Sign up for our Technology Newsletter 
Web.com Latest Hacking Victim
Hackers gain unauthorized access to the computers of Internet services provider Web.com Group and stole credit card information of 93,000 customers.
According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.
Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security
numbers was affected, the company said.
According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.
Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.
The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.
Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.
Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.
Source-http://www.thegurureview.net/aroundnet-category/web-com-latest-victim-of-credit-card-hacking.html
Microsoft To Release Advanced Threat Analytics
Comments Off on Microsoft To Release Advanced Threat Analytics
Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.
ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.
That final release will happen in August, which should give you plenty of time to get your head around it.
Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.
— Kevin Jones (@vcsjones) May 4, 2015
Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.
“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.
“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.
“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”
The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.
“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.
“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”
A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.
Darkode Hacking Forum Shut Down
Law enforcement agencies from 20 countries collaborated to cripple a major computer hacking forum, and U.S. officials filed criminal charges against a dozen people associated with the website, the U.S. Department of Justice announced.
Darkode.com on is displaying a message saying the site and domain had been seized by the FBI and other law enforcement agencies.
Darkode, a password-protected online forum for criminal hackers, represented one of the gravest threats to the integrity of data on computers across the world, according to David Hickton, U.S. attorney for the Western District of Pennsylvania. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”
Five of the defendants face charges in Hickton’s district.
Darkode allowed hackers and other cybercriminals to sell, trade and share information and tools related to illegal computer hacking, the law enforcement agencies alleged.
Before becoming a member of Darkode, prospective participants were allegedly vetted through a process that included an invitation by a member, the DOJ said in a press release. The prospective member then pitched the skill or products he or she could bring to the forum.
Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware, the DOJ said.
The takedown of the forum and the charges announced Wednesday came after the FBI’s infiltration of Darkode’s membership.
Facebook To Require Stronger Digital Signature
Comments Off on Facebook To Require Stronger Digital Signature
Facebook will require application developers to adopt a more secure type of digital signature for their apps, which is used to verify a program’s legitimacy.
As of Oct. 1, apps will have to use SHA-2 certificate signatures rather than ones signed with SHA-1. Both are cryptographic algorithms that are used to create a hash of a digital certificate that can be mathematically verified.
Apps that use SHA-1 after October won’t work on Facebook anymore, wrote Adam Gross, a production engineer at the company, in a blog post.
“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard,” Gross wrote.
SHA-1 has been considered weak for about a decade. Researchers have shown it is possible to create a forged digital certificate that carries the same SHA-1 hash as legitimate one.
The type of attack, called a hash collision, could trick a computer into thinking it is interacting with a legitimate digital certificate when it actually is a spoofed one with the same SHA-1 hash. Using such a certificate could allow an attacker to spy on the connection between a user and an application or website.
Microsoft, Google, Mozilla and other organizations have also moved away from SHA-1 and said they will warn users of websites that are using a connection that should not be trusted.
The Certificate and Browser Forum, which developers best practices for web security, has recommended in its Baseline Requirements that digital certificate issuers stop using SHA-1 as of Jan. 1.
IRS Reducing Size Of Cybersecurity Staff
Comments Off on IRS Reducing Size Of Cybersecurity Staff
The Internal Revenue Service, which confirmed rumors of a breach of 100,000 taxpayer accounts, has been consistently reducing the size of its internal cybersecurity staff as it increases its security spending. This may seem paradoxical, but one observer suggested it could signal a shift to outsourcing.
In 2011, the IRS employed 410 people in its cybersecurity organization, but by 2014 the headcount had fallen by 11% to 363 people, according to annual reports about IRS information technology spending by the U.S. Treasury Department Inspector General.
Despite this staff reduction, the IRS has increased spending in its cybersecurity organization. In 2012, the IRS earmarked $129 million for cybersecurity, which rose to $141.5 million last year, an increase of approximately 9.7%.
This increase in spending, coupled with the reduction in headcount, is an indicator of outsourcing, said Alan Paller, director of research at the SANS Institute. Paller sees risks in that strategy.
“Each organization moves at a different pace toward a point at which they have outsourced so much that the insiders do little more than manage contracts, and lose their technical expertise and ability to manage technical contractors effectively,” said Paller.
An IRS spokesman was not able to immediately answer questions about the IRS’s cybersecurity spending.
This breach is drawing congressional scrutiny. On Tuesday, U.S. Senator Orrin Hatch (R-Utah), who heads the Senate Finance Committee, called the breach “unacceptable.”
The IRS’s total IT budget in 2014 was $2.5 billion, an increase from the prior year’s $2.3 billion, with 7,339 employees last year, little change from 7,303 reported in 2013.
The agency’s IT budget has fared better than the agency overall. Congress has been cutting spending at the agency. IRS funding has been reduced by $1.2 billion over the last five years, from $12.1 billion in 2010 to $10.9 billion this year. An IRS official told lawmakers earlier this year that the budget cuts have delayed critical IT investments of more than $200 million, which includes replacing aging IT systems.
Uber Suffers A Data Breach
The names and license plate numbers of about 50,000 Uber drivers were exposed in a security breach last year, the company revealed on Friday.
