HP Security Research OSINT (OpenSource Intelligence) articles of interest--May 23, 2014

Key Articles of Interest

 

Expert: Fake eBay Customer List is Bitcoin Bait
In the wake of eBay’s disclosure that a breach may have exposed the personal data on tens of millions of users, several readers have written in to point out an advertisement that is offering to sell the full leaked user database for 1.4 bitcoins (roughly USD $772 at today’s exchange rates).

 

On CVE–201 : 770 / ZDI–1 : 40 : Internet Explorer 8 “0day”
I have received a ton of questions regarding a recently published ZDI advisory, which provides some details about a bug I discovered and reported to Microsoft (via ZDI), affecting Internet Explorer 8.  I wanted to take a few moments to clarify some of the confusion and answer some of the questions in this post.

 

Microsoft will patch IE zero day – eventually
A security research group within Hewlett-Packard called the Zero Day Initiative (ZDI) released details of the flaw on Wednesday after giving Microsoft months to address it. The group withholds details of vulnerabilities to prevent tipping off hackers but eventually publicizes its findings even if a flaw isn’t fixed.

 

Chip and Skim: cloning EMV cards with the pre-play attack
EMV, also known as “Chip and PIN”, is the leading system for card payments worldwide. It is used throughout Europe and much of Asia, and is starting to be introduced in North America too. Payment cards contain a chip so they can execute an authentication protocol. This protocol requires point-of-sale (POS) terminals or ATMs to generate a nonce, called the unpredictable number, for each transaction to ensure it is fresh. We have discovered two serious problems: a widespread implementation flaw and a deeper, more difficult to fix flaw with the EMV protocol itself. 

 

IntelCrawler: Point-of-Sale and Modern Cybercrime Detection of “Nemanja” Botnet
About March 2014, IntelCrawler identified one of the biggest botnets, called “Nemanja,” based on compromised POS terminals, accounting systems and grocery management platforms. The assigned name is related to potential roots of bad actors with similar nicknames from Serbia. It included more than 1478 infected hosts.

 

SpyEye-using Cybercriminal Arrested in Britain
Note the same handle was present in previous Zeus source code leaks
We’ve recently seen multiple arrests and take downs of cybercriminals and their infrastructure. Here is another one to add up. 

 

Darpa Is Weaponizing Oculus Rift for Cyberwar
For the last two years, Darpa has been working to make waging cyberwar as easy as playing a video game. Now, like so many other games, it’s about to get a lot more in-your-face. At the Pentagon Wednesday, the armed forces’ far-out research branch known as the Defense Advanced Research Projects Agency showed off its latest demos for Plan X, a long-gestating software platform designed to unify digital attack and defense tools into a single, easy-to-use interface for American military hackers.

 

Lastline: AV Isn’t Dead, It Just Can’t Keep Up
Much has been said in recent weeks about the state of AV technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal to determine which caught the malware samples, and how quickly.

 

Inside the US government’s war on tech support scammers
Sitting in front of her PC, the phone in her hand connected to a tech support company half a world away, Sheryl Novick was about to get scammed. The company she had reached, PCCare247, was based in India but had built a lucrative business advertising over the Internet to Americans, encouraging them to call for tech support. After glimpsing something odd on her computer, Novick did so.

 

Combining Multiple Malware Detection Approaches for Achieving Higher Accuracy
As malware poses a major threat on the Internet, malware detection and mitigation approaches have been developed and used in the bat- tle against malware. Some malware samples elude these approaches, while some benign software is marked malicious. Having looked at the state of the art in detection approaches, we have combined three, namely honeypots, DNS data analysis and flow data analysis. All three are widely used in corporate networks and can be exerted for detecting malware.

 

Behind Blackshades: a closer look at the latest FBI cyber crime arrests
The FBI made big headlines yesterday with its announcement of a high-profile malware takedown related to a RAT called Blackshades (of which more in a moment). Hopefully this move, involving 97 arrests in 16 countries, will discourage the use of spyware by criminals.

 

Crowdstrike: Business as Usual?
The roller coaster ride that represents cyber negotiations between the U.S. and China reached both new heights and lows Monday as the U.S. Department of Justice (DOJ) indicted five members of China’s People’s Liberation Army (PLA) Unit 61398 for committing cyber espionage against several U.S. corporations.

 

Symantec: How the Elderwood Platform is Fueling 2014’s Zero-Day Attacks
Back in 2012, Symantec researched the Elderwood platform, which was used in spear-phishing and watering-hole attacks against a wide variety of industries. The Elderwood platform essentially consists of a set of exploits that have been engineered and packaged in a “consumer-friendly” way. This allows non-technical attackers to easily use zero-day exploits against their targets.

 

Fireeye: CYBERSECURITY’S MAGINOT LINE: A Real-World Assessment of the Defense-in-Depth Model
Today, most people know the Maginot Line as one of history’s biggest boondoggles. Constructed at a massive cost to the French government in the run-up to World War II, the 940-mile line proved futile in the face of a new style of warfare. The Maginot Line didn’t fail, exactly.

Bugs in your TV
As part of our research into the Internet of Things (IoT), we were asked to look at the current generation of Smart TVs and see whether they posed any new issues when used in the home or office. In particular, the latest sets come with built-in cameras (for use with video chat applications, plus new features, such as gesture recognition), so we decided to see whether these could be exploited in any way.

Labels: HP| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.