How To Stop Apple From Tracking You In Mac OS X Yosemite

Meet Regin, Government-Created Spyware That’s Been Active Since 2008

Symantec has uncovered yet another sophisticated, malware-based spying tool, dubbed “Regin,” apparently the latest spyware tool created by a national government agency.

The company’s research, published Sunday, identifies Regin—also known as Backdoor.Regin—as a Trojan virus that exhibits “a degree of technical competence rarely seen” on behalf of its creators. Its purpose appears to be mass surveillance of government organizations, businesses, researchers, and individuals. And it’s been on the loose since 2008. Writes Symantec:

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.

Symantec has been unable to identify the origin of the software, but Re/code reporter Arik Hesseldahl suggests that the U.S., Israeli, and Chinese governments all have the technological capability and M.O. to engineer it. Also raising suspicions: not one Regin attack has targeted either the U.S. or China.

See also: The Flame Virus: Spyware On An Unprecedented Scale

Private researchers have uncovered several instances of such government-created spyware over the past few years—most notably, the Stuxnet malware (also discovered by Symantec) that targeted Iran’s nuclear program and Flame, a much larger program that infected hundreds of computers across Europe and the Middle East.

In any case, Regin’s targets are decidedly global. Symantec has detected about 100 different infections in ten different countries, including Russia, Saudi Arabia, and Mexico. Nearly half of all targets for surveillance, 48%, are small businesses and private individuals. In every case identified, Regin attacks systems that are running Microsoft Windows.

Symantec wrote that Regin attacks have been occurring since 2008, and it may have taken this long to discover them since a major function of the software is to cover its own tracks.

Researchers are still unpacking the mysteries of this complicated program. For more technical information, Symantec has published a 21-page white paper.

Photo by nolifebeforecoffee

Bugs & Fixes: Phony Photozoom malware adds ads

Report: IT pros are overly confident that they know how to prevent data breaches

It’s been a rough year for businesses when it comes to data breaches. A new report from ThreatTrack Security suggests that things will improve dramatically in 2015—that is, unless the survey participants are overstating the efficacy of their network defenses. It’s important for you to take steps to secure your own data to make sure you’re protected either way.

The title of the ThreatTrack report—2015 Predictions from the Front Lines: Cybersecurity Professionals Very Confident in Their Ability to Fight Data Breaches in 2015—spells it all out. The survey of 250 IT professionals from companies of 2,000 or more employees reveals a high level of confidence when it comes to guarding against cyber attacks.

The summary of the report states, “though security professionals expect their organizations to be increasingly targeted by cybercrime in 2015, they are feeling optimistic—so much so that a significant majority is willing to personally guarantee the safety of their customers’ data. Their optimism appears rooted in plans to invest in the coming year on shoring up cyber defenses.”

Let’s start by taking a look at some of the findings from the survey. Nearly seven out of ten respondents believe their organizations are more likely to be targeted by a cyber attack in 2015. However, 94 percent indicated that their ability to detect and prevent data breaches will improve in 2015.

There is nothing wrong with IT professionals’ having confidence in their efforts and capabilities when it comes to protecting against cyber attacks, and defending against data breaches. But saying that security defenses will improve is a long way from saying it will be effective or sufficient. There are variety of ways a company can improve security policies and tools, yet still be exposed to significant risk. When more than 80 percent of those surveyed are issuing personal guarantees, it suggests that IT professionals are in denial and continue to believe that data breaches are just something that happens to other companies.

If you had asked a year ago, Target, Home Depot, Michael’s, and other victims of recent major data breaches would most likely have stated that they, too, were confident in the security policies and tools they had in place. The compromise of point-of-sale systems, though, and attacks like the DarkHotel cyber espionage campaign have a way of evading detection and wreaking havoc despite the best laid plans of IT professionals.

What does that mean for customers? You can exercise some control by choosing which companies you’re willing to do business with, but ultimately you’re going to be trusting your data to someone. 

However, you can’t afford to have complete faith. Nobody will guard your data as tenaciously as you will yourself. Take steps to protect yourself: Use strong passwords, employ two-factor authentication anywhere you can, and use more secure methods of payment where possible—especially during the upcoming holiday season.

Hipstamatic takes on Vine with Cinamatic, a new iOS app for shooting square-format videos

Craigslist hack knocks web classified site offline: Who’s behind it?

