| Home Depot Breach Bigger Than Target's Wall Street Journal (09/18/14) Sidel, Robin A five-month-long cyberattack on payment terminals at Home Depot stores left 56 million payment cards potentially compromised, making it larger than last year's attack at Target, the home improvement retailer said Sept. 18. Home Depot also said that the malware used in the attack has been eliminated from its systems. The incident further illustrates how the payment systems of U.S. retailers are vulnerable to hackers. This attack, like many recent retail hackings, was the result of malware that had been inserted into the companies' networks and used to skim payment-card data. In the Home Depot case, criminals used what the retailer called "unique, custom-built malware" that had not been present in other attacks. Home Depot is now using an encryption system that scrambles card information to make it unreadable. Meanwhile, some large card issuers, such as JPMorgan Chase and Capital One, have begun to plan to replace debit and credit cards that may have been exposed in the attack. ASIS Announces Accolades Award Winners Security Director News (09/17/14) ASIS International has announced the winners of its 2014 Accolades Awards, which recognize innovative security products, services, and solutions. This year's winners were chosen by a panel of judges representing end users and security experts and will be presented at ASIS' upcoming conference in Atlanta on Sept. 29. American Science and Engineering Inc.'s MINI Z Handheld Z Backscatter Screening system, a handheld backscatter x-ray system that can used to detect threats like explosives, plastic guns, and ceramic knives as well as contraband, was given the Judge's Choice Award. On the physical security side, winners include Tyco Security's CEM Emerald access control system. Other winners include Insider Alert, an insider threat management solution from AlertEnterprise, Ameristar Perimeter Security USA's Stalwart M50/P1Anti-Ram Perimeter Barrier, and Senstar Inc.'s RoboGuard, a rail-mounted robot that can carry payloads like fence scanners and cameras and can be mounted along a fence line to take the place of routine guard patrols. Quantum Technology Sciences Quantum Remote Intrusion Detection System and Alert Enterprise's Insider Alert, a comprehensive insider threat management system, were also given awards from the judges. Chinese Worker Detained for Giving Customers a Sneak Peek at iPhone 6 Wall Street Journal (09/16/14) Jie, Yang Chinese police detained an employee of the Apple Inc. contractor Foxconn on Sept. 4 for allegedly stealing shells of the new iPhone 6 from a factory in Shanxi province. Police allege that the suspect, identified only by the surname Qiao, sold six shells for $960 to an electronics market in the city of Shenzhen. Qiao reportedly found an advertisement from someone who wanted to purchase Apple products, and when he called the number in the ad, someone offered $160 for every iPhone 6 shell he could provide. On July 24, Qiao allegedly hid one shell in his pocket and avoided a security check at the factory by leaving at the peak of quitting time, when large groups of workers were exiting the factory at the same time. Qiao then allegedly stole five additional shells and sold them to the same buyer. The theft, which was discovered by Foxconn in mid-August, remains under investigation. Apple's Use of NFC Holds Potential for Access Control Industry Security InfoWatch (09/16/14) Griffin, Joel The near field communications (NFC) antenna design included in Apple's new iPhone 6 and iPhone 6 Plus could be used for access control applications. The access control market has long considered NFC as an industry game changer that could eliminate the need for key cards and relax end-user administrative burdens. Blake Kozak, a senior analyst for security and building technologies at IHS, noted that NFC historically has had performance and usability issues, but that Apple’s use of NFC could move it into an area where it is considered a more viable option for access control. There are still policy issues to be worked out within enterprise applications, including who oversees the credential and how companies with bring-your-own device policies can manage a secure credential on phones they do not control. Highlighting the Hotsheet: 2nd Quarter Cargo Theft Update Security Today (09/15/14) DeMao, Jack The Supply Chain-Information Sharing and Analysis Center (SC-ISAC) has released its second quarter statistics on cargo theft in the U.S., showing a slight increase in thefts over the first quarter but an overall year-over-year decline. SC-ISAC reports 140 cargo theft incidents during the second quarter, which is down significantly from the 194 incidents reported