransom demand. Unlike ransomware attacks, these ones require no advanced malware or even any kind of phishing lure – they simply take advantage of poorly implemented systems.
January 21, 2017 at 2:15 pm
Smile! Hackers Can Remotely Access Your Samsung SmartCam Security Cameras
The article I read I about the vulnerability in one of Samsung device: the SmartCam, which allow its users to connect, manage, monitor and control “smart” devices in their home using their smartphones or tablets. The issue was that a group of hackers, called the Exploiteers, previously listed (in 2014) online listed some SmartCam exploits that could have allowed remote attackers to execute arbitrary commands and let them change the camera’s administrator password. Unfortunately, it looks like Samsung did not properly address the threat, because recently, the same group of hackers, broke into the Samsung’s SmartCam devices again with a different hacking exploit, allowing hackers to view what are supposed to be private video feeds. When you think about it, It is a pretty scary thing because today most if not all the devices in our home are becoming more connected to networks than ever to make our lives easy, and now these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented. So far, Samsung has not responded on the issue, as far as how to mitigate the vulnerability.
January 21, 2017 at 4:32 pm
Nice post! In addition to the threat of the equipment its own, the network connection would also be considered as a red light as well for low-secured connections. For example, if we need to connect, manager or monitor something by our remote devices, but we connect to a public shopping mall network connection, we should be careful that this network connection may contain vulnerabilities.
January 23, 2017 at 5:55 am
Nice post Alex!
This is another proof that technology is a double edged sword. This technology is supposed to make the user life easier but at the time in this case it compromised the user privacy.
January 21, 2017 at 4:47 pm
The article I read for this week called “Data Breaches Increase 40% in 2016”. It talked about that there has been 40% increase in data breaches compared to one year ago-even though from a headline perspective, 2015 seemed to be a bigger year for mega-breaches. A report shows that there were total 1093 incidents in 2016, up from 780 in 2015. This report also shows that 52% of data breaches exposed Social Security Numbers. It said that the spike in SSN exposures is in clear alignment with the surge of CEO spear phishing attacks, which target this type of information. Overall, hacking, skimming, phishing attacks were the leading cause of data breach incidents for 55.5% of the overall number of breaches. Others involved in accidental emails, internet exposure of information.
Overall, by clicking of a mouse by a naïve employee, companies lose control over their customer, employee and business data. Under the threat, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution. For ITACS students, there may be more job opportunities in the future and our major will be one of the most popular major in the world.
January 21, 2017 at 11:27 pm
Yulun, this relates to a letter I received a few weeks ago about a company that had their systems hacked into and stole people’s driver license and other info from the system. Now you don’t think it’ll ever happen to you but as we learned in the previous classes – companies do take the initiative to reach out to the customers and notify them and what they can offer to make sure a person’s info is safe by offering free credit monitoring and fraud protection.
January 22, 2017 at 6:15 pm
That is really interesting! Not only for other companies, as we talked about in the very beginning of our program, we talked about that what would be considered vulnerabilities within the university. I mean everywhere or every small area all have the potential possibilities to be hacked, and our job(in the future) will keep them safe and help build a safer environment.
January 22, 2017 at 6:45 pm
Yep and it’s also funny that when I saw the letter, you don’t think it will ever happen and just makes security even more important. The challenge is trying to learn what the hackers know and what we can do to be better than them.
January 23, 2017 at 6:04 am
Funny that how this is good for ITACS students as we need those kind of thing to happen in order to have a job. But at the same time it shows how information systems are less and less secure. Sometimes I wonder how the world would look like if those hackers were allocating their time in doing good instead of trying to harm people.
Yu Ming Keung says
January 21, 2017 at 4:53 pm
Trump Cyber Advisor Giuliani Runs Outdated, Hackable Website
The New US president Donald Trump picked former NYC mayor Rudy Giuliani as his cybersecurity advisor but the public reaction is negative and swift because the security consulting company that he owns, Giuliani Partners is not qualified for the position.. The website is http://www.giulianipartners.com which is considered an ancient, easily hackable website. Among other things, researchers have taken to Twitter to point out that the site is running expired SSL, doesn’t force https, has an exposed CMS login, uses Flash, uses EOL PHP version and has an SSL Lab grade of F.
