For hire: Elite “cyber mercenaries” adept at infecting Windows and Macs

A screenshot from one of the Icefog command and control servers accessed by Kaspersky Lab researchers.

Researchers from Russia-based Kaspersky Lab have uncovered a gang of hackers for hire who specialize in surgical strikes that quickly infiltrate suppliers to Western companies, steal highly sensitive data, and then vanish.

Icefog, as the group of "cyber mercenaries" has been dubbed, is made up of six to 10 members who are able to infect both Windows and Mac computers with advanced malware that's extremely hard to detect, Kaspersky researchers revealed in a report published Wednesday.

That's a tiny membership compared with other gangs engaged in advanced persistent threat (APT) attacks that siphon gigabytes or even terabytes of sensitive data out of corporations, defense contractors, and government agencies. The so-called APT1 group that has hacked more than 100 large companies, for instance, has as many as 100 members, a roster that leaves plenty of tracks for security defenders to find.

Read 9 remaining paragraphs | Comments


How LexisNexis and others may have unwittingly aided identity thieves

Operators of an underground identity theft service have infiltrated three of the biggest providers of social security numbers, birth dates, and other consumer information, according to a published report. In total, the hackers were able to pilfer records belonging to more than four million people.

"The intrusions raise major questions about how these compromises may have aided identity thieves," KrebsOnSecurity reporter Brian Krebs wrote in the 2,100-word report published Wednesday. His seven-month investigation found that the illicit service, known as ssndob[dot]ms (readers shouldn't visit this site) served more than 1.02 million unique social security numbers to customers and almost 3.1 million date of birth records since its inception in early 2012. The data was appropriated after the operators of the service infiltrated Atlanta, Georgia-based LexisNexis, Short Hills, New Jersey-headquartered Dun & Bradstreet, and Kroll Background America, which is now a part of HireRight, he reported.

Krebs said his findings were based on a copy of the SSNDOB database that became available after the ID theft service was itself hacked. It showed that more than 1,300 customers spent hundreds of thousands of dollars looking up SSNs, birthdates, and driver license records and obtaining unauthorized credit and background reports. The operators of the service were the same hackers who in March published the SSNs and other sensitive details for dozens of celebrities and politicians, including Vice President Joe Biden, first lady Michelle Obama, and rap star Jay-Z.

Read 2 remaining paragraphs | Comments


Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Original release date: September 25, 2013

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes eight Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or a device reload.

US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates or workarounds to help mitigate these vulnerabilities.

This product is provided subject to this Notification and this Privacy & Use policy.

Popular iOS e-mail app acquired by Dropbox has serious bug, researcher warns (Updated)

An e-mail app recently acquired by Dropbox contains a security bug that opens iPhone and iPad users to a series of potentially serious attacks, a security researcher warned.

In a blog post published Wednesday, Michele Spagnuolo of Italy said that Mailbox for iOS will execute any JavaScript code embedded in the body of an HTML-formatted e-mail. A video shows how the bug can be exploited to open iOS apps without user prompting, simply by viewing a booby-trapped message. His post said the damage could be much more severe.

"This is bad for security and privacy, because it allows advanced spam techniques, tracking of user actions, hijacking the user by just opening an e-mail, and, using an [exploitation] framework, potentially much worse things," Spagnuolo wrote. In the past, the researcher has been credited with finding security vulnerabilities in Google, eBay and Nokia products or services.

Read 3 remaining paragraphs | Comments