Feed aggregator

Transfer pricing disputes push up disputed large business tax

Outlaw.com - Wed, 11/07/2018 - 10:10
The total value of disputed tax potentially underpaid by the UK's 2,000 biggest businesses increased to £27.8 billion last year, driven by in part by more inquiries into transfer pricing arrangements.
Categories: Cyber Risk News

HSBC Customer Accounts Breached in US

Info Security - Wed, 11/07/2018 - 09:46
HSBC Customer Accounts Breached in US

HSBC has revealed that unauthorized third parties accessed some of its customers' accounts, in what appears to have been an incident confined to its US operations.

The UK lender explained in a customer message posted online by the California Attorney General's Office that the attacks lasted from October 4 to 14.

“When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account. You may have received a call or email from us so we could help you change your online banking credentials and access your account,” it stated.

“The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.”

It’s believed that less than 1% of its US customers have been affected, but they’re not limited to Californians.

HSBC said it has “enhanced” its authentication process, presumably to include some form of multi-factor log-in.

Experts agreed the hackers most likely used credential stuffing techniques to force their way into user accounts with previously breached log-ins, rather than effecting a more sophisticated central breach of HSBC’s IT systems.

“Consumers need to increase their vigilance. Reused passwords lost in one breach then become a free ticket to your other accounts,” warned Arxan Technologies VP, Rusty Carter.

“Consumers should employ unique passwords for every site and service they use and change them at least once a year, unless there’s a breach then of course sooner. Secure, paid service or locally run password managers make this easier in many cases than using a password you’ll remember.”

Jarrod Overson, director of engineering at Shape Security, said his firm sees over 232 million account takeover attempts at global financial institutions each day.

“Credential stuffing attacks against banks typically result in about one account takeover per 2,000 attempts, which sounds small but adds up to thousands of accounts over the course of a multi-day or multi-week attack,” he continued. “The damage doesn't stop there — the impact can easily extend to many other services including online retailers, gaming providers, airlines, and other financial institutions."

Categories: Cyber Risk News

Symantec Acquires Appthority and Javelin Networks

Info Security - Tue, 11/06/2018 - 14:07
Symantec Acquires Appthority and Javelin Networks

On November 5, Symantec announced that it acquired Appthority and Javelin Networks in an effort to enhance its endpoint security solutions, adding key technology integrations to Symantec’s Integrated Cyber Defense Platform.

Through its acquisition of Appthority, Symantec will enable its customers to analyze mobile apps and identify malicious behaviors and vulnerabilities. Building Appthority’s technology into Symantec endpoint protection mobile will augment its ability to deliver a broad spectrum of protections for modern endpoints and operating systems.

“Mobile apps are a critical threat vector that every company must address to protect their enterprise security,” said Adi Sharabani, SVP, modern OS security, in a press release. “The Appthority technology extends SEP Mobile’s capabilities in limiting unwanted app behaviors, supporting regulatory compliance and assessing vulnerabilities.”

“Mobile users increase the enterprise attack surface with each app they install. This acquisition unites Appthority with Symantec’s comprehensive endpoint security portfolio, which is the first solution on the market that can protect all traditional and modern endpoints and now apps,” said Domingo J. Guerra, Appthority co-founder.

“Armed with Symantec’s industry-leading security research and tools, SEP Mobile integrated with Appthority technology is expected to deliver the most comprehensive Mobile Threat Defense solution, with enhanced app analysis capabilities, both in real time and on-demand,” added Anne Bonaparte, Appthority CEO.

Javelin Networks, a privately held company founded by red team post-exploitation experts, protects enterprises against active directory-based attacks. Effective November 5, the Javelin Networks team became part of Symantec’s endpoint security business.

“In the cloud generation, identity management services, such as Active Directory, are a critical part of a user’s interaction with their organization’s applications and services. They are also a critical information repository that attackers regularly exploit,” said Javed Hasan, senior vice president of endpoint and data center products, Symantec.

