Tuesday, May 23, 2017
Stealing a little from a lot of people? Good in theory, but it still sends you to jail.
Russian Hackers Infected 1 Million Phones With Banking Trojan
… The cybercrime gang targeted by Russian authorities used spam SMS messages to deliver the Trojan to individuals in Russia. The messages informed recipients that their ads or photos had been posted on a website, and included links to a site that tricked users into downloading and installing the malware. The threat had been disguised as various apps, including Avito, Pornhub, Framaroot and Navitel.
Once it infected a device, the Trojan allowed the cybercrooks to steal and hide SMS messages coming from banks, and send SMSs to specified numbers. Since many Russian banks allow their customers to conduct transactions via SMS, these features allowed the fraudsters to transfer money from the victims’ accounts into their own.
According to Group-IB, the gang opened more than 6,000 bank accounts to which they transferred the stolen funds. Investigators said the Cron malware was used to steal an average of $100 (8,000 rubles) from 50-60 bank customers each day.
The cybercriminals managed to infect more than one million smartphones and stole nearly $900,000 (50 million rubles).
Not a large breach, but one that points to people/places where one could steal a gun.
Andrew Ruiz reports:
The Florida Department of Agriculture and Consumer Services is warning customers that hackers may have obtained the names of more than 16,000 people who have Florida concealed weapon permits.
The data breach that appears to have originated from overseas affects people who entered information through the department’s online payment system.
Read more on WPTV. While the story leads with the number of names, it’s important to note that 469 Social Security numbers were also acquired by the hackers.
For the Ethical Hacking toolkit.
'Ultrasecure' Samsung Galaxy S8 iris scanner can be easily tricked, say hackers
… A CCC video shows how simple the trick is. In it, someone uses the night mode on a regular Sony digital camera to surreptitiously take an infrared shot of the phone user's eyes, from a moderate distance.
The image is cropped and printed out on, cheekily, a Samsung printer at life size. A contact lens is placed on the printed iris, to give it the appropriate curvature, and the Galaxy S8 accepts this as authentication for unlocking the phone.
For my Forensics students.
Al Saikali of Shook Hardy & Bacon LLP writes about a key issue that has come up a number of times in discussing incident response and liability:
One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. They are, at least according to an order issued last week in In re Experian Data Breach Litigation. 15-01592 (C.D. Cal. May 18, 2017). This post analyzes the decision, identifies important practical takeaways for counsel, and places it in context with the two other cases that have addressed this issue.
Read more on Data Security Law Journal.
Potential jobs for my Computer Security students.
Ira Parghi of Ropes & Gray writes:
Since January 2016, the OCR has entered into resolution agreements with, and imposed Corrective Action Plans (CAPs) on, providers and others in at least 12 matters involving the Security Rule. It has also imposed a Civil Monetary Penalty on one entity. Most of these cases involve stolen, unencrypted laptop computers (at least six cases), mobile devices such as iPads or iPhones, office computers, or portable storage devices.
Notably, while the underlying facts of these cases vary somewhat, their CAPs do not. All 12 of the CAPs hone in on the obligation under the Security Rule to perform an annual Risk Analysis and Risk Management Plan.
Read more on MedCityNews.
For my students.
… We now know that the ransomware spread due an exploit in the Windows Server Messaging Block (SMB) protocol version 1. This is an outdated version of SMB, used to share files and printers among networked computers, that Windows still supports for backwards compatibility. Microsoft patched this issue in March, but affected computers were still vulnerable to attack if they were running the archaic Windows XP or hadn’t applied updated in Windows 7 for months.
On your own system, you can disable SMB 1.0 in just a moment — and because 99 percent of home users don’t need the old and insecure version of this protocol, you can shut it off without any loss of functionality.
Type Turn Windows features into the Start Menu and click the entry for Turn Windows features on or off. Scroll down to SMB 1.0/CIFS File Sharing Support and uncheck the box. Give Windows a moment to apply the changes, then you’ll have to restart your computer to complete the action. Once that’s done, you’ve disabled the awful, insecure protocol from running on your computer.
Hey! Whatever works! Nothing new there.
How the Waymo-Uber Lawsuit Could Rewrite Intellectual Property Rules
… According to Wagner, trade secret law has traditionally not been seen as “a particularly reliable or useful way to protect technology,” partly because it is difficult to keep such technology secret when it is implemented and products based on it are sold. But that conventional wisdom is up for a reexamination. “If Google is successful at putting a dent in Uber’s ability to compete in this field as a result of this case, then people will take notice of that and you will probably see more people using trade secrets” as part of their intellectual property strategies, said Wagner. “On the other hand, if Google is not successful, or even if they win this case and they don’t slow Uber down very much, then people are going to go back to what we traditionally think of in IP, which is unless you have a patent covering the technology, you don’t have a lot of protection.”
Perspective. Does this suggest that everyone is upgrading or are there still people like me who don’t yet own a smartphone?
Gartner: Worldwide Smartphone Sales Grew 9% YoY In Q1 2017
Gartner has just released its smartphone sales report for the first quarter of this year, and according to the provided info, worldwide smartphone sales grew by 9 percent this time around. Companies sold a total of 380 million smartphones in Q1 2017, which is a 9.1 percent increase compared to the same quarter last year. Gartner also says that consumers are spending more to get a better phone now, which actually caused a rise in average selling price for smartphones.
Might be useful in my Statistics class.
Dataset aggregates info on food spending habits using 3 million grocery orders
by Sabrina I. Pacifici on May 22, 2017
Center for Data Innovation – “Online grocery service Instacart has published a dataset containing information on 3 million grocery orders from more than 200,000 de-identified users from 2017. The dataset contains information on what products users purchased, the sequence they bought them in, when they placed the order, and the amount of time between Instacart orders. Instacart is releasing this dataset in the hopes that others will use it to develop algorithms that can predict what items shoppers will buy again or may be interested in.”
What are you listening to? NOT FREE.
… You need some websites and apps that take you out of your comfort zone. With that in mind, here are eight essential websites for broadening your musical knowledge.