Microsoft deixa de suportar o Windows XP

"XP users will get security updates on Tuesday, 11 March 2014, as they have for just over ten years.

They'll get scheduled security updates again on 08 April 2014.

And then that's it.

No more updates, neither scheduled nor emergency, no support, no nothing.

From then on, as we've pointed out many times, if someone finds an vulnerability in XP they'll be able to exploit it for ever."

Segurança da "Internet of Things"

Um concurso interessante promovido pela Cisco:

Join the Challenge: Secure the Internet of Things
Chris Young

We’re connecting more of our world every day through smart, IP-enabled devices ranging from home appliances, healthcare devices, and industrial equipment. These new connected devices are offering new ways to share information and are changing the way we live. This technology transformation is what we call the Internet of Things (IoT) – and it is evolving daily.

Yet, as our connected lives grow and become richer, the need for a new security model becomes even more critical. It requires that we work together as a community to find innovative solutions to make sure that the IoT securely fulfills its potential and preserves the convenience that it represents.

With this in mind, Cisco is launching the Internet of Things Security Grand Challenge. We’re inviting you — the global security community — to propose practical security solutions across the markets being impacted daily by the IoT.

For example, in the healthcare sector, it’s easy to imagine how Internet-connected devices and systems are revolutionizing patient care. In the transportation sector, technologists are already connecting vehicles and their subsystems to the Internet. It is also, unfortunately, too easy to imagine how these world-changing developments could go terribly wrong when attacked or corrupted by bad actors.

The Internet of Things Security Grand Challenge offers visionaries, innovators, and implementers like you the opportunity to define a future of a secure IoT. With the IoT as a significant part of the larger Internet of Everything (IoE) market transition that brings together connected devices with people, processes, and data, it’s even more imperative that we ensure the things we connect are secure.

Here’s the fun part: the Challenge offers up to US$300,000 in prize money, with awards from US$50,000 to US$75,000 for up to six recipients. Winning solutions will be announced and showcased at the Internet of Things World Forum this fall.

(...)

Ciber-guerra 2014

"The Russian forces occupying Crimea are jamming cell phones and severing Internet connections between the peninsula and the rest of Ukraine. Moscow hasn't succeeded in imposing an information blackout, but the attacks could be sign that Russia is looking to escalate its military operations against the new government in Kiev without firing a shot.

Russia has a history of launching cyber attacks on its neighbors with the aim of disrupting the countries' ability to communicate to their citizens and with the outside world. One attack in 2008, during Russia's war with Georgia, accompanied a ground-based military assault and was intended to disrupt government and media communications.

Although the efforts in Crimea so far have failed to choke the region's communications lines, experts are concerned that the strikes could be a precursor to damaging Russian cyber attacks on communications infrastructure elsewhere in Ukraine, particularly if tensions escalate or Russian military forces push beyond Crimea. Disrupting Internet service or knocking out Ukrainian government websites would allow Russia to flex its muscle without necessarily drawing a military response from Kiev or its Western allies."

fonte e notícia completa: Foreign Policy

Uroburos

Uroburos - highly complex espionage software with Russian roots
Fonte: G Data Security

G Data Security experts have analyzed a very complex and sophisticated piece of malware, designed to steal confidential data. G Data refers to it as Uroburos, in correspondence with a string found in the malware's code and following an ancient symbol depicting a serpent or dragon eating its own tail.
Download the technical analysis of the Uroburos malware here:
https://www.gdata.de/rdk/dl-en-rp-Uroburos

What is Uroburos?
Uroburos is a rootkit, composed of two files, a driver and an encrypted virtual file system. The rootkit is able to take control of an infected machine, execute arbitrary commands and hide system activities. It can steal information (most notably: files) and it is also able to capture network traffic. Its modular structure allows extending it with new features easily, which makes it not only highly sophisticated but also highly flexible and dangerous. Uroburos' driver part is extremely complex and is designed to be very discrete and very difficult to identify.

