« Scareware: Now with live support: Cyber Security Highlights July 15 2010 | Main | Windows token kidnapping returns to haunt Microsoft: Cyber Highlights July 20, 2010 »
Feds to spend $144M to train health IT workers: Cyber Security Highlights July 19 2010
By Kelli Tarala | July 20, 2010
Beginning this fall, more than 80 community colleges and universities in the U.S. will begin training health care IT workers under a government grant program created to help fill an estimated 50,000 jobs needed to assist doctors and hospitals as they roll out electronic medical records. The estimated 50,000 trainees are in addition to people already being trained in existing IT programs in U.S. universities. The agency estimates it will spend $144 million in grant money to develop and implement curricula in colleges and universities to train the health care IT workers. The U.S. Department of Health and Human Services has designed a curriculum to train people for 12 specific roles. The jobs are broken down into two major groups: Those for which health care IT workers can be trained in a six-month certification program, and those that require one to three years of training, such as senior clinician leaders, privacy and security specialists and more advanced technical and administrative roles.
Full Story:
http://www.computerworld.com/s/article/9179222/
Thousands of laptops stolen during nine-hour heist
Thousands of laptops have been stolen from the Tampa, Florida office of a private contractor for the U.S. military’s Special Operations Command. Surveillance cameras caught up to seven people loading the computers into two trucks for nine hours. U.S. Special Operations Command coordinates the activities of elite units from the Army, Navy, Air Force and Marines. A spokeswoman said July 13 that none of the stolen laptops contained military information or software. The Virginia-based company iGov was awarded a $450-million contract earlier this year to supply mobile-technology services linking special operations troops worldwide. A company executive said iGov is cooperating with authorities and the March 6 break-in at its Tampa facility remains under investigation.
Full Story:
http://www.google.com/hostednews/ap/article/ALeqM5jBQCXgAk_-2NyNZdtPSi8a1HmwaQD9GUB8RO0
Bank of America phishing scam
ScanSafe reports a new phishing scam on the Bank of America Web site where the link provided for signing in to online banking points to a gramsbbq.org/bain (a Web site belonging to barbecue establishment in California), which in turn automatically redirects tusers to a phishing page hosted on chasingarcadia.com - another legitimate, but compromised, site belonging to a Canadian band. The use of compromised sites for redirecting and hosting phishing pages is a technique successfully used by many scammers, since it allows the e-mails to bypass reputation filters and community-based trust reporting. Experts note that the scams are easily detected — if one knows what to look for. Positioning the cursor on the link reveals that the domain it points to is not the official domain of the bank. And if one follow the link, the URL in the address bar will tell you the same.
Full Story:
http://www.net-security.org/secworld.php?id=9592
White House issues progress report on cybersecurity
The U.S. President and his cybersecurity czar both made statements on cybersecurity July 14, offering optimistic progress reports and encouraging more activity in the private sector. In its progress report, the White House pointed to recent organizational changes and new cybersecurity initiatives as evidence that the Administration is making advances on the cybersecurity front. The White House said it is putting cybersecurity into its agenda as a “key management priority.” The Administration also pointed to changes in FISMA guidance. “This new guidance shifts the focus from departments and agencies developing static, paper-based compliance reports to continuous, real-time monitoring of federal networks,” the report said. “Risk-based performance metrics are being established based on this real-time monitoring, and these metrics will eventually be incorporated into senior official performance plans. “This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks,” the report said. “The new approach builds on government and industry best practices that will make our cybersecurity efforts more effective.”
Full Story:
http://www.darkreading.com/security/government/showArticle.jhtml?articleID=225800275
US government lifts lid on alleged leak to WikiLeaks:
The U.S. state department has told the BBC it believes an alleged whistle-blower obtained secret diplomatic data despite being at a field base in Iraq. The suspect, 22, faces two charges related to the illegal transfer and transmission of classified information from a U.S. military network. The U.S. said he was suspected of downloading from SIPR Net. He reportedly then passed on the data, including army videos and diplomatic messages, to the WikiLeaks Web site. WikiLeaks has repeatedly said it does not have the confidential messages and the site itself is not mentioned in the charges against the suspect. A former hacker reported him to the U.S. authorities. He said the intelligence analyst admitted, in a series of online chats, to sending data to the whistle-blowing Web site. In the redacted charge sheet detailing the accusations against the suspect, the Army alleges that he transmitted, “to a person not authorised to receive it,” a classified U.S. Department of State cable described as “Reykjavik 13.” The U.S. also alleges the suspect obtained 150,000 U.S. diplomatic cables without proper authorization.
