[ISN] Hidden iOS Services Bypass Security

http://www.informationweek.com/mobile/mobile-applications/hidden-ios-services-bypass-security/d/d-id/1297452 By Thomas Claburn InformationWeek 7/21/2014 A computer researcher asks why Apple allows undocumented services to bypass encryption and access user data. Apple’s iPhone and iPad run undisclosed services that allow security features to be bypassed, according to a prominent computer security researcher. In a presentation at the HOPE/X hacking conference in New York on Friday, forensic researcher Jonathan Zdziarski described several undocumented iOS services that can function backdoors, allowing ostensibly encrypted data to be accessed and subverting user privacy. Zdziarski in a blog post stresses that he is not accusing Apple of working with the NSA, but he voices suspicion that the NSA might have used some of these services to access data on iOS devices, as described in a recent Der Spiegel report. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Fresh threat to critical infrastructure found in Havex malware

http://www.v3.co.uk/v3-uk/news/2356410/fresh-threat-to-critical-infrastructure-found-in-havex-malware By Alastair Stevenson V3.co.uk 21 Jul 2014 A dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas has been discovered in a variant of the Havex malware. The scanner was uncovered by researchers at FireEye while investigating a variant of Havex commonly referred to as “Fertger” or “Peacepipe”. Threat intelligence analyst at FireEye Kyle Wilhoit said the scanner is dangerous as it could be used by hackers to target the supervisory control and data acquisition (SCADA) systems used in many critical infrastructure areas, including water and power plants. “If an attacker wanted to attack an OPC server, they would need and want details of the OPC servers they were targeting. Having the OPC scan data gives the attacker enough information to start possible next phases of attack against a SCADA environment,” he said […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Banks: Card Breach at Goodwill Industries

http://krebsonsecurity.com/2014/07/banks-card-breach-at-goodwill-industries/ By Brian Krebs Krebs On Security July 21, 2014 Heads up, bargain shoppers: Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. For its part, Goodwill Industries International Inc. says it is working with the U.S. Secret Service on an investigation into these reports. Headquartered in Rockville, Md., Goodwill Industries International, Inc. is a network of 165 independent agencies in the United States and Canada with a presence in 14 other countries. The organizations sell donated clothing and household items, and use the proceeds to fund job training programs, employment placement services and other community-based initiatives. According to sources in the financial industry, multiple locations of Goodwill Industries stores have been identified as a likely point of compromise for an unknown number of credit and debit cards. In a statement sent to KrebsOnSecurity, Goodwill Industries said it first learned about a possible incident last Friday, July 18. The organization said it has not yet confirmed a breach, but that it is working with federal authorities on an investigation into the matter. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO Identifies Weakness in FDIC InfoSec

http://www.bankinfosecurity.com/gao-identifies-weakness-in-fdic-infosec-a-7085 By Eric Chabrow Bank Info Security July 22, 2014 Two separate audits by the Government Accountability Office show information security weaknesses at the Federal Deposit Insurance Corp. and significant deficiencies in information system controls at the Treasury Department unit that manages the federal debt. The FDIC, the government-owned corporation that insures bank deposits, failed to fully implement controls to authenticate its system users’ identities, restrict access to sensitive systems and data, encrypt sensitive data, complete background re-investigations for employees and audit and monitor system access, according to the report issued late last week. GAO says the shortcomings do not constitute a material weakness or significant deficiency for financial reporting purposes. “Nevertheless,” auditors say, “unless FDIC takes further steps to mitigate these weaknesses, the corporation’s sensitive financial information and resources will remain exposed to unnecessary risk of inadvertent or deliberate misuse, improper modification, unauthorized disclosure or destruction.” The report says an underlying reason for many of these weaknesses is that FDIC failed to fully or consistently implement aspects of its information security program. Specifically, the GAO says, FDIC did not fully document and implement information security controls, ensure that employees and contractors received security awareness training, conduct continuing assessments of security controls for all systems and remediate agency identified weaknesses in a timely manner. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CFP: IEEE DICTAP2015 – Lebanon

Forwarded from: “Jackie Blanco” Dear Colleague, You may be interested in the following IEEE conference to be held in Lebanon. If you have a research paper within the scope of the event, submit it and let’s join the conference. Regards, Jackie ================================================= The Fifth International Conference on Digital Information and Communication Technology and its Applications (DICTAP2015) Faculty of Engineering – Lebanese University, Beirut, Lebanon April 29 – May 01, 2015 http://sdiwc.net/conferences/dictap2015/ The conference is technically co-sponsored by IEEE Lebanon Section. All registered papers will be submitted to IEEE for inclusion to IEEE Xplore as well as other Abstracting and Indexing (A&I) databases. You are invited to submit your papers to the conference. The DICTAP2015 welcomes submissions on any topic in the field of digital information, communications technology and any related topics: – Security in Information and Telecommunication System – Network Systems and Devices – Wireless and Optical Communications – Algorithms, Architecture, and Infrastructures – Information Content Security – Cloud Computing and Computer Networks – Sensor Networks and Embedded System – E-Learning, E-Commerce, E-Business and E-Government – Data Exchange Issues and Supply Chain – Information Retrieval – Web Services, Web based Application – Data Grids, Data and Information Quality – Data Warehouses and Data Mining – Image Analysis and Image Processing – Management and Diffusion of Multimedia Applications – Mobile, Ad Hoc and Sensor Network Security – Video Search and Video Mining – Enterprise Computing – Web Mining including Web Intelligence and Web 3.0 – Knowledge Management – Compression and Coding – XML and other extensible languages – Intelligent and Robust System – ICT for Social and Humanity – Security and Access Control – Constraint Programming – Ubiquitous Systems – Semantic Web, Ontologies and Rules – Communication Protocols, Communication Systems – Network Management Techniques – Telecommunication Business & Regulation – Modeling, Algorithm, and Optimization – Information Theory, System, and Technology – Scientific Computing and Multimedia Processing – Transmission, Antenna & Propagation – Artificial Intelligence and Decision Support Systems – Data Life Cycle in Products and Processes – Information Visualization – Web Metrics and its Applications – Data Models for Production Systems and Services – Data, Text, and Web Content Mining – Multimedia and Interactive Multimedia – Case Studies on Data Management, Monitoring and Analysis – Mobile Data Management – Computer Graphics – Soft Computing – Networks Security, Encryption and Cryptography – Peer to Peer Data Management – Natural Language Processing – Human-Computer Interaction – Distributed Information Systems – Temporal and Spatial Databases – Digital Rights Management – Quality of Service Issues – Interoperability Papers should be submitted electronically as pdf format without author(s) name. You can submit your research paper at http://sdiwc.net/conferences/dictap2015/paper-submission/ IMPORTANT DATES: Submission Deadline: March 1, 2015 Notification of Acceptance: March 22, 2015 Camera Ready Submission: March 30, 2015 Registration: March 30, 2015 Conference Dates: April 29 – May 01, 2015 Email: dictap2015 (at) sdiwc.net Address: Lebanese University – Faculty of engineering, Broumana, Beirut, Lebanon


Facebooktwittergoogle_plusredditpinterestlinkedinmail