Cybersecurity is not a political pawn, but an urgent issue that needs real advisement and action
As a nation, we need to be cognizant of the state of our infrastructure while continually advising and educating our leadership on possible and imminent threats. The disregard for our cyber safety and disrespect for the cyber community is deeply concerning.
Fred Zajac says
January 22, 2017 at 9:49 am
This is great! There is so much going on with Cyber and government these days. You would think, with all of the attacks the head of Cyber for the U.S. would protect the network. I guess he hasn’t had time to find the right people. Maybe we should apply!!!
January 22, 2017 at 5:26 pm
The spread of cyber attacks from Russia / China is causing unimaginable damage to the US government or companies. If the government can’t protect us from those attacks, we should do something to protect ourselves! Maybe he hasn’t had time to find the right people or maybe he does not care!
January 22, 2017 at 12:53 pm
Hey Yu Ming,
I have been hearing a lot about the recent criticism of Rudy Giuliani as the new cybersecurity advisor. It seems that as an individual who oversees creating a cyber security committee for the country, they should have established a secure website for their organization. What is interesting is that at this current time, the website itself is down. I wonder if someone brought it down or if the new cyber advisor is bringing his website up to date.
January 22, 2017 at 5:31 pm
Thanks for your reply, I’ve heart that Trump picked his favoured people as his new government officers and the public reactions for those picks were negative. Maybe Rudy Giuliani should take courses in ITACS to learn how to secure his website!
Deepali Kochhar says
January 21, 2017 at 7:29 pm
DATA BREACHES INCREASE 40% IN 2016
There has been a 40% increase in data breaches compared to one year ago
The total number of breaches in 2016 were 1,093 incidents in 2016, compared to 780 in 2015. Out of this 52% of data breaches exposed Social Security numbers, an increase of 8.2% over 2015 figures; but only 13% of data breaches exposed credit card or debit card information—a decrease of 7.4% from 2015.
The spike in SSN exposures is in clear alignment with the surge of CEO spear phishing attacks, which target this type of information. These efforts (also known as business email compromise schemes) in which highly sensitive data, typically information required for state and federal tax filings, was exposed. As early as February, the IRS had already seen a 400% surge in this type of activity prompting both consumer and industry alerts addressing this issue.
Overall, hacking/skimming/phishing attacks were the leading cause of data breach incidents.
The business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2% of the overall number of breaches. The medical industry overall reported 377 incidents, accounting for 34.5% of them. The education sector had 98, representing 9%, the government/military (72) came in at 6.6% and the banking/credit/financial sector (52) at 4.8%.
Breaches involving accidental email/internet exposure of information was the second most common type of breach incident at 9.2% of the overall number of breaches, followed by employee error at 8.7%. With the exception of hacking, all other categories reflected decreases from 2015 figures.
Wenlin Zhou says
January 21, 2017 at 9:12 pm
Article：Severe Flaw in Samsung SmartCam Allows Remote Hijack
According to researchers calling themselves the “Exploiteers,” the php files that provide firmware updates via the camera’s iWatch” webcam monitoring service have a command injection bug. The bug can be remotely executed by an unprivileged user—meaning that anyone with the camera’s IP address can exploit the system.
Samsung’s SmartCam was first compromised using a number of vulnerabilities by the Exploiteers at August’s DEFCON 22 security conference, in a way that allowed remote camera execution and let them change the administrator’s password. Samsung addressed this by removing the camera’s accessible web interface, instead shifting access to Samsung’s SmartCloud website. However, the fact that the web server remained in place opened the door to this second exploit. “In the case of the Samsung SmartCam, the vendor attempted to resolve past security issues within the products web server by removing the web page content, instead of the web server.The exploit comes as more and more IoT devices are enslaved to botnets like Mirai.