“The addition of Javelin Networks technology to our industry-leading endpoint security portfolio gives Symantec customers a unique advantage in one of the most vulnerable and critical areas of IT infrastructure. Most importantly, it can help expose exploitable backdoors in AD and stop attacks at the point of breach while preventing lateral movement.”

Categories: Cyber Risk News

Side-Channel Vulnerability PortSmash Steals Keys

Info Security - Tue, 11/06/2018 - 13:28
Side-Channel Vulnerability PortSmash Steals Keys

Researchers have found that Intel processors are being impacted by a new vulnerability that can allow attackers to leak encrypted data from the CPU's internal processes.

The new side-channel vulnerability, called PortSmash, was discovered by researchers Billy Bob Brumley, Cesar Pereida García, Sohaib ul Hassan and Nicola Tuveri from the Tampere University of Technology in Finland and Alejandro Cabrera Aldaya from the Universidad Tecnológica de la Habana.

According to the proof of concept, the only prerequisite to exploit the vulnerability, identified as CVE-2018-5407, is a CPU featuring simultaneous multithreading (SMT), such as Intel’s hyper-threading. An attacker uses a timing attack to steal information from other processes running in the same CPU core with hyper-threading.

Because it is a local attack, in order to steal the private decryption keys, the attacker and victim must be running on the same physical core, such as an OpenSSL.

“News of a side-channel vulnerability should be very concerning for security and IT professionals alike,” said Justin Jett, director of audit and compliance for Plixer. “Malicious actors can take these newly generated keys and decrypt any conversation that would otherwise have been protected by the key.

“Additionally, because the malware writer is already on the machine, they have a better understanding of where these keys may be used (for example, were the keys then moved to a specific folder that is being used by an application installed on the machine).”

Similar to other processor vulnerabilities, like Meltdown and Spectre, PortSmash is a reminder that we have to rotate the keys and certificates that serve as machine identities, much more frequently than we do, according to Kevin Bocek, VP of security strategy and threat intelligence at Venafi.

“Our machine identities are kept around for years, and it’s crazy to think machine that they won’t be attacked. This is especially true a cloud and microservices environments, where these kinds of vulnerabilities are most dangerous.

“Security and IT teams know we have to change passwords regularly and why. But we haven’t applied the same logic to machine identities, even though they provide even higher levels of access than most passwords. The reality is that most keys and certificates aren’t changed often, and a surprising number are never changed. These are the machine identities that are most at risk from PortSmash.”

Categories: Cyber Risk News

SCOTUS Refuses to Hear Appeal of Net Neutrality

Info Security - Tue, 11/06/2018 - 12:44
SCOTUS Refuses to Hear Appeal of Net Neutrality

With no explanation, the Supreme Court declined to hear an appeal of the net neutrality case, according to The Hill.  Justice Kavanaugh and Chief Justice John Roberts recused themselves from the vote. 

In opting not to hear the case, SCOTUS leaves in place the existing high court ruling that the FCC has the authority to regulate broadband like a public utility, which supporters of the 2015 Net Neutrality regulations, established by the Obama administration, saw as a win.

The appeal came from USTelecom, a trade group that represents internet service providers (ISPs). In conjunction with the Trump administration, USTelecom requested that the ruling from the US Court of Appeals for the District of Columbia Circuit be overturned on the basis that the Federal Communications Commission has no congressional authority to impose common-carrier obligations on broadband internet access service, The Hill said.

As a result of the existing high court ruling, ISPs cannot block or throttle web content, nor can they create fast lanes for pay.

"We’re grateful that a majority of the justices saw through the flimsy arguments made by AT&T and Comcast lobbyists," said Matt Wood, the policy director at Free Press, in a statement. "The ISPs went all out to push FCC Chairman Ajit Pai to repeal the agency’s net neutrality rules – and then ran to the Supreme Court looking for a do-over on earlier cases that rightly upheld those rules. There was absolutely no reason for the Supreme Court to take this case, and today’s denial puts to bed the chances of upending the correct appellate-court decisions."

