Posted by Kevin on September 2, 2014.
The ITsecurity daily security briefing: Tuesday, September 2, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
How were the celebrity selfies stolen?
Well, we don’t know. It doesn’t seem like an iCloud breach – and Apple hasn’t commented. What seems most likely is use of a password forcer called ibrute, available on GitHub. ibrute makes use of a flaw in Find my iPhone, which Apple coincidentally patched yesterday. But ibrute targets one account at a time and requires the target’s email address; which makes the leak of 100 celebrity photos simultaneously a bit strange.
It may be worth considering this post on Imgur, which quotes: “there wasn’t just one hack – there isn’t just one leaker – there’s been a small, underground n00d-trading ring that’s existed for years…” The implication is that the leak isn’t directly from Apple, but from a larger underground store of celebrity nude photos and videos.
The poster predicts, “brace for multiple arrests as the net tightens around the trading ring.”
A tour of NATO’s cyber HQ
Ian Brown discusses NATO’s growing cyber capabilities. “NATO is in the news today, declaring that a cyber-attack on any of the military alliance’s members could lead to an joint response under Article V of the North Atlantic Treaty. Russia’s invasion of Ukraine — reluctant as most NATO members are to label it as such — means this is not just a remote possibility.” But he also comments, “It is astonishing that (according to the New York Times) the US, UK and Germany will not share information about their offensive cyber capabilities even with their closest allies — leaving NATO officials to scour media reports of Edward Snowden’s revelations. (I hope that my expert witness statements in Big Brother Watch v UK and Privacy International v GCHQwere helpful.)”
Expert international cybercrime taskforce is launched to tackle online crime
As planned, the new Joint Cybercrime Action Taskforce (J-CAT) was formally announced on 1 September. “Initiated by Europol’s EC3, the EU Cybercrime Taskforce, the FBI and the NCA, the J-CAT comprises a team composed of Cyber Liaison Officers from committed and closely involved Member States, non-EU law enforcement partners and EC3. Key contributors to the intelligence pool will be the EU Member States via EC3, and other law enforcement cooperation partners. Thus far, Austria, Canada, Germany, France, Italy, the Netherlands, Spain, the UK and the US are part of the J-CAT. Australia and Colombia have also committed to the initiative.” The only member of Five Eyes not mentioned is New Zealand; so we can expect them to join as well.
DDoS Attacks: Increasingly the Weapon of Choice
RSA discusses the increasing threat from DDoS. “Where [companies] do not have the resources in-house to defend themselves, organizations should investigate the use of services that can divert traffic away from their networks while remediation measures are taken. While, on the one hand, there is a trend toward increasing complexity and sophistication of attacks, on the other hand, attacks are becoming easier to pull off by an ever-wider range of criminal actors. The DDoS attack landscape is set to become much more complicated, and many more organizations will become victims. All organizations should beware.”
New BlackPOS Malware Emerges in the Wild, Targets Retail Accounts
“We recently spotted a brand new BlackPOS (point-of-sale) malware detected by Trend Micro as TSPY_MEMLOG.A. In 2012, the source code of BlackPOS was leaked, enabling other cybercriminals and attackers to enhance its code. What’s interesting about TSPY_MEMLOG.A is it disguises itself as an installed service of known AV vendor software to avoid being detected and consequently, deleted in the infected PoS systems.”
RandomStorm gains CREST accreditation
RandomStorm announced today that it is among the first companies to achieve UK CREST accreditation for penetration testing and Cyber Essentials. “The CREST scheme is designed to provide consumers with confidence that the businesses that they deal with have the necessary defences in place to protect their information against the most common cyber threats.” This gives RS a CESG ‘stamp of approval’ for website testing.
AV-TEST on Mac security products
Example: “Protection against 0-day malware attacks, inclusive of web and e-mail threats (Real-World Testing)” ranges from 100% (Bitdefender, F-Secure, G Data, Kaspersky Lab, McAfee, Trend Micro) to 79% (Microsoft) of those tested in January. Click the graphic for full size results.
Incidence of PUPs increasing
Panda Security’s latest quarterly report shows that malware is still increasing “at an average rate of 160,000 every day.” Trojans are still the primary type of malware, but the is a substantial increase in PUPs (potentially unwanted programs). Asia and Latin America are the most infected areas. Although Spain has a higher than global average infection rate, in general Europe is the least infected area.
PandaLabs Quarterly Report:
How Secure is Global Commerce Today?
Act local but think global applies to IT security and data privacy as well as many other aspects of doing business. How does adding an international dimension to your business impact privacy and security? What does it mean if your business continuity depends on a global supply chain? This webinar will help you answer these questions and more.
Live on Sep 03, 2014; 10:00 PDT
Internet of Things – One Size Doesn’t Fit All
The reality is that the Internet of Things is here today. IoT has been with us in various incarnations over the last ten years or so. To protect yourself, your network and your business you need to think of the larger picture of securing the device to the network and back again.
Tuesday, September 16, 2014 ; 10:00 am – 11:00 am PDT
PCI 3.0 is Knocking on Your Door: Are you Ready?
With the PCI DSS version 3.0 implementation deadline around the corner, organizations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.
Sep 23 2014 7:00 pm (BST)
Submitted in: News |