“As consumers, we should avoid exposing any IoT products we own directly to the internet, and this will help avoid being compromised and potentially being part of the next Mirai botnet. Also, we must remember to keep our products patched with the latest firmware
Khawlah Abdulaziz Alswailem says
January 21, 2017 at 10:10 pm
NIST Issues Draft of Revisions to Cybersecurity Framework
The National Institute of Standards and Technology has published a draft of its first revision to its cybersecurity framework, describing it as an update, not a major overhaul.
In the published draft, they add a new section on cybersecurity measurement to measure security status and trends through external audit and conformity assessment which will help the organization to understand and convey meaningful risk information. “In the update, we introduce the notion of cybersecurity measurement to get the conversation started,” Barrett said. “Measurements will be critical to ensure that cybersecurity receives proper consideration in a larger enterprise risk management discussion.” The draft includes three types of framework measurements. The practices measurement which measured general risk management behaviors, process measurement to measure specific risk management activities, management measurement that measured the fulfillment of general cybersecurity outcomes and the technical measurement which responsible for achievement of specific cybersecurity outcomes. In addition, a greatly expanded explanation of using the framework for cyber supply chain risk management is resolved in the draft. NIST also added a supply chain risk management category to the framework core. “A primary objective of cyber SCRM is to identify, assess and mitigate products and services that may contain potentially malicious functionality, are counterfeit or are vulnerable due to poor manufacturing and development practices within the cyber supply chain,” the draft states. Finally, a better explanation of the relationship between implementation tiers and profiles is mentioned in the draft.
The latest draft of the framework is titled Framework for Improving Critical Infrastructure Cybersecurity, Draft Version 1
January 21, 2017 at 10:23 pm
This was an interesting article from ISACA, it’s talking about using Artificial Intelligence (AI) to perform tasks that humans would typically perform. Some AI systems have high-level algorithms to perform important duties but the problem is they don’t have the human factor and are open to cyber attacks, glitches and require heavy testing if the AI is high-level. It’s a concern because as with any technology, glitches can ruin a company but with careful testing and proper implementation, it can be the most useful tool in an enterprise’s control. It has to be align with a business goals and risk tolerance levels. I like the fact that AI is being useful but as the article mentioned it replacing and acting as the Board of Directors, that is a scary thought. Decisions should come from an human factor while utilizing tools to help with those decisions.
Ming Hu says
January 22, 2017 at 11:54 am
I agree with you all, but that’s just from an optimistic view. AI is so powerful that it could benefit us, and also destroy us. The AI is programmed to do something beneficial, but if it develops a destructive method for achieving its goal? This can happen whenever we fail to fully align the AI’s goals with ours, which is strikingly difficult. Think about this, If you ask an obedient intelligent car to take you to the airport as fast as possible, it might get you there chased by helicopters and covered in vomit, doing not what you wanted but literally what you asked for. More frightened, when achieving a specific goals, what if a superintelligent AI system view human attempts to stop it as a threat?
January 22, 2017 at 9:57 am
The international hacking group ‘Anonymous’ has sent out several tweets to our new President Donald Trump, threatening him with the phrase, “You are going to regret the next 4 years”.
The group claims they have information showing Donald Trump has ties to the Russian Mob, human traffickers, and money launderers. Another tweet stated, “This isn’t the 80’s any longer, information doesn’t vanish”.
Trump hasn’t responded to the threats, which is odd because Trump responds seems to respond to everything on Twitter.
We are in a new era of information gathering. I am curious to see what happens next.
February 12, 2017 at 10:05 pm
Your post shows how much can other people (Hackers) have the ability to attack our privicies and know a lot about us. I am sure that ‘Anonymous’ knows a lot about Trump and attacked his devices to know a lot about him.
I am curious as well to know how he will respond to this and what will happen next.
January 22, 2017 at 10:00 am
What the Most Common Passwords of 2016 List Reveals
Keeper, a password manager company, scoured 10 million passwords that became public through data breaches that happened in 2016 (“123456”, “123456789”, “qwerty”, “12345678”, “11111”, from top one to five). A few things jumped out:
The top 25 passwords of 2016 constitute over half of the 10M passwords that were analyzed.
The list of most-frequently used passwords has changed little over the past few years. That means that user education still has limits.
Four of the top 10 passwords on the list – and seven of the top 15 – are six characters or shorter. This is stunning in light of the fact that, as reported, today’s brute-force cracking software and hardware can unscramble those passwords in seconds. Website operators that permit such flimsy protection are either reckless or lazy.
Except for those simple passwords, the presence of seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” on the list indicates that bots use these codes over and over when they set up dummy accounts on public email services for spam and phishing attacks. Email providers could do everyone a favor by flagging this kind of repetition.
January 22, 2017 at 5:34 pm
Great post, and interesting article. I actually have had passwords as 11111 or 123456 when I was still a kid. However, I always wonder how people can guess the username as well when they are hacking somebody’s accounts because most of the time you have to set your own username to login.
January 22, 2017 at 7:13 pm
I actually came across the same article a couple of days ago. As always, it is alarming when individuals use weak passwords as the ones that you listed above. While brute-force cracking software is a threat on its own, what is even scarier is that these passwords make up a large majority of the passwords that were breached. Just looking from an odds standpoint, there is decent likelihood that a user will utilize one of these passwords. Therefore, a malicious individual might not even need to utilize brute force software but can likely just manually enter in these top 25 passwords and still have a relatively good chance of success. I think this might be even more dangerous from an internal malicious attack, where the attacker might be able to gain the username of a fellow colleague then hope that their password meets one of these top 25 passwords. While this might be a repetitive topic, it is good to keep preaching the importance of complex passwords to other individuals, especially since security is only as good as your weakest link.
Fangzhou Hou says
January 22, 2017 at 7:32 pm
It’s an interesting post Ming. Actually I know many people use their birth date to setup the passwords. Of course, more complex passwords can enhance the security of the personal information like bank account or the online banking system. However, it also increase the possibility that people might forget their passwords and lock themselves out. So the hint of passwords might be able to help.
January 22, 2017 at 8:10 pm
This is interesting, many people use the simple password cause some loss. A weak password is like a cheap lock; it’s easy to break, and once the door is open, cyber-criminals can take just about anything. Weak passwords are not just the realm of casual Internet users; they are also an issue that is worryingly common in business, especially in small companies where passwords are regularly shared between colleagues.
February 12, 2017 at 10:09 pm
I think what interesting in your article not how some passwords are simple, but how people repeat using the same passwords to set up different accounts ( some of those accounts are not important).
In my opinion, we have to learn and teach the people how to make their passwords complicated and don’t use the same password for different accounts.
January 22, 2017 at 10:19 am
“Satan RaaS Promises Large Gains With Zero Coding Needed”
RaaS, Ransomware-as-a-Service is a Russian ransomware campaign that lets anyone be a cybercriminal. And now this service is allowing cybercriminals to customize their own versions of malware.
There is a new ransomware called Satan, which is available as a service provided by the Russian company. The way it works is that if you any wannabe hacker requests the service the profits are split with the malware authors who retain 30% cut, which makes RaaS interesting to a lot of people.
The RaaS makes it easier by handling the ransom payments, which means that parties interested in this service has a little effort to do. This ransomware is targeting over 350 file types at the moment, and security researchers are yet to identify which encryption algorithm its using.
“During the encryption process, Satan drops a ransom note called HELP_DECRYPT_FILES.html in each folder containing encrypted files. After encrypting all files, it wipes all data from the unused spaces on the C: drive by executing the cipher.exe Windows app.”
Zhengshu Wu says
January 22, 2017 at 10:34 am
“DHS Used Outdated, Unpatched Systems: Audit”
The Department of Homeland Security (DHS) has made improvements to its information security program, but problems have still been identified in several areas, according to a report made public this week by the Office of Inspector General (OIG).
Following the devastating breach affecting the U.S. Office of Personnel Management (OPM) in 2015, the DHS and its components were instructed to take measures to improve their cybersecurity infrastructure. The evaluation conducted by the OIG for the fiscal year 2016 found that the DHS has taken steps to enhance its information security program compared to the previous year.
