Think Information. Think Security.
 
Picture
MANILA, Philippines—Several government and civil society websites were defaced Wednesday night by an unidentified hacker calling itself “Anonymous Philippines” protesting the recently enacted anti-cybercrime law.

As of midnight, the website of Bangko Sentral ng Pilipinas, Metropolitan Waterworks and Sewerage System, the American Chamber of Commerce, and the Philippine Anti-Piracy Team succumbed to the cyber-attacks. Twitter users first sent tips about the hacking of the BSP website close to 11 p.m., after which the Philippine Daily Inquirer relayed the incident to BSP officials.


 
Picture
A SECURITY RESEARCHER has exposed a vulnerability in some Samsung handsets that leaves them open to a remote wipe attack.

Ravi Borgaonkar showed off the attack at the Ekoparty security conference, reports Slashgear. There he showed how a hacker could direct the user to a webpage where some malicious code could plunge them into a factory reset nightmare. Borgaonkar's talk, Dirty use of USSD Codes in Cellular Network, showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.


 
Picture
A cyber espionage campaign, now linked to attacks on the energy and oil sector in various countries and a military organization, was likely launched by the same attackers behind an RSA breach and the GhostNet spy network. Recent targets in the Mirage campaign – which is named after the remote access trojan Mirage spread through spear phishing emails – include an energy company in Canada, a high-profile oil company in the Philippines and a military organization in Taiwan.

Researchers at Dell SecureWorks Counter Threat Unit discovered Mirage, which is usually embedded in executable files designed to look and behave like PDFs, and began tracking the cyber espionage campaign in April.


 
Picture
In the wake of issues affecting Bank of America and JPMorgan Chase's websites, the Financial Services Information Sharing and Analysis Center (FS-ISAC) raised the financial industry's cyber threat level to “high.”

The threat level moved from “elevated” to “high” on Wednesday, the same day news broke that Chase's website was down intermittently – and only a day after Bank of America customers experienced problems accessing its site. On the FS-ISAC website, the organization said the high threat level was related to “recent credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions.” A hacktivist group called “Cyber fighters of Izz ad-din Al qassam” claimed responsibility for attacks on “properties of American-Zionist capitalists” launched Tuesday, specifically mentioning Bank of America and the New York Stock Exchange (NYSE) as targets. “This attack will continue till the erasing of that nasty movie,” warned the message posted on Pastebin. On Wednesday, the group posted another message, taking credit for site issues affecting Chase.


 
Picture
AMSTERDAM -- How long would it take a determined attacker to hack into Apple's iPhone device from scratch? That was the intellectual challenge that drove a pair of Dutch researchers to start looking for an exploitable software vulnerability that would allow them to hijack the address book, photos, videos and browsing history from a fully patched iPhone 4S.

The hack, which netted a $30,000 cash prize at the mobile Pwn2Own contest here, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site. "It took about three weeks, starting from scratch," says Joost Pol (photo left), CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit." The entire exploit only used a single zero-day bug to sidestep Apple's strict code signing requirements and the less restrictive MobileSafari sandbox.


 
Picture
At least 19 Japanese Web sites, including a government ministry and hospital, have been affected by cyberattacks reportedly originating from China, according to Japan's National Police Association (NPA).

In a statement Wednesday, NPA said 300 Japanese organizations were listed as targets on the message board of China's Honker hacker group, while up to 4,000 people posted messages about planned attacks and tools on Chinese chat site "YY Chat".

NPA confirmed 11 Web sites, which included Statistics Bureau of Japan and the government's Internet TV, were difficult to access. Eight Web sites including a Japanese court and Tohoku University Hospital were hacked and displayed images of the Chinese flag as well as text claiming the Senkaku Island belonged to China.


 
Picture
The team -- Tyrone Erasmus, Jacques Louw, Jon Butler and Nils (yes, that Nils) -- carted off a $30,000 cash prize as part of the EuSecWest mobile Pwn2Own hacker contest.

According to Erasmus, the exploit was delivered via NFC, the short-range wireless technology allows the sharing of small payloads of data between an NFC tag and an Android-powered device.   The hackers exploited a weakness in the way NFC is implemented in the Galaxy S3 to deliver a malicious file that was automatically opened by the Android document viewer. Once the file opened, the team exploited a zero-day flaw in the document viewer to launch a code execution attack.  A second Android privilege escalation vulnerability, also zero-day, was then used to get full rights on the device.


 
Picture
click-fraud campaign – in which attackers redirect users from legitimate ads on major sites, like Facebook and YouTube, to URLs where they can receive money for clicks – has been launched using a new TDL-4 malware variant.

TDL-4 rose to infamy in 2011, when researchers discovered that the malware supported a botnet of more than four million infected computers, which were primarily in the United States. The latest version of the malware uses a domain-generation algorithm(DGA), in which the infected machines generate hundreds to thousands of domain names a day to hide the command-and-control infrastructure. Researchers at Damballa Labs discovered the malware variant and believe it emerged in May, infecting approximately 280,000 machines since then. The last 30,000 cases of infection have emerged in the past week alone.


 
Picture
One of three newly detected strains of malware, linked to the authors ofFlame, is already operating in the wild, according to new research on the cyber espionage campaign. Recent findings also date the development of Flame's command-and-controlplatform as far back as December 2006.

Flame, which has targeted victims primarily in Iran, is thought to be the creation of a nation-state due to the resources needed for the large-scale, sophisticated attacks. Malicious capabilities of Flame, believed to be related to Stuxnet and Duqu, include screenshot-capturing and keystroke-logging features, as well the ability to engage microphones to record victims' conversations. The malware is also designed to uninstall itself from computers after stealing information.


 
Picture
Many of today's Web applications rely on enterprises' most sensitive data stores to keep order systems running, partner companies collaborating, and internal users in touch with important business information no matter where they are.

While such easy access to business-critical data has greatly improved worker productivity and loosened the pocketbooks of customers, it has also opened up that data to considerable risk. Unfortunately, much of the risk is introduced by developers who lack the resources to code these applications without vulnerabilities that open databases to compromise -- be it time, money, education, or support from executives.

When these factors aren't in place, developers frequently make these mistakes: