Tag: Mobile Threats

Report: Chinese Hackers Pinch Advanced Weapons Designs

A Washington Post story on Sunday cited a confidential report prepared by the Pentagon that claims “Chinese hackers” have compromised systems storing data on the design of more than two dozen major U.S. weapons systems. The report, prepared for the Pentagon’s senior brass by the Defense Science Board, warns that the intrusions have given China’s People’s Liberation Army (PLA) a leg up on the U.S., and a boost in efforts to modernize its own military for use in a possible, future conflict, The Post reported. Many of the breaches that led to theft of sensitive data occurred at private defense contractors, or at firms that acted as subcontractors to them, the report said. No specific incidents or companies are named in the report. However, the main outlines of it echo reports of leaks of classified information on weapons systems going back more than three years. In April, 2009, for example, […]

Continue Reading

Podcast: The Big Truth – Responding To Sophisticated Attacks

If you work at a rank and file corporation in the U.S. or Europe, stories like those about the breach at the defense contractor Qinetiq are terrifying. Here’s a company that’s on the bleeding edge of technology, making autonomous vehicles and other high-tech gadgetry for the U.S. Military. Despite that, it finds itself the hapless victim of a devastating cyber breach that lasts – by all accounts – for months, or years. In the end, the attackers (likely linked to China’s People’s Liberation Army) make off with the company’s intellectual property (likely all of it) and, soon, defense contractors in Mainland China start turning out devices that look eerily similar to the ones Qinetiq makes. Ouch! If a company like Qinetiq can’t stop an attack by advanced persistent threats (APT) – or whatever name you want to use –  what hope do overworked IT admins at rank and file enterprises […]

Continue Reading

AppSec And The Ghost In The Supply Chain

Tomorrow afternoon, Security Ledger, with help from our sponsor Veracode, will record its first video conversation. The show’s name: Talking Code (#talkingcode). The topic: application security, and – in particular – securing the supply chain. Joining me for the discussion will by Chris Wysopal, the co-founder and CTO of Veracode and Joshua Corman, the Director of Security Intelligence at Akamai Inc. Two things: you can send us questions or comments on Twitter. Our discussion will be filmed in studio, not live, but we’ll be tweeting comments live and engaging in realtime via Twitter. Just use the hashtag #talkingcode to pose questions. Say the term “supply chain,” and people immediately think of automobile and electronics manufacturers, who must assemble products from components makers scattered around the globe. These days, however, its not just manufacturers who have to worry about supply chains. Almost every company has a “supply chain” in one form or […]

Continue Reading

Update: Serial Server Flaws Expose Critical Infrastructure

A survey conducted by the firm Rapid 7 has found evidence that widespread vulnerabilities and insecure configuration of ubiquitous networking components known as serial port (or “terminal”) servers, may expose a wide range of companies and critical assets – including point of sale terminals, ATMs and industrial control systems – to remote cyber attacks.(*) The vulnerable devices connected hardware like retail point-of-sale systems at a national chain of dry cleaners, providing direct access to employee terminals from which customer payment information could be accessed. Other exposed systems were used to monitor the location of cargo containers, train cargo as well as HVAC and industrial control systems, Rapid7 said. In the Rapid7 survey, over 114,000 unique IPs were identified in a scan using the Simple Network Management Protocol (SNMP), the vast majority manufactured by one company: Digi International. If left unaddressed, the vulnerable devices give remote attackers direct, administrative access to hardware devices […]

Continue Reading

BadNews: Mobile Attackers Pivot To Malicious Ads

The identification over the weekend of a large-scale outbreak of mobile malware dubbed “BadNews” is bad news, indeed for millions of Android device users, who downloaded applications from the official Google Play application store that connected their devices to a malicious advertising network, dubbed “BadNews.” The discovery of the malware-infected apps, which were downloaded between two- and nine million times, suggests a new wrinkle in the mobile malware space, with attackers turning to honest-seeming mobile ad networks to push out malicious links and collect information on compromised devices. “This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network,” wrote Lookout’s Marc Rogers on the company blog. He speculated that the new tactic may reflect improved security on the Google Play app store following the introduction of the Bouncer malware scanner. Lookout said that the company notified Google, which removed the […]

Continue Reading
1 40 41 42 43 44