Viry a Červi

Facebook Libra rejected by France as “dangerous”

Sophos Naked Security - 20 Září, 2019 - 12:57
France finance minister: Libra won't be allowed onto European soil.

Nice work if you can grift it: Two blokes accused of swindling $10m from the elderly with bogus virus infection alerts

The Register - Anti-Virus - 20 Září, 2019 - 03:37
~~~WaRNiG!! Ur PC has THe Da Vinci m4Lw4rez!! CaLL 1-555-NOSCAM 2 f!x it~~~

Two Americans used bogus virus-infection alerts to bilk $10m out of PC owners, it is alleged.…

Kategorie: Viry a Červi

If you're using Harbor as your container registry, bear in mind it can be hijacked with has_admin_role = True

The Register - Anti-Virus - 20 Září, 2019 - 01:26
Patch now before miscreants sail off with your apps, data

Video  IT departments using the Harbor container registry will want to update the software ASAP, following Thursday's disclosure of a bug that can be exploited by users to gain administrator privileges.…

Kategorie: Viry a Červi

FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares?

The Register - Anti-Virus - 20 Září, 2019 - 00:08
Shareholders NotHappy stock offloaded in NotPetya aftermath

FedEx execs not only hid the impact of the NotPetya ransomware on their business but personally profited by selling off tens of millions of dollars of their own shares before the truth came out, a lawsuit filed by the delivery business’ own shareholders claims.…

Kategorie: Viry a Červi

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal - 19 Září, 2019 - 22:00
Eight cities have been hit by a data breach targeting payment cards.
Kategorie: Viry a Červi

Microsoft Silent Update Torpedoes Windows Defender - 19 Září, 2019 - 18:47
Microsoft broke its built-in antivirus utility, thanks to a patch for a different issue.
Kategorie: Viry a Červi

These Hacks Require Literally Sneaking in the Backdoor - 19 Září, 2019 - 18:44
An on premise hacker can cripple even the best cybersecurity defenses.
Kategorie: Viry a Červi

Air Force to offer up a satellite to hackers at Defcon 2020

Sophos Naked Security - 19 Září, 2019 - 16:42
This year, the Air Force presented vetted hackers with a plane's subsystem, which they duly tore up. Next year, it will be a satellite.

Chinese students in UK ripe target for scammers exploiting visa concerns

The Register - Anti-Virus - 19 Září, 2019 - 16:20
Add in Brexit outsourcing mess and it's plain to see why young international scholars get duped

Scammers are exploiting Chinese students' Brexit fears by targeting them with phishing emails claiming their visas could be revoked, threat intel researchers say.…

Kategorie: Viry a Červi

Researchers find 737 million medical images exposed on the internet

Sophos Naked Security - 19 Září, 2019 - 14:45
Of the 2,300 archiving systems looked at, 590 were accessible from the internet, exposing 24 million medical records from 52 countries.

US files suit against Snowden to keep book profits out of his hands

Sophos Naked Security - 19 Září, 2019 - 14:32
The government, alleging that Snowden violated NDAs with the CIA and NSA, isn't looking to stop the book's publication or distribution.

S2 Ep9: DDoSes, privacy and network hacks – Naked Security Podcast

Sophos Naked Security - 19 Září, 2019 - 14:15
The latest Naked Security Podcast is live - listen now!

Belgian F-16 pilot rescued from power line after emergency ejection

The Register - Anti-Virus - 19 Září, 2019 - 14:07
Two-seat jet crashed in France

A Belgian F-16 fighter jet pilot has been rescued from a power line after getting into difficulties and ejecting from his stricken aircraft.…

Kategorie: Viry a Červi

Smart TVs, Subscription Services Leak Data to Facebook, Google - 19 Září, 2019 - 14:05
Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.
Kategorie: Viry a Červi

WannaCry is still the smallpox of infosec. But the latest strain (sort of) immunises its victims

The Register - Anti-Virus - 19 Září, 2019 - 12:03
Whatever you do, don't pay the ransom

Analysis  WannaCry – the file-scrambling ransomware that infamously locked up Britain's NHS and a bunch of other organisations worldwide in May 2017 – is still a live-ish threat to this day, infosec researchers reckon.…

Kategorie: Viry a Červi

No surprises in the top 25 most dangerous software errors

Sophos Naked Security - 19 Září, 2019 - 10:58
An in-depth study of reported bugs has produced a list of the top 25 bug categories in software today - with some old familiar names topping the list.

Threat landscape for smart buildings

Kaspersky Securelist - 19 Září, 2019 - 08:45

The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the now common smart home. Typically, such a system consists of various sensors and controllers to manage elevators, ventilation, heating, lighting, electricity, water supply, video surveillance, alarm systems, fire extinguishing systems, etc.; it also includes servers that manage the controllers, as well as computers of engineers and dispatchers. Such automation systems are used not only in office and residential buildings, but in hospitals, shopping malls, prisons, industrial production, public transport, and other places where large work and/or living areas need to be controlled.

We decided to study the live threats to building-based automation systems and to see what malware their owners encountered in the first six months of 2019.

Malware and target systems

