United Kingdom

Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears (telegraph.co.uk) 190

Chrisq shares a report from The Telegraph: Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated." However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks.
Security

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software (bleepingcomputer.com) 18

An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.
Microsoft

Microsoft Bringing EMET Back As a Built-In Part of Windows 10 (arstechnica.com) 39

An anonymous reader quotes a report from Ars Technica: The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard. Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques -- some built in to Windows, some part of EMET itself -- to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible. With Windows 10, however, EMET's development was essentially cancelled. But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues -- a few even require applications to be deliberately written with the mitigation in mind -- which means that Windows does not simply turn on every mitigation for every application. It's here that Exploit Guard comes in.
Security

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid (vice.com) 155

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.
Security

Heritage Valley Health System Target Of Cyber Attack (cbslocal.com) 24

The Heritage Valley Health System says it has been hit with a cyber attack. From a report: A spokeswoman confirmed the attack Tuesday morning. "Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded." Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia. Also read: Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World.
China

China's All-Seeing Surveillance State Is Reading Its Citizens' Faces (wsj.com) 102

China's government is using facial-recognition technology to help promote good behavior and catch lawbreakers, reports the WSJ. From the article: Facial-recognition technology, once a specter of dystopian science fiction, is becoming a feature of daily life in China, where authorities are using it on streets, in subway stations, at airports and at border crossings in a vast experiment in social engineering (alternative source). Their goal: to influence behavior and identify lawbreakers. Ms. Gan, 31 years old, had been caught on camera crossing illegally here once before, allowing the system to match her two images. Text displayed on the crosswalk screens identified her as a repeat offender. "I won't ever run a red light again," she said. China is rushing to deploy new technologies to monitor its people in ways that would spook many in the U.S. and the West. Unfettered by privacy concerns or public debate, Beijing's authoritarian leaders are installing iris scanners at security checkpoints in troubled regions and using sophisticated software to monitor ramblings on social media. By 2020, the government hopes to implement a national "social credit" system that would assign every citizen a rating based on how they behave at work, in public venues and in their financial dealings.
Security

Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World (vice.com) 100

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."

According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
Science

Physicists Have Created the Brightest Light Ever Recorded (vice.com) 96

Jason Koebler writes: A group of physicists at the University of Nebraska-Lincoln's Extreme Light Laboratory announced Monday that they have created the brightest light ever produced on Earth using Diocles, one of the most powerful lasers in the United States. When this high intensity laser pulse, which is one billion times brighter than the surface of the sun, strikes the electron, it causes it to behave differently. By firing this laser at individual electrons, the researchers found that past a certain threshold, the brightness of light will actually change an object's appearance rather than simply making it brighter. The x-rays that are produced in this fashion have an extremely high amount of energy, and Umstadter and his colleagues think this could end up being applied in a number of ways. For starters, it could allow doctors to produce x-ray medical images on the nanoscale, which would allow them to detect tumors and other anomalies that regular x-rays might have missed. Moreover, it could also be used for more sophisticated x-ray scanning at airports and other security checkpoints.
Canada

China, Canada Vow Not To Conduct Cyberattacks On Private Sector (reuters.com) 52

New submitter tychoS writes from a report via Reuters: China and Canada have signed an agreement vowing not to conduct state-sponsored cyberattacks against each other aimed at stealing trade secrets or other confidential business information. The new agreement was reached during talks between Canada's national security and intelligence adviser, Daniel Jean, and senior communist party official Wang Yongqing, a statement dated June 22 on the Canadian government's website showed. "This is something that three or four years ago (Beijing) would not even have entertained in the conversation," an unnamed Canadian government official told the Globe and Mail, which first reported the agreement. The new agreement only covers economic cyber-espionage, which includes hacking corporate secrets and proprietary technology, but does not deal with state-sponsored cyber spying for intelligence gathering.
Security

Judge Sentences Man To One Year In Prison For Hacking Smart Water Readers In Five US Cities (bleepingcomputer.com) 60

An anonymous reader writes: A Pennsylvania man was sentenced to one year and one day in prison for hacking and disabling base stations belonging to water utility providers in five cities across the U.S. East Coast. Called TGB, these devices collect data from smart meters installed at people's homes and relay the information to the water provider's main systems, where it is logged, monitored for incidents, and processed for billing. Before he was fired by the unnamed TGB manufacturing company, Flanagan's role was to set up these devices. After he was fired, Flanagan used former root account passwords to log onto the devices and disable their ability to communicate with their respective water utility providers' upstream equipment. He wasn't that careful, as the FBI was able to trace back the attacks to his home. Apparently, the guy wasn't that silent, leaving behind a lot of clues. Flanagan's attacks resulted in water utility providers not being able to collect user equipment readings remotely. This incurred damage to the utility providers, who had to send out employees at customer premises to collect monthly readings. He was arrested in Nov 2014, and later pleaded guilty.
Australia

