US govt worse than all major industries on cyber security: report

Add caption

WASHINGTON — U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.

Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers.

Government agencies have struggled for years to keep pace with malicious hackers and insider threats, a challenge that came into focus after it was disclosed last year that more than 21 million individuals had their sensitive data pilfered during a breach at the Office of Personnel Management.

SecurityScorecard said it tracked 35 major data breaches across government from April 2015 to April 2016.

President Barack Obama has made improving cyber defenses a top priority of his remaining year in office. His administration asked Congress to dedicate $19 billion to cyber security in its fiscal 2017 budget proposal, which would include $3.1 billion for technology modernization at various federal agencies.

Federal agencies scored most poorly on network security, software patching flaws and malware, according to SecurityScorecard, which said they may be more vulnerable to risk due to their large size.

Of the 600 government entities tracked, NASA performed the worst, the report found. The space exploration agency was vulnerable to email spoofing and malware intrusions, among other weaknesses, according to SecurityScorecard’s analysis.

Other low-performing government organizations included the U.S. Department of State and the information technology systems used by Connecticut, Pennsylvania, Washington and Maricopa County, Arizona.

Government organizations with the strongest security postures included Clark County, Nevada, the U.S. Bureau of Reclamation, and the Hennepin County Library in Minnesota.

source: interaksyon.com

DEFCON 2015 | Aerial Assault drone is armed with hacking weapons

LAS VEGAS, Nevada — Hackers’ arsenal on Sunday was beefed up with a drone armed with weapons to crack into wireless computer networks at close range, whether they be in skyscrapers or walled compounds.

David Jordan of US-based Aerial Assault was at an infamous Def Con hacker gathering showing off a drone that could be dispatched on missions to land atop buildings or hover outside walls and probe for cracks in computer networks.

“There has never been this capability before,” Jordan said as he showed the drone to AFP.

The drone was equipped with software tools used to perform the kind of “penetration testing” done by hackers or computer security professionals who seek vulnerabilities in computer networks.

As with drones previously launched by hackers, the Aerial Assault model scans for unsecured wireless connections to networks, according to Jordan.

Along with assessing weaknesses of networks, the drone logs precise GPS coordinates of a target and takes all the information back to its handler, he said.

Aerial Assault drones were for sale, at a price of $2,500 each.

Hackers at Def Con early on turned to drones for sniffing out unprotected wireless Internet networks, but capabilities Jordan said were built into the Aerial Assault drone raised the ante with automated tools that could be flown past physical defenses

source: interaksyon.com

US urges removing Superfish program from Lenovo laptops

BOSTON — The U.S. government on Friday advised Lenovo Group Ltd customers to remove “Superfish,” a program pre-installed on some Lenovo laptops, saying it makes users vulnerable to cyberattacks.

The Department of Homeland Security said in an alert that the program makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted Web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

“Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken,” the agency said.

Adi Pinhas, chief executive of Palo Alto, California-based Superfish, said in a statement that his company’s software helps users achieve more relevant search results based on images of products viewed. He said the vulnerability was “inadvertently” introduced by Israel-based Komodia, which built the application described in the government notice.

Komodia CEO Barak Weichselbaum declined comment on the vulnerability.

Lenovo apologized late on Friday in a statement for “causing these concerns among our users” and said that it was “exploring every action we can” to address the issues around Superfish, including offering tools to remove the software and certificate.

“We ordered Superfish pre-loads to stop and had server connections shut down in January based on user complaints about the experience. However, we did not know about this potential security vulnerability until yesterday (Thursday),” the Lenovo statement said.

“We recognise that this was our miss, and we will do better in the future. Now we are focused on fixing it,” the company said.

Komodia’s website says it produces a “hijacker” that allows users to view data encrypted with SSL technology.

“The hijacker uses Komodia’s redirector platform to allow you easy access to the data and the ability to modify, redirect, block, and record the data without triggering the target browser’s certification warning,” according to the site.

Marc Rogers, a researcher with CloudFlare, said that means companies which deploy Komodia technology can snoop on web traffic.