However, as of August 2016, evaluators said they had still identified weaknesses that exposed both classified and unclassified systems. While agencies have started implementing secure configurations on their computers, as required by the United States Government Configuration Baseline (USGCB) initiative, there were still many systems where these settings had not been fully implemented.
Evaluators also found one classified server running Windows Server 2003, which no longer receives security updates since July 2015. Furthermore, in the case of Windows Server 2008 and Unix servers, only 74 percent and 65 percent, respectively, were configured properly.
Several workstations and servers had been running unpatched versions of Java, antivirus software, Internet Explorer, media players, Microsoft Office, and Adobe Acrobat and Reader. Investigators found that some of these applications had not been updated since March 2011, potentially leaving DHS data at risk.
After the OPM breach, the DHS was required to implement stronger authentication mechanisms through the use of personal identity verification (PIV) cards for both privileged and unprivileged access accounts. However, agencies such as Citizenship and Immigration Services (USCIS), Transport Security Administration (TSA) and the Coast Guard had still not been fully compliant at the time of the evaluation.
Moreover, the DHS and some of its components, including FEMA, the Secret Service and TSA, had still not ensured that remote access to their systems was properly secured, as required since mid-2015.
The OIG has made a series of recommendations to help the DHS further strengthen its program, and steps have already been taken to address the uncovered issues, the OIG said in its report.
Priya Prasad Pataskar says
January 22, 2017 at 12:02 pm
Facebook vulnerable via the ImageMagick software
Security researcher Andrew Leonov found that a vulnerability that Facebook was open to last year via ImageMagick – the image enhancing software, could be exploited even when its patch had been dispatched. The vulnerability is traced as CVE-2016-3714.
While researching on some other service, Leonov was redirected to Facebook. The “Share on Facebook” dialog message led to the loophole. In 2016, ImageMagick was vulnerable to execution of remote code and render files on the local system of user. The solution was to add few lines of code in the policy and restrict the page indirect redirection. ImageMagick 7.0.1-9 and 6.9.4-7 were versions with sanitized parameters. This release also supports a new policy that prevented indirect reads. Changes were made in the configuration file. However, the same vulnerability even after being patched could be exploited.
This vulnerability was now exploited by running an arbitrary code on the targeted web servers that rely on the app for resizing or cropping user-uploaded images.
What was the flaw?
The picture parameter here is a URL. However the page does not contain the URL. This clarified it as a cross site request forgery.
The picture GET request is correct and not vulnerable. What is vulnerable is after the image is received, when it passes through ImageMagick library passing of picture Gets `picture` parameter and requests it – this request is correct and not vulnerable. Received picture passes on converter’s instance which used vulnerable ImageMagick library.
Facebook fixed this vulnerability in less than three days. Facebook has awarded Andrew $40,000 as a reward.
I wanted to share some observations regarding President Trump’s nominee for Secretary of the Treasury and the president’s plans for the military in regards to cyber warfare.
Steve Mnuchin is the nominee to become the next Treasury Secretary said the below.
“And I’m also very concerned about the lack of first-rate technology at the IRS and the issue of making sure we protect the American public’s privacy when they give information to the IRS … and also customer service for the many hard-working Americans that are paying taxes.”
I work for the government, so his concern about a lack of first-rate technology isn’t surprising. However, I’d add that it’s not just the technology, but the money, processes and practitioners surrounding technology in the government that are concerning. Unfortunately, outside of organizations like the NSA, CIA, select military commands, etc. the government doesn’t have the ability to quickly and efficiently change course. I work in an organization that has huge budgets and tens of thousands of employees, yet it takes huge amounts of time and energy to move what feels like a few inches.
I am encouraged to see that Mnuchin’s work experience includes stints as a CIO, but details on his education and what skills earned him a CIO title are not easy to find after some light googling.
Also, the excerpt below is taken from the White House’s Issues page.
