Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Security

US Healthcare Records Offered For Sale Online 59

An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."
China

China Tells App Developers To Increase User Monitoring 27

An anonymous reader writes: The Cyberspace Administration of China has imposed new regulation for the mobile app community, requiring that developers keep a close watch over users and keep a record of their activities. However, the proposed legislation would also prevent apps from requesting unnecessary access to users' contacts, camera, microphone and other spurious installation requests. The regulator introduced the new laws in the name of cracking down on illegal use of mobile platforms for the distribution of pornography, fraud and the spread of 'malicious' content.
Facebook

Facebook Backtracks, Now Says It Is Not Using Your Phone's Location To Suggest Friends 84

A report on Fusion on Monday, which cited a number of people, claimed that Facebook was using its users' phone location to suggest people to them. The publication also noted the privacy implications of this supposed feature. At the time of publishing, Facebook had noted that location was indeed one of the signals it looks into when suggesting new friends. But the social juggernaut has since backtracked on its statement with new assurances that it is not using anyone's location. In a statement to Slashdot, the company said:We're not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you've imported and other factors.
Government

US Customs Wants To Know Travelers' Social Media Account Names (helpnetsecurity.com) 320

Orome1 quotes a report from Help Net Security: The U.S. Customs and Border Protection agency has submitted a request to the Office of Management and Budget, asking for permission to collect travelers social media account names as they enter the country. The CBP, which is part of the U.S. Department of Homeland Security, proposes that the request "Please enter information associated with your online presence -- Provider/Platform -- Social media identifier" be added to the Electronic System for Travel Authorization (ESTA) and to the CBP Form I-94W (Nonimmigrant Visa Waiver Arrival/Departure). "It will be an optional field to request social media identifiers to be used for vetting purposes, as well as applicant contact information," the CBP noted. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case." The public and affected agencies are asked to comment on the request within 60 days of its publication. Commenters are asked to send their comments to this address.
Botnet

A Massive Botnet of CCTV Cameras Involved In Ferocious DDoS Attacks (softpedia.com) 70

An anonymous reader writes: "A botnet of over 25,000 bots is at the heart of recent DDoS attacks that are ferociously attacking businesses across the world with massive Layer 7 DDoS attacks that are overwhelming Web servers, occupying their resources and eventually crashing websites," reports Softpedia. This botnet's particularity is the fact that attacks never fluctuated and the attackers managed to keep a steady rhythm. This is not a classic botnet of infected computers that go on and off, but of compromised CCTV systems that are always on and available for attacks. The brands of CCTV DVRs involved in these attacks are the same highlighted in a report by a security researcher this winter, who discovered a backdoor in the firmware of 70 different CCTV DVR vendors. These companies had bought unbranded DVRs from Chinese firm TVT. When informed of the firmware issues, TVT ignored the researcher and the issues were never fixed, leading to crooks creating this huge botnet.
The Courts

President Obama Should Pardon Edward Snowden Before Leaving Office (theverge.com) 331

An anonymous reader writes from a report via The Verge: Ever since Edward Snowden set in motion the most powerful public act of whistleblowing in U.S. history, he has been living in exile in Russia from the United States. An article in this week's New York Magazine looks at how Snowden may have a narrow window of opportunity where President Obama could pardon him before he leaves office. Presumably, once he leaves office, the chances of Snowden being pardoned by Hillary Clinton or Donald Trump are miniscule. Obama has said nothing in the past few years to suggest he's interested in pardoning Snowden. Not only would it contradict his national security policy, but it will severely alienate the intelligence community for many years to come. With that said, anyone who values a free and secure internet believes pardoning Snowden would be the right thing to do. The Verge reports: "[Snowden] faces charges under the Espionage Act, which makes no distinction between delivering classified files to journalists and delivering the same files to a foreign power. For the first 80 years of its life, it was used almost entirely to prosecute spies. The president has prosecuted more whistleblowers under the Espionage Act than all president before him combined. His Justice Department has vastly expanded the scope of the law, turning it from a weapon against the nation's enemies to one that's pointed against its own citizens. The result will be less scrutiny of the nation's most powerful agencies, and fewer forces to keep them in check. With Snowden's push for clemency, the president has a chance to complicate that legacy and begin to undo it. It's the last chance we'll have."
Bitcoin

New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks (arstechnica.com) 118

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.
Security

Google CEO Sundar Pichai's Quora Account Hacked (thenextweb.com) 24

Google CEO Sundar Pichai is the latest high-profile victim of a hacking group called OurMine. Earlier today, the group managed to get hold of Pichai's Quota account, which in turn, gave them access to his Twitter feed as well. In a statement to The Next Web, the group said that their intention is to just test people's security, and that they never change the victim's passwords. Looking at the comments they left after hacking Pichai's account, it is also clear that OurMine is promoting its security services. The same group recently also hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts.
Security

Religious Hacker Defaces 111 Escort Sites (softpedia.com) 160

An anonymous reader shares this article from Softpedia: A religiously-motivated Moroccan hacker has defaced 111 different web sites promoting escort services since last summer as part of an ongoing protest against the industry. "In January, the hacker defaced 79 escort websites," writes Softpedia. "His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. While some webmasters did their job, some didn't. During the past days, the hacker has been busy defacing a new set of escort websites... Most of these websites bare ElSurveillance's defacement message even today... Most of the websites are from the UK."
His newest round of attacks replace the sites with a pro-Palestine message and a quote from the quran, though in January Softpedia reported the attacker was also stealing data from some of the sites about their users' accounts.
Censorship