Australian Officials Want Encryption Laws To Fight 'Terrorist Messaging' (arstechnica.com) 189

An anonymous reader quotes Ars Technica: Two top Australian government officials said Sunday that they will push for "thwarting the encryption of terrorist messaging" during an upcoming meeting next week of the so-called "Five Eyes" group of English-speaking nations that routinely share intelligence... According to a statement released by Attorney General George Brandis, and Peter Dutton, the country's top immigration official, Australia will press for new laws, pressure private companies, and urge for a new international data sharing agreement amongst the quintet of countries... "Within a short number of years, effectively, 100 per cent of communications are going to use encryption," Brandis told Australian newspaper The Age recently. "This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless it's addressed"... Many experts say, however, that any method that would allow the government access even during certain situations would weaken overall security for everyone.
America's former American director of national intelligence recently urged Silicon Valley to "apply that same creativity, innovation to figuring out a way that both the interests of privacy as well as security can be guaranteed." Though he also added, "I don't know what the answer is. I'm not an IT geek, but I just don't think we're in a very good place right now."
Security

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever (cnet.com) 56

An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn't immediately respond to a request for confirmation and comment, isn't admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement.

But if approved, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for "information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," the plaintiff attorneys said.

The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected.
Wireless Networking

How A Contractor Exploited A Vulnerability In The FCC Website (wirelessestimator.com) 69

RendonWI writes: A Wisconsin wireless contractor discovered a flaw in the FCC's Antenna Structure Registration (ASR) database, and changed the ownership of more than 40 towers from multiple carriers and tower owners into his company's name during the past five months without the rightful owners being notified by the agency, according to FCC documents and sources knowledgeable of the illegal transfers. Sprint, AT&T and key tower companies were targeted in the wide-ranging thefts... Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR.
United States

Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com) 263

Long-time Slashdot reader quotes Ars Technica: The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.

The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.

According to the article, the U.S. government told the court that national security was at risk.
Security

Account Registrations Enable 'Password Reset Man In The Middle' Attacks (helpnetsecurity.com) 79

"Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated." Orome1 quotes Help Net Security: The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
Interestingly, it can also beat two-factor authentication -- since the targeted user will still input the phone code into the man-in-the-middle site.
Bug

Researcher Finds Critical OpenVPN Bug Using Fuzzing (zdnet.com) 47

"Guido Vranken recently published 4 security vulnerabilities in OpenVPN on his personal blog," writes long-time Slashdot reader randomErr -- one of which was a critical remote execution bug. Though patches have been now released, there's a lesson to be learned about the importance of fuzzing -- bug testing with large amounts of random data -- Guido Vranken writes: Most of these issues were found through fuzzing. I hate admitting it, but...the arcane art of reviewing code manually, acquired through grueling practice, are dwarfed by the fuzzer in one fell swoop; the mortal's mind can only retain and comprehend so much information at a time, and for programs that perform long cycles of complex, deeply nested operations it is simply not feasible to expect a human to perform an encompassing and reliable verification.
ZDNet adds that "OpenVPN's audits, carried out over the past two years, missed these major flaws. While a handful of other bugs are found, perhaps OpenVPN should consider adding fuzzing to their internal security analysis in the future."

Guido adds on his blog, "This was a labor of love. Nobody paid me to do this. If you appreciate this effort, please donate BTC..."
United Kingdom

UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack (theguardian.com) 44

An anonymous reader quotes the Guardian: Parliament has been hit by a "sustained and determined" cyber-attack by hackers attempting to gain access to MPs' and their staffers' email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords... The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails...

The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."

One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."
Government

Obama Authorized a Secret Cyber Operation Against Russia, Says Report (engadget.com) 228

Jessica Conditt reports via Engadget: President Barack Obama learned of Russia's attempts to hack U.S. election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the U.S. to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former U.S. official told The Post. The report says CIA director John Brennan, Obama and other officials had at least four "blunt" conversations with Russian officials about its cyber intrusions beginning August 4th. Obama confronted Vladimir Putin in person during a meeting of world leaders in China this past September, the report says, and his administration even sent Russia a warning through a secure channel originally designed to help the two countries avoid a nuclear strike. Moscow apparently responded one week later -- after the U.S. election -- denying the accusation.
Operating Systems

32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk) 201

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.
Network

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs (bleepingcomputer.com) 74

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.

Slashdot Top Deals