Way to go VTech.

One month ago a hacker revealed that he had broken into the toymaker VTech and retrieved a lot of information that was disturbing. Apparently, VTech had been storing  images, chat logs, home addresses, emails, names, genders and even birthdays of every customer. This would include the parents and their children who the products were most likely being used by.  Around 4,000,000 parents and 200,000 of the children using the products information was readily available for anyone who knew what they were doing. The hacker did not relinquish the way he was able to break into VTech, probably in an attempt to keep this information secret from people who want it but do not know how to hack, but has commented that he retrieved 190GB worth of photos and shared 3832 images with motherboard, a blogging site, with all the faces blocked out.VTech has yet to concretely say what their exact reasoning was but the wording of their attempt to justify it was so that they can send the password to the user directly. You know because that is such a GREAT idea, instead of just having them reset their password every time they forgot it because the company made it entirely impossible for them to access it on their own and with ease, I will just send you it back. The person that thought this was a good idea should get fired, like, two years ago.

https://nakedsecurity.sophos.com/2015/12/01/photos-of-kids-and-parents-chatlogs-audio-files-stolen-in-vtech-breach/

Security in Healthcare

According to a recent survey, Healthcare is the latest favourite of the hacking community. There’s a shortage of security professionals in the healthcare business, and while many respondents involved in tech are worried about personal records and other data, the ones who aren’t involved in tech, while worried, do not believe their corporations to have been hit.

The tech respondents have a right to be worried. Recently, it’s come to light that Healthcare experiences 340% more security attacks and incidents than any other sector, and advanced malware is suspected in 1 of every 600 attacks, making Healthcare four times more likely to be hit by advanced malware than any other sector.

There are many ways that hackers can get in. With the digitalization of patient records, as well as the addition of wearable technology, such as smart watches and smartphones, hackers are finding many new avenues to break into the system. While security for wearable technology is a separate issue, Jonathan Collins, a principal analyst for ABI Research says that they can pave the way for easier access to Healthcare records.

By Kathleen H. Justen

http://www.technewsworld.com/story/82638.html

Apple Malware Theft

Today Apple had what quickly becoming know as their largest account theft, due to malware. Palo Alto Networks and Weip Tech came across a server that held over 225, 000 valid user names and passwords that had been stolen via a new malware family named KeyRaider in the iOS.

The malware only effects users with jailbroken iOS devices has struck users in 18 countries. According to Claud Xiao, “The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.”

KeyRaider is also stealing Apple’s push notifications and private keys, but it’s also sharing the App store’s purchasing information. These stolen credentials eventually allow users to make purchases for free using iOS jailbreak tweaks.

They’ve also been locking down devices, and holding them for ransom. It disables unlocking operations, and demands a ransom without going through the Apple push servers.

According to Jonathan Sander (the Lieberman Software VP), and Tim Erlin (Tripwire’s Director of IT Security and Risk Strategy), jailbreaking your iPhone paints a target on your back, and in this case it was taken advantage of.

~ Kathleen Justen

http://www.esecurityplanet.com/mobile-security/225000-apple-credentials-stolen-via-ios-malware.html

Stingray Use In Baltimore

Stingray’s are a device that act like a cell tower and are used to intercept phone and text signals. They are about $400,000 and are useful in helping to solve serious crimes.This article focuses on the use of stingrays in Baltimore. Previously, the FBI forced users of this device to sign a non-disclosure agreement; meaning that if police officers used it, they could not talk of its use. However, recently the FBI has stated that the police can talk about its use; this is a big deal because now all the cases in which stingrays are used are being published. Additionally, it has now come to light that stingrays are being used in petty crime cases such as theft. While the stingrays help facilitate the process of catching someone who has committed such a crime, it also interferes with innocent bystanders’ phones. In doing so, some believe that it is a violation of their rights. The devices do not discriminate when it comes to collecting information so innocent people are concerned for theirs. Some senators are also targeting stingrays by trying to pass a bill that would require warrants before their use. So far, stingrays have been used in over 4,300 cases in Baltimore alone. What does that mean for the rest of the country?

The problem that most people are concerned with is that the stingrays collect information on people who are innocent as well as guilty. This means that everyone who is connected to the stingray will have their information potentially read or used by the police. This is a huge security problem because there are no defenses for us against it currently nor are there laws to protect the citizens. In my opinion, the policies behind the use of stingray’s need reform because right now, people who are directly involved are in danger of having their valuable information exposed.

Thomas, Coburn

Stingray: http://goo.gl/rPQTPB

Article: https://ritcyberselfdefense.wordpress.com/wp-admin/

 

Russian Hackers Use Adobe and Microsoft Vulnerabilities to Get Data

Security company FireEye Inc. has detected attacks from Russian hackers against government officials involved in discussing U.S. sanctions against Russia.  FireEye says that this attack was perpetrated by a group they refer to as Advanced Persistent Threat 28 (ATP28).  The attack was stopped before any data was stolen.

The attack took advantage of two different previously-unknown vulnerabilities in Adobe Flash Player and Microsoft Windows.  There exists a vulnerability in Adobe Flash Player that allows arbitrary code execution from the attacker.  Basically, there can be a buffer overflow from opening a certain type of malformed .FLV file in the player.  Using that, they were able to download and run a malicious program onto Windows.

The second part of the attack utilized a vulnerability in Windows that allowed any user to execute programs with System privileges.  With the combination of these, ATP28 was able to execute any program on any Windows (predating Windows 8) with Adobe Flash Player.  Adobe has since released a patch fixing this vulnerability.  Microsoft still has not, but a Microsoft spokesperson says that they are.  The Microsoft vulnerability is much less dangerous, since it already requires the attacker to have the power to execute code to do anything.

APT28 is a Russian hacker group suspected of working for the Russian government.  According to FireEye, they have been active until 2007.  In the past, their targets have been U.S. military attaches, U.S. defense contractors, N.A.T.O. alliance offices, members of the media who have interviewed President Obama, and government officials from Georgia and other nations of interest to the Russian government.

This attack was discovered by FireEye, because one of the intended victims was a FireEye customer.

John Deeney

https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html

http://www.reuters.com/article/2015/04/18/us-russia-cyberattack-idUSKBN0N90RQ20150418

http://www.bloomberg.com/news/articles/2015-04-18/russian-hackers-use-zero-days-in-attempt-to-get-sanctions-data