According to KSN, in H1 2019 Kaspersky products blocked malicious objects on 37.8% of computers in building-based automation systems (from a random sample of more than 40,000 sources).

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,,o.src="",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

Share of smart building systems on which malware was blocked, 2018-2019 (download)

It should be mentioned right away that most of the blocked threats are neither targeted, nor specific to building-based automation systems. In other words, it is ordinary malware regularly found on corporate networks unrelated to automation systems. This does not mean, however, that such malware can be ignored — it has numerous side effects that can have a significant impact on the availability and integrity of automation systems, from file encryption (including databases) to denial of service on network equipment and workstations as a result of malicious traffic and unstable exploits. Spyware and backdoors (botnet agents) pose a far greater threat, since stolen authentication data and the remote control it provides can be used to plan and carry out a targeted attack on a building’s automation system.

What are the threats of a targeted attack? First off, there is disruption of the computers that control the automation systems, and subsequent failure of the systems themselves, since not all of them are totally autonomous. The result may be a disruption of the normal operation of the building: electricity, water, and ventilation are likely to continue to work as before, but there may be problems with opening/closing doors or using elevators. There may also be problems with the fire extinguishing system, for example, a false alarm or, worse, no signal in the event of a fire.

Geographical distribution of threats

Share of smart building systems on which malware was blocked, by country, H1 2019

Top 10 countries

Country %* Italy 48.5 Spain 47.6 Britain 44.4 Czech Republic 42.1 Romania 41.7 Belgium 38.5 Switzerland 36.8 India 36.8 China 36.0 Brazil 33.3

*Share of computers on which malware was blocked
Sources of threats to building-based automation systems

When studying the sources of threats to building-based automation systems, we decided to compare them with similar statistics on industrial systems that we regularly compile and publish. Here’s the result:

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,,o.src="",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

Sources of threats to building-based automation systems by share of attacked computers, H1 2019 (download)

The graph shows that in building-based automation systems the share of attacked computers is consistently higher than in industrial systems. That being the case, the total share of attacked computers over the same period is greater in industrial systems (41.2%). This is due to the fact that building-based automation systems are more similar to systems in the IT segment — on the one hand, they are better protected than industrial ones, so the overall percentage is lower; on the other, they have a large attack surface (i.e. the majority have access to the Internet and often use corporate mail and removable drives), so each computer is exposed to more threats from different sources.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,,o.src="",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

Types of malware detected in building-based automation systems, by share of users attacked, H1 2019 (download)

Note that it is not only the networks of automation systems in specific buildings (stations, airports, hospitals, etc.) that face threats. The networks of developers, integrators, and operators of such systems, who have (often privileged) remote access to a huge number and variety of objects, are also subjected to “random” and targeted attacks. Having gained access to computers in the network of an integrator or dispatcher, the cybercriminals can, theoretically, attack many remote objects simultaneously. At the same time, the remote connection to the automation object on the side of the integrator/operator is considered trusted and often effectively uncontrolled.

The threat landscape for smart buildings and how to minimize it will be discussed in more detail at the conference. One final note is to mention the importance of monitoring network communications on the perimeter and inside the network of automation systems. Even minimal monitoring will reveal current issues and violations, the elimination of which will significantly increase the object’s level of security.

IT now stands for Intermediate Targets: Tech providers pwned by snoops eyeing up customers – report

The Register - Anti-Virus - 19 Září, 2019 - 07:55
Symantec says Tortoiseshell crew ransacked suppliers

Miscreants are hacking into Saudi Arabian IT providers in an attempt to compromise their real targets: said providers' customers, according to Symantec.…

Kategorie: Viry a Červi

Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up

The Register - Anti-Virus - 19 Září, 2019 - 03:45
Both sides have different interpretations of the rules

The infosec duo cuffed during an IT penetration test that went south last week are out of jail, though not necessarily out of the woods.…

Kategorie: Viry a Červi

Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’ - 18 Září, 2019 - 23:09
Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.
Kategorie: Viry a Červi
Syndikovat obsah