Despite the Supreme Court decision to not hear the case, Republicans remain hopeful that the FCC’s vote last December to repeal net neutrality rules will be upheld, though that decision is being challenged before the DC Circuit.

At issue is which body has the power to determine broadband as an information service. Jonathan Spalter, CEO of USTelecom, and other supporters of the Restoring Internet Freedom order, which negated net neutrality, believe broadband is an information service.

"[The Restoring Internet Freedom order] remains the law of the land and is essential to an open internet that protects consumers and advances innovation," Spalter reported said in a statement.

Categories: Cyber Risk News

Fake Telegram Apps Used to Spy on Iranian Users

Info Security - Tue, 11/06/2018 - 12:04
Fake Telegram Apps Used to Spy on Iranian Users

Security researchers have uncovered several Iranian state-sponsored campaigns which they suspect are used to spy on domestic users of the banned Telegram and Instagram apps.

Cisco Talos explained that the campaigns “vary in complexity, resource needs and methods” but use three main vectors: fake apps, phishing pages, and BGP hijacking.

The apps capitalize on a latent demand for Telegram and Instagram apps given they are banned in the Islamic Republic. Telegram is estimated to have as many as 40 million users in the country and has been used in the past to organize popular protests against the authoritarian government.

“Once installed, some of these Telegram ‘clones’ have access to mobile devices' full contact lists and messages, even if the users are also using the legitimate Telegram app. In the case of phony Instagram apps, the malicious software sends full session data back to back-end servers, which allows the attacker to take full control of the account in use,” Cisco explained.

However, the apps are only classified as greyware or PUPs, because they do still carry out legitimate functions such as sending messages. This makes it more difficult for researchers to detect them.

“We believe this greyware has the potential to reduce the privacy and security of mobile users who use these apps,” said Cisco. “Our research revealed that some of these applications send data back to a host server, or are controlled in some way from IP addresses located in Iran, even if the devices are located outside the country.”

Also discovered were classic phishing attacks spoofing Telegram log-in pages with domains which Cisco linked to the state-sponsored Charming Kitten group.

Finally, the researchers observed BGP hijacking activity involving an Iranian telco, which could have been used to compromise communications. Cisco branded it “a deliberate act targeting Telegram-based services in the region.”

The firm stopped short of providing a solid link between the three attack types aside from their focus on Telegram, and admitted they could be used by any malicious actor, state-sponsored or not.

However, given the history of how the app is used in the repressive state, and the link to Charming Kitten, it would be understandable to assume Tehran has a hand in them.

Categories: Cyber Risk News

UK Government Warns Telcos of 5G Security Review

Info Security - Tue, 11/06/2018 - 11:02
UK Government Warns Telcos of 5G Security Review

The UK government has reminded 5G network providers to ensure their suppliers are heavily vetted for security, in what could signal a change of approach to a major Chinese telecoms player.

The 5G supply chain of several UK telecoms firms may be impacted by a review of the UK’s infrastructure launched in July, according to a letter penned to the firms by DCMS head of digital, Matthew Gould, and National Cyber Security Centre (NCSC) boss, Ciaran Martin.

Although Huawei was not named, the letter stated that the “outcome of the review may lead to changes in the current rules,” according to the FT.

That could be bad news for the Shenzhen giant, which has already been blocked from competition in 5G by the US and Australian governments on national security fears.

Those fears were further stoked by a report in The Australian over the weekend citing a national security source that claimed Huawei staff helped Chinese intelligence “get access codes to infiltrate a foreign network.” It’s a story the telecoms kit maker has strenuously denied.

Even before this, there were signs of a changing relationship with Huawei in the UK, which has historically been more friendly to the firm.

In July, the Huawei Cyber Security Evaluation Centre (HCSEC), overseen by GCHQ, highlighted significant shortcomings in the firm’s processes that “exposed new risks in UK telecoms networks.”