in Q2 2013. The states leading the nation in cargo thefts are Texas, California, Georgia, Illinois, Florida, and New Jersey, while the leading cities are Dallas, the Los Angeles metro area, Atlanta, Chicago, and Miami. Thefts that are the result of facility burglary rose by 100 percent year over year, with truck stops and yards being the locations cargo was most likely to be stolen from. The majority of cargo thefts continued to occur on the weekends, and consumer electronics were the most commonly targeted products. On the commodities side, construction materials were the most likely to be targeted. SC-ISAC reports the average value of stolen loads at $15,000 for a total quarterly loss of $22 million, but this is an order of magnitude smaller than the $174,000 average value of stolen loads reported by Freightwatch. Other trends include an increase in deceptive pickups and thieves stealing unattended tractors from freight yards to steal unattended trailers. Isis Terror Plot Against Australia's Parliament and Prime Minister Thwarted International Business Times (09/19/14) Sridharan, Vasudevan Australian officials say they have prevented an imminent terrorist attack against the country's top leaders, including Prime Minister Tony Abbott, that is believed to have been plotted by a militant network with ties to the Islamic State. Officials say they have been aware of discussions among terrorist groups about such an attack for some time, and that the planned attack was likely to be similar to the one carried out in Mumbai in 2008. Parliament House was seen as being a potential target of the attack, which prompted officials to perform a security review at the building last week. Abbott says the Australian Federal Police have been put in charge of security at Parliament House following the review. News of the foiled terrorist plot comes one day after Australian police and counterterrorism agencies conducted raids that resulted in the arrests of 15 people, one of whom is believed to have been planning to behead Australian civilians in public. Additional arrests could be made in the next several days. U.S. Tracks Threats Against West by Al Qaeda Affiliate in Syria Wall Street Journal (09/18/14) Gorman, Siobhan; Barnes, Julian E. Some U.S. officials and lawmakers are warning that in the country's rush to combat the Islamic State (IS), it runs the risk of overlooking more serious and imminent threats from al-Qaida, particularly from its affiliate in Syria. Unlike IS, which seems preoccupied with expanding and consolidating its territory in the region, the Nusra Front and Khorasan, a cell of senior al-Qaida leaders operating in Syria, are said to be actively pursuing plots against the U.S. and Europe. U.S. officials say Khorasan and the Nusra Front have ambitions of attacking American airliners and striking American targets in Europe as a means for spreading terror throughout the West. IS complicates the situation in several ways. On the one hand, al-Qaida is currently vying with IS for influence in the broader jihadist movement, which could drive it to attempt to upstage IS with a spectacular attack. At the same time, the attention being paid to IS by the West could allow al-Qaida and its affiliates cover under which to develop plots and carry out attacks. The U.S. campaign against IS, particularly if it moves into Syria, could also bring Washington and its allies into direct conflict with the Nusra Front and Khorasan, inciting them to carryout reprisal attacks. U.S. Security Officials Say Homegrown Attacks Top Concern, Beyond Islamic State Fox News (09/17/14) While the Islamic State is an imminent concern for U.S. homeland security officials, they are also still focused on Americans who have been radicalized over the Internet and may execute a limited attack on U.S. soil. “It’s no longer necessary to actually meet someone from al-Qaida,” FBI Director James Comey said in testimony before the House Homeland Security Committee on Wednesday. “Someone can actually do it in their pajamas in their basement.” Also testifying at the hearing was Homeland Security Secretary Jeh Johnson and Matthew Olsen, the director of the National Counterterrorism Center. They noted that Dzhokhar and Tamerlan Tsarnaev, who are accused of staging the Boston Marathon bombing, and Fort Hood shooter Army Maj. Nidal Malik Hasan were at least partly radicalized through the Internet. The U.S. intelligence community, however, is not currently aware of a specific, immediate Islamic State terror plot against the American homeland. However, Comey suggested that the emerging competition between al-Qaida and Islamic State could mean that such a plot is on its way. Combat Role is Not Off Table Washington Post (09/17/14) Whitlock, Craig