This article originally appeared on The Next Web

shutterstock_177975611

The venerable web classifieds site, Craigslist, was knocked offline last and is still not loading for visitors. Local versions are redirecting for others. Users visiting the site yesterday evening were redirected to a site called Digital Gangster as a result of what looks like a DNS hijack.

Presumably unable to cope with the huge amount of traffic Craigslist itself receives, the Digital Gangster website itself is now inaccessible. The Digital Gangster forum was the source of a well-publicised Twitter hack in 2009 and the theft of Miley Cyrus photos from her Gmail account in 2008.

Craigslist’s domain record was modified yesterday, with the new domain name registrant listed as “steven wynhoff @LulzClerk”. @LulzClerk is a suspended account Twitter. Steven Wynhoff, meanwhile, does have a live Twitter account but it hasn’t tweeted since 2013.

Wynhoff’s name has been attached to the hijacking of YouTube accounts dedicated to Call of Duty and to the alleged hacking of Bitcoin creator Satoshi Nakamoto’s email earlier this year.

Given that there are a number of postings online purporting to “dox” Wynhoff i.e. expose his personal information, it seems fairly likely that he’s not the person behind the Nakamoto incident or the attack on Craigslist. You’d have to be phenomenally stupid to use your real name in an attack on a hugely popular website.

While Craigslist’s domain record has now been restored to its rightful owners, the site remains offline. If the issue is a simply DNS attack, it could take several hours for it to come back online as the settings propagate across global servers. That explains why the site appears to be slowly getting back to normal.

DNS attacks are generally not complex and rarely involve breaches of customer data. Instead, hackers use phishing and other social engineering attempts to get access to the accounts that control the domain name.

We’ve contacted Cragslist and will update this post with more information when we get it.

Craigslist.org [via Hacker News]

Image credit: Gil C / Shutterstock.com” target=”_blank”>Gil C/Shutterstock 

A week with iOS 8

Here’s why the iPhone ‘Masque Attack’ security flaw is so scary


iOS 8 Security Flaw

Earlier this month, researchers at cybersecurity firm FireEye discovered a vulnerability in the iOS operating system which could allow hackers to replace legitimate apps with malicious copies, giving them access to any data the user entered into the hacked app. These “Masque Attacks” were enough of a threat to convince the U.S. government to release a statement warning iPhone users to avoid downloading apps from third-party sources until the issue could be resolved.

Apple was quick to issue its own response, downplaying the severity of the vulnerability, but further research by Trend Micro seems to indicate that the threat is even more serious that originally reported.

FROM EARLIER: Apple says iOS 8 ‘Masque Attack’ has not affected a single person yet

According to Trend Micro, malicious apps installed on an iOS device could allow hackers to access unencrypted data from legitimate apps on the device.

“We tested several apps and found that some of the popular iOS apps do not employ data encryption for their databases,” writes Trend Micro’s Brooks Hong. “In our analysis, we simply used file browsers to access these files. Additionally, the apps we tested are messaging/communication apps, which means that they store a lot of sensitive information like names and contact details.”

Once hackers successfully infiltrate an iPhone or iPad through a Masque Attack, they will be able to trawl through unencrypted messaging and communication apps to find information they could use maliciously.

Interestingly, many of the Android counterparts to the iOS messaging apps Trend Micro tested were encrypted. This might be a result of Android being more susceptible to malware, whereas iOS developers haven’t had to deal with these issues in the past.

Apple says that it is not aware of any users who have been affected by Masque Attacks, but based on the potential outcome of being a victim of one of these attacks, we should all remain cautious when downloading software to our iOS devices.

Driverless cars could face threat from hackers trying to cause road chaos

Driverless cars could face threat from hackers trying to cause road chaos

Driverless cars will need to be protected from hackers who could take control of vehicles to cause chaos on the roads, cyber security and transport experts have warned.

While autonomous vehicles, such as Google’s self-driving car, could reduce road casualties by eliminating human error, they could also increase the risk of accidents amongst motorists who continue to use manual cars if they are allowed to mix on the same roads.

Recent research conducted in driving simulators has shown that human drivers change their behaviour when using the same road as autonomous cars by copying the driving styles and leaving less space between the vehicle in front.