The report concluded that the HCSEC has “only limited assurance” that Huawei equipment poses no threat to national security.

BT and Three are both said to be working with Huawei on 5G networks.

The move comes as new data reveals the effect of growing US-China tensions on Huawei’s Shenzhen rival ZTE.

The number of ZTE smartphones on prepaid operator shelves fell 48% from June 2018 to September 2018 as carriers backed away from the firm following political pressure, according to GlobalData.

Washington banned US suppliers from selling to it, after it broke an agreement not to sell handsets to Iran and then lied about it.

ZTE has already been labelled a national security risk by GCHQ.

Categories: Cyber Risk News

National Guard on Standby for Midterm Election Day

Info Security - Tue, 11/06/2018 - 10:28
National Guard on Standby for Midterm Election Day

Cyber units from the National Guard have been supporting several states in the run up to the mid-term elections and are standing by in the event of any incident today, according to reports.

Wisconsin, Washington and Illinois have been confirmed as using the reserves to help improve cyber resilience, but there are likely to be more states doing the same.

In the north-west, the Washington Air National Guard has been supporting the state's Office of the Secretary of State in what has been dubbed a “great partnership” of “outstanding cooperation” by Kenneth Borchers, commander of the 252nd Cyberspace Operation Group, according to Guard News.

The initiative began with a two-week assessment of the relevant IT networks, followed by a similar time frame devoted to making system improvements, and finally a search for any deeper problems.

"We call it the hunt mission. Now that we have situational awareness, we've secured terrain, we're going to do a deep dive and see what we can find,” said Thomas Pries, commander of the 262nd Cyberspace Operations Squadron.

On Friday it was revealed that Wisconsin National Guard cyber-response teams had been put on standby by the governor Scott Walker to assist if any serious incidents arise on election day.

As part-timers, National Guard troops have jobs outside of their role with the reserve military, which means cybersecurity skill levels can sometimes be higher than in parts of the regular forces.

In fact, lawmakers introduced a bipartisan bill last year designed to give the Department of Defense greater visibility into cybersecurity skills capabilities in the National Guard, in case it needs to draw upon this reserve in times of crisis.

“Our National Guard is uniquely positioned to recruit and retain some of our best cyber warriors, and this bill would help make sure that our military is taking advantage of this extraordinary talent,” said report co-sponsor, senator Kirsten Gillibrand, at the time.

Categories: Cyber Risk News

Electronic Communication Code: Tribunal clarifies its jurisdiction

Outlaw.com - Tue, 11/06/2018 - 09:46
Claims for compensation made under the old Electronic Communications Code (ECC) in the UK cannot be brought before a tribunal tasked with resolving disputes under the new ECC, the tribunal has confirmed.
Categories: Cyber Risk News

UK study on personalised pricing commissioned

Outlaw.com - Tue, 11/06/2018 - 08:17
A new UK study is to look into how businesses use data to tailor pricing offers to consumers and whether the practice helps those consumers obtain "the best deals".
Categories: Cyber Risk News

Veracode Acquired by Thoma Bravo and Splits from CA After Broadcom Deal

Info Security - Mon, 11/05/2018 - 17:09
Veracode Acquired by Thoma Bravo and Splits from CA After Broadcom Deal

Private equity investment firm Thoma Bravo has agreed to acquire Veracode for $950 million, on the same day that its parent CA Technologies were acquired by Broadcom for a reported $18.9 billion.

Veracode were acquired by CA Technologies in March 2017 for $614m. Today’s Thoma Bravo announcement is expected to close in Q4 of 2018.

“In today’s digital economy practically every company is turning into a software company through their own digital transformation,” said Chip Virnig, a partner at Thoma Bravo.

“As these companies continue to build complex applications, many of which contain sensitive data, the applications themselves increasingly become the target of more sophisticated and omnipresent cyber-attacks. As such, applications need to be built with security in mind day one, and we see a significant, growing market opportunity for Veracode’s product offerings.”

