The infected ads were served to visitors of the Yahoo homepage over a four-day period last week. Some of the malware that was served up could turn the infected computers into Bitcoin miners.  The malware that Yahoo unknowingly served up attacked flaws in Java on the victim machines. Yahoo says that the malware was served up from December 31 to January 3 on its European sites. 

Yahoo is being criticized for not doing anything to help the owners of computers infected with malware served from its site.

The web company has promised to monitor and block any ads being used for serving malware. Estimates are that around 27000 infections resulted every hour the ads containing the malware were served. Some malware installed by the rogue ads also installed ZeuS, which tries to steal banking information.

You can read the original article at SlashGear.

Imagine a system that can alert you when it starts to rain, not only warning to get out your umbrella, but also putting more trains on the Metro to cope with the extra passengers, monitoring the cafes to ensure there is sufficient coffee, or alerting when a vending machine needs restocking. A tool that gives you a sharp overview of vast and complex infrastructure, combined with the intelligence to review and comprehend what is happening – well, that’s not merely SIEM. That’s LogPoint.

SIEM – or Security Information and Event Management. Quite a mouthful. So what does it mean?
Metaphorically speaking, SIEM is the Information Technology version of Closed Circuit Television (CCTV). In short: a surveillance system of all data within an entire IT landscape in order to catch intrusions, provide insight into operations and report on functioning.

The First CCTV
Originally developed in the 1930’s to monitor rocket launches, CCTV began to be used to remotely monitor people and equipment in the 1970’s. A very basic instrument at the time, it could not record, replay, keep or store images.
Unless you were watching it live, the event would be missed.

Log Files
IT Systems create log files for every activity, be it purely informational, or failures, or even successes. Log Files can also trace who performed the activity, when was it done, etc. However, log files are stored locally on each system, and unless someone can review each and every system, it is almost impossible to find everything. Just like the first CCTV, unless you are watching these logs in real time, the event will be missed.

CCTV Evolves
CCTV evolved throughout the 80’s and 90’s, gaining the ability to record and replay videos of people and activity – and this could then be used for investigation and criminal prosecution within the courts. Slowly, CCTV cameras began to appear everywhere. Today, there are 207,431 CCTV cameras covering a large percentage of the city of London – a similar story for most European cities.

Log Management
This is the basis for the Log Management software from which SIEM has evolved – software that enables log collection from an entire infrastructure, storing them centrally, and time-stamping them for analysis. This offers better insight into how “the crime” happened and took place, who was involved, and how can it be prevented in the future. But this still isn’t SIEM as we know it today.

Modern CCTV
CCTV has developed at an amazing speed since the turn of the century. Not only can it now record and store data from hundreds of thousands of cameras, it can also recognize auto registrations and even faces – enabling real-time alerts that can:
• Be sent to emergency operators.
• Dispatch police – e.g., when specific people enters a city or area where they have been banned.
• Track and alert suspicious behavior and movements, such as with crowd control, loitering in street theft hot spots, or troublemakers entering a bar.

SIEM
Like the modern CCTV, LogPoint is the most advanced form of SIEM – capable of monitoring millions of log files every second, from every device in an infrastructure, detecting log patterns as they evolve.
LogPoint can:
• Regularly report on general activities.
• Identify bottlenecks and monitor the health of your IT infrastructure.
• Replay events to identify when, what and who was involved – providing evidence in criminal prosecution.
• Reveal how to prevent incidents from happening again.
• Alert administrators to security threats and system failures – before they even happen.

LogPoint, is the best SIEM, ever.

This is according to the abstract of a briefing to be given at the upcoming Black Hat USA conference. The attack, dubbed “Mactans“, succeeded in compromising latest generation devices with the latest version of iOS. It led to a persistent infection with software of the attacker’s choice, invisible to the phone’s user thanks to built-in concealment techniques used to hide some of Apple’s own apps.

The researchers, from the Georgia Institute of Technology, say they built their malicious charger in minimal time with little budget, using a credit card-sized BeagleBoard-embedded computer. I’ve always been a little worried when I’ve seen those free charging stations at airports, shopping malls and other public places. OK, so sometimes you just have to get at some power, but the whole idea of plugging my phone into something I have so little reason to trust just seems a little dirty, not to mention unsafe. Now, assuming this is more than the usual pre-conference hype, those fears look more than justified.