While an autonomous vehicle equipped with sensors would be able to react almost instantaneously, reaction times in human drivers are slower.

The warnings come as the Institution of Engineering and Technology (IET) publishes a report on autonomous vehicles and how they can be integrated onto British roads.

It predicts that within 15 years there will be fully autonomous vehicles taking goods and people around Britain, bringing cheaper and safer mobility for passengers.

Driverless cars could also lead to more people living in the countryside as the vehicles will make it easier to get around in rural locations without being able to drive.

This could prove particularly beneficial for older people who retire to the countryside and find they can no longer drive themselves as they get older, yet still need to access shops and healthcare.

The first driverless vehicles are expected to begin appearing on Britain’s roads from January next year under a series of trials to be conducted in three cities by the Department for Transport.

However, Hugh Boyes, cyber security lead at the IET, said the reliability and security of software used in driverless cars will be a major issue for manufacturers and insurers.

He said: “If the hacker community could start to target vehicles we can imagine a fair amount of chaos.

“The motor industry is really strong on safety but if someone tries to interfere with the vehicle, tries to hack it and disrupt it, then these don’t fall under the typical safety issues.

“Unfortunately living in the world today people do try to tamper with technology. The industry is only just starting to recognise this.”

He also said that software would have to be reliable and bug free. “Recent reports analysing software show that 98% of applications have serious defects and in many cases there were 10-15 defects per application,” he said.

“If ultimately you want to use autonomous vehicles, we need to make sure they don’t have a defect.”

Earlier this year Vince Cable, the business secretary, announced that trials of driverless vehicles on public roads will begin in Britain in January 2015.

In January Newcastle will also start trialling technology where traffic lights can communicate with vehicles to help traffic flow more smoothly.

Major companies including Nissan and Volvo have already begun testing driverless cars in other countries while Google’s own driverless car has clocked up more than 1m miles on the open road.

During that time Google has said its autonomous vehicle was only involved in one accident, which occurred when a human driver took control.

Experts predict that using such vehicles can help improve road safety and allow busy road networks to cope with greater numbers of vehicles.

Autonomous cars, fitted with radar systems, cameras and other sensors to detect their surroundings, will be able to drive closer together while those connected to central networks can be rerouted to ease congestion.

According to Dr Nick Reed, principal human factors researcher at the Transport Research Laboratory in Crowthorne, Berkshire, 95% of the 1.2m annual deaths worldwide on the road involve human error. However, he warned that integrating human drivers and autonomous vehicles on the roads at the same time could present serious challenges.

This article originally appeared on guardian.co.uk

Researcher disputes report BlackPOS used in Home Depot, Target attacks

Attackers trading malware for privilege

Hackers will use malware, among other techniques, to break into enterprise systems but once they’re in, they’re likely to switch away from malware to abusing privileged accounts, according to a report released today by CyberArk Software, Ltd., an Israel-based vendor of security solutions for privileged accounts.The report analyses the experience of some of the world’s top cybersecurity and forensics teams — Cisco’s Talos Security Intelligence and Research Group, Deloitte’s Computer and Cyber Forensics Team, Deloitte & Touche’s Cyber Risk Services, FireEye’s Mandiant, EMC’s RSA security division, and the Verizon RISK Team.”A lot of the industry equates malware to the means by which an attack is carried on,” CyberArk CEO Udi Mokady told CSO Online. “But the more computers are infected with malware, the easier it is for a victim to detect an attack.”Instead, hackers switch to using privileged accounts once they’re in a system.”When you’re able to do do that, you can come and go to the organization as you please, and set up additional users that blend in with the normal traffic,” he said.According to Mokady,  most enterprises are unaware of how many privileged accounts they actually have.”Companies typically have three to four times as many privileged accounts as employees,” he said. In fact, compromised privileged accounts are at the heart of 80 to 100 percent of the attacks that cybersecurity teams investigate, he said.”This also explains why attacks are so hard to discover and stop,” he added. “An attacker with access to a privileged account can lie there undetected for 200 days or more.”For example, according to the report, privileged accounts can be used to delete log data and other evidence of illicit activity.In addition, hackers are using a wider range of privileged accounts than ever before.”Security investigators report a range of privileged account exploits, from hacking embedded devices in the Internet of Things to establishing multiple privileged identities in Microsoft Active Directory to ensure redundant points of access,” said the report.One particularly dangerous type of privileged account is the service account used for machine-to-machine communication.”Most companies expect service accounts to be used only internally, so they keep the default passwords,” said Christopher Novak, global managing principal for investigative response for the Verizon RISK Team, one of the experts who contributed to the report.“We’ve seen 25 or 30 attacks recently in which attackers used default passwords,” he added. “And because it’s presumed individuals aren’t using [these accounts], analysts dial down the sensitivity on alerts. Service accounts are out of sight, out of mind.”The report also provides some details about how far attackers will go to gain access to high-value targets.“We’ve set up fake online personas, pretending to be a PhD researching cancer therapies oran engineer developing a new laser module for a defense system,” said Peter Tran, senior director of RSA’s Worldwide Advanced Cyber Defense Practice, in the report. “And what we’re seeing is attackers have gotten really good,” he said. “They’re masquerading as recruiters and reaching out to high-value targets such as senior engineers, business managers. They use social media to start dialogs with valuable insiders, and they take time to cultivate relationships. Based on what we’ve seen, [attackers are] credible enough to fool most people into providing the entry point they need.”