Broadcom is a designer, developer and supplier of products based on analog and digital semi-conductor technologies. The acquisition will see CA Technologies operate as a wholly owned subsidiary of Broadcom.

Sam King, current senior vice president and general manager of Veracode, will become the CEO of Veracode following the close of the transaction. She said that partnering with Thoma Bravo, a proven security software investor, is expected to extend its market reach “and further fuel our innovation so that we can offer the broadest software security platform and empower us to accelerate growth — all to allow us to transform the way companies achieve their software security goals.”

The announcement follow’s last month’s announcement that Thoma Bravo had acquired Imperva for around $2.1 billion.

“As long-term investors in cybersecurity software, we are impressed with the speed and quality of innovation at Veracode,” said Seth Boro, a managing partner at Thoma Bravo.

Categories: Cyber Risk News

Magecart Strikes Again, and Kitronik Is Latest Victim

Info Security - Mon, 11/05/2018 - 16:08
Magecart Strikes Again, and Kitronik Is Latest Victim

Magecart, the payment-card–skimming malware, has taken another victim, Kitronik, a leading supplier of electronic project kits in the UK. According to recent news from The Register, the company was the latest victim of Magecart’s global payment-card–skimming malware.

Kitronik suffered a data breach that may have exposed names, email addresses, card numbers, expiry dates, CVV security codes and postal addresses. The Register reported having seen an email written by Geoff Hampson, resident electronics expert for Kitronik, in which he told customers that the malware had been discovered.

"Anyone that has followed the news in recent months will be aware of the malicious software ‘Magecart’ that has been recording customer’s key presses on such high profile websites as British Airways and Ticketmaster. The malicious software records key presses at the checkout stage, to capture sensitive details. From some point early in August until mid-September the same malicious software has been present on the Kitronik website," Hampson wrote.

It is believed that the details were swiped at the checkout stage, and Hampson added that customer accounts established prior to August would not have been impacted, though he was not able to confirm how many customers might have been affected.  

“Payment-card–skimming malware continues to be a security challenge for retailers around the globe,” said Rich Campagna, CMO, Bitglass. “British Airways, Newegg, and now Kitronik have all been victims of Magecart’s malware, highlighting the need for security solutions which monitor for vulnerabilities and threats, across all devices and applications, in real time.

With these capabilities, retailers can be proactive in detecting and thwarting breaches before they happen, ensuring that their customers’ sensitive information is protected.”

Magecart is a known malware that has proven successful in attacking other major companies very recently, and Kitronik had protections in place to monitor fraud. In his email to customers, Hampson noted, “Although we have a mechanism in place to alert us if the code on the website changes, this attack was very sophisticated and bypassed that code by making changes to the website database.”

Categories: Cyber Risk News

Stolen Data Valued at Less Than $50 on Dark Web

Info Security - Mon, 11/05/2018 - 15:43
Stolen Data Valued at Less Than $50 on Dark Web

Cyber-criminals could sell someone’s complete digital life – including social media accounts, banking details, app data, gaming accounts and even remote access to servers or desktops – for less than $50 on the dark web, according to a new study from Kaspersky Lab.

The research is based on an investigation of dark web markets, revealing that the price paid for a single breached account is even lower – at about $1 each. Many criminals sell accounts in bulk and some even offer a “lifetime warranty,” so if an account a buyer has purchased stops working, they receive a new one for free.

Although the resale value of stolen data is low, cyber-criminals can still use it in many ways, from stealing money to committing crimes under the disguise of someone else’s identity.

What started as an inquiry into how much our lives are worth, David Jacoby, senior security researcher at Kaspersky Lab, set out to understand the dollar value placed on our stolen data. Jacoby not only considered our personal possessions but also factored in the private information we share on social media, our medical history and even aspects of our childhood. The research found that our identities can be stolen for mere pittance.

In largely rudimentary but effective attacks, hackers are stealing data from popular services like Uber, Netflix and Spotify.

