Personal Cybersecurity #8: Daily news

What you need to know for your personal cyber security life… 

Eighth in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.

evil inside

# # #

Indian hackers deface Pakistani sites in response to cyberattacks

http://www.zdnet.com/in/indian-hackers-deface-pakistani-sites-in-response-to-cyberattacks-7000025773/

By Ryan Huang
ZDNet News
January 30, 2014

Over 2,000 websites from India and Pakistan have been defaced so far in the past two days, as hackers from both countries duke it out in cyberspace.

More than 100 Pakistani websites were defaced on Wednesday, apparently in retaliation for the defacement of more than 2,000 Indian websites by Pakistani hackers on Republic Day, according to The Hindu.

The defaced websites carried the message “Hacked by Indian Cyber Rakshak”, and the attacks are expected to continue, cybersecurity experts told the news agency.

The retaliatory defacement of Pakistani websites began on Tuesday night and continued through Wednesday, according to the Global Cyber Security Response Team (GCSRT).

[…]

# # #

New Clues in the Target Breach

http://krebsonsecurity.com/2014/01/new-clues-in-the-target-breach/

By Brian Krebs
krebsonsecurity.com
Jan 29, 2014

An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into a widely-used IT management software product that was running on the retailer’s internal network.

As I noted in Jan. 15′s story – A First Look at the Target Intrusion, Malware – the attackers were able to infect Target’s point-of-sale registers with a malware strain that stole credit and debit card data. The intruders also set up a control server within Target’s internal network that served as a central repository for data hoovered up from all of the infected registers.

That analysis looked at a malware component used in Target breach that was uploaded to Symantec’s ThreatExpert scanning service on Dec. 18 but which was later deleted (a local PDF copy of it is here). The ThreatExpert writeup suggests that the malware was responsible for moving stolen data from the compromised cash registers to that shared central repository, which had the internal address of 10.116.240.31. The “ttcopscli3acs” bit is the Windows domain name used on Target’s network. The user account “Best1_user” and password “BackupU$r” were used to log in to the shared drive (indicated by the “S:” under the “Resource Type” heading in the image above.

That “Best1_user” account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas base BMC Software — includes administrator-level user account called “Best1_user.”

[…]

# # #

GoDaddy Admits Hacker’s Social Engineering Led It To Divulge Info In @N Twitter Account Hack

# # #

Security 101 fail: 3G/4G modems expose control panels to hackers

http://www.theregister.co.uk/2014/01/30/3gmodem_security_peril/

By John Leyden
The Register
30th January 2014

Vulnerabilities in a number of 3G and 4G USB modems can be exploited to steal login credentials — or rack up victims’ mobile bills by sending text messages to premium-rate numbers — a security researcher warns.

Andreas Lindh claims that all the devices he has looked at so far are managed via their built-in web servers and — you guessed it — are vulnerable to cross-site request forgery (CSRF) attacks. This means a malicious website visited by a victim can quietly and automatically access the USB modem’s control-panel web page and tamper with the device.

Thus, a vulnerable gadget can be tricked into sending SMS messages over the mobile network to a miscreant-controlled premium-rate number. Similarly, a malicious web page could masquerade as a legit login page — such as the account sign-in page for Twitter — and covertly text the victim’s intercepted username and password to the hacker.

Lindh demonstrated he was able to contain a counterfeit Facebook login page in a data URI hidden behind a TinyURL link, which could be sent to a victim by email or a social network: opening the data URI renders the bogus Facebook page in the browser, and when the user submits his or her username and password, some cunning JavaScript texts the credentials via the connected vulnerable USB modem.

[…]

 # # #

Critical infrastructure hack data found in public domain

http://eandt.theiet.org/news/2014/jan/ics-security.cfm

By James Hayes
Engineering and Technology Magazine
28 January 2014

Data available from mainstream online media — such as blogs, social networking websites, and specialist online publications — could be used by malevolent agents to mount a cyber-attack on UK critical national infrastructure (CNI), the findings of an investigative assessment to be presented next week will warn.

Key information regarding vulnerabilities in Industrial Control Systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems is now openly available from a range of sources on the public Internet, according to ‘Using Open Source Intelligence to Improve ICS & SCADA Security’ from UK design and engineering consultancy Atkins, being presented as part of the IET seminar ‘Cyber Security for Industrial Control Systems’ on 6 February in London.

The investigation discovered that many industrial sector websites and academic papers, for example, also provide some information about potential attack vectors, including the identification of engineering staff, their social media information used to corroborate control systems data, and their suitability for social engineering attempts.

The identification of known vulnerabilities and exploits against specific types of control systems can also be accessed online, along with the identification of third-parties such as contractors and control system integrators, who have detailed knowledge and physical network access.

[…]

 # # #

Updated: January 30, 2014 — 8:24 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 20th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural Missouri, just a few miles from the Big Muddy. Always ready to help others, he shares what he learns on multiple blogs, social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.