Archive for the ‘Biz & IT’ Category

Russian man charged with running money-back-guaranteed criminal marketplace

November 13th, 2019
Screenshot of harmless-looking website.

Enlarge / The front page of cardplanet.cc as it appeared on August 1, 2015. (credit: Internet Archive)

A Russian man made his initial appearance in federal court on Tuesday on prosecutors' allegations he operated websites that resulted in more than $20 million in fraudulent purchases made on US credit cards.

Aleksei Burkov, 29, of Tyumen and St. Petersburg, Russia, arrived at Dulles International Airport on Monday night after he was arrested in Israel in late 2015, federal prosecutors said. His extradition came after appeals to the Israeli Supreme Court and the Israeli High Court of Justice were denied. Tuesday's appearance was before the US District Court for the Eastern District of Virginia.

According to an indictment that was unsealed on Tuesday, Burkov ran a website, called Cardplanet, that sold card data for anywhere from $2.50 to $60 apiece, depending on the card type, country of origin, and the availability of the cardholder's name, address, and other identifying information. In all, Cardplanet offered for sale more than 150,000 compromised payment cards, including "at least tens of thousands" of which had been issued to holders located in the US.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, Internet Crime, payment card fraud, Policy | Comments (0)

How a turf war and a botched contract landed 2 pentesters in Iowa jail

November 13th, 2019
Mug shots of Gary De Mercurio, left, and Justin Wynn.

Enlarge / Mug shots of Gary De Mercurio, left, and Justin Wynn. (credit: Dallas County Jail)

In the early hours of September 11, a dispatcher with the sheriff’s department in Dallas County, Iowa, spotted something alarming on a surveillance camera in the county courthouse. Two men who had tripped an alarm after popping open a locked door were wandering through courtrooms on the third floor, she reported over the radio as deputies raced to the scene. The intruders wore backpacks and were crouching down next to judges’ benches. When the first deputy pulled into the parking lot, the men moved to an open area outside the court rooms and concealed themselves.

“They were crouched down like turkeys peeking over the balcony,” Dallas County Sheriff Chad Leonard said in an interview. “Here we are at 12:30 in the morning confronted with this issue—on September 11, no less. We have two unknown people in our courthouse—in a government building—carrying backpacks that remind me and several other deputies of maybe the pressure cooker bombs.”

After more deputies arrived, Justin Wynn, 29 of Naples, Florida, and Gary De Mercurio, 43 of Seattle, slowly proceeded down the stairs with hands raised. They then presented the deputies with a letter that explained the intruders weren’t criminals but rather penetration testers who had been hired by Iowa’s State Court Administration to test the security of its court information system. After calling one or more of the state court officials listed in the letter, the deputies were satisfied the men were authorized to be in the building.

Read 44 remaining paragraphs | Comments

Posted in Biz & IT, hacker, Penetration Testing, pentest, Policy, white hat | Comments (0)

Google: You can trust us with the medical data you didn’t know we already had [Updated]

November 12th, 2019
Photo illustration showing the Google logo reflected on the eye of a young man.

Enlarge (credit: Getty Images | Leon Neal)

Update: The Google/Ascension project is now being investigated by the Office for Civil Rights in the Department of Health and Human Services, the Wall Street Journal reported in an update last night. The office said it "will seek to learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented." Google said it is "happy to cooperate with any questions about the project," and that "We believe Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage."

Original story from November 12, 2019 follows:

Google now has access to detailed medical records on tens of millions of Americans, but the company promises it won't mix that medical data with any of the other data Google collects on consumers who use its services.

Read 14 remaining paragraphs | Comments

Posted in ascension, Biz & IT, google, Policy | Comments (0)

Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

November 11th, 2019
Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

Enlarge (credit: hdaniel)

Recent in-the-wild attacks on the critical Bluekeep vulnerability in many versions of Windows aren’t just affecting unpatched machines. It turns out the exploits—which repurpose the September release from the Metasploit framework—are also causing many patched machines to crash.

Late last week, Windows users learned why: a separate patch Microsoft released 20 months ago for the Meltdown vulnerability in Intel CPUs. Word of the crashes first emerged five days ago, when researcher Kevin Beaumont discovered a malicious, in-the-wild Bluekeep exploit caused one of his honeypots to crash four times overnight. Metasploit developer Sean Dillon initially blamed the crashes on “mystical reptilian forces that control everything.” Then he read a Twitter post from researcher Worawit Wang:

In a post published on Thursday, Dillon wrote:

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, Blue Screen of Death, bluekeep, crash, exploits, vulnerabilities, Windows | Comments (0)

RunCode challenge returns with coding, pwning puzzles—and prizes

November 9th, 2019
Capture the flag with your code in the RunCode challenge this weekend.

Enlarge / Capture the flag with your code in the RunCode challenge this weekend. (credit: Getty Images)

It's Veterans Day weekend again, which means it's time for the return of RunCode, an annual capture-the-flag style programming and information security competition run by a non-profit group formed by a collection of volunteers (many of them with day jobs in the military) three years ago.

Originally a straight coding competition that supported multiple languages, RunCode evolved last year toward more of a security focus—though its challenges still involve writing code to overcome the puzzles. Points are accumulated with the completion of each challenge, based on its level of difficulty. Currently, the contest features 17 "easy", 9 "intermediate", and 3 "hard" challenges. The tasks include challenges in networking, math, encryption, forensics, "pwning", reverse-engineering, web hacking, among others.

The prizes include a one-year subscription to the penetration testing training site Hack the Box, a WiFi Pineapple Nano from Hak5, a 4-gigabyte Raspberry Pi 4, a RTL software-defined radio kit, and a WarCollar Industries DopeScope 2.0 Wi-Fi hunting tool (very useful for finding Wi-Fi hotspots and catching the "fox" during wireless challenges at hacker cons). Depending on participation, more prizes may be added, according to event organizers.