Credit: Kaspersky Lab

In one dark web forum, Jacoby found a Swedish passport for sale to the tune of $4000, and the vendor was reportedly offering up passports for almost every country in Europe. Even utility bills and fake invoices were up for grabs.

“It is clear that data hacking is a major threat to us all at both an individual and societal level, because stolen data can be used for many nefarious activities,” said Jacoby in a press release.

“Fortunately, there are steps that we can take to prevent this, such as using cybersecurity software and being aware of how much data we are giving away for free – particularly on publicly available social media profiles.”

Categories: Cyber Risk News

Kemp Investigates Dems, Not the Reported Vulnerability

Info Security - Mon, 11/05/2018 - 14:58
Kemp Investigates Dems, Not the Reported Vulnerability

When a registered voter in the state of Georgia discovered a major vulnerability in the state’s My Voter Page, he brought it directly to the attention of lawyer David Cross, partner at Morrison & Foerster, who represented the Curling plaintiffs in the recent Georgia election security lawsuit. Cross said he alerted the FBI and Georgia Secretary of State Brian Kemp and his legal team.

What has ensued since then, according to Cross, is not an investigation into the vulnerabilities that threaten voter integrity or an effort to contact the reporting voter whose information was provided.

“From everything we’ve seen, instead of investigate, Kemp decided to politicize the issue and claim hacking by the Democratic Party,” Cross said, adding that the voter who brought the vulnerability to his attention is not affiliated with the Democratic Party.

The registered voter, whose name was not disclosed, went onto Georgia’s My Voter Page to look up his own information, said Cross. When he tried to update his information, he realized he was able to pull his information back but the system never confirmed that it was being pulled back.

“When he looked at the query, he noticed that he could potentially pull back any information just by changing the voter identification number. He didn’t confirm that,” said Cross, but brought the information to Morrison & Foerster, who brought it to the FBI and Kemp.

“We expected they would investigate, but as of this morning, the vulnerability is still there and they still had not contacted this voter. That’s the starting point for any investigation, but they are not doing that,” Cross said.

While Kemp has launched an investigation into the Democratic Party, alleging that it attempted to hack the voter system, the reported vulnerabilities remain unfixed, which Cross said is the real issue.

“Georgia voters need to check their voter registration information before tomorrow because right now there are potentially thousands of voters who could show up to vote tomorrow and not be able to because their information has been changed,” Cross said.

On Sunday’s State of the Union with Jake Tapper, Stacey Abrams, Democratic candidate for governor in Georgia, said of Kemp’s allegations, “This is a desperate attempt on the part of my opponent to distract people from the fact that two different federal judges found him derelict of his duties and have forced him to allow absentee ballots to be counted and those who are being held captive by the exact map system to be allowed to vote.

“He is desperate to turn the conversation away from his failures, from his refusal to honor his commitments and from the fact that he is part of a nationwide system of voter suppression that will not work in this election.”

Categories: Cyber Risk News

Equifax Set to Share More PII with Experian

Info Security - Mon, 11/05/2018 - 11:52
Equifax Set to Share More PII with Experian

Under-fire credit agency Equifax has turned to competitor Experian to extend credit monitoring to customers affected by a major breach in 2017, although this will mean sharing even more information with the third-party unless they opt-out.

The news came in an email Equifax is sending those who enrolled on its TrustedID Premier service following the catastrophic breach of 148 million users last year.

The firm is now offering a further year of credit monitoring via Experian’s IDnotify service.

Experian is already using Equifax customers’ names, addresses, dates of birth and Social Security numbers in order to provide file monitoring as part of TrustedID Premier. However, the new deal will involve the company also getting hold of their phone numbers and email addresses, unless they opt-out.

“Experian will only use the information Equifax is sharing to confirm your identity and securely enroll you in the Experian product, and will not use it for marketing or solicitation,” the note reads, according to Krebs on Security.

However, some may feel uneasy about sharing yet more information with a third-party — especially one which itself has suffered a major data breach in the past. Around 15 million US consumers had their details exposed in a 2015 incident.