Worse, the small scale of this particular device means you wouldn’t even need a big pedestal-sized charging station. While not quite small enough to disguise as a normal Apple USB power converter as it stands, there are still ample opportunities to trick people into trusting a reasonably compact charging device.

With a little more effort and investment, it should be trivial to build a trojanized charger that is almost identical to standard kit. Then we’d really be in trouble. Imagine an eBay shop selling super cheap USB plugs, which could happily take over your phone and make it call premium-rate numbers or harvest passwords from your email or even bank accounts. Not such a bargain all of a sudden. It might be a good time to buy up all the USB chargers you’re going to need – I suspect prices for proven trustworthy hardware might well be going up fairly shortly.

You can read the original article, here.

What’s a CSR?

If you have ordered an SSL Certificate before, you were most likely asked to provide a CSR. The CSR is used to deliver the public key that your server will use to identify itself. Generating a CSR can be a hurdle for non-technical staff that aren’t always familiar with the command lines that need to be created and today still remains a time-consuming process even for more experienced users.

CSR Creation Made Easy

Our new CSR creation tool makes it easy to generate the CSR for your server by simply inputting your certificate information (e.g. domain name, organization details, etc.) in the fields provided. The tool will automatically generate the command lines required to create the CSR on your webserver, so you don’t need to write them yourself.

The CSR tool provides command lines for most popular webservers, including OpenSSL, Exchange 2007, IIS and F5 Big-IP.

Bonus Features: Advice on Best Practices

To ensure your SSL Certificates are compliant with the latest security best practices, the CSR tool automatically defaults to the most secure algorithm (RSA) and only offers key length options in line with the latest CA/B Forum guidelines (2048 bit minimum).
Use The Tool

The CSR tool is available in multiple languages at https://csrhelp.globalsign.com and includes support information and FAQs for additional help with the CSR generation process. Secure you website today with SSL the easy way.

You can read the original article here.

The authentication system, based on a new material for the home button and a metal sensor ring around it, has been the subject of numerous rumours and leaked photos and specs already. Speculation about Apple’s interest in fingerprints goes back at least as far as 2009, resurfaces each time a new version of the iPhone is launched, and has grown steadily ever since Apple’s pricey acquisiton of fingerprint tech firm AuthenTec last summer. Today’s confirmation at the iPhone 5s/5c launch ceremony makes it all official at last. According to Apple’s promotional material, the sensor:
“uses advanced capacative touch to take, in essence, a high-resolution image of your fingerprint from the sub-epidermal layers of your skin. It then intelligently analyses this information with a remarkable degree of detail and precision“.

As well as unlocking the phone, the sensor will be able to approve purchases at the Apple store. Fingerprint authentication has been a common sight in laptops for some time, with major vendors including Dell, Lenovo and Toshiba pushing their own built-in variations, usually available as an option alongside more traditional login methods. There are also a range of other implementations available, including many smartphone apps and external readers supported by the Windows Biometric Framework and some leading password managers.

Fingerprints thus probably rank a little above facial recognition as the most widely-deployed biometric authentication technique at the moment. In the past, however, they have proven rather unreliable, plagued with security worries, although suspected flaws are not always proven. Nevertheless, many fingerprint scanners seem to be open to spoofing. Fingerprints are not secret: we leave copies of them wherever we go, even if we’re trying hard not to, as cop show afficionados will be well aware. Once someone devious has got hold of a copy, purely visual sensors can be fooled by photographs, while more sophisticated techniques which measure textures, temperatures and even pulses are still open to cheating using flesh-like materials, or even gelatin snacks. Just how hard it will be to defeat Apple’s recognition system remains to be seen, but as crypto guru Bruce Schneier has pointed out, there’s a big danger in using fingerprints to access online services: the temptation to store the fingerprint info in a central database. Unlike passwords, of course, if your fingerprint data is lifted from a hacked database, you can’t simply change it, short of getting mediaeval on your hands with acid, sandpaper or some other hardened-gangster technique.

