Recent Posts

Homeland Security Warns Of Expanding Medical Device Attacks

A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked. The bulletin, published May 4 by DHS’ National Cybersecurity and Communications Integration Center, warns that advances in medical devices, including Internet connectivity and the use of smartphones, tablets and other mobile devices in patient care “expands the attack surface” of medical devices. “Smartphones and tablets are mini computers with instant access to the internet or linked directly to a hospital’s network. The device or the network could be infected with malware designed to steal medical information if not upgraded with the latest anti-virus and spy-ware software,” DHS said. Advances in medical device technology have already greatly improved medical care, especially in areas like medical health records and remote monitoring of patients with implantable medical devices. However, too little […]

Continue Reading

D.C. Media Sites Found Hacked, Serving Fake AV

Websites operated by media outlets in the Washington D.C. area were the targets of widespread hacks this week, with web sites for two major radio stations among those found serving up malicious links that installed fake antivirus software on victims’ machines. Researchers at two security firms, Invincea and zScaler, identified compromises on the web sites of the two stations – WTOP, the D.C. areas largest FM station, and a sister site, FedNewsRadio, 1500 AM, which caters to government employees. The compromises were part of a string of almost identical attacks that redirected visitors to the web sites that push malicious software to victims’ machines. Only visitors using versions of Microsoft’s Internet Explorer web browser were targeted with the attack, zScaler said. In a related post, researchers at Invincea said the attacks were similar to one they had investigated a breach at dvorak.org, a web site operated by technology blogger John […]

Continue Reading

Update: Hack Investigation At Dept. of Labor Turns Up Internet Explorer 8 Zero Day Hole

A hack of the U.S. Department of Labor web site that was revealed late last week is being described as a “watering hole” style attack aimed at compromising the systems of other government workers, in part using an exploit for a previously unknown (or “zero day”) security vulnerability in some versions of Microsoft’s Internet Explorer web browser.(*) Multiple reports last week indicated that a security breach of the Department of Labor web site had occurred. Accounts indicated that visitors to the site using versions of Internet Explorer were being attacked using exploits for a known vulnerability. Over the weekend, however, researchers analyzing the attacks say that it used an exploit for a zero day hole in IE8, and that details of the attack tie it to a China-based hacking group known as “DeepPanda.” In a blog post on Friday, researchers at the security firm Invincea said that they believed that the […]

Continue Reading

Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count  Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]

Continue Reading

New Banking Trojan Hacks The FAQ To Fool Users

Cyber criminals are notoriously crafty and persistent, especially when it comes to defeating security measures created to thwart them. But a group behind a recent version of the Ramnit banking malware has raised their game to a new level: hacking the customer FAQ (frequently asked questions) document to make their malicious activity look like it was business-as-usual. A report on Tuesday by the security firm Trusteer finds that new variants of Ramnit targeting a UK bank  have added features to game a one-time-password (OTP) feature at the bank. Among other tricks, the Ramnit variant uses an HTML injection attack to alter the wording of the bank’s customer FAQ, making it seem as if prompts created by the malware were standard security features at the bank. The report, published on the Trusteer blog, described a complex ruse in which Ramnit lies dormant on infected machines, then springs to action once a […]

Continue Reading
1 374 375 376 377 378 397