Full Story:
http://www.bbc.co.uk/news/10596057
Windows shortcut flaw underpins power plant Trojan
Hackers have developed malware that spreads via USB sticks using a previously unknown security weakness involving Windows’ handling of shortcut files. Malware targeting the security weakness in the handling of ‘lnk shortcut files has been spotted in the wild by Belarus-based security firm VirusBlokAda. The malware uses rootkit-style functionality to mask its presence on infected systems. These rootlet drivers come digitally signed by legitimate software developer Realtek Semiconductor, a further mark of the sophistication of the attack. In an advisory, VirusBlokAda said it has seen numerous incidents of the Trojan spy payloads dropped by the malware since adding detection for the malign code in June. Even fully patched Windows 7 systems are vulnerable to attack in cases where a user views files on an infected USB drive using Windows Explorer, a security blogger reports. Instead of using Windows Autoplay, the malware takes advantage in security weaknesses involving shortcut files. Malicious shortcuts on the USB are reportedly capable of auto-executing if users open an infected storage device on Windows Explorer. Normally, users would have to click on the link for anything to happen. An independent researcher has uncovered evidence that the malware is targeting SCADA control systems, used to control industrial machinery in power plants and factories, and specifically Siemens WinCC SCADA systems. “Looks like this malware was made for espionage,” the independent researcher wrote.
Full Story:
http://www.theregister.co.uk/2010/07/16/windows_shortcut_trojan/
IBM prepares new weapon against IT threats
IBM has unveiled a security appliance that it claims will help firms create and adopt an IT infrastructure that is “secure by design.” The company said the continually evolving threat landscape makes it vital that enterprises build security in at the beginning to stay ahead of attacks. Research by IBM’s X-Force Data and Analysis team found that the average IT infrastructure is attacked as many as 60,000 times per day. The attacks target vulnerabilities and can lead to the loss of confidential information. The IBM Security Network Intrusion Prevention System (IPS) is a hardware appliance pre-loaded with security software and backed by research and information from IBM Security Solutions. Companies can unify their security resources, according to IBM, and manage a range of typical network tasks. For example, automated patch technology can sense and block threats as they come in, the firm said. Unifying security on such a platform will let enterprises better manage their network security, client-side applications, data security, web applications and in-house applications, IBM said.
Full Story:
http://www.v3.co.uk/v3/news/2266609/ibm-prepares-weapon-against
Criminals pushing Rogue anti-Virus disguised as scanned documents
E-Mail messages claiming to be scanned documents are the latest attempt by criminals to push rogue anti-virus malware to the masses. The messages, which claim to come from a Xerox WorkCentre Pro, come with a Zip file that will immediately infect the system if accessed. The Tech Herald noticed the malicious e-mail this morning, while checking a drop account for messages. The attachment is a typical Zip file and the message itself attempts to pass itself off as a scanned document from a Xerox Multi-Function Printer. Firms with a Xerox WorkCentre Pro should be able to determine the message is fake, experts said. The WorkCentre Pro can scan documents to e-mail or FTP accounts if configured to do so, but the most common scanning format is PDF, followed by TIFF and XPS. A WorkCentre Pro will never send a Zip file as an attachment. It appears that while the malicious messages are going to as many people as possible, the criminals behind the campaign are looking to single out users who use Xerox products in-house as a method of scanning and printing. If downloaded and extracted, the file inside the Zip attachment is clearly an executable. On the Tech Herald’s test system, once the file was accessed, Microsoft’s Security Essentials flagged it immediately. The malware itself has a low detection rate.
