For my Computer Security students. Know the
enemy!
Symantec has released a paper on a Chinese
cyberespionage group that they call “Black Vine.” I’m not sure
how the Chinese would feel about that name, but in any event,
Symantec writes:
In early 2014, Anthem was a victim of an attack that exposed 80 million patient records. The breach, which came to light in February 2015, is believed to be the work of a well- resourced cyberespionage group which Symantec calls Black Vine.
Anthem wasn’t Black Vine’s only target. Black Vine has been actively conducting its campaigns since 2012 and has been targeting several industries, including aerospace, energy, and healthcare. The group has access to zero-day exploits distributed through the Elderwood framework and has used these exploits as the same time that other advanced attack groups have, such as Hidden Lynx.
Black Vine typically conducts watering-hole attacks against websites that are relevant to its targets’ interests and uses zero-day exploits to compromise computers. If the exploits succeed, then they drop variants of Black Vine’s custom-developed malware: Hurix and Sakurel (both detected as Trojan.Sakurel), and Mivast (detected as Backdoor.Mivast). These threats open a back door on the compromised computers and allow the attackers to steal valuable information.
Based on our own analysis of the campaigns, along with support from open-source data, Symantec believes that some actors of Black Vine may be associated with an IT security organization based in Beijing called Topsec.
You can read their full report here
(pdf).
(Related) Remember, we're officially pretending
that China did not hack OPM. Be sure to keep our stories straight or
Big Brother will be angry.
Michael Riley and Jordan Robertson report:
The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.
United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.
Read more on Bloomberg.
Russians can hack too. This is quite clever.
Jeremy Kirk reports:
A group of suspected Russian hackers are using Twitter in a clever way to mask their data-stealing malware, according to computer security firm FireEye.
Hackers have long used social networking services for relaying commands to their malware. But FireEye says this group — which it calls APT 29 — has taken it to a new level that makes it very hard for companies to figure out if they’ve been hacked.
FireEye analysts found the malware, nicknamed Hammertoss, on one of its client’s networks earlier this year. APT 29 has taken several steps to try to mask its communication with Hammertoss to avoid detection, according to a new report.
Read more on PC
Advisor.
[From
the article:
Hammertoss has an algorithm that generates new
Twitter handles every day. If APT 29's hackers want to communicate
with Hammertoss, they register the Twitter account that the malware
will try to contact that day.
The hackers are effectively using Twitter as a
command-and-control server. Many
companies are unlikely to block outbound connections to Twitter,
and successful connections are unlikely to be viewed as malicious.
"When they see Twitter traffic, it's less
suspicious," said Steve Ledzian, systems engineering director
for FireEye in Asia.
The hackers post instructions for Hammertoss in a
tweet. The tweet contains a URL and a hashtag. The URL leads to an
image on another server that contains encrypted data using
stenography, a method for concealing hidden data in an image or file.
This could be a significant breach, but the victim
can't tell how significant.
Alex Boutilier reports:
Canadian government and law enforcement officials are scrambling to figure out how Anonymous got their hands on what the hacker collective calls cabinet-level secrets.
On Monday, individuals associated with (sic) released to the media the first in what they call a series of sensitive government documents.
They will continue to release documents until the RCMP officers who shot dead an Anonymous protester in Dawson’s Creek, B.C., are arrested, they said in a video.
Read more on The
Toronto Star.
Now you can be whoever you want to be.
Facebook
loses battle over users' fake names in Germany
Facebook has been prevented from stopping users in
Germany creating accounts under false names.
The Hamburg data protection authority said the
social network could not change people's chosen usernames or ask them
to provide any official ID.
The ruling came after Facebook blocked an account
set up by a woman using a pseudonym and changed it to her name.
Facebook said it was disappointed with the ruling,
which German courts had previously said met European law.
"The use of authentic names on Facebook
protects people's privacy and safety by ensuring people know who
they're sharing and connecting with," the company said.
The company's real-name policy has been the
subject of recent
protests outside its headquarters in California from
demonstrators, including drag queens, Native Americans and domestic
violence victims who believe anonymity is crucial to their personal
safety.
Here is how “We gotta do something!” could get
you in trouble. Are you assuming responsibility for identifying
potential violence by monitoring ALL social media used by your
students? Do you know what social media your students prefer? Do
you know which students post anonymously? Do you know what you are
letting yourself in for?
“we need to be able to know if it is
credible” I agree. Good luck with that. Better have a
few trained forensic psychologists on staff.
Oh, FFS. Seriously.
Amanda Ober reports:
Controversy surrounds the school district’s decision to monitor students’ and teachers’ social media posts.
Orange County Public Schools has started monitoring students’ and teachers’ social media posts with a new software program called “Snaptrends.” It allows the school district to search thousands of posts on sites like Twitter and Instagram to hunt for keywords that might indicate trouble. School officials said the goal is to flag potential dangers, including cyberbullying, suicide and crime.
“If they are sitting in a classroom and they are tweeting because they are mad at their teacher or their girlfriend for whatever reason, and there are some threatening words there, we need to be able to know if it is credible,” said Joie Cadle of the Orange County School Board.
Why are they even tweeting in school? And what
rights do they have in the privacy of their own home if they want to
vent about a teacher? I hope the kids are smart enough to mark their
posts private and not public or protect their Twitter accounts and
only allow people they know to follow them.
And how do the employees feel about having their
social media posts made from home monitored by their employee?
[The
software they use: http://snaptrends.com/
Things that your lawyer probably advised you not
to do (wink wink) When they have you in the cross-hairs, don't do
anything to convince them they are right.
Goodell
rips Brady for destroying cellphone, beats Pats star to federal court
NFL Commissioner Roger Goodell escalated his war
with league golden boy Tom Brady by taking the fight straight to
federal court after upholding the
Patriots quarterback’s
four-game “Deflategate” suspension in a bombshell decision.
Goodell, in his 20-page ruling, also slammed this
year’s Super Bowl MVP with new allegations of destroying his
cellphone and erasing thousands of text messages.
Brady had been expected to appeal any penalties
upheld by the NFL, but Goodell beat him to the punch, asking a New
York federal court to back his decision.
… In confirming Brady’s four-game ban,
Goodell revealed that the quarterback destroyed his cellphone — and
the nearly 10,000 text messages it contained — on or about March 6,
the same day he met with Ted Wells, the NFL-hired investigator.
Brady’s representatives sent a letter to the league after his
appeal hearing stating that his
cellphone carrier [clearly
Patriot fans Bob] told them “the text messages sent
from or received from the destroyed
cellphone could no longer be
recovered.”
Brady testified that it is “his practice” to
destroy his cellphone and SIM cards when he gets a new one. But
Goodell questioned why Brady chose to do it despite knowing
NFL
investigators were looking for that information.
Shucks, that's just out of shotgun range. Maybe
armed drones?
Amazon
Proposes Drone Highway As It Readies For Flying Package Delivery
… During a conference at NASA’s Ames
Research Center in Mountain View, Calif., Gur Kimchi, vice president
of Amazon Prime Air, laid out the online retailer’s vision for how
unmanned aerial vehicles (UAVs) would be able to fly while avoiding
planes, buildings and other obstacles. Kimchi’s first public
address as head of Amazon’s drone program introduced a broad
operating framework for the developing drone industry, which he
compared to the early days of the internet in an interview with
FORBES before his speech.
… Because of this, Amazon suggested certain
standards, centered on the segregation of airspace below 500 feet
where drones would follow set rules for flying. In this space,
drones would be connected to online networks and would directly
communicate with each other, allowing for the automated control of
flights in real time.
… In its proposal, Amazon suggested that
drones fly between the ground and 400 feet, with the airspace between
400 and 500 feet of altitude and around airports designated as no-fly
zones. Areas below 200 feet would be reserved for so-called “low
speed localized traffic” where UAVs could be used to map
agriculture fields, scan bridges or shoot videos. Potentially, that
could also be the airspace where drones would be completing the final
stages of their deliveries, landing near homes to drop off packages.
The areas between 200 and 400 feet would be
reserved for a sort of drone highway. UAVs in this 200-foot range
would likely be traveling autonomously at high-speeds and out of the
line-of-sight of any operator.
For my Smartphone toting students (that's most of
them) Some of these are free!
18 Best App
Makers
Want to build an app for your business? Creating
an app doesn't have to be rocket science. These days, anyone can
make a professionally designed, fully functioning app — no tech
skills necessary. Hiring an experienced app developer can set you
back tens or even hundreds of thousands of dollars, an expense that
simply isn't justifiable or feasible for most small companies.
Instead, here are some of the best and most cost-effective DIY app
makers for small business.
I prefer composing an old fashioned email. If I
could tell (some of) my students what I think of their work without
some time to cool off, I'd never make teacher of the year.
Google Now
allows dictating messages on WhatsApp, Viber, WeChat
… The Google Now will be able to send messages
using WhatsApp, Viber, WeChat, Telegram and NextPlus in English at
launch, though Google plans to add more support for apps and
languages in the future.
The users have to specify which app to use by
saying 'OK, Google, send a WhatsApp message to ABC' and it will make
and send the message through the proper service.
Why it's right good to write good.
Improve
Your Writing to Improve Your Credibility
For all my students. Defend yourself. No one
else seems to want to.
In reading news yesterday morning, I stumbled
across a question posted on StackExchange:
I found my user details on already old, leaked account information list
I came across an old (>3 years) accounts information list which has been leaked to the web. The list included thousands (>10.000) of account details from a service or services. Apparently the event was a small-scale news item back in the days, so there’s not too much to do now, even if the one page I found would be removed from the web right now.
The query continues, but my immediate reaction
was:
Why wasn’t this individual notified of the
leak by the entity whose data were leaked?
Yes, we know that there are many leaks like this
on a daily basis, and this refers to an incident a while back, it
seems, but how many people may still be at risk over old leaks
because they were never notified that their email addresses and
weakly protected passwords were hacked and dumped? How many of us no
longer even remember where we had accounts and where we may have used
or re-used certain passwords?
At the very least, people should change their
passwords on all current accounts to use stronger passwords or
passphrases that are not re-used across sites. Now you, as a savvy
reader of this site, know that already, but what about the general
public?
And we really need stronger data breach
notification laws. Even though we should be diligent in trying to
protect ourselves, those who collect and store our information should
be obliged to notify us when they have suffered a security failure
that exposes our information. It really is as simple as that, and
don’t let the business lobby spin it or try to convince you that
breach notification fatigue will set in. Yes, maybe people will get
tired of getting breach notification letters, but I think we need to
let people decide whether to act on a notification or not, and not
deprive them of the opportunity to make that decision for themselves.
It's free and probably worth it!
No comments:
Post a Comment