“Cyberwarfare is an emerging battlefield, and we must take every measure to safeguard our national security secrets and systems. We will make it a priority to develop defensive and offensive cyber capabilities at our U.S. Cyber Command, and recruit the best and brightest Americans to serve in this crucial area.”
The White House note, in addition to the article on the IRS and cybersecurity needs, reinforces my belief that the next decade (at least) is going to be a purple patch for government cyber work forces.
Adam M Joskowicz says
January 22, 2017 at 5:59 pm
“IBM results show shift to AI and cloud business focus”
The company, IBM, said its cloud revenue for the full year totaled $13.7 billion, a rise of 35%. The revenue IBM made in its cognitive solutions business (that includes software and transaction processing software) totaled $5.3 billion, a 1.4% rise. IBM states that the sales in their business was driven by a demand in the cloud, and cloud analytics and security.
IBM, although seeing a rise in cloud based revenue, reports a decline in their other departments such as consulting, global business process services and application management. In their fourth quarter, its technology services and cloud platforms business, which includes infrastructure services, technical support services and integration software, grew by 1.7% to $9.3 billion. The growth, again, is related to strong hybrid cloud servies, analytics, and security performance.
Senior Vice-President and CFO Martin Shroeter attributed the decline in systems earnings to a shift in the strategy of IBM. Shroeter said, “For systems, our revenue and gross profit performance were driven by growth in z Systems, offset by power and storage declines. These results reflect the reinvention of our core systems for work in a new era of computing… And though we are facing some shifting market dynamics and product transitions in both power and storage, our portfolio overall remains optimised to address the demands of an era of cognitive and cloud computing.”
“Watson” , IBM’s AI and cognitive system, is what Shroeter says the company will use to solve real world problems going forward. “The debate about whether artificial intelligence is real is over, and we’re getting to work to solve real business problems,” he said.
Ginni Rometty, IBM chairman, president and CEO, stated that their company is spending more time pushing the benefits of cloud and AI to its customers. Rometty said, “IBM Watson is the world’s leading AI platform for business, and emerging solutions such as IBM Blockchain are enabling new levels of trust in transactions of every kind. More and more clients are choosing the IBM Cloud because of its differentiated capabilities, which are helping to transform industries, such as financial services, airlines and retail.”
January 22, 2017 at 6:58 pm
I read the article “Spam ‘Hailstorms’ Deliver Variety of Threats” which explains that Spam campaigns have evolved from sending a low number of messages for long periods of time to sending a high volume of emails over a short time span, which improves delivery rates before protection mechanisms can be triggered, Cisco Talos researchers warn.Called “hailstorm” spam, the new type of spam relies on the use of a large number of sender IP addresses from all around the world. While traditional campaigns, called snowshoe attacks, show a query rate of 35 queries per hour, the DNS query volume during hailstorm attacks spikes to over 75K queries per hour, researchers say. By looking at the mail servers targeted by a sample of 475 hailstorm domains, Cisco also determined that servers in the United States are targeted the most compared to other countries. This kind of spam can significant increase the pressure of the core servers in a short time, which may cause serious damage to the enterprises’ online services and impact the users to visit the webpages.
January 22, 2017 at 7:38 pm
U.S. accuses Chinese citizens of hacking law firms, insider trading
Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers
Prosecutors said the men made more than $4 million by placing trades in at least five company stocks based on inside information from unnamed law firms, including about deals involving Intel Corp and Pitney Bowes Inc.
January 22, 2017 at 7:39 pm
January 22, 2017 at 10:34 pm
“Database Ransom Attacks Hit CouchDB and Hadoop Servers”
Hackers first started a wave of attacks at MongoDB servers at the beginning of this new year. Security experts predicted, and were just proven true, that there would be similar attacks at other database servers. 4,600 ElasticSearch servers have been held for ransom. This also has hit Hadoop where there have been a lot of acts of vandalism. Hackers wouldn’t hold any ransom and just delete the data for their own amusement. They do have some information to go on to track one of the hackers as he/she left a username where they deleted a database. the name that was chosen was NODATA4U.