Researchers: Password crack could affect millions
A well-known cryptographic attack could be used by hackers to log into Web applications used by millions, according to two security experts who plan to discuss the issue at an upcoming security conference. They said they have discovered a basic security flaw that affects dozens of open-source software libraries — including those used by software that implements the OAuth and OpenID standards — that are used to check passwords and user names when people log into Web sites. OAuth and OpenID authentication are accepted by popular Web sites such as Twitter and Digg. They found that some versions of these log-in systems are vulnerable to a “timing attack.” Cryptographers have known about timing attacks for 25 years, but they are generally thought to be very hard to pull off over a network. The researchers aim to show that is not the case. The attacks are thought to be so difficult because they require very precise measurements. They crack passwords by measuring the time it takes for a computer to respond to a log-in request. On some systems, a computer will check password characters one at a time, and kick back a “login failed” message as soon as it spots a bad character in the password. This means a computer returns a completely bad log-in attempt a tiny bit faster than a login where the first character in the password is correct. By trying to log in again and again, cycling through characters and measuring the time it takes for the computer to respond, hackers can ultimately figure out the correct passwords. This all sounds very theoretical, but timing attacks can actually succeed in the real world. Three years ago, one was used to hack Microsoft’s Xbox 360 gaming system, and people who build smart cards have added timing-attack protection for years.
Full Story:
http://www.computerworld.com/s/article/9179224/
Spammers use ‘disposable’ domains to prevent shutdowns
Spammers and botnet operators are now using disposable domains for their activities to evade security technologies. According to research by security firm M86 Security Labs, spammers are buying dozens of domains at a time and moving from one to another as often as several times per day to avoid getting shut down. For years, spammers bought domains in bulk and used them for redirections to other sites, and for locations to set up quick e-commerce sites. Anti-spam services and e-mail filters usually use static lists of known malicious domains, or ones known to be used by spammers. According to Kaspersky, that initial approach worked well in the fight against spam; lately, however, spammers have begun using more devious and effective tactics. The new M86 research looked at 60 days worth of data from M86 customers and found that more than 70 percent of the domains used by spammers are active for one day or less.
Full Story:
http://www.thenewnewinternet.com/2010/07/15/spammers-use-disposable-domains-to-prevent-shutdowns/
Some experts question efforts to identify cyberattackers
Efforts by the U.S. government to better identify cyberattackers will likely lead to violations of Internet users’ privacy and anonymity, and technological means to attribute the source of the attacks may be inaccurate, privacy and cybersecurity experts said July 15. Witnesses at a U.S. House of Representatives subcommittee hearing disagreed about whether the government should explore new ways to attribute the sources of cyberattacks. Several cybersecurity experts have called for new attribution efforts, including trusted identification systems, but an international affairs fellow for the Council on Foreign Relations said oppressive governments would use new identification technologies to track their political enemies. Proposals to label IP (Internet Protocol) packets with unique identifiers “would be far more useful for authoritarian regimes to monitor and control Internet use by their citizens than it would be in combating cyberwarfare, crime and nuisance behavior,” the international affairs fellow told the House Science and Technology Subcommittee on Technology and Innovation. For massive attacks, attribution of the attackers may not be difficult, because only a few nations have that capability, while low-level attacks do not rise to the level of national emergencies. “In a lot of cases, we don’t lack attribution, we lack response options,” he added. “We don’t know what we should do when we discover that the Chinese have hacked into Google.”
Full Story:
http://www.computerworld.com/s/article/9179215/
“Millions” of home routers vulnerable to web hack
A researcher with Maryland-based security consultancy Seismic plans to release a software tool at a conference later this month that he says could be used on about half of the existing models of home routers, including most Linksys, Dell, and Verizon Fios or DSL versions. Users who connect to the Internet through those devices and are tricked into visiting a page that an attacker has set up with the researcher’s exploit could have their router hijacked and used to steal information or redirect the user’s browsing. The researcher’s attack is a variation on a technique known as “DNS rebinding,” a trick that’s been discussed for close to 15 years. The hack exploits an element of the Domain Name System, or DNS, the Internet’s method of converting Web page names into IP address numbers. Modern browsers have safeguards that prevent sites from accessing any information that’s not at their registered IP address. But a site can have multiple IP addresses, a flexibility in the system designed to let sites balance traffic among multiple servers or provide backup options. The researcher’s trick is to create a site that lists a visitor’s own IP address as one of those options. When a visitor comes to his booby-trapped site, a script runs that switches to its alternate IP address — in reality the user’s own IP address — and accesses the visitor’s home network, potentially hijacking their browser and gaining access to their router settings.
Full Story:
http://blogs.forbes.com/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/
Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_071910.pdf
Topics: DHS Infrastructure Reports |
Comments are closed.