So, as expected, Apple has opted to keep all information local to the iPhone – indeed, it is apparently kept in a “secure enclave” on the new A7 chip and can only be accessed by the print sensor itself. Expect this storage area and the connections to it to become the subject of frenzied investigations by hackers of all persuasions. Of course, Apple is not alone in looking into fingerprints, with arch-rivals Samsung also rumoured to be making moves in that direction. (Samsung was a major customer of AuthenTec before it was acquired.) In the long term, how similar their approaches are may be a significant issue for all of us, whatever our smartphone affiliation and whether or not we worry much about privacy, and not just thanks to the inevitable legal rumpus. There are two basic approaches to security: either the way things work is kept proprietary and secret, as far as possible, or it’s made open for general consumption, and more importantly for verification. A cross-vertical group, the FIDO Alliance, was set up earlier this year to develop open specifications for biometric authentication standards, with members including Google, PayPal, hardware makers like Lenovo and LG, and a raft of biometrics and authentication specialists. Beleaguered phonemaker BlackBerry is the latest big-name inductee. The alliance’s aim, to create a universal approach to implementing biometrics in combination with existing passwords and two-factor dongles, is a noble goal. Sadly, given Apple’s history of playing well with others, it’s pretty likely that, as with their connector cables and DRM systems, their fingerprint setup will remain aloof from any attempts to build a truly universal consensus.

Even if a two-culture system prevails, widespread deployment in mass-market handhelds may well be a gamechanger for the adoption of biometric authentication. Touch ID and its inevitable followers could be a major part of all our futures.

You can read the original article, here.

Of course, it isn’t just film stars who have sensitive data on their Apple devices – employees will often have corporate data on their iPhones and iPads while home users may also have their personal pictures and videos stored on their iOS device.

With that in mind, here are 3 tips to help keep your photos and other data safe:

1. Use a strong password

This is an easy one – it’s important to make sure you use a strong, unique password for your iCloud account, especially as Apple hasn’t yet enabled two-step verification for iCloud. To do this, make the new password long (minimum 14 characters), avoid using real words and switch between UPPER, lower, d1g1t5 and //@ckies. If you have trouble remembering such a complex password, consider using a password manager.

And while we’re here, make sure you use unique passwords for every account on every website that you use. It’s important because if someone gains access to one of your accounts, they can only access that one – not every account you own.

2. Limit what you backup to iCloud

iCloud SettingsNow is a good time to check what exactly is being backed up to your own iCloud account. Go to Settings on your device and then select iCloud. Here you will see a list of all the apps on your device that are being backed up to the cloud. Each can be individually toggled on or off. You need to decide for yourself as to what you want to backup – for example, you may decide to not backup your Photos (especially if they’re a little risque), but keep backing up your Mail and Documents & Data.

It’s a case of weighing up the risk of losing or bricking your device, versus the risk of having your information stolen through the cloud. Of course, there’s always the option of…

3. Turn iCloud off and backup locally

If you feel that the risk of having your iCloud storage hacked outweighs the convenience of the service then you may wish to delete your account entirely. Doing so is very easy. Go to Settings on your iDevice and then select iCloud. Scroll all the way to the bottom of the screen and you will see the option to Delete Account. Of course, that means your device will no longer be backed up, so you’ll need an alternative means of backing up your data. Fortunately, you have that with Apple’s iTunes which offers a manual alternative.

To backup with iTunes:

1. Make sure your computer has the latest version of iTunes

2. Connect your iOS device to your computer

3. Choose File, then Devices and Back up.

If you decide to backup your devices this way, remember to continue backing up on a regular basis. 

You can read the original article, here.

In the spirit of sharing our knowledge, we’d like to show you a pretty great infographic that explains in visual format how a web attack works. As you can see in the infographic below, a web attack happens in five stages, and this whole process takes less than a second. The web is the number one source of malware (a term that combines “malicious” and “software”), and the majority of these malware threats come from what is called a drive-by download.

5 Stages of a Web Attack

The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code (Stage 1: entry point).

Most of the time, these are legitimate websites that have been compromised to redirect you to another site controlled by the hackers (Stage 2: distribution).

Today’s cybercriminals use sophisticated malware packaged in an “exploit kit” that can find a vulnerability in your software among thousands of possibilities.