Joint Chiefs of Staff Chairman Gen. Martin Dempsey testified before the Senate Armed Forces Committee on Tuesday, saying that U.S. troops may need to play a combat role in the fight against the Islamic State in Iraq. President Obama has promised not deploy combat troops to the country, though Dempsey said the commander-in-chief has told him that he may consider doing so on a "case-by-case basis." Dempsey added that he may at some point recommend that American advisers accompany Iraqi troops in attacks against the Islamic State, particularly if the Iraqis were to attempt retake the city of Mosul or some other type of complex mission. Dempsey noted that the American troops could be Special Forces or others who are embedded with Iraqi troops and call in U.S. airstrikes against Islamic State targets. However, Dempsey said he does not believe that American ground troops are necessary at this point, although they could be if the current strategy for fighting the Islamic State proves to be ineffective. That strategy currently involves U.S. airstrikes as well as American military advisers who are helping Iraqi and Kurdish troops in a non-combat role. Any plan to put American combat troops in Iraq could face resistance in Congress. A House resolution scheduled for a vote on Wednesday states that it does not support the use of American combat troops in Iraq. Homeland Security: 'No Evidence' ISIS Will Cross U.S. Border MySanAntonio.com (09/16/14) Fechter, Joshua Homeland Security officials are working to counter persistent claims from conservative groups and politicians that agents of the Islamic State (IS) either are attempting or have already crossed the border into the U.S. from Mexico. Those making such claims include Texas Gov. Rick Perry and Sen. Ted Cruz (R-Texas), who said in a recent op-ed piece that, "the government is making it too easy for terrorists to infiltrate our nation." Rep Ted Poe (R-Texas), meanwhile, has theorized that IS agents could partner with drug traffickers to sneak into the U.S. across the southern border. On Monday, a Texas sheriff claimed that a copy of the Koran and "Muslim clothes" were found along the border, presenting this as proof that "Muslims ... have been smuggled in the United States." On the same day, the Department of Homeland Security said that there is no credible evidence backing up claims that IS is actively planning to infiltrate the U.S. across the southern border. Rep. Robert O'Rourke (D-Texas) says that claims about terrorists crossing the southern border are not new and were not correct when they centered on al-Qaida and Iranian agents either. GAO Says Healthcare.gov Needs Security Upgrades Medical Economics (09/18/14) Smith, Lisa The Centers for Medicare and Medicaid Services (CMS) is planning to conduct an audit of Healthcare.gov to identify any security vulnerabilities that may still exist following a hack of the site earlier this summer, agency chief Marilyn Tavenner said Sept. 18. Tavenner's announcement came several days after the Government Accountability Office (GAO) released a report that found security for Healthcare.gov, including the enrollment or Marketplace system and the Federal Data Services Hub that connects the Marketplace system to other government systems, is insufficient. The report noted that while the security of Healthcare.gov has improved since it was launched last fall, the security plans and privacy documentation for the site remain incomplete. Security tests have not been completed, and no backup processing site is in place in the event the main site goes down, the report noted. GAO made several recommendations for improving the security of Healthcare.gov, including performing a thorough security assessment of the Marketplace system and ensuring that security plans for both the Marketplace system and data hub meet the National Institute of Standards and Technology's recommendations. The Department of Health and Human Services says it is taking steps to secure Healthcare.gov but does not agree with all of GAO's recommendations. Chinese Hacked U.S. Military Contractors, Senate Panel Says Wall Street Journal (09/18/14) Yadron, Danny An investigation by the Senate Armed Service Committee has found that state-sponsored Chinese hackers carried out a number of cyberattacks against private transportation companies working for the U.S. military's Transportation Command, although Chinese officials are denying those charges. The investigation found that these Chinese hackers broke into the companies' networks 20 times between June 2012 and June 2013. In one attack, the Chinese military allegedly gained access to several different systems on a commercial ship contracted by the military. The names of the companies that were