“These guys can do everything from just collect a little bit of marketing information, all the way to building a profile on you and spying on your banking connections,” he said. “It’s a very dangerous slope.”

Rogers said that use of Komodia’s technology in other products makes them vulnerable to the same types of attacks as Lenovo’s Superfish.

He said other vulnerable products include two parental filters: One from Komodia known as KeepMyFamilySecure and another from Qustodio.

Komodia’s Weichselbaum said his company was investigating reports of vulnerabilities in KeepMyFamilySecure.

Qustodio CEO Eduardo Cruz Chief Executive said his company’s Windows parental filter was vulnerable and he hoped to push out a fix within a few days.

Lenovo did not disclose how many machines were affected, but said that only machines shipped from September to December of last year had been pre-loaded with the vulnerable software.

Affected Lenovo products include laptops in its Yoga, Flex and MiiX lines as well as its E, G, U, Y and Z series, according to the company’s support website.

source: interaksyon.com

FBI probing Sony hack, as data leaks emerge

WASHINGTON — The FBI said Tuesday it was investigating a cyberattack on Sony Pictures, amid reports that employee information as well as new films were being leaked online.

“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” a spokesman for the US federal law enforcement agency said in a statement.

“The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”

Various reports meanwhile said the hackers appeared to have posted online both confidential employee data and films not yet released in theaters.

The security blogger and researcher Brian Krebs said he discovered on websites devoted to illicit trading a “global Sony employee list,” that included names, locations, salaries and dates of birth for more than 6,800 individuals.

“Another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs (social security numbers) and health savings account data on more than 700 Sony employees,” Krebs wrote.

The Washington Post reported meanwhile that the FBI was warning companies in a confidential memo about the malicious software used in the Sony hack.

An FBI spokesman said only that “we provided a routine notification to private industry,” but declined to elaborate.

The spokesman added that the FBI “routinely advises private industry of various cyber threat indicators” to help protect computer networks.

According to the Post, the hackers used malware similar to that used to launch destructive attacks on businesses in South Korea and the Middle East, including one against oil producer Saudi Aramco.

Some reports in the past few days said Sony is looking into whether North Korea may have been behind the major cyberattack on the studio last week, possibly because of a upcoming comedy film about a CIA plot to assassinate its leader Kim Jong-Un.

“The Interview,” which stars Seth Rogen and James Franco as two journalists recruited by the CIA to bump off Kim, has infuriated the North Koreans, with state media warning of “merciless retaliation.”

The entertainment news site Variety has reported that unreleased Sony movies including the upcoming “Annie” have been made available on pirate file-sharing websites.

The war film “Fury” “Mr. Turner,” “Still Alice” and “To Write Love on Her Arms” were also made available.

Sony did not respond to an AFP request for comment.

source: interaksyon.com

Adobe says user forum was breached, takes site offline

BOSTON — Adobe Systems Inc shut down a website where customers share information about using its Connect online conferencing service after the software maker discovered it had been compromised in a data breach.

The company, whose software is frequently targeted by computer hackers because it is widely used to publish digital documents, said on Wednesday that it would reset passwords of the approximately 150,000 members of the site, Connectusers.com.

Adobe said its Connect web conferencing service and other company sites were not breached.

News of the breach surfaced on Tuesday when a hacker claimed in a posting on the Internet to have stolen log-in credentials of 150,000 Adobe customers and partners.

The hacker, who claimed to be from Egypt, released 644 records from the site, including emails, saying the release was done to point out that Adobe is slow in fixing security problems.

The hacker also promised to release data stolen from Yahoo Inc. A Yahoo spokeswoman did not respond to a request for comment.

The Adobe breach was discovered a week after Russian security firm Group-IB said it had uncovered a flaw in Adobe’s Reader software that criminals are currently exploiting to attack PCs by infecting them with malicious PDF documents.

Adobe spokeswoman Wiebke Lips said the company is still reviewing that report, though it has not yet received samples of malicious code discovered by Group-IB.

source: interaksyon.com