Uber found out about a possible breach of its systems in September, and a subsequent investigation revealed an unauthorized third party had accessed one of its databases four months earlier, the company said.
The files accessed held the names and license plate numbers of about 50,000 current and former drivers, which Uber described as a “small percentage” of the total. About 21,000 of the affected drivers are in California. The company has several hundred thousand drivers altogether.
It’s in the process of notifying the affected drivers and advised them to monitor their credit reports for fraudulent transactions and accounts. It said it hadn’t received any reports yet of actual misuse of the data.
Uber will provide a year of free identity protection service to the affected drivers, it said, which has become fairly standard for such breaches.
The company said it had filed a “John Doe” lawsuit Friday to help it confirm the identity of the party responsible for the breach.
Anthem Gets Hacked
Health insurer Anthem Inc, which has nearly 40 million U.S. customers, has confirmed that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.
The No. 2 health insurer in the United States said the breach did not appear to involve medical information or financial details such as credit card or bank account numbers.
The information accessed during the “very sophisticated attack” did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.
Anthem said that it immediately made every effort to close the security vulnerability and reported the attack to the FBI. Cybersecurity firm FireEye Inc FEYE. said it had been hired to help Anthem investigate the attack.
The company did not say how many customers and staff were affected, but the Wall Street Journal earlier reported it was suspected that records of tens of millions of people had been taken, which would likely make it the largest data breach involving a U.S. health insurer.
Anthem had 37.5 million medical members as of the end of December.
“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” U.S. Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday.
Symantec Uncovers Advanced Spying Malware
Comments Off on Symantec Uncovers Advanced Spying Malware
An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.
The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.
Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.
The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”
Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.
Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”
Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.
Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.
China Using Home Servers Admidst Cyber Concerns
Comments Off on China Using Home Servers Admidst Cyber Concerns
A Chinese firm has developed the country’s first homegrown servers, built entirely out of domestic technologies including a processor from local chip maker Loongson Technology.
China’s Dawning Information Industry, also known as Sugon, has developed a series of four servers using the Loongson 3B processor, the country’s state-run Xinhua News Agency reported Thursday.
“Servers are crucial applications in a country’s politics, economy, and information security. We must fully master all these technologies,” Dawning’s vice president Sha Chaoqun was quoted as saying.
The servers, including their operating systems, have all been developed from Chinese technology. The Loongson 3B processor inside them has eight cores made with a total of 1.1 billion transistors built using a 28-nanometer production process.
The Xinhua report quoted Li Guojie, a top computing researcher in the country, as saying the new servers would ensure that the security around China’s military, financial and energy sectors would no longer be in foreign control.
Dawning was contacted on Friday, but an employee declined to offer more specifics about the servers. “We don’t want to promote this product in the U.S. media,” she said. “It involves propriety intellectual property rights, and Chinese government organizations.”
News of the servers has just been among the ongoing developments in China for the country to build up its own homegrown technology. Work is being done on local mobile operating systems, supercomputing, and in chip making, with much of it government-backed. Earlier this year, China outlined a plan to make the country into a major player in the semiconductor space.
But it also comes at a time when cybersecurity has become a major concern for the Chinese government, following revelations about the U.S. government’s own secret surveillance programs. “Without cybersecurity there is no national security,” declared China’s Xi Jinping in March, as he announced plans to turn the country into an “Internet power.”
Two months later, China threatened to block companiesfrom selling IT products to the country if they failed to pass a new vetting system meant to comb out secret spying programs.
Dawning, which was founded using local government-supported research, is perhaps best known for developing some of China’s supercomputers. But it also sells server products built with Intel chips. In this year’s first quarter, it had an 8.7 percent share of China’s server market, putting it in 7th place, according to research firm IDC.
OpenSSL Gets Updated
OPENSSL, the web security layer at the center of the Heartbleed vulnerability, has been issued with a further nine critical patches.
While none are as serious as Heartbleed, patching is recommended for all users according to an advisory released today. The vulnerabilities stem from various security research teams around the web including Google, Logmein and Codenomicom, based on their reports during June and July of this year.
Among the more interesting fixes involves a flaw in the ClientHello message process. If a ClientHello message is badly fragmented, it is vulnerable to a man-in-the-middle attack which could be used to force the server to downgrade itself to the TLS 1.0 protocol, a fifteen year old and therefore pre-Heartbleed patch variant.
Other reports include memory leaks caused by denial of service attacks (DoS) and conversely, crashes caused by an attempt to free up the same portions of memory twice.
OpenSSL now has two full time coders as a result of investment by a consortium of Internet industry companies to form the Core Infrastructure Initiative, a not-for-profit group administered by the Linux Foundation. The Initiative was set up in the wake of Heartbleed, as the industry vowed to ensure such a large hole would never be left unplugged again.
While OpenSSL is used by a large number of encrypted sites, there are a number of forks of the project including LibreSSL and the recently launched Google BoringSSL.
Google recently announced that it would be lowering the page rankings of unencrypted pages in its search results as an added security measure.