Tag Archives: site

[ISN] FBI Warns of Fake Govt Sites, ISIS Defacements


http://krebsonsecurity.com/2015/04/fbi-warns-of-fake-govt-sites-isis-defacements/ By Brian Krebs Krebs on Security April 7, 2015 The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers. According to the FBI, ISIS sympathizers are targeting WordPress Web sites and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international sites. The agency said the attackers are mainly exploiting known flaws in WordPress plug-ins for which security updates are already available. The public service announcement (PSA) coincides with a less public alert that the FBI released to its InfraGard members, a partnership between the FBI and private industry partners. That alert noted that several extremist hacking groups indicated they would participate in an operation dubbed #OpIsrael, which will target Israeli and Jewish Web sites to coincide with Holocaust Remembrance Day (Apr .15-16). “The FBI assesses members of at least two extremist hacking groups are currently recruiting participants for the second anniversary of the operation, which started on 7 April 2013, and coincides with Holocaust Remembrance Day,” the InfraGard alert notes. “These groups, typically located in the Middle East and North Africa, routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations.” […]

Tags: , , , , , , , , , , , , , , , , , ,

[ISN] FBI Warns U.S. Companies of Cyber Terror

http://freebeacon.com/national-security/fbi-warns-of-anti-israel-cyber-attacks/ By Bill Gertz The Washington Free Beacon April 2, 2015 The FBI is warning U.S. companies that cyber terrorists from the Middle East and North Africa are planning to conduct cyber attacks against Israeli and Jewish interests next week. The Bureau stated in a security notice to U.S. industry on Sunday that, as of early March, “several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites.” “Given the perceived connections between the government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable U.S.-based financial targets or Jewish-oriented organizations within the United States,” the FBI warning said. “Based on historical attacks, the FBI assesses that attacks which may spawn from #OpIsrael to target U.S.-based systems will likely constitute only a small percentage of overall activity.” The FBI said members of at least two extremist hacking groups it did not identify are currently working to recruit hackers for the attacks next week, which will coincide with the second anniversary of the first #OpIsrael cyber attacks. Those were launched on April 7, 2013, and timed to coincide with Israel’s Holocaust Remembrance Day, which begins the evening of April 15. […]

Tags: , , , , , , , , , , , , , , , ,

[ISN] IBM Uncovers New, Sophisticated Bank Transfer Cyber Scam

https://recode.net/2015/04/02/ibm-uncovers-new-sophisticated-bank-transfer-cyber-scam/ By Bill Rigby Reuters.com April 2, 2015 IBM has uncovered a sophisticated fraud scheme run by a well-funded Eastern European gang of cyber criminals that uses a combination of phishing, malware and phone calls that the technology company says has netted more than $1 million from large and medium-sized U.S. companies. The scheme, which IBM security researchers have dubbed “The Dyre Wolf,” is small in comparison with more recent widespread online fraud schemes but represents a new level of sophistication. According to IBM, since last year the attackers have been targeting people working in companies by sending spam email with unsafe attachments to get a variant of the malware known as Dyre into as many computers as possible. If installed, the malware waits until it recognizes that the user is navigating to a bank website and instantly creates a fake screen telling the user that the bank’s site is having problems and to call a certain number. […]

Tags: , , , , , , , , , , , , , ,

[ISN] Taiwan seeks stronger cybersecurity ties with US to counter China threat

http://www.thestar.com.my/Tech/Tech-News/2015/03/31/Taiwan-seeks-stronger-cybersecurity-ties-with-US-to-counter-China-threat/ The Star Online March 31, 2015 TAIPEI: Taiwan wants to join a major anti-hacking drill conducted by the United States to strengthen cybersecurity ties with its staunchest ally, its vice premier said on Monday, a move which would help safeguard against constant targeting by hackers in rival China. Many hacks into Taiwan systems have been traced to sites belonging to China’s People’s Liberation Army, Vice Premier Simon Chang told Reuters in an interview, without elaborating on the locations. “Taiwan has no enemy in the international community except you-know-who. Who in the world would try to hack Taiwan?” Chang, a former director of Asia hardware operations for Internet giant Google Inc, said. China has vehemently denied accusations of cybertheft. […]

