Vulnerabilities and attacks

Syria's Internet goes dark for several hours

After a more than seven-hour blackout, it appears the Internet has returned to Syria.

On Thursday morning several Internet monitoring firms began reporting a halt of online traffic in and out of the war-torn country. While it was clear something was amiss, it was unclear who or what was causing the outage.

In the past, divergent players such as the online hacking collective Anonymous or the Syrian Electronic Army -- a President Bashar Assad loyalist group -- have waged attacks on the country's Internet. However, Thursday's outage appears to have two different sources.

First, a group calling itself … Read more

IBM's new services zero in on fraud, financial crime

IBM has introduced new software and services to help organizations use big data to address financial losses caused by fraud.

The Armonk, N.Y.-based firm says that $3.5 trillion is lost every year to fraud and financial crime. To combat these problems, IBM has launched its "smart counter fraud" initiative, which includes software and services based on over 500 fraud consultants, 290 fraud-related research patents, and the investment of $24 billion in to IBM's Big Data software since 2005.

IBM says these new services can detect a number of criminal activities, including tax evasion, money … Read more

Hackers transform EA Web page into Apple ID phishing scheme

Using some trickery, hackers were able to breach Electronic Arts' Web site and transform one of its pages into a bogus Apple log-in screen. Once users logged on to the fake site, they were prompted to input their credit card numbers, date of birth, and other personal information.

Security firm Netcraft discovered the breach and notified EA on Tuesday. The game maker told CNET that it investigated Netcraft's claims and as of Wednesday the phishing page is gone.

"We have found it, we have isolated it, and we are making sure such attempts are no longer possible," … Read more

Microsoft touts study showing the cost of pirated software

Microsoft's crusade against pirated software was bolstered on Tuesday with the release of a study that found stolen programs are going to cause issues this year for both consumers and enterprise customers.

The study, conducted by research firm IDC and the National University of Singapore, found that consumers worldwide will spend $25 billion and collectively waste 1.2 billion hours this year as the result of downloading pirated software. On the business side, companies will spend $500 billion on fixes in 2014 to issues with pirated software.

Although Microsoft didn't work on the study, it was released as … Read more

Beware this big iOS flaw -- and it's not alone

VANCOUVER -- A change that Apple imposed to make iOS 7 more secure instead has dramatically weakened the security of devices running that mobile operating system, a security researcher has charged.

At the CanSecWest conference here last week, Azimuth Security researcher Tarjei Mandt said that Apple made a major mistake when it changed its random-number generator to make its kernel encryption tougher in iOS 7. The kernel is the most basic level of an operating system and controls things like security, file management, and resource allocation.

"In terms of security, it's much worse than iOS 6," Mandt … Read more

All hacking eyes on the prize money at CanSecWest

VANCOUVER -- When it comes to hacking, it turns out that greed really is good.

All four of the major desktop browsers, plus two Adobe browser plug-in programs, succumbed to the predations of the hacker community in two different contests.

Pwn2Own, sponsored by Hewlett-Packard and organized by the HP-owned Zero-Day Initiative, featured up to $1.085 million in prizes, and security researchers going after Adobe Flash and Reader, Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.

Eight research teams earned $850,000, with another $82,500 going to charity for Pwn4Fun over the two-day competition, which concluded on … Read more

How Target detected hack but failed to act -- Bloomberg

The November data breach that affected as many as 110 million Target customers could have been stopped in its tracks, according to a story published Thursday by Bloomberg.

Speaking with more than ten former Target employees and eight people with knowledge of the hack, Bloomberg said that Target already had in place a sophisticated malware detection system designed by security firm FireEye. The $1.6 million system was set up specifically to identify hacks and cyberattacks before they had a chance to do real damage.

Highlighting the ingenuity of FireEye's detection system, Bloomberg explained that it creates a parallel … Read more

Samsung Galaxy devices may have backdoor to user data, developer says

Samsung's Galaxy devices might have a built-in security flaw that could allow for "remote access to data," a developer claims.

The folks behind Replicant, a free and open-source OS that aims to replace proprietary Android components with free alternatives, claim to have discovered a flaw in certain Samsung devices that allows for access "to read, write, and delete files on the phone's storage." In addition, the developers said that the flaw has "sufficient rights to access and modify the user's personal data."

In a blog post detailing the issue on Wednesday, … Read more

Google fixes 7 Chrome security holes just before CanSecWest

Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.

The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.

Three High-level vulnerabilities were found by three independent researchers, who earned a total of $8,000 for their work. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.

[$4000][344881] High CVE-2014-1700: Use-after-free in speech. Credit … Read more

NSA system designed to attack 'millions' of computers -- report

Through an operation called Turbine, the NSA crafted an automated system designed to hack "millions" of computers, new documents from Edward Snowden's leaks on government surveillance reveal.

According to documents published by The Intercept on Wedesday, Turbine created "implants" that let it gain access to peoples' computers. Getting the implants onto machines involved an array of deceptions: fake Facebook Web pages, spam emails with malicious links, and man-in-the-middle attacks that would "shoot" bogus data at a target's computer when the NSA detected it was visiting a Web site the NSA could spoof. … Read more