Yang Li Kang says
January 22, 2017 at 11:59 pm
MOZILLA’S FIRST INTERNET HEALTH REPORT TACKLES SECURITY, PRIVACY
In its first-ever Internet Health Report, the non-profit Mozilla Foundation warned of the dangers of concentrated power among too few internet companies, cyber snooping by nosey governments and new threats posed by connected devices that can further erode privacy. Mozilla released the report this week as part of a broader goal to track the health of the internet in categories such as Open Innovation, Digital Inclusion, Decentralization, Privacy and Security and Web literacy. Mozilla Foundation’s call to action is to motivate consumers and organizations to hold companies accountable to ensure safety and privacy isn’t an afterthought when developing software, networks and devices.
January 25, 2017 at 3:30 pm
Re-post of answers to question 1-3 per request:
Overall, both architectures set the vision or mission of the business functions of information systems, and serve to align the information systems to the business functions. Also, they have their sub-architectures and are organized in their own hierarchy.
However, there are more differences between them than their commonalities. The first is that the architectures’ relationships within the aforesaid hierarchy. The hierarchy of “Information Systems Architecture” are more process-oriented. Its architectures are organized in a ‘vertical’ way, which means each one in the lower layer serve as the bedrock for creating the one in upper layer. By contrast, the hierarchy of “Enterprise Architecture” are more result-oriented. It does not have such a ‘vertical’ direction; and each architecture are defined by their functions or desired results (for a baseline architecture, a target architecture; and a sequencing plan). Secondly, “Information Systems Architecture” is also give a definition by deliverable – a “set of principles, policies and standards” while “Enterprise Architecture” is not. The last one is that “Enterprise Architecture” emphasizes satisfying changing mission needs of information systems, while “Information Systems Architecture” does not explicitly state this dynamic aspect.
“System boundary” is the result of assigning information resources to an information system. Information systems and the information residents within that systems are categorized based on a FIPS 199 impact analysis. Then these categorized systems in the inventory are logically grouped into major applications, general support systems or other systems for the purpose of security management.
System boundary mainly help promote effective information security in two ways. Firstly, with relevant resources grouped into different systems, individual risk assessments can be made and appropriate levels of security controls can be selected and implemented to achieve the desired level of security. Secondly, accountability for systems security can be set and assigned to responsible management and personnel so they will take the initiatives to implement security plan to their systems.
“A conceptual schema is a high-level description of a business’s informational needs. It typically includes only the main concepts and the main relationships among them. Typically this is a first-cut model, with insufficient detail to build an actual database. This level describes the structure of the whole database for a group of users. The conceptual model is also known as the data model as data model can be used to describe the conceptual schema when a database system is implemented. It hides the internal details of physical storage and targets on describing entities, datatype, relationships and constraints.” (https://en.wikipedia.org/wiki/Conceptual_schema). In the setting of of business information systems, it provides the view of data required to support support current business processes, business events, and related performance measurements.
Both user view of data and enterprise view of data are the output of the database design. In the past database design normally only considered adopting the user view of data. The user view of data, however, is sometimes insufficient to reflect the real business processes and events, may fail to satisfy enterprise objectives and cause problems in the company’s operations.
In other words, the user view of data is not a “pure” representation of the real world. It “break down” or “flatten” the real world relationships between entities to meet to limited capabilities of the database management systems. By contrast, the enterprise view of data is a solution as a “pure” representation of the real world and is independent of storage and efficiency considerations. The enterprise view is easier to understand than a user view. Also it is more stable than the user view, since some types of changes in the user schema may not require any change in the enterprise schema. Without the requirements of serving as an interface between two other schema (external schema (user view of data) and the storage schema (physical view of data)), conceptual schema is the same as enterprise schema.
February 12, 2017 at 9:51 pm
The rise of machine-to-machine attacks
Gartner which is a big research company predicts there will be 6.8 billion connected in devices in 2016. Which means 30 percent increase comparing to the year of 2015. By 2020, our planet will have more than 20 billion connected devices. According to the U.N. population projection, in the year of 2020, every human in this planet will have at least 3 connected devices.
