Uncategorized

Messy And Loud Hack In South Korea Doesn’t Look State Sponsored

A researcher who has studied the malicious software used in the attacks on media outlets and banks in South Korea this week said the attacks were coordinated, but messy and loud, without many of the hallmarks of a state sponsored hacking operation. Richard Henderson, a Security Strategist at Fortilabs at Fortinet Inc. said that the malware used in the attack was programmed to begin operating at 2:00pm local time, suggesting that those behind it had planned their operation for weeks or months before launching it. Still, Henderson said many details of the attack make it dissimilar from so-called “advanced persistent threat” or APT-style hacks that are carried out by foreign governments or groups working on their behalf. Henderson said that Fortinet analysts first obtained a copy of the malware on March 19, a day before the attacks. Researchers there had already identified the “time bomb” hidden in the code, which was […]

Apple Confirms It Was A Victim In Watering Hole Attack. Who’s Next?

Yesterday the news was that Apple Inc. was yet another victim of a widespread watering-hole style attack on prominent firms, including Facebook and (probably) Twitter. But that list of victims will almost certainly rise, as more information about the watering hole web site and the extent of the breach become public. First, what we know: Twitter, Facebook and now Apple have all made announcements in the last week  about security breaches at their organizations that involved staff computers being infected with malware. Twitter was the first company to go public with the information on February 2nd. But the company said at the time that other firms were likely to have been breached, also. Facebook followed suit, announcing that its employees, also, were targeted in the attack. According to Facebook’s Chief Security Officer, Joe Sullivan, the company’s employees were compromised using a previously unknown (zero day) Java vulnerability after visiting a […]

Making It Official

For those of you who have been regular visitors to this site over the past few months, this post might seem a bit strange.  I’m taking the opportunity today to officially launch The Security Ledger: a security news website dedicated to covering the rapidly expanding landscape of the IT security space. Yes – I know: Security Ledger has been publishing regularly since late August. But think of that kind of like one of Google’s interminable “beta” periods, in which you keep expectations low and shake out all the bugs before making it official. So what’s this all about? With help from our sponsors, Qualys Inc. and Veracode, The Security Ledger is dedicated to covering the vastly expanding cyber security landscape. As more and more elements of our daily lives join the “Internet of Things,” The Security Ledger offers original reporting and curated news from the front lines, including coverage of mobile devices, intelligent consumer […]

Bluetooth-Sniffing Highway Traffic Monitors Vulnerable to MITM Attack

A system that monitors traffic patterns by pinging Bluetooth devices carried within passing automobiles is vulnerable to man in the middle attacks that could allow a remote attacker to steal data or remotely control or disable systems used to monitor freeways across the U.S., according to an alert from the Department of Homeland Security’s Industrial Control System Computer Emergency Readiness Team (ICS-CERT). ICS-CERT issued an advisory on Friday for customers who use Bluetooth-based traffic systems from the firm Post Oak Traffic Systems. Post Oak’s AWAM Bluetooth Reader Traffic Systems do not properly generate authentication keys used to secure communications. That could allow an attacker to calculate the private key used by the AWAM reader, then use those to impersonate the device, siphoning off administrative credentials that would give them direct access to the traffic monitoring system, DHS warned. Post Oak’s Anonymous Wireless Address Matching (AWAM) devices are installed at the […]