The Boeing logo is seen at their headquarters in Chicago

Boeing eyes revamp of cyber business to focus on key areas

EL SEGUNDO Calif. (Reuters) – Boeing Co said this week it is reevaluating its cybersecurity business and could divest or reassign some units as it focuses more on a few critical areas, including classified work it is doing for some U.S. government agencies.

Boeing, the Pentagon’s No. 2 supplier and the world’s largest aerospace company, bought a handful of cybersecurity companies several years ago, but the market has not proven to be as promising as once expected.

Craig Cooning, who took over as head of the Boeing division that includes satellites, networks and missile defense, said Boeing was reassessing its work in the cyber arena, which he described as a highly disaggregated market.

“We’re looking at … where are the businesses that we want to go all in on, and (where) there may be other businesses that are reassigned to other parts of Boeing, or that we may not do,” Cooning told Reuters in an interview at his office in El Segundo, California, on Monday.

Cooning said it was difficult to reach sufficient scale with a number of smaller acquisitions, particularly given the large number of customers and producers that have rushed into the sector in recent years.

“There doesn’t seem to be a common core or thread that runs through it,” he said. “The critical thing is to find our niche and extrapolate and exploit it … We’re not going to do everything, soup to nuts.”

Cooning said he could not rule out divestments of certain units but provided no specific details. He said the company was pleased with the classified cyber work it was doing for some government agencies but declined to comment further.

He singled out Argon, which Boeing acquired in 2010 for $775 million in an all-cash deal, and Digital Receiver Technology (DRT), which Boeing bought in 2008, as successful parts of the company’s cyber portfolio.

One of Boeing’s strengths, he said, was protecting its own platforms and linking them, noting that Boeing operated one of the biggest virtual private networks in the world.

(Reporting by Andrea Shalal; Editing by Ken Wills)

Internet Corporation for Assigned Names and Numbers (ICANN) President and CEO Fadi Chehadé speaks on Internet governance on April 4, 2014 in Washington, DC

ICANN chief urges wide Internet control

The head of the private agency that acts as gatekeeper for the Internet called Tuesday for international discussions to ensure control of the web remains decentralised.

Fadi Chehade, president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), called for the “preservation of a decentralised, transnational and not too fragmented governance” of the Internet.

He told a Geneva conference that the Internet should remain “polycentric” but that the private and public sectors should work together.

“Only initiatives involving the private sector and governments can successfully and effectively address crucial issues like cybercrime, taxation of e-commerce, and child protection,” Chehade said.

ICANN, which is in charge of assigning domain names, is likely to break free of US oversight late next year.

Washington said in March it might not renew its contract with the Los Angeles-based agency, provided a new oversight system is in place that ensures the Internet addressing structure is reliable.

“ICANN is not and shall not be an island disconnected from other stakeholders,” Chehade said.

The agency plans to submit a proposal on oversight to the US Department of Commerce next year.

In an interview published Tuesday in Swiss daily Le Temps, Chehade said the role of the United States — one of ICANN’s 147 member countries — would remain important.

“If our DNA remains American, our openness to the world is a reality.”

US Commerce Secretary Penny Pritzker pledged at a meeting of Internet leaders in October that the United States would “protect and preserve a free, vibrant and open Internet”.