When your browser is redirected to the site hosting an exploit kit, it probes your operating system, web browser and other software (such as your PDF reader or video player) to find a security vulnerability that it can attack (Stage 3: exploit).

Remember — if you are not applying security updates to your operating system and software, you are unprotected against these exploits.

Once the exploit kit has identified a vulnerability, that is where Stage 4: infection begins. In the infection phase of an attack, the exploit kit downloads what is known as a “payload,” which is the malware that installs itself on your computer.

Finally, in Stage 5: execution, the malware does what it was designed to do, which is mainly to make money for its masters.

The malware known as Zbot can access your email or bank accounts. Another type of payload called ransomware can hold your files hostage until you pay to have them released.

This kind of attack happens all the time. But you don’t have to be a victim. Download our checklist of technology, tools and tactics for effective web protection to find out how you can protect your organization from malware attacks at every step of the way. You should also check out our free whitepaper explaining how malware works and offering tips to help you stop it: Five Stages of a Web Malware Attack. (Registration required). 

You can read the original article here.

But those signals were not authentic, and the ship was not on course. The signals were in fact being sent from the White Rose’s upper deck by University of Texas/Cockrell School of Engineering graduate students Jahshan Bhatti and Ken Pesyna. A team from the school had been invited aboard while the White Rose sailed from Monaco to Rhodes, Greece, on the Mediterranean Sea. Using a blue box about the size of a briefcase, the duo spoofed the ship’s GPS signals, sending counterfeit signals that slowly, subtly overpowered the authentic GPS signals until the ship ultimately came under their control.

If this sounds familiar, it’s because students from this engineering school did the same thing to a drone last year. In May 2012, the engineering students tried out their $1,000 spoofer, which they had cobbled together in response to a dare from the US Department of Homeland Security (DHS). Under the direction of Assistant Professor Todd Humphreys, who is now working for the Department of Aerospace Engineering and Engineering Mechanics, the students last spring managed to hack and hijack a drone with what Humphreys at the time said was the most advanced spoofing device ever.

Both the drone and yacht hijackings were designed to shed light on the perils of navigation attacks, serving as evidence that spoofing is a serious threat to marine vessels and other forms of transportation. In plain English, that means that hackers can send drones smashing, say, into our skulls.

After the students had gained control of the ship’s navigation system, the team planned to coerce the ship onto a new course with subtle maneuvers that positioned the yacht a few degrees off its original course. When the ship’s navigation system detected the location discrepancy, the crew corrected the course – at least, they thought they did. In reality, their course corrections were setting the ship slightly off its course line. Watch a video about the attack here.

You can read the original article, here.

One of our SophosLabs researchers, Anna Szalay, made an interesting discovery recently: a new type of Android malware that slips in through a security hole in the USB debugging feature that allows developers to modify their Android devices. Naked Security expert Paul “Duck” Ducklin reports that this malware can intercept your SMS text messages to steal bank transaction details.

Duck explains in his post that intercepting SMSes from your Android phone allows the attackers to steal information they can use to access, for example, your email accounts or bank accounts:

The crooks want to infect you with malware that knows how to intercept incoming SMSes and redirect their content elsewhere. You can see where this is going: mobile malware that reads your SMSes before you do can steal important data such as the two-factor authentication (2FA) codes sent by your email provider or your bank, giving cybercriminals a way into your account despite the extra layer of protection in place.

SophosLabs detects this SMS-stealing malware as Andr/FakeKRB-H. As Duck explains, this malware gets onto your Android in a multi-step process that starts with your device getting infected by a crafty piece of Windows malware that sneaks in through the USB connection between your Android and a PC. This “helper” malware is a downloader detected by SophosLabs as Troj/DwnlAPK-A.

If you connect your Android to a PC infected by Troj/DwnlAPK-A, the malware sneaks in under the guise of files that “appear to be regular, clean files that enable full USB-to-phone connectivity on Samsung and LG devices,” Duck writes.

Then, once the downloader is installed, it loads the Android malware onto your device in what appears to be an app disguised as a Google-imitating “Google App Store” (the real Google store is simply called “Play Store”).

This is a good reminder that the bad guys continue to develop inventive ways of compromising our security to get at our most valuable data. Read the article at Naked Security to learn more about this malware and how to block it with security settings on your Android.

You can read the original article here and here.