[ISN] That NBC story 100% fraudulent

http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html By Robert Graham Errata Security February 06, 2014 Yesterday (Feb 5 2014) NBC News ran a story claiming that if you bring your mobile phone or laptop to the Sochi Olympics, it’ll immediately be hacked the moment you turn it on. The story was fabricated. The technical details relate to going to the Olympics in cyberspace (visiting websites), not going to there in person and using their local WiFi. The story shows Richard Engel “getting hacked” while in a cafe at Sochi. 1. It is wrong in every respect. 2. They aren’t in Sochi, but in Moscow, 1007 miles away. The “hack” happens because of the websites they visit (Olympic themed websites), not their physical location. The results would’ve been the same in America. 3. The phone didn’t “get” hacked; Richard Engel initiated the download of a hostile Android app onto his phone. I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day. But the story was nothing of the sort. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Israeli start-up claims it may be able to stop all viruses

http://www.timesofisrael.com/hack-this-start-up-claims-it-can-stop-all-viruses-permanently/ By David Shamah The Times of Israel February 6, 2014 An Israeli start-up claims it may be able to put an end to the viruses, malware, and trojan horses that cost the world economy hundreds of billions of dollars a year. Not only does Cyactive say it can stop viruses that are already “in the wild,” currently causing damage, but according to CEO & Co-Founder, Liran Tancman, it can beat them most of them even before they are invented. The secret? Viruses are overwhelmingly evolutionary, not revolutionary. “Much of the code found in even major attacks is reused over and over again in new attacks,” Tancman said. “There has actually never been a virus that did not draw substantially on malware that was already in existence.” Especially today, when hacking has become such a lucrative worldwide business, hackers need to produce. They don’t have time to reinvent the wheel; nor do they have to as things stand, said Tancman. “The problem is that cyber-security is reactive, not proactive. A company will spend hundreds of thousands or millions of dollars to secure themselves against a major malware variant, fighting off a specific attack.” But getting around those defenses is easy for a hacker. “All they have to do is insert some changes in their malware code, and they are in the clear. For $150, a cybercriminal can hire a hacker to do $25 million of damage, and then do it again a few months later, making very minor changes to their malware code.” Tancman, a former head of Cyber-strategy in an elite IDF intelligence unit with a decade of experience in Israel’s intelligence corps, has been thinking about this phenomenon for a long time


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Texas Hospital Discloses Huge Breach

http://www.informationweek.com/healthcare/security-and-privacy/texas-hospital-discloses-huge-breach-/d/d-id/1113724 By David F Carr InformationWeek.com 2/5/2014 St. Joseph Health System has confirmed a security breach affecting the records of up to 405,000 past and current patients, as well as employees and employees’ beneficiaries. St. Joseph says it believed the attack occurred between Dec. 16 and 18, when one of its computer servers was hacked, and that the exposure ended on the 18th when the attack was discovered and the server was shut down. The health system hired national security and computer forensic experts to investigate. The ongoing investigation suggests the attackers may have gained access to records including names, Social Security numbers, dates of birth, and possibly addresses, as well as the medical information of patients and bank account data for employees. If substantiated, this would be one of the largest healthcare data breaches ever reported, and the largest by an individual health system. The largest, according to US Department of Health and Human Services data, involved 780,000 records in a 2012 incident at the Utah Department of Health and 475,000 records in a 2008 report from the Puerto Rico Department of Health. Since both of these are government agencies, the St. Joseph breach could potentially have the biggest loss of patient data reported by an individual hospital. So far, the damage done is a matter of speculation. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 75 Percent of Pentagon Contractors Adjusted Security After Snowden Leaks

http://www.nextgov.com/cybersecurity/2014/02/75-percent-pentagon-contractors-adjusted-security-after-snowden-leaks/78302/ By Aliya Sternstein Nextgov.com February 5, 2014 Leaks of national secrets by former federal contractor Edward Snowden drove 75 percent of U.S. defense company executives to adjust information security procedures, mostly by increasing employee training and going on high alert for deviant behavior, according to a new study. The poll of information technology managers was conducted last month by market research firm Opinion Matters on behalf of consultancy ThreatTrack. Most of the 100 contractors surveyed are taking a manual approach to the crackdown on data seepage, rather than using automated mechanisms to block personnel from disclosing information, according to the study’s data points. Among businesses with an IT budget of more than $10 million, 44 percent are restricting user access. Of the firms storing or accessing confidential information for the government, 34 percent have scaled back system administrator privileges. Sixty percent of the companies in those same two categories are subjecting employees to more cyber awareness education. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Where Did You Learn About Cybersecurity — or Did You?

http://www.eetimes.com/author.asp?section_id=8&doc_id=1320907 By Carolyn Mathas EE Times 2/6/2014 I just noticed the results of a report commissioned by the Institution of Engineering and Technology (IET) called “Using Open Source Intelligence to Improve ICS & SCADA Security.” The report suggests that information that engineers place on social media, in blogs, and in papers is sufficient to mount cyberattacks. In this case, the attacks involved utilities. However, it shouldn’t matter what industry is front and center


Facebooktwittergoogle_plusredditpinterestlinkedinmail