New "Alice" Malware Drains All Cash from ATMs
A newly discovered family of
malware targeting ATMs (automated teller machines) has been designed with the
sole purpose of emptying cash from the safes of the self-serve machines, Trend
Micro security researchers warn.
Dubbed Alice, the malware is the most stripped down
ATM threat seen to date. The malware has
no information stealing capabilities and can’t even be controlled via the ATM’s
numeric keypad. Initially discovered in
November 2016, Alice is believed to have been around since 2014, and Trend
Micro says that it is only the eighth ATM malware family seen to date, although
such threats have been around for over nine years.
Use of the malware requires physical access to an ATM, and
Trend Micro suggests that it has been designed for money mules to steal all the
money available in an attacked cash machine, something that malware such as GreenDispenser
was seen doing last year.
Unlike that piece of malware, however, the new threat
doesn’t connect to the ATM’s PIN pad and can also be used via Remote Desktop
Protocol (RDP), although Trend Micro says that there’s
no evidence of such use as of now.
… The attacker
simply needs to enter the cassette’s ID for the ATM to dispense the money in
it. The dispense command is sent to the
CurrencyDispenser1 peripheral via the WFSExecute API. With ATMs typically having a 40-banknote
dispensing limit, the attacker might have to perform the same operation
multiple times to empty all the cash stored in a cassette. Information on the available cash is
dynamically updated on the screen, so the attacker knows when a cassette is
empty.
Automating fraud.
Russian 'methbot' fraud steals $180 million in online ads
Russian cybercriminals have built a new high-tech fraud
enterprise: Showing real ads to fake people.
The fraud has siphoned more than $180 million from the
online ad industry, according to researchers.
… Methbot, so
nicknamed because the fake browser refers to itself as the
"methbrowser," operates as a sham intermediary advertising ring:
Companies would pay millions to run expensive video ads. Then they would deliver those ads to what
appeared to be major websites. In
reality, criminals had created more than 250,000 counterfeit web pages no real
person was visiting.
White Ops first spotted the criminal operation in October,
and it is making up to $5 million per
day -- by generating up to 300 million fake "video
impressions" daily.
… "This is
the kind of theft in which nothing has gone missing," Tiffany said.
However, media experts noted that the additional fake 300
million "views" now existing in the advertising marketplace does put
significant pressure on media companies who are competing over an audience that
doesn't really exist.
Simple. Dastardly!
Laura Shin reports:
Just after midnight on August 11,
self-professed night owl Jered Kenna was working at home in Medellin, Colombia,
when he was notified the passwords had been reset on two of his email
addresses.
He tried to set up new passwords
himself by prompting the email service to send him text messages containing a
code — but they never arrived.
“So I called the company to make
sure I hadn’t forgotten to pay my phone bill, and they said, you don’t have a
phone with us. You transferred your
phone away to another company,” he says.
Read more on Forbes.
[From the
article:
Once all the calls and messages to Kenna’s number were
being routed to them, the hacker(s) then reset the passwords for Kenna’s email
addresses by having the SMS codes sent to them (or, technically, to Kenna’s
number, newly in their possession). Within seven minutes of being locked out of
his first account, Kenna was shut out of up to 30 others, including two banks,
PayPal, two bitcoin services — and, crucially, his Windows account, which was
the key to his PC
Protect that dissertation!
Lee Mathews reports:
If you’re properly prepared,
however, ransomware can actually be quite easy to deal with. The security professionals at Cybereason think
their new, free Windows app can help.
It’s called (logically enough)
RansomFree. Cybereason says it protects
computers by watching for the behaviors typically exhibited by ransomware. Like other anti-malware tools with behavioral
analysis tools, that enables RansomFree to protect against emerging threats —
not just older ransomware that’s on its last legs.
Read more on Forbes.
We could speed this up a lot: Got a van and a key making
machine?
Roee Yanovsky reports:
Criminals from east Jerusalem
were able to use information from a Hyundai and Kia
data leak to steal dozens of brand new luxury cars and smuggle them into the
West Bank.
Israel Police recently arrested
three east Jerusalem residents who were able to access data from the two
companies, and using that data, were able to hack the cars’ computers.
Read more on Ynet News.
[From the
article:
The group would drive around looking for Kias and
Hyundais, and upon finding them, would look for the registration number. Using the registration number, the group would
used hacked data to find the anti-theft protection number, as well as the code
to make the car keys for that specific car.
The keys were then produced in the West Bank.
With keys in hand, the gang would go to the home of owner
of the car – information taken from the data leak – and would simply unlock the
door and drive off into the West Bank to be sold in the Palestinian car market.
Celebrity attracts fans, no matter their jobs. Why don’t they know who tried to access the
records? How can they fire anyone if
they don’t know?
Shari Weiss reports:
…It’s said that over the course
of his stay, an unknown number
of staffers tried to gain illegal access to West’s electronic medical records. Of course, like with every patient, they were
to be protected by HIPAA, a law that mandates private health information only
be shared with those who have been officially granted access, known as “covered
entities.” In this case, it’s believed
that UCLA employees who did not fall within that category are now under
investigation for their improper behavior.
TMZ, which broke
the news, claims “several dozen people have been or will be fired.”
Read more on GossipCop.
Gee, the sites I have to read to bring you all the news on
medical privacy breaches….
I guess this means we can expand our Ethical Hacking
course globally…
Tami Abdollah reports:
The Obama administration has
failed to renegotiate portions of an international arms control arrangement so
that it’s simpler to export tools related to hacking and surveillance software
— technologies that can be exploited by bad actors, but are also used to secure
computer networks.
The rare reconsideration of a
rule agreed to in 2013 by 41 countries was derailed at the plenary’s annual
December meeting in Vienna, leaving it up to President-elect Donald Trump’s
administration whether the U.S. pushes for revisions again next year.
Read more on Federal
Times.
See? Given a few
months to think about it, even Congress can grasp the obvious.
Congressional report sides with Apple on encryption debate
The U.S. is better off supporting strong encryption than
trying to weaken it, according to a congressional report that stands at odds
with the FBI’s push to install backdoors into tech products.
On Tuesday, a bipartisan congressional panel published a year-end
report, advising the U.S. to explore other solutions to the encryption
debate.
“Any measure that weakens encryption works against the
national interest,” the report said.
… But the report
also acknowledged that the technology has become an obstacle for law
enforcement agencies when investigating crimes.
However, forcing U.S. companies to compromise their
encryption wouldn’t necessarily solve the problem. Consumers and bad actors, for instance, would
likely choose to use more secure products offered by foreign companies, the
report said.
“Congress
cannot stop bad actors — at home or overseas — from adopting
encryption,” the report added.
This may not go anywhere, but I bet we’ll see it more
often.
Orlando victims' families sue Facebook, Twitter, Google
The families of some of the victims of June's mass
shooting at a gay nightclub in Orlando are suing Facebook, Twitter and Google, reports the Washington Post.
The families are accusing the companies of providing
“material support” via their social media and video platforms to the
self-radicalized gunman, Omar Mateen.
Their suit
also alleges the companies made “profit from ISIS postings through advertising
revenue.”
Gosh! How
amazing.
http://www.bespacific.com/post-election-reveal-laptop-of-clinton-aid-searched-without-valid-warrant/
Post election reveal – laptop of Clinton aid searched without
valid warrant
by Sabrina
I. Pacifici on Dec 20, 2016
In the ‘and why now that it is all over moment of the post
election coverage’ – “The warrant connected to the FBI search
that Hillary Clinton says cost her the election shouldn’t have been granted,
legal experts who reviewed the document released on Tuesday told The Huffington
Post. FBI Director James Comey shook up
the presidential race 11 days before the election by telling Congress the
agency had discovered new evidence in its previously closed investigation into
the email habits of Clinton, who was significantly ahead in the polls at the
time. When Comey made the announcement, the bureau did not have a warrant
to search a laptop that agents believed might contain evidence of criminal
activity. The FBI set out to rectify
that two days later, on Oct. 30, when agents applied for a warrant to search
the laptop, which was already in the FBI’s possession. The FBI had seized the computer as part of an
investigation into former Rep. Anthony Weiner, the estranged husband of Clinton
aide Huma Abedin. The unsealed warrant
“reveals Comey’s intrusion on the election was as utterly unjustified as we
suspected at time,” Brian Fallon, a Clinton campaign
spokesman, said on Twitter Tuesday…”
We need to get him a new map.
A Pentagon memo outlining the incoming Trump
administration’s top “defense priorities” identifies defeating the Islamic
State, eliminating budget caps, developing a new cybersecurity strategy, and
finding greater efficiencies as the president-elect’s primary concerns. But the memo, obtained by Foreign Policy, does not include
any mention of Russia, which has been identified by senior military officials
as the No. 1 threat to the United States.
… The full memo is
here.
Perspective.
Pew – Online Shopping and E-Commerce
by Sabrina
I. Pacifici on Dec 20, 2016
“Americans are incorporating a wide range of digital tools
and platforms into their purchasing decisions and buying habits, according to a
Pew Research Center survey of U.S. adults. The survey finds that roughly eight-in-ten
Americans are now online shoppers: 79% have made an online purchase of any
type, while 51% have bought something using a cellphone and 15% have made
purchases by following a link from social media sites. When the Center first asked about online
shopping in a June 2000 survey, just 22% of Americans had made a purchase
online. In other words, today nearly as
many Americans have made purchases directly through social media platforms as
had engaged in any type of online purchasing behavior 16 years ago.”
For my Data Management students.
The Smart Way to Deal With Messy Data
Unstructured data — data that is not organized in a
predefined way, such as text — is now widely available. But structure must be added to the data to
make it useable for analysis, which means significant processing. That processing can be a problem.
Perhaps we could automate the classroom? “Mr. Chips?”
Building Jarvis – Mark Zuckerberg
by Sabrina
I. Pacifici on Dec 20, 2016
“My personal challenge for 2016 was to build a simple AI
to run my home — like Jarvis in Iron Man.My goal was to learn about the state
of artificial intelligence — where we’re further along than people realize and
where we’re still a long ways off. These
challenges always lead me to learn more than I expected, and this one also gave
me a better sense of all the internal technology Facebook engineers get to use,
as well as a thorough overview of home automation. So far this year, I’ve built a simple AI that
I can talk to on my phone and computer, that can control my home, including
lights, temperature, appliances, music and security, that learns my tastes and
patterns, that can learn new words and concepts, and that can even entertain
Max. It uses several artificial
intelligence techniques, including natural language processing, speech recognition,
face recognition, and reinforcement learning, written in Python, PHP and
Objective C. In this note, I’ll explain
what I built and what I learned along the way.”
For my students who still center text by typing, “space,” “space,”
“space,” “space,” “space,” “space,” etc.
More than 1.2
billion people use Microsoft Office around the world. Unfortunately, most people — even those who
are right next to you — might not be so fluent in it or in any of the programs
in the suite. Microsoft Office 2016 also
introduced a few new productivity features, and there’s a bit of a learning
curve there.
… Start with the
user-friendly Quick Start Guides provided by Microsoft.
Microsoft has cleaned up its act since the early days when
support material to learn the program was scant. Now you have entire training modules and even
a dedicated feature like the Tell me what you want to do that
makes the new user far more comfortable with the features on the Ribbon.
No comments:
Post a Comment