Pritzker said that while the United States might not renew its contract with ICANN, it still had a responsibility to encourage a decentralised Internet.

“The United States will not allow the global Internet to be co-opted by any person, entity, or nation seeking to substitute their parochial world view for the collective wisdom of this community,” she said.

Maassen attends a ceremony marking the 10th anniversary of the Joint Counter-Terrorism Centre in Berlin

Top German spy says Berlin under cyber attack from other states

BERLIN (Reuters) – German government and business computers are coming under increasing cyber attack every day from other states’ spy agencies, especially those of Russia and China, Germany’s domestic intelligence (BfV) chief said on Tuesday.

Addressing a cybersecurity conference in Berlin, Hans Georg Maassen said that of an estimated 3,000 daily attacks by hackers or criminals on German government systems, around five were the handiwork of intelligence services. The latter are so sophisticated that they can easily be overlooked, he added.

“We have seen that there are ever more frequent attacks by foreign intelligence agencies on the German government IT infrastructure,” he said.

These occur most frequently, Maasen said, before major international meetings such as a G20 conference, where government advisers might receive a virus email purporting to be from another country’s negotiators.

He described Berlin as the capital of “political espionage”, saying Germany’s economic, defense, foreign and arms policies were all targets for hackers, as well as major firms for their cutting-edge high technology.

Germany is Europe’s economic powerhouse, a major United States and NATO ally, and many of its manufacturers are industry leaders. Maassen said companies sometimes struggle to protect their most valuable technology and products.

Disclosures by former U.S. intelligence contractor Edward Snowden that Washington had monitored Chancellor Angela Merkel’s mobile phone and conducted mass surveillance in Germany caused public outrage last year.

Germany is acutely sensitive about surveillance because of abuses under the Stasi secret police of former East Germany as well as under the Nazis.

(Reporting by Thorsten Severin; Writing by Alexandra Hudson; Editing by Mark Heinrich)

India, Australia agree on framework for security cooperation

India, Australia agree on framework for security cooperation

Canberra: India and Australia on Tuesday agreed on a landmark framework for security cooperation across the spectrum in defence, cyber and maritime security and combating terrorism, including the threats posed by foreign fighters joining extremists groups.

For picture gallery, click here

At the summit talks between Prime Minister Narendra Modi, the first Indian prime minister to visit Australia in 28 years, and his counterpart Tony Abbott, the two countries also decided to conclude a long-pending Free Trade pact by the end of next year and an “early closure” of the civilian nuclear deal that will facilitate uranium imports to India.

Significantly, Modi made a reference to the need for expanding security cooperation and deepening international partnerships in the region in his speech to a joint session of Australian Parliament after the talks.

 “But, what we do need is to work together and with others to create environment and culture that promotes the currency of co-existence and cooperation; in which all nations, small and big, abide by international law and norms, even when they have bitter disputes.

 “We should collaborate more on maintaining maritime security. We should work together on the seas and collaborate in international forums.And, we should work for a universal respect for international law and global norms,” Modi said in comments interpreted as a veiled reference to China.

 Both India and Australia have reservations over China’s growing military assertions in maritime disputes with its neighbours.

The framework cooperation also came as Chinese President Xi Jinping left here for Tasmania, an island in southern Australia, where he was joined by Abbott.

In a joint statement issued at the end of Modi’s visit, the two countries committed themselves to working together to combat terrorism and transnational crimes.

 The two Prime Ministers agreed that the existing Joint Working Group on Counter-Terrorism would be renamed to cover other transnational crimes, including on-going cooperation on illegal migration.

They noted the conclusion of a new Framework for Security Cooperation to guide closer bilateral collaboration across the security spectrum, including in defence, counter-terrorism, cyber policy, disarmament and non-proliferation and maritime security.

The framework demonstrates the unshakeable resolve of the two countries in combating and defeating terrorism, including the threat posed by foreign fighters joining extremist groups.

Noting that terrorism has become a major threat for all, Modi suggested a comprehensive global strategy and a resolve to isolate “those who harbour terrorists”.

After the summit talks at the Prime Minister’s office, just two months after Abbott’s maiden visit to India, the two countries signed five agreements on social security, transfer of sentenced prisoners, combating narcotics trade, tourism