Read 1 remaining paragraphs | Comments

Posted in Biz & IT, capture the flag, coding competitions, Hacking competitions | Comments (0)

Google enlists outside help to clean up Android’s malware mess

November 9th, 2019
Google enlists outside help to clean up Android’s malware mess

Enlarge (credit: Ron Amadeo)

Android has a bit of a malware problem. The open ecosystem's flexibility also makes it relatively easy for tainted apps to circulate on third-party app stores or malicious websites. Worse still, malware-ridden apps sneak into the official Play Store with disappointing frequency. After grappling with the issue for a decade, Google is calling in some reinforcements.

This week, Google announced a partnership with three antivirus firms—ESET, Lookout, and Zimperium—to create an App Defense Alliance. All three companies have done extensive Android malware research over the years, and have existing relationships with Google to report problems they find. But now they'll use their scanning and threat detection tools to evaluate new Google Play submissions before the apps go live—with the goal of catching more malware before it hits the Play Store in the first place.

"On the malware side we haven’t really had a way to scale as much as we’ve wanted to scale," says Dave Kleidermacher, Google's vice president of Android security and privacy. "What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have real-time response, expand the review of these apps, and apply that to making users more protected."

Read 11 remaining paragraphs | Comments

Posted in Android, App Defense Alliance, Biz & IT, google, malware, Tech | Comments (0)

One of the world’s most advanced hacking groups debuts new Titanium backdoor

November 8th, 2019
One of the world’s most advanced hacking groups debuts new Titanium backdoor

Enlarge (credit: https://de.wikipedia.org/wiki/Benutzer:Alchemist-hp#/media/Datei:Titan-crystal_bar.JPG)

One of the world’s most most technologically advanced hacking groups has a new backdoor that’s every bit as sophisticated as its creators.

Dubbed Titanium by the Kaspersky Lab security researchers who discovered it, the malware is the final payload delivered in a long and convoluted attack sequence. The attack chain uses a host of clever tricks to evade antivirus protection. Those tricks include encryption, mimicking of common device drivers and software, memory-only infections, and a series of droppers that execute the malicious code a multi-staged sequence. Yet another means of staying under the radar is hidden data delivered steganographically in a PNG image.

Named after a password used to encrypt a malicious archive, Titanium was developed by Platinum, a so-called advanced persistent threat group that focuses hacks on the Asia-Pacific region, most likely on behalf of a nation.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT | Comments (0)

Why 168,149 Valentine’s day text messages arrived in November

November 8th, 2019
Why 168,149 Valentine’s day text messages arrived in November

Enlarge (credit: Aurich Lawson / Getty)

Did you get a Valentine's Day text message on November 7? If so, you can blame a company called Syniverse, which provides text-messaging services to major mobile carriers.

Syniverse helps deliver text messages via its intercarrier messaging service and boasts that it is "Connected to more than 300 operators" and processes 600 billion messages per month.

Syniverse says it delivers 99.8% of messages within one second. But a server failure caused many messages—exactly 168,149, according to The Washington Post—to be delivered nearly nine months late.

Read 12 remaining paragraphs | Comments

Posted in AT&T, Biz & IT, Sprint, syniverse, t-mobile, text messages, verizon | Comments (0)

Ring-a-ding: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers

November 8th, 2019
Ring's configuration app sent Wi-Fi setup information unencrypted to some doorbell devices, exposing customers' home networks.

Enlarge / Ring's configuration app sent Wi-Fi setup information unencrypted to some doorbell devices, exposing customers' home networks. (credit: Smith Collection/Gado / Getty Images)

Ring has pushed out a fix to a security issue in the configuration code for its Internet-connected home security products. Researchers from Bitdefender notified Ring in June of a flaw in Ring Video Doorbell Pro cameras' software that made it possible for wireless eavesdroppers to grab the Wi-Fi credentials of customers during the device's setup—because those credentials were sent over an unsecured Wi-Fi connection to the device using unencrypted HTTP.

In a report on the bug issued yesterday as part of a coordinated disclosure with Ring, Bitdefender researchers explained that when customers configured a Ring Video Doorbell Pro out of the box:

…the smartphone app [for Ring] must send the wireless network credentials. When entering configuration mode, the device creates an access point without a password (the SSID contains the last three bytes from the MAC address). Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network. All these exchanges are performed through plain HTTP. This means the credentials are exposed to any nearby eavesdroppers.

An attacker could take advantage of this bug by forcing a victim to reconfigure the doorbell. The attacker could use a Wi-Fi deauthorization ("deauth") attack against the device to make it re-enter configuration mode and could use a malicious Wi-Fi device to make the Ring doorbell drop off its network.

Read 3 remaining paragraphs | Comments

Posted in Biz & IT, dumb IoT, home security systems, HTTP, Ring, Wi-Fi security | Comments (0)

Members of violent white supremacist website exposed in massive data dump

November 8th, 2019
Screenshot of white supremacist website.

Enlarge (credit: Internet Archive)

Editor's note: this article discusses a hate group's uses of racist language that may be hard to read.

Private data for Iron March, a notorious website for violent white supremacists, has been published online in a stunning leak that exposes a trove of detailed information on as many as 1,000 or more members. The 1GB SQL database appears to contain the entirety of the site's information, including user names, private messages, public posts, registered email addresses, and IP addresses.

The leak was posted on the Internet Archive on Wednesday by an anonymous individual using the handle antifa-data. A list of domains used in email registrations shows two from US universities. Private messages show some members discussing life in the US Marines, Navy, Army, and military reserves.

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, databases, iron march, leaks, Policy, white supremacy | Comments (0)