Google and Facebook May Be Suppressing 'Extremist' Speech With Copyright Scanners (theverge.com) 152

An anonymous reader quotes this article from The Verge: The systems that automatically enforce copyright laws on the internet may be expanding to block unfavorable speech. Reuters reports that Facebook, Google, and other companies are exploring automated removal of extremist content, and could be repurposing copyright takedown methods to identify and suppress it. It's unclear where the lines have been drawn, but the systems are likely targeted at radical messages on social networks from enemies of European powers and the United States. Leaders in the US and Europe have increasingly decried radical extremism on the internet and have attempted to enlist internet companies in a fight to suppress it.

Many of those companies have been receptive to the idea and already have procedures to block violent and hateful content. Neither Facebook and Google would confirm automation of these efforts to Reuters, which relied on two anonymous sources who are "familiar with the process"... The secret identification and automated blocking of extremist speech would raise new, serious questions about the cooperation of private corporations with censorious governmental interests.

Reuters calls it "a major step forward for internet companies that are eager to eradicate violent propaganda from their sites and are under pressure to do so from governments around the world as attacks by extremists proliferate, from Syria to Belgium and the United States." They also report that the move follows pressure from an anti-extremism group "founded by, among others, Frances Townsend, who advised former president George W. Bush on homeland security, and Mark Wallace, who was deputy campaign manager for the Bush 2004 re-election campaign."
Government

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com) 104

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.
The Almighty Buck

Vacationing Security Researcher Exposes Austrian ATM Skimmer (carbonblack.com) 177

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.
Crime

Why Are Hackers Increasingly Targeting the Healthcare Industry? (helpnetsecurity.com) 110

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.

The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."
Security

Lenovo Warns Users To Upgrade Pre-Installed Tool With Severe Security Holes 42

Long-time Slashdot reader itwbennett writes: Lenovo is advising users to upgrade to version 3.3.003 of Lenovo Solution Center (LSC), which includes fixes for two high-severity vulnerabilities in the tool. [The tool] allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests.

The CVE-2016-5249 vulnerability allows an attacker who already has control of a limited account on a PC to execute malicious code via the privileged LocalSystem account. And the CVE-2016-5248 vulnerability allows any local user to send a command to LSC.Services.SystemService in order to kill any other process on the system, privileged or not.
Security

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io) 36

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.

Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
Communications

Why You Should Stop Using Telegram Right Now (gizmodo.com) 67

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.
Programming

Java, PHP, NodeJS, and Ruby Tools Compromised By Severe Swagger Vulnerability (threatpost.com) 93

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes: A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.

Communications

Snowden Finally Identified As Target of Investigation That Ended Lavabit (washingtontimes.com) 76

An anonymous reader quotes a report from The Washington Times: Three years after a government investigation forced the shuttering of Lavabit, a Texas-based email provider, its CEO revealed Friday that an account belonging to Edward Snowden spurred the probe that put his company out of business. "Ladar Levison shut down his encrypted webmail service in August 2013 amid an FBI investigation focused on one of his company's nearly half-a-million customers," reports The Washington Times. "A gag-order that has just recently been vacated in federal has legally prevented him up until now from confirming the account in question was registered to none other than the NSA contractor attributed with one of the largest intelligence leaks in U.S. history. U.S. District Judge Claude Hilton nullified the mandatory non-disclosure orders in a June 13 court filing that went unnoticed until Lavabit released a statement Friday. Officially, the consent order approved by Judge Hilton in the Eastern District of Virginia earlier this month removes all gag-orders concerning Lavabit and Mr. Levison with regards to a grand jury investigation that led the FBI to Mr. Snowdenâ(TM)s email account. 'While Iâ(TM)m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over,' Mr. Levison said in a statement. He said he plans to discuss the case further during the DefCon security conference in Las Vegas this summer."
Communications

Piracy Phishing Scam Targets US ISPs and Subscribers (torrentfreak.com) 20

According to a report on TorrentFreak, an elaborate piracy phishing operating is tageting US ISPs and subscribers. Scammers are reportedly masquerading as anti-piracy company IP-Echelon and rightholders such as Lionsgate to send fake DMCA notices and settlement demands to ISPs. From the report:TorrentFreak was alerted to a takedown notice Lionsgate purportedly sent to a Cox subscriber, for allegedly downloading a pirated copy of the movie Allegiant. Under threat of a lawsuit, the subscriber was asked to pay a $150 settlement fee. This request is unique as neither Lionsgate nor its tracking company IP-Echelon is known to engage in this practice. When we contacted IP-Echelon about Lionsgate's supposed settlement offer, we heard to our surprise that these emails are part of a large phishing scam, which has at least one large ISPs fooled. "The notices are fake and not sent by us. It's a phishing scam," IP-Echelon informed TorrentFreak. For a phishing scam the fake DMCA notice does its job well. At first sight the email appears to be legit, and for Cox Communications it was real enough to forward it to their customers.U.S. law enforcement has been notified and is currently investigating the matter.
Security

FBI Is Classifying Its Tor Browser Exploit Because 'National Security' (vice.com) 81

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.

Slashdot Top Deals