Posted by Kevin on September 9, 2014.
The ITsecurity daily security briefing: Tuesday, September 9, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
‘Undetectable’ Peter Pan computer virus threatens UK businesses
This type of sensationalist headline from a mainstream newspaper always annoys the hell out of me. The report goes on to say, “A sophisticated spam attack has raised the spectre of a new wave of undetectable viruses coming from eastern Europe.” Later it adds, “experts have warned of a perfect storm of viruses emanating from the former Soviet Union.” WTF does that mean?
OK. This is a serious and sophisticated phishing attempt, using pantomime tickets as the lure. (BTW, Peter Pan is the lure, not the virus.) And it is true that viruses come our way from the former Soviet Union — and from Russia and China and India and the US and Brazil and Clacton and more. ‘Undetectable’, however, seems to stem from throwing the sample at VirusTotal and noting that only a handful of AV companies detected the strain, at the time. I would just like to mention that simply because VirusTotal doesn’t yet recognize the virus doesn’t mean your AV won’t stop it. It’s a bit more complicated than that. And calling something undetectable is simply cobblers.
Bartell Hotels breached in February, fixed in May, disclosed in September
Bartell Hotels issued a press release yesterday admitting that card details for some of its customers may have been compromised. The dates are a little worrying. “Bartell Hotels is encouraging individuals who visited five of its hotels and used payment cards for lodging, food and beverage, or retail transactions between February 16, 2014 and May 13, 2014, to review their payment card statements for signs of unusual activity. The issue has been remediated, and Bartell Hotels has been processing payment cards securely since May 13, 2014.” It is not surprising that they did not discover a breach beginning in February until May — but it’s worrying that they didn’t tell their customers for another four months.
The Nigerian dating scam
“Two men have been convicted for their roles in a scam to con 12 women out of nearly £250,000 via a dating website. Winchester Crown Court heard the fictional “James Richards” told women using match.com he needed money to release a £100m inheritance in India. One victim handed over £174,000.” Hard to believe; but true.
A website set up to shame the guilty: the list of companies that don’t protect customers’ data
Panda Security discusses some of the sites found on http://httpshaming.tumblr.com/, a site set up by Tony Webster to name and shame websites that make a poor job of security. And they’re not all small and obscure: “One of the names that appears on the website is Mashable. According to Webster, this news website enables users to connect using their social networks accounts and interact through them. The problem however is that all this activity is happening on an HTTP address, instead of the secure HTTPS internet protocol, which encrypts the information transmitted with the SSL (‘Secure Sockets Layer’) system.”
“Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware
Cisco has released details on a massive malvertising network it has uncovered. “Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.”
International network of child abuse photographers dismantled
“An international law enforcement action involving six countries, to dismantle a network of child abuse photographers, has resulted in the arrest of 10 individuals and the seizure of an extensive amount of digital evidence.
Arrests were made in the Czech Republic (5), France (1), Ireland (1), Spain (1) and Sweden (2). During six house searches, 30 TB of data, hundreds of DVDs, and 480,000 files for analysis were seized.”
Are We There Yet? The Path Towards Securing the Mobile Enterprise
“In the 3rd quarter of 2014 IBM has completed a survey among mobile security professionals looking at mobile security capabilities deployed by enterprises. Combined with IBM’s mobile security framework that spans device, content, application and transactions, IBM was able to create a fact-based maturity model for enterprise mobile security.” Webinar to give details.
October 7, 11:00 am EDT
Is it the Internet or the Enter-net? How do Retailers Stay Ahead in the Security Game
“In the last year some of the world’s most prominent retailers have suffered some of the most devastating data security failures ever. What are the best ways to safeguard against the evolving threats? How can management be confident that the choices they make are as effective–and cost-effective–as they can be?”
September 17; 11:00am PDT
Phishing campaign against SalesForce users
SalesForce has warned its users that they may be targeted by a phishing campaign distributing the Dyre malware. Help Net Security http://www.net-security.org/malware_news.php?id=2861 reports: “The code is designed to work similar to ZeuS and as most online banking threats it supports browser hooking for Internet Explorer, Chrome and Firefox and harvests data at any point an infected user connects to the targets specified in the malware,” CSIS researcher Peter Kruse shared at the time.” Users should be particularly wary about unexpected emails.