[ISN] Home Depot spent $43M on data breach in one quarter alone

http://www.computerworld.com/article/2852179/home-depot-spent-43m-on-data-breach-in-one-quarter-alone.html By Jeremy Kirk IDG News Service Nov 25, 2014 Home Depot spent $43 million in its third quarter dealing with the fallout of one of the largest ever data breaches, highlighting the costly nature of security failures. The retailer said in a regulatory filing on Tuesday that it expects $15 million of that cost will be reimbursed by a $100 million network security and privacy liability insurance policy. The $43 million was spent on investigations, providing identity theft protection services to consumers, increased call center staffing and other legal and professional services. Attackers stole 56 million payment card details and collected 53 million email addresses of people who shopped at Home Depot’s stores between April and September in the U.S. and Canada. They gained access to Home Depot’s network by using the login credentials of one of the retailer’s vendors. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The branded bug: Meet the people who name vulnerabilities

http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/ By Violet Blue Zero Day ZDNet News November 25, 2014 If the bug is dangerous enough, it gets a name. Heartbleed’s branding changed the way we talk about security, but did giving a bug a logo make it frivolous… or is this the evolution of infosec? Criminals, such as bank robbers, are often named because there are too many to keep track of. Just as killers and gangsters end up in history marked and defined by where they murdered (the “Trailside Killer”) or having a characteristic (“Baby Face” Nelson), the same goes for critical bugs and zero days. Stephen Ward, Senior Director at iSIGHT Partners (iSIGHT reported the “Sandworm” Microsoft zero-day), explained to ZDNet, “Researchers will often use unique characteristics discovered in malware or in command and control to give a team or a particular exploit a name. It helps to create an understanding and an ongoing reference point as malware variants surface or activities of a team continue.” He continued […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers suggest they had physical access during attack on Sony Pictures

http://www.csoonline.com/article/2851649/physical-security/hackers-suggest-they-had-physical-access-during-attack-on-sony-pictures.html By Steve Ragan Salted Hash CSO Nov 25, 2014 On Monday, Sony Pictures was forced to disable their corporate network after attackers calling themselves the GOP (Guardians of Peace) hijacked employee workstations in order to threaten the entertainment giant. Now, new information suggests that the GOP had physical access to the network in order to accomplish their aims. According to employees, who continue to speak to Salted Hash on the condition that they names not be used, the corporate network is still offline as of Tuesday morning. VPN access is likewise unavailable. In many cases employees are resorting to using non-technical means as a way to accomplish their daily tasks. On Monday, Sony pulled the plug on networks in Culver City and New York, while overseas operations were either limited or offline entirely in some cases. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Vendor Rating: Huawei

Positive Huawei is a privately owned, China-based communications equipment provider. It has a wide, near-complete portfolio including products for fixed, wireless and enterprise networks, consumer devices and services for the carrier networking market. This Vendor Rating is an evolution …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Highly advanced backdoor trojan cased high-profile targets for years

http://arstechnica.com/security/2014/11/highly-advanced-backdoor-trojan-cased-high-profile-targets-for-years/ By Dan Goodin Ars Technica Nov 23 2014 Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran’s nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets. To remain stealthy, the malware is organized into five stages, each of which is encrypted except for the first one. Executing the first stage triggers a domino chain in which the second stage is decrypted and executed, and that in turn decrypts the third stage, and so on. Analyzing and understanding the malware requires researchers to acquire all five stages. Regin contains dozens of payloads, including code for capturing screenshots, seizing control of an infected computer’s mouse, stealing passwords, monitoring network traffic, and recovering deleted files. Other modules appear to be tailored to specific targets. One such payload included code for monitoring the traffic of a Microsoft IIS server. Another sniffed the traffic of mobile telephone base station controllers. Symantec researchers believe Regin was a sprawling framework that was used in multiple campaigns that data back to 2008 and possibly several years earlier. Liam O’Murchu, manager of operations for Symantec Security Response, told Ars that the roster of modules used against one target was often unique, an indication that Regin was used in multiple campaigns. “Essentially, what we think we’re looking at is different campaigns where in one infection they needed to sniff your keyboard whereas in another infection they wanted grab the user name and password of the admin connected to a base station controller,” O’Murchu said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture

http://www.wired.com/2014/11/second-kryptos-clue/ By Kim Zetter Threat Level Wired.com 11.20.14 In 1989, the year the Berlin Wall began to fall, American artist Jim Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle wrapped in a riddle that he created for the CIA’s headquarters and that has been driving amateur and professional cryptographers mad ever since. To honor the 25th anniversary of the Wall’s demise and the artist’s 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It’s only the second hint he’s released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The 12-foot-high, verdigrised copper, granite and wood sculpture on the grounds of the CIA complex in Langley, Virginia, contains four encrypted messages carved out of the metal, three of which were solved years ago. The fourth is composed of just 97 letters, but its brevity belies its strength. Even the NSA, whose master crackers were the first to decipher other parts of the work, gave up on cracking it long ago. So four years ago, concerned that he might not live to see the mystery of Kryptos resolved, Sanborn released a clue to help things along, revealing that six of the last 97 letters when decrypted spell the word “Berlin”—a revelation that many took to be a reference to the Berlin Wall. To that clue today, he’s adding the next word in the sequence—“clock”—that may or may not throw a wrench in this theory. Now the Kryptos sleuths just have to unscramble the remaining 86 characters to find out. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail