Insegurança USB

Why the Security of USB Is Fundamentally Broken -  Wired

"Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue."

artigo completo na Wired

vulnerabilidade no Tor permite identificar utilizadores

mais uma....

Tor tem uma vulnerabilidade que identifica os utilizadores
Exame Informática

O alerta foi dado por dois investigadores da Universidade de Carnegie Mellon: Alexander Volynkin e Michael McCord iam falar em público na conferência Black Hat e explicar como se consegue identificar quem está a navegar na rede Tor.

Agora, um anúncio no site da conferência indica que os dois oradores vão, inexplicavelmente, suspender a sua palestra. (...)

SSD cifrado

Intel lança um SSD cifrado:
http://thehackernews.com/2014/07/Intel-solid-state-drives-self-encryption.html
http://www.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-pro-2500-series.html

Keyloggers em computadores públicos

Caso ainda houvesse dúvidas sobre os riscos de aceder a contas pessoais em computadores públicos...

The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

Beware Keyloggers at Hotel Business Centers
Krebs on Security

Viper

Viper is a binary management and analysis framework dedicated to malware and exploit researchers

http://viper.li

Dragonfly

Dragonfly: Western Energy Companies Under Sabotage Threat

Symantec

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.

This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.

In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.

Prior to publication, Symantec notified affected victims and relevant national authorities, such as Computer Emergency Response Centers (CERTs) that handle and respond to Internet security incidents.

artigo completo