affected were not released. However, most U.S. passenger airlines are known to work with Transportation Command, as do large cargo and ship operators. The probe also found that Transportation Command was only informed about two of the 20 attacks that took place. People familiar with the investigation believe that the attacks may have been carried out in an attempt to prepare for a potential conflict between China and the U.S. The Pentagon, meanwhile, says none of the attacks impacted Transportation Command's ability to carry out its mission and that it is in the process of correcting the vulnerabilities identified by the panel. Macro Based Malware Is on the Rise Help Net Security (09/17/14) Zorz, Zeljka Security researchers at SophosLabs say they have seen a dramatic spike in the percent of malware targeting Microsoft Word using Visual Basic macros instead of exploits. The researchers say macros accounted for 28 percent of all document attacks in July, up 6 percent. SophosLabs' Gabor Szappanos says this is because Visual Basic macros offer many advantages over exploit attacks; for example, the language's flexibility and the ease with which it can be refactored makes it easier to modify them to evade detection by antivirus software. Visual Basic is not difficult to learn, but Szappanos says SophosLabs also has found VBA downloader templates that come with simple instructions for modifying them to carry out a specific attack. "The samples in question contain Visual Basic code with helpful comments as to where authors should insert a malicious link as well as details of methods for obfuscating the code," the researchers say. Microsoft tried to block all macro attacks several years ago when it updated Word to forbid all macros by default, but to counter this malicious actors are using macro attacks in tandem with social-engineering attacks designed to convince users to enable macros. Flawed Coding Blamed for Recent Data Breaches Green Sheet (09/16/14) Poor software coding is responsible for 70 percent of the data breaches at retail and financial institutions, according to CAST's 2014 Report on Application Software Health. The applications were determined to have data input validation violations that can lead to Heartbleed-style malware attacks. "So long as IT organizations sacrifice software quality and security for the sake of meeting unrealistic schedules, we can expect to see more high-profile attacks leading to the exposure and exploitation of sensitive customer data," warns CAST's Lev Lesokhin. CAST says poorly written code that failed to validate data resulted in the Heartbleed attack, which compromised more than 60 percent of the Internet's servers. The report found the financial services industry had the worst coded applications with the highest number of input validation violations per app, even though their apps are significantly less complicated than the largest app scanned. CAST's Bill Curtis says the findings undermine the concept of software security and software quality being mutually exclusive. "Badly constructed software won't just cause systems to crash, corrupt data, and make recovery difficult, but also leaves numerous security holes," he says. Worm Illuminates Potential NAS Nightmare Dark Reading (09/15/14) Higgins, Kelly Jackson Independent Security Evaluators analyst Jacob Holcomb hopes to demonstrate a worm at Black Hat Europe to illustrate a long list of security vulnerabilities he has identified in numerous network-attached storage (NAS) systems. Holcomb says he has so far identified 30 zero-day vulnerabilities in NAS products from 12 major vendors. Some of the vulnerabilities leave the devices open to command or code execution attacks that could enable hackers to seize control of the devices and use them to carry out man-in-the-middle attacks or as a beachhead to further infiltrate a home or corporate network. Holcomb presented some of his findings at the Black Hat conference in Las Vegas earlier this year, and has contacted the affected vendors, but says the response has been lackluster. He believes the vulnerabilities pose a very serious threat to the public Internet infrastructure and has developed his new worm in hopes that it can scare vendors into action. "I wanted to actually develop a [proof of concept] myself and present it so people can understand the ramifications as my findings are being demonstrated and publicly disclosed, versus six months later when adversarial attackers are trying to exploit it for profit," Holcomb says. He intends to release the worm in a self-contained network with no Internet access, so there is no chance of it inadvertently escaping and proliferating. Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
No comments:
Post a Comment