The Tech News Blog

December 21, 2013

Target Says Security Threat ‘Eliminated’ After Massive Data Breach

Target Black Friday

Target said Friday that it has "identified and eliminated" a threat posed to customer payment card data by recent unauthorized access to that data at its U.S. retail outlets.

The retail giant is offering a 10 percent discount on all items in its stores to customers shopping today and Sunday as a way to make up for a "confusing and disruptive" episode affecting holiday shopping on Black Friday and afterwards.

Late last week, Target confirmed that it was hacked in a breach that could affect approximately 40 million credit and debit card customers. The retail giant said the breach, first reported by Brian Krebs, affects those who used credit or debit cards in U.S. stores between Nov. 27 to Dec. 15.

"Yesterday we shared that there was unauthorized access to payment card data at our U.S. stores. The issue has been identified and eliminated. We recognize this has been confusing and disruptive during an already busy holiday season. Our guests' trust is our top priority at Target and we are committed to making this right," Target CEO Gregg Steinhafel said in a statement.

December 21, 2013

Report: NSA Paid RSA $10M to Create ‘Back Door’ in Encryption Software

NSA Logo

The National Security Agency allegedly paid $10 million to the security software provider RSA to create a "back door" in its encryption products to give the NSA access to data protected by RSA products like Bsafe, according to a new report from Reuters.

The former NSA contractor Edward Snowden, who in late 2012 began leaking documents about the nature and scope of computer spying by the U.S. security agency, served up evidence in September that "the NSA created and promulgated a flawed formula for generating random numbers to create a 'back door' in encryption products," the news agency noted.

Reuters reported that month that RSA, a subsidiary of EMC, "became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products."

But Reuters said Friday that a $10 million contract the agency had with RSA to "set the NSA formula as the preferred, or default, method for number generation in the BSafe software" was a new development in the ongoing story.

RSA securities filings showed that the contract represented "more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year," Reuters added.

December 19, 2013

Target Hack May Have Hit 40 Million Credit, Debit Cards

Target Black Friday

Target on Thursday confirmed that it was hacked in a breach that could affect approximately 40 million credit and debit card customers.

Target said the breach, first reported by Brian Krebs, affects those who used credit or debit cards in U.S. stores between Nov. 27 to Dec. 15.

"We have determined that the information involved in this incident included customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code)," the store said.

The retailer has since "identified and resolved" the problem. It has alerted affected financial institutions and is "partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident."

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," Gregg Steinhafel, chairman, president and CEO of Target, said in a statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

December 6, 2013

Microsoft, Feds Disrupt ZeroAccess Botnet

Microsoft Cybercrime Center

Microsoft today announced that it has "successfully disrupted" the ZeroAccess botnet, which has infected nearly 2 million computers all over the world, and cost online advertisers more than $2.7 million each month.

Redmond worked in conjunction with Europol's European Cybercrime Centre (EC3), the FBI, and tech firms like A10 Networks to take action against ZeroAccess, also known as Sirefef.

Microsoft also filed suit in Texas district court that seeks a preliminary injunction directing U.S. Internet Service Providers and other entities in control of the Internet domains and IP Addresses to disable access to the botnet and preserve any content and material associated with it to help with Microsoft's case.

Microsoft noted that the sophisticated nature of ZeroAccess means that it has not been fully eliminated, but "we do expect this legal and technical action will significantly disrupt the botnet's operation by disrupting the cybercriminals' business model and forcing them to rebuild their criminal infrastructure, as well as preventing victims' computers from committing the fraudulent schemes," Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said in a statement.

According to Microsoft, ZeroAccess targets major search engines like Google, Yahoo, and Bing and hijacks search results, redirecting users to dangerous websites that could install malware on their PCs. The scammers could then steal personal information or fraudulently charge businesses for online advertisement clicks. Criminals have also disguised ZeroAccess as legitimate software, tricking people into downloading it.

ZeroAccess is difficult to target because it relies "on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers." That makes it "one of the most robust and durable botnets in operation today," Microsoft said.

Redmond said it is working with partners to notify people if their PCs are infected. The company also recommended that people visit for information about how to remove the threat.

"Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or anti-virus software as quickly as possible," Microsoft said.

The ZeroAccess attack is the first botnet action Microsoft has taken since the launch of its new Cybercrime Center last month.

In June, Microsoft also disrupted more than 1,000 botnets used to steal people's banking information and identities. The malware, dubbed Citadel, resulted in losses of more than $500 million and affected more than 5 million people.

Earlier this week, meanwhile, Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for: 1.58 million websites; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts.

December 4, 2013

Pony Botnet Steals 2M Yahoo, Facebook, Google Passwords

Get Organized: How I Cleaned Up My Passwords in 5 Weeks

According to researchers, scammers have scooped up more than 2 million passwords for sites like Facebook, Google, and Yahoo, but it appears that the data was stolen via malware-infected machines rather than a hack of those companies' systems.

Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for: 1.58 million websites; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts.