This massive grown number of devices connected to each other via the internet gives the Hackers a very nice platform to hack and attack these computers for so many reasons such as making money or know information about individuals or companies.
According to Said Manky, All of us have to work on securing our devices. Security should be one of the companies and individuals main goals. We have to learn and be trained to deal with this big numbers of Hackers.
Mengting Li says
March 8, 2017 at 4:17 pm
“What Lies Ahead? Top Security Trends For 2017”
Cybercrime is typically driven by three main factors: Criminal profit incentives; Malice or political incentives; Geopolitics or espionage opportunities.
There are three typical attacks that form the threat landscape for UK businesses.
Ransomware: Ransomware is a malware that prevents or restricts users from using their systems. Ransomware attacks are mainly for money – it’s a kind of extortion software because it effectively holds your computer as a hostage until you pay an attacker with a certain amount of money. You must usually pay through a limited number of online payment platforms for a limited period of time. Once you have paid, you can once again use your own system or restore your data.
Denial-of-service attacks: Denial of service attacks make criminals in another way against individual organizations. By blocking critical access to critical systems (such as Web sites or e-mail) using Internet traffic as a means of blocking access, denial of service attacks can result in financial loss and disruption of normal operation.
Mobile Malware: One of the key contributors to the threat from mobile malware is the proliferation of applications that conduct real business using access-sensitive and confidential information. Typical users may have banking, credit card, hotel, airline and corporate applications installed on their mobile devices. This access is secured, at minimum, with username and password controls.
Wen Ting Lu says
April 1, 2017 at 5:15 pm
I believe out of three typical attacks, mobile malware is the one we should be concerning about the most because in these days we cannot live without our mobile devices.
There are 3 easy way to prevent mobile malware
-Use an official app store. (Google’s Play store and Apple’s App Store). Regularly check uploaded software for malicious behavior.
-Don’t jailbreak your phone.
April 1, 2017 at 4:39 pm
Business intelligence, analytics market to decelerate to 19% by 2020: Gartner
Modern business intelligence and analytics continues to expand more rapidly than the overall market, which is offsetting declines in traditional business intelligence spending. A Gartner study stated that modern business intelligence and analytics market is expected to decelerate from 63.6% growth in 2015 to a projected 19% by 2020 as a result of data and analytics becoming mainstream with growth in terms of seat expansion but dampening pricing pressures. Also, the study shown that revenue in the business intelligence and analytics software market will reach $18.3 billion in 2017, an increase of 7.3 percent from 2016, and to $22.8 billion by the end of 2020.
Modern business intelligence and analytics as a platform has emerged in the last few years to meet new organizational requirements for accessibility, agility and deeper analytical insight, shifting the market from IT-led, system-of-record reporting to business-led, agile analytics including self-service.
The report highlighted that organizations will increasingly leverage streaming data generated by devices, sensors and people to make faster decisions. The emergence of smart data discovery capabilities, machine learning and automation of the entire analytics workflow will drive a new flurry of buying because of its potential value to reduce time to insights from advanced analytics and deliver them to a broader set of people across the enterprise.
April 23, 2017 at 9:16 pm
Extortionists Wipe Thousands of Databases, Victims Who Pay Up Get Stiffed
This week, I was very interested in this article that talks about tens of thousands of personal databases that were left accessible to the public online have just been wiped from the internet and replaced with ransom notes asking for payment for the getting the files back.
What was interesting in this article, the people who made the payments were able to recover the files back which gives the hackers the credibility and made more people trust them and make more payments.
Niall Merrigan, a solution architect for French consulting company called “Cap Gemini” who was helping the victim on his personal time said the people who paid to recover their data didn’t have choice because if you wait few minutes after running the Sheldon query and then re-run the query, you will find the same internet addresses that showed up in the database listing from the previous query.
As a conclusion, these hackers found a way collect legal payments with using illegal way to hack people accounts. This is so scary.
You must be logged in to post a comment.