[ISN] USC hit with another personal data breach

http://www.greenvilleonline.com/article/20130629/NEWS10/306290012/USC-hit-another-personal-data-breach By Andrew Shain GreenvilleOnline.com June 29, 2013 The University of South Carolina is dealing with another data breach while it continues work to eliminate unnecessary use of Social Security numbers. USC sent letters this week to 6,300 students whose personal information, including Social Security numbers, could have been on a laptop stolen from the physics department. The school’s new cyber-security program is more than a year from completion, USC officials said. And even when it’s in place, hackers and thieves might get valuable data from the school where more than 80,000 devices




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NSA revelations throw wrench into lawmakers’ cybersecurity push

http://thehill.com/blogs/hillicon-valley/technology/308563-nsa-revelations-throw-wrench-into-cybersecurity-push By Brendan Sasso Hillicon Valley The Hill 06/30/13 Revelations about the National Security Agency’s domestic surveillance programs could make it more difficult for Congress to pass cybersecurity legislation. Civil liberties groups have long argued that the House’s cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), could allow vast batches of private online information to fall into the hands of the NSA. The House passed CISPA earlier this year, but the Senate is still in preliminary talks about its own cybersecurity legislation. News that the NSA has been collecting records on virtually all U.S. phone calls and monitoring certain Internet users through a program called PRISM have brought privacy fears to the front burner in recent weeks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New disk wiper malware linked to attacks in South Korea, researchers say

https://www.computerworld.com/s/article/9240440/New_disk_wiper_malware_linked_to_attacks_in_South_Korea_researchers_say By Lucian Constantin IDG News Service June 28, 2013 A new piece of malware designed to delete files from hard disk drives and render computers unable to boot targets South Korean users, according to researchers from security firm Symantec. The malware is similar to the Jokra Trojan program that was used in March to wipe the hard drives of computers belonging to several banks and TV broadcasters in South Korea, leading to significant disruptions of their operations. The attack in March was attributed by security experts to a hacker gang called “DarkSeoul” that’s also believed to be responsible for the distributed denial-of-service attacks from Tuesday against South Korean websites, including that of South Korean President Park Guen-hye. The new hard-drive wiper malware is called Trojan.Korhigh and was found by Symantec researchers during their investigations into cyberattacks in South Korea. “Trojan.Korhigh has the functionality to systematically delete files and overwrite the Master Boot Record (MBR) on the compromised computer, rendering it unusable,” the Symantec researchers said Thursday in a blog post. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chinese University issues new security alert to students over hacking

http://www.scmp.com/news/hong-kong/article/1272163/chinese-university-issues-new-security-alert-students-over-hacking By Lana Lam and Emily Tsang South China Morning Post 30 June, 2013 Staff and students at Chinese University were warned yesterday to secure their computers against hacking. The caution came just over two weeks after claims by whistle-blower Edward Snowden that it had been among the targets of a US cyberspying programme. An e-mail sent by the information security section to all 8students and staff said: “Protecting our data and information against hackers has recently become the talk of the town.” Titled “Information security reminder – Keep your data out of hackers’ reach!”, the e-mail is understood to have landed in the inboxes of about 14,800 students and more than 7,500 staff yesterday afternoon. It included more than a dozen specific “do’s and don’ts” on how to block unauthorised access to personal data. “We strive to protect all data … processed and stored by the central information systems and data that flow through our campus network,” the e-mail said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Was Halifax’s e-vote hacked?

http://www.thecoast.ca/RealityBites/archives/2013/06/27/was-halifaxs-e-vote-hacked By Rob Wipond The Coast June 27, 2013 It’s been several weeks since I revealed evidence that the online voting in last fall’s municipal elections in Halifax was not secure. Now I’m starting to wonder, does anyone care? How many people care about defending our most basic pillar of democracy