Technical complexity suggests connections to intelligence agencies
The development of a framework like Uroburos is a huge investment. The development team behind this malware obviously comprises highly skilled computer experts, as you can infer from the structure and the advanced design of the rootkit. We believe that the team behind Uroburos has continued working on even more advanced variants, which are still to be discovered.
Uroburos is designed to work in peer-to-peer mode, meaning that infected machines communicate among each other, commanded by the remote attackers. By commanding one infected machine that has Internet connection, the malware is able to infect further machines within the network, even the ones without Internet connection. It can spy on each and every infected machine and manages to send the exfiltrated information back to the attackers, by relaying this exfiltrated data through infected machines to one machine with Internet connection. This malware behavior is typical for propagation in networks of huge companies or public authorities. The attackers expect that their target does have computers cut off from the Internet and uses this technique as a kind of workaround to achieve their goal.
Uroburos supports 32-bit and 64-bit Microsoft Windows systems. Due to the complexity of this malware and the supposed spying techniques used by it, we assume that this rootkit targets governments, research institutes, or/and big companies.

Relation to Russian attack against U.S. suspected
Due to many technical details (file name, encryption keys, behavior and more details mentioned in this report), we assume that the group behind Uroburos is the same group that performed a cyberattack against the United States of America in 2008 with a malware called Agent.BTZ. Uroburos checks for the presence of Agent.BTZ and remains inactive if it is installed. It appears that the authors of Uroburos speak Russian (the language appears in a sample), which corroborates the relation to Agent.BTZ. Furthermore, according to public newspaper articles, this fact, the usage of Russian, also applied for the authors of Agent.BTZ.
According to all indications we gathered from the malware analyses and the research, we are sure of the fact that attacks carried out with Uroburos are not targeting John Doe but high profile enterprises, nation states, intelligence agencies and similar targets.

Probably undiscovered for at least three years
The Uroburos rootkit is one of the most advanced rootkits we have ever analyzed in this environment. The oldest driver we identified was compiled in 2011, which means that the campaign remained undiscovered for at least three years. 

Infection vector still unknown
At the current stage of the investigations it is unknown how Uroburos initially infiltrates high profile networks. Many infection vectors are conceivable. E.g. spear phishing, drive-by-infections, USB sticks, or social engineering attacks.

Download the technical analysis of the Uroburos malware here:
https://www.gdata.de/rdk/dl-en-rp-Uroburos

Wifi router in the middle

Hackers hijack 300,000-plus wireless routers, make malicious changes
ArsTechnica

Devices made by D-Link, Micronet, Tenda, and TP-Link hijacked in ongoing attack.

Researchers said they have uncovered yet another mass compromise of home and small-office wireless routers, this one being used to make malicious configuration changes to more than 300,000 devices made by D-Link, Micronet, Tenda, TP-Link, and others.

The hackers appear to be using a variety of techniques to commandeer the devices and make changes to the domain name system (DNS) servers used to translate human-friendly domain names into the IP addresses computers use to locate their Web servers, according to a report published Monday by researchers from security firm Team Cymru. Likely hacks include a recently disclosed cross-site request forgery (CSRF) that allows attackers to inject a blank password into the Web interface of TP-Link routers. Other attack techniques may include one that allows wireless WPA/WPA2 passwords and other settings to be remotely changed.

So far, the attacks have hijacked more than 300,000 servers in a wide range of countries, including Vietnam, India, Italy, Thailand, and Colombia. Each compromise has the potential to redirect virtually all connected end users to malicious websites that attempt to steal banking passwords or push booby-trapped software, the Team Cymru researchers warned. The campaign comes weeks after researchers from several unrelated organizations uncovered separate ongoing mass hacks of other routers, including a worm that hit thousands of Linksys routers and the exploit of a critical flaw in Asus routersthat exposes the contents of hard drives connected by USB.