Looking at the domains from which those passwords were stolen, Facebook was most popular, accounting for 318,121, or 57 percent. Yahoo came in second with about 60,000, followed by Google Accounts (54,437), Twitter (21,708), and (16,095). Also on the list was LinkedIn (8,490 passwords) and payroll provider ADP (7,978), which Trustwave said was surprising.

"Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," the firm wrote in a blog post.

November 14, 2013

Microsoft Opens Cybercrime Center to Fight Malware, Botnets

Microsoft Cybercrime Center

Microsoft is taking its fight against cybercrime to the next level. Redmond on Thursday announced the opening of a new Cybercrime Center from which it intends to battle some of the worst Internet threats like malware, botnets, intellectual property theft, and technology-facilitated child exploitation.

Located on Microsoft's Redmond, Wash.-campus, the 16,800-square foot secured facility houses technologies that allow security experts to visualize and identify global cyber threats developing in rea time.

"The Microsoft Cybercrime Center is where our experts come together with customers and partners to focus on one thing: keeping people safe online," David Finn, associate general counsel of the Microsoft Digital Crimes Unit, said in a statement. "By combining sophisticated tools and technology with the right skills and new perspectives, we can make the Internet safer for everyone."

Microsoft said the center brings together attorneys, investigators, technical experts, and forensic analysts, "marking a new era in effectively fighting crime on the Internet." The center houses technology like Microsoft's SitePrint, which allows experts to map organized crime networks on the Web.

November 12, 2013

Facebook Pushes Password Resets After Adobe Hack

Data Breaches

More than a month after Adobe suffered a massive security breach, Facebook is pushing users to update their password and security settings.

Though Facebook was not directly involved in the Adobe hack, the social network is taking precautions for those members who used the same email and passcode sequence for Facebook and Adobe.

"We actively look for situations where the accounts of people who use Facebook could be at risk — even if the threat is external to our service," a Facebook spokesman told PCMag. "When we find these situations, we present messages to people to help them secure their accounts."

According to that notice, users must answer additional security questions and change their password. "For your protection, no one can see you on Facebook until you finish," the message (below) reads.

Early last month, Adobe revealed that it had recently suffered a massive security breach which compromised the IDs, passwords, and credit card information of nearly 3 million customers, as well as login data for an undetermined number of accounts.

The organization later amended its estimate, increasing the original number from nearly 3 million to 38 million. As Facebook security engineer Chris Long chimed in on Krebs's blog, offering behind-the-scenes clarity about the situation.

October 30, 2013

Adobe Hack Actually Hit 38 Million (Not 3M)

Adobe Logo

Adobe on Wednesday revised its estimate of how many users were affected by a recent hack, increasing that number from nearly 3 million to 38 million.

"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and what were at the time valid, encrypted passwords for approximately 38 million active users," an Adobe spokesman said in a statement.

All affected active users have been notified, and passwords were reset to encrypted keys, Adobe said.

"We believe the attackers also obtained access to many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords, and test account data," Adobe said. "We are still in the process of investigating the number of inactive, invalid and test accounts involved in the incident. Our notification to inactive users is ongoing."

At this point, Adobe said it has no evidence of "unauthorized activity on any Adobe ID account involved in the incident."

October 14, 2013

Researcher Uncovers Backdoor Vulnerability in D-Link Routers

D-Link DIR 605L Cloud Router

A security researcher this weekend discovered a backdoor vulnerability with certain D-Link routers that might allow cyber criminals to alter a router's setting without a username or password.

In a note on its website, D-Link said it is "proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed."

The glitch was discovered by Craig Heffner from Tactical Network Solutions. He charted the hack in a technical blog post published on Saturday, but what it boils down to is a vulnerability that lets scammers "access the web interface without any authentication and view/change the device settings."

According to PC World, D-Link plans to release a firmware update for the problem by the end of the month. D-Link did not immediately respond to a request for comment.

As the site noted, the discovery is problematic because an attacker could, for example, change the DNS settings on a router and redirect users to malicious websites.

October 7, 2013

Beware Android Malware! Threats Reach One Million Mark

Trend Micro Android Malware

October certainly is the month for scares; Trend Micro's Security Intelligence Lab revealed that this past September mobile threats reached the one million mark. This fulfills the security software company's prediction in their second quarter roundup that the number of malicious and high-risk Android apps would hit one million by year-end. To put things in perspective, it took a decade for PC malware to reach this number of threats.

The company's blog post revealed data from Trend Micro's Mobile App Reputation scanner that showed that the number of Android malware, including high-risk apps for the device, has been increasing steadily throughout the year. Seventy-five percent of these potentially dangerous apps perform malicious routines while the other twenty-five percent show suspicious routines including adware.

Top Threats
Trend Micro highlighted some of the top mobile malware threats to look out for, such as FAKEINST and OPFAKE. Both typically disguise themselves as legitimate apps to lure users into various scams. Malicious apps based on FAKEINST are also premium service abusers, sending unauthorized text messages to victims to register for costly services.

This malware family might sound familiar to you because it was involved in the fake Bad Piggies app incident where a rogue version of the Bad Piggies game was released on the Google Play store. OPFAKE malware leads users to open an .HTML file and asks them to download possibly malicious files.