Tags: , , , , , , , , , , ,

[ISN] Former Tesla Intern Releases $60 Full Open Source Car Hacking Kit For The Masses

http://www.forbes.com/sites/thomasbrewster/2015/03/25/hack-a-car-for-60-dollars/ By Thomas Fox-Brewster Forbes Staff 3/25/15 Eric Evenchick knows what it’s like to be at the mercy of modes of transport. That might be why the former Tesla intern is so keen to hack his way to gaining greater control over the vehicles he travels in. When we speak over encrypted call app RedPhone, he’s stuck in Hong Kong airport waiting for a delayed flight to Singapore, where he’ll announce the open sourcing of the CANard tool during the BlackHat Asia conference. His code will make it cheaper and easier than ever before for tinkerers to get to the innards of their connected cars to determine if there are any useful tweaks they can make, or any worrisome security vulnerabilities that more malicious hackers could exploit. Evenchick is hopeful CANard, based on the widely-used and much-loved Python language, will have a greater impact on the car industry in general. It should allow security researchers of all ilks to easily probe cars for weaknesses, which, Evenchick hopes, will get them to take vehicle hacking more seriously. His own tinkering with the code has turned CANard into a more powerful tool in recent weeks. In particular, it now has the ability to carry out proper diagnostics over the Controller Area Network (CAN), the network-on-wheels found in almost all modern automobiles to send data around the vehicle, he tells FORBES. This means anyone who knows or learns Python (it’s a good language for newcomers to coding) can start to probe what functions can be accessed using their computer, whether they run an Apple AAPL -2.61% Mac, Microsoft MSFT -3.36% Windows or Linux PC. They’ll also need to buy some associated hardware to connect laptops to the diagnostics, or OBD2, port, which Evenchick has also produced. He’ll be shipping CANtact, a CAN to USB interface for the low, low price of $59.95 (USB and OBD2 cable not included). There will only be 100 available in the first batch, but the hardware is open source too, meaning it’s easily replicable and even cheaper for those with the right skills. […]

Tags: , , , , , , , , , , , ,

[ISN] No, the CIA isn’t stealing Apple’s secrets

http://blog.erratasec.com/2015/03/no-cia-isnt-stealing-apples-secrets.html By Robert Graham blog.erratasec.com March 10, 2015 The Intercept news site by Glenn Greenwald is activism rather than journalism. Their stories don’t reference experts knowledgeable about subjects, but only activists who are concerned about the subjects. This was demonstrated yet against in their piece claiming “The CIA Campaign to Steal Apple’s Secrets”. Yes, the Snowden documents are real, but pretty much everything else is made up. Here’s the deal. Terrorist leaders use iPhones. They are a status symbol, and status symbols are important to leaders. Moreover, since Apple’s security is actually pretty good, terrorists use the phones for good reason (most Android devices suck at security, even the Blackphone). Getting software onto terrorist’s phones, or basebands, is an important goal of intelligence. When CIA drones bomb a terrorist compound, iPhones will be found among the bodies. Or, when there is a terrorist suspect coming out of a dance club in Karachi, a CIA agent may punch them in the face and run away with their phone. However, it happens, the CIA gets phones and wants to decrypt them. Back in 2011 when this conference happened, the process of decrypting retrieved iPhones was time consuming (months), destructive, and didn’t always work. The context of the presentation wasn’t that they wanted to secretly spy on everyone’s phones. The context was that they wanted to decrypt the phones they were getting. […]

Tags: , , , , , , , , , , , , ,

[ISN] SCERT’s website allegedly hacked by ISIS

http://www.thehindu.com/news/cities/Delhi/scerts-website-allegedly-hacked-by-isis/article6977377.ece By ASHOK KUMAR The Hindu March 10, 2015 The official website of the State Council of Educational Research and Training (SCERT), Haryana, was allegedly hacked and a message posted on it saying it was done by terrorist organisation ISIS. SCERT director Sneh Lata told The Hindu that the department got to know about the hacking on Sunday afternoon. “We got to know about the hacking when ISIS flag was noticed with ‘Hacked by Islamic State (ISIS), We Are Everywhere :)’ written on website’s homepage,” said Ms. Lata. But as soon as the matter came to notice, the message was removed and the website is now running properly. Ms. Sneh Lata further said that the matter was reported to the police and a formal complaint was lodged with the Cyber Cell in this connection. […]

Tags: , , , , ,

[ISN] Isis — No, Not That One — Wins $7 Million Pentagon Cyber Contract

http://www.nextgov.com/defense/2015/03/isis-no-not-one-wins-7-million-pentagon-cyber-contract/106959/ By Aliya Sternstein Nextgov.com March 8, 2015 The Defense Department has hired a little-known Virginia startup company – with an unfortunate name – to pull together the military’s most cutting-edge computer and information assets. The “Threat Intelligence Platform” project will help Pentagon analysts sift through big data research to track threats – including presumably Islamic State extremists. So, the winning contractor, Isis Defense, might want to think about rebranding itself – or go with the free advertising. Right now, the company doesn’t have a major Web presence. There is no corporate website. Google searches for “Isis Defense” pull up a bunch of news stories about international efforts to stanch the Islamic State’s spread. Scroll down the list of results and you’ll find at least one relevant hit – an outdated bio for the firm’s chief executive officer, Jamie Dos Santos. She is the former CEO of Web services provider Terremark Federal Group. […]

Tags: , , , , , ,