Paul Bischoff, privacy advocate with Comparitech, argued that the decision to share this contact info “mainly serves the credit bureaus and not breach victims.”

“Without consent, Equifax unilaterally made a decision to share contact info of people who signed up for its TrustedID program — many of whom registered out of fear of consequences from Equifax's own catastrophe,” he added. “If TrustedID users take no action, their personal information is shared with a third party and they receive no benefit. Users must either affirmatively opt-out of the data sharing or enroll in Experian's similar credit monitoring program, IDnotify.”

What’s more, credit monitoring will not help those affected by the Equifax breach prevent identity theft taking place. Instead, it only notifies once a fraudster has already stolen one’s identity, according to experts.

“A better solution would be to put a credit freeze on your credit report, but doing so cuts into the credit bureaus' bottom lines,” said Bischoff. “A credit freeze blocks creditors from viewing your credit report, a service that creditors pay credit bureaus for.”

Categories: Cyber Risk News

Dozens of Spies Killed Thanks to Flawed CIA Comms

Info Security - Mon, 11/05/2018 - 10:52
Dozens of Spies Killed Thanks to Flawed CIA Comms

A flawed online communications system developed by the CIA was exposed to Google’s web crawlers, ultimately leading to the execution of dozens of spies, according to a new report.

The unnamed platform was cracked by Iranian intelligence after a tip-off by a double agent revealed the website they used to communicate with their CIA handlers. Google searches allowed them to locate other secret CIA websites and, from there, start to pick apart the entire spy network, according to Yahoo News.

This all started in 2009 after Tehran went looking for US moles following the announcement by the Obama administration of the discovery of a secret underground enrichment facility.

However, the impact was felt globally, most probably after Iran shared its intelligence with China, a move which ultimately led to an estimated 30 CIA spies being executed by Beijing and the collapse of its network there.

This “catastrophic” chain of events led to 70% of the CIA’s spy network potentially exposed to compromise at one point between 2009-13, according to the report.

The after-effects are apparently still being felt today.

The problem stemmed from over-confidence among US officials in the use of the platform in hostile states like Iran and China where rigorous state monitoring makes it difficult to communicate in secret.

“It was never meant to be used long term for people to talk to sources,” said one former official. “The issue was that it was working well for too long, with too many people. But it was an elementary system.”

Another issue highlighted by the report was the lack of accountability for the failure in the intelligence services, and the sacking of a whistleblower who first brought the problem out into the open back in 2011.

“Our biggest insider threat is our own institution,” remarked a former official.

Categories: Cyber Risk News

Over 80,000 Facebook User Accounts Compromised

Info Security - Mon, 11/05/2018 - 10:11
Over 80,000 Facebook User Accounts Compromised

Malicious browser extensions could be behind a compromise of at least 81,000 Facebook accounts which were put up for sale on the dark web, according to reports.

Those behind the attack told the BBC Russian Service that they had access to 120 million accounts, although this has been branded “unlikely” by Digital Shadows, whose researchers were called in to investigate.

In fact, the seller, “FBSaler,” provided a total dataset to reporters of around 257,000 profiles. Just 81,000 are certain to have been compromised, as private messages were included. The remaining 176,000 may have simply had profile information like names, addresses, contact numbers, and interests taken because accounts were left wide open by users.

The accounts are not thought to be linked to the Cambridge Analytica scandal, or the more recent breach of 30 million accounts which occurred after attackers obtained access tokens.

“The method used to obtain the accounts remains unconfirmed, though Facebook believe malicious browser extensions could have been used. Facebook have still not been definitive about this, though it said it had contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores,” said Digital Shadows.

“A rogue survey application as used by Kogan is known to have worked in the past; however, account takeovers achieved through credential harvesters, for example, are also a possibility. While a variety of separate breaches may have been used to compile the dataset, it is more likely a single approach was used given the consistency of the data in the dump.”