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call For Papers – HITBSecConf2013 – Malaysia

http://cfp.hackinthebox.org/ HITBSecConf series is a deep-knowledge technical conference. Talks that discuss new and never before seen attack and defense methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 1250 words should be submitted (in plain text format) to us through our online CFP system for review and possible inclusion in the programme. Each accepted submission will entitle the speaker(s) to accommodation for 3 nights / 4 days and travel expense reimbursement up to EUR1200.00 per speaking slot. Conferences open for submission: HITBSecConf2013 – Malaysia Submission Deadline: 25th July 2013 23:59 MYT Topics: Topics of interest include, but are not limited to the following: Cloud Security File System Security 3G/4G/WIMAX Security SS7/GSM/VoIP Security Security of Medical Devices Critical Infrastructure Security Smartphone / MobileSecurity Smart Card and Physical Security Network Protocols, Analysis and Attacks Applications of Cryptographic Techniques Side Channel Analysis of Hardware Devices Analysis of Malicious Code / Viruses / Malware Data Recovery, Forensics and Incident Response Hardware based attacks and reverse engineering Windows / Linux / OS X / *NIX Security Vulnerabilities Next Generation Exploit and Exploit Mitigation Techniques NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security White Paper: If your presentation is short listed for inclusion into the conference program, a technical white paper must also be provided for review (3000 – 5000 words). Please note: We do not accept product or vendor related pitches. If you would like to showcase your company’s products or technology, please email conferenceinfo (at) hackinthebox.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Researcher To Demo Spy-Phone At Black Hat Las Vegas 2013

http://www.infosecnews.org/researcher-to-demo-spy-phone-at-black-hat-las-vegas-2013/ By Robert Lemos Dark Reading June 26, 2013 Security researchers have warned that mobile phones could easily be made into surveillance devices that can track users, record audio and video of their surroundings, and eavesdrop on their communications. Now one researcher plans to show off a proof-of-concept program at the Black Hat Security Briefings this summer that can compromise a phone and turn it into just such an eavesdropping platform. The program, created by researchers at network security firm Kindsight, essentially turns any Android phone into a compromised bot, allowing the attacker to eavesdrop on communications, track location, download personal information and take pictures without the victim’s knowledge. In addition, the researchers will show how they developed the architecture of the eavesdropping software and ways that it can be easily added as a Trojan Horse to any mobile app. “This is a demonstration, a proof-of-concept malware,” says Kevin McNamee, security architect and director of Kindsight’s Security Labs. “We use this as a way to show the capabilities of the malware and show how dangerous cyberespionage can be.” While only a small fraction of U.S. mobile users are impacted by malware, spyware makes up a large portion of the pantheon of mobile threats. As of March 2013, almost two out of every 10 malicious mobile applications qualifies as spyware, according to Juniper Networks’ Mobile Threat Center. The company classifies any program that captures and transfer sensitive data on the phone without notifying the user as spyware. […] http://www.darkreading.com/advanced-threats/researcher-to-demo-spy-phone-at-black-ha/240157439 InfoSec News subscribers can save $100 off registration for the Black Hat Briefing’s by using this code: ISnews100


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cisco fixes serious vulnerabilities in email, Web and content security appliances

https://www.computerworld.com/s/article/9240406/Cisco_fixes_serious_vulnerabilities_in_email_Web_and_content_security_appliances By Lucian Constantin IDG News Service June 27, 2013 Cisco Systems released security patches for its email, Web and content security appliances in order to address vulnerabilities that could allow attackers to execute commands on the underlying OS or disrupt critical processes. The vulnerabilities affect different versions of the Cisco IronPort AsyncOS operating system that’s used in the Cisco Content Security Management Appliance, the Cisco Email Security Appliance and the Cisco Web Security Appliance. Releases 7.1 and prior, 7.3, 7.5 and 7.6 of the software in the Cisco Email Security Appliance are affected by three vulnerabilities, one that allows remote attackers to inject and execute commands with elevated privileges through the Web interface and two that could be used to crash the management graphical user interface (GUI) or the IronPort Spam Quarantine service and cause other critical processes to become unresponsive. Exploiting the command injection vulnerability requires authentication via the Web interface with at least a low privilege account, but the denial-of-service vulnerabilities can be exploited remotely without authentication. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail