Posted by Kevin on September 23, 2014.
The ITsecurity daily security briefing: Tuesday, September 23, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
European banks and Europol join forces to fight cybercrime
The European Banking Federation and Europol have signed a memorandum of understanding on mutual cooperation against cybercrime. “The MoU allows the exchange of expertise, statistics and other strategic information between both parties. It will facilitate the exchange of data on threats to enable financial institutions to protect themselves, whilst the immediate reporting of new malware and evolving means of payment fraud allows law enforcement to investigate and arrest the clever and ‘tech-savvy’ perpetrators.” Said Troels Oerting, Head of the European Cybercrime Centre (EC3), “Today marks an important day for both EU law enforcement and the banking industry. We have agreed to intensify mutual cooperation, respecting relevant national legislation, to jointly enhance our ability to prevent, prosecute and disrupt cybercrime against the financial sector. This… will make life more difficult for criminals and life easier for the banking sector and all of us who use these important services.”
New bracelet strengthens computer security
Researchers have developed a new approach that provides both continuous authentication of a user as well as automatic log out when the user leaves the device. It is called Zero-Effort Bilateral Recurring Authentication, or ZEBRA. “In ZEBRA, a user wears a bracelet with a built-in accelerometer, gyroscope and radio on his or her dominant wrist; such bracelets are commonly sold as fitness devices. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it and sends it to the terminal. The terminal compares the wrist movement with the inputs it receives from the user via keyboard and mouse and confirms the continued presence of the user only if they correlate. Because the bracelet is on the same hand that provides inputs to the terminal, the accelerometer and gyroscope data and input events received by the terminal should correlate because their source is the same — the user’s hand movement.”
Apple Still Has Plenty of Your Data for the Feds
Micah Lee at The Intercept questions Apple’s real commitment to user privacy despite the recent move to encryption by default. “Apple still strongly encourages all its users to sign up for and use iCloud, the internet syncing and storage service where Apple has the capability to unlock key data like backups, documents, contacts, and calendar information in response to a government demand. iCloud is also used to sync photos, as a slew of celebrities learned in recent weeks when hackers reaped nude photos from the Apple service. (Celebrity iCloud accounts were compromised when hackers answered security questions correctly or tricked victims into giving up their credentials via ‘phishing’ links.”
Facebook Extends Reach With New Advertising Platform
The original WSJ report requires a subscription, but Reuters notes, “Facebook Inc is set to unveil a new advertising platform to improve effectiveness of online ads, the Wall Street Journal reported on Monday citing people with knowledge of the matter. The product is a redesigned version of Atlas Advertiser Suite, an ad management and measurement platform that Facebook bought from Microsoft Corp last year.”
NY regulator warns against looming cyber 9/11
“A top regulator in New York believes it’s only a matter of time before terrorists strike a major cyber blow against the American financial system. ‘I’m worried what we are going to have some major event in the cybersystem that is going to cause us all to shudder,’ Benjamin M. Lawsky, the superintendent of the New York State Department of Financial Services, said Monday at the Bloomberg Markets Most Influential Summit.”
Federal Judge allows plaintiffs to see searches Google’s Street View
“A federal judge will allow the plaintiffs in a class action accusing Google of collecting unencrypted WiFi data through its Street View vehicles to see the results of a search of the company’s Street View data.
“Google admitted in 2010 that its vehicles, which began mapping American roads in 2007, inadvertently collected usernames, passwords and emails from unprotected personal and business wireless networks as they snapped photographs and collected GPS data.
“Lead plaintiff Benjamin Joffe filed a class action against Google, accusing it of violating the federal Wiretap Act, which prohibits the interception of ‘wire, oral, or electronic communication’.”
Government Hackers Try To Crack HealthCare.Gov
A new report details pentesting results for HealthCare.Gov. AP reports, “The government’s own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability — but also came away with respect for some of the health insurance site’s security features… So-called ‘white hat’ or ethical hackers from the inspector general’s office found a weakness, but when they attempted to exploit it like a malicious hacker would, they were blocked by the system’s defenses.
AP: The Big Story:
Symantec Intelligence Report :: AUGUST 2014
Highlights include 700% increase in crypto-style ransomware; more than 31.5 million identities were reported exposed in August, from 12 incidents (largely down to a huge breach in South Korea); and a slight fall in blocked phishing attempts. On the last, “One in 1,587 emails was identified as a phishing attempt, compared with one in 1,298 for July and one in 496 in June. While at first glance this looks like a big drop, it is not indicative of a wider trend just yet, resulting in only a 0.01 percentage point decrease in the overall phishing rate.”
Tinba Malware Reloaded and Attacking Banks Around the World
IBM’s Trusteer researchers have published an analysis of a new Tinba variant and campaign. Tinba had its source code leaked in July. “Initially, only a handful of financial institutions were targeted. However, at the time of this posting, this attack had broadened to include a larger number of banks globally — including the United States and Canada. Our research teams have been tracking and flagging these files as malicious with a combination of low (2/55) and high (22/53) detection rates in VirusTotal (VT) in addition to samples that have yet to be submitted to VT.”
Fake invoice La Boutique Officielle contains obfuscated VBS script
“MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Confirmation du payement de votre facture #BH2011-581″ targeting customers of laboutiqueofficielle.com.” The attached zip file contains malicious VBS script known as virus.vbs.crypt.c or Troj/VBAgent-AB. At the time of writing, only two of the 55 AV engines on VirusTotal detected the malware.