The largest number of profiles (30%) are Ukrainian, followed by Russia (9%), although users from the US, UK and Brazil are also said to be represented.

“Regardless of attribution, motives and the method of collection, the exposure of private messages where people share information they would not usually post publicly on their Facebook feeds is a potentially worrying development,” the firm warned. “Sensitive information may be used for extortion of identity fraud, while it’s not unheard of for individuals to share financial information such as banking details over private messages.”

The accounts were originally for sale for around $0.10 each on the BlackHat SEO forum, although the report claimed the advert has since been taken down, according to the BBC.

Categories: Cyber Risk News

Unfair to blame energy suppliers for smart meter failings

Outlaw.com - Fri, 11/02/2018 - 15:36
ANALYSIS: The blame for the disappointing progress of the UK's smart meter rollout should not be laid at the door of the UK's large energy suppliers. Many of the problems with the rollout stem from issues outside of their control.
Categories: Cyber Risk News

Dutch data watchdog: PSD2 consent must be obtained 'separately'

Outlaw.com - Fri, 11/02/2018 - 15:09
Third parties seeking access to payment account information held by banks must distinguish their requests to process customer data from broader requests for acceptance of the terms and conditions for their payment services, the Dutch data protection authority has said.
Categories: Cyber Risk News

Stuxnet Returns, Striking Iran with New Variant

Info Security - Fri, 11/02/2018 - 14:29
Stuxnet Returns, Striking Iran with New Variant

Iran’s critical infrastructure and strategic networks were attacked with what is reportedly a more sophisticated variant of the decade-old Stuxnet attack, according to Reuters. Iran’s head of civil defense agency, Gholamreza Jalali, told reporters that the newly discovered next-generation of Stuxnet that was trying to enter the systems consisted of several parts.

At a live press conference on October 28, Iran’s Supreme Leader Ayatollah Ali Khamenei said, “In the face of sophisticated methods used by enemies’ in their onslaught, the passive defense must be totally vigilant and serious.”

Reports from The Times of Israel raise questions about the attacker’s motivation, noting that news of the attack came hours after Israel said its intelligence agency, Mossad, had thwarted an Iranian murder plot in Denmark.

While no one is pointing the finger of blame in any direction just yet, “the ‘new Stuxnet’ attack is the latest indicator of the cyber-war that many governments are actively engaged in,” said Broderick Perelli-Harris, senior director of professional services at Venafi. “The details are still patchy, but it seems that Israeli intelligence relied on an old attack blueprint here.

“In the initial Stuxnet attack, the US and Israeli governments used stolen machine identities to infect Iranian nuclear centrifuges with the virus. Now, over 22 million pieces of malware use that blueprint to attack organizations and states alike across the world – all the signs point to the same method being used again here. It’s easy for organizations and governments to ignore when it’s used against an adversarial state, but the blueprint remains ‘in the wild’ for cyber-criminals to exploit.”

Given that cyber-weapons are prone to boundless proliferation, Perelli-Harris warned that this new Stuxnet variant should serve as a reminder that governments need to think very carefully when they are creating cyber-arms so that they do not escalate the problem. Once in the wild, they are impossible to control.

As is evidenced by the new generation of Stuxnet, cyber-arms can escalate into more violent, advanced and sophisticated variants. “Considering that subsequent variations on Stuxnet, namely Flame, Duqu, Stars, Shamoon and Nitro Zeus all had different payload delivery methods from their grandparent, it’s entirely plausible that the new generation of Stuxnet does also and that it will continue to evolve,” said Lewis Henderson, vice president of product marketing at Glasswall Solutions.

“With operators of critical national infrastructure unable to progress and update their operational technology at the same pace as their IT counterparts, there are known gaps and weaknesses that simply aren’t getting plugged. We can only hope news of this new version of Stuxnet has reached the highest level of decision making – because we’ve already seen what happens when you use old technology to fight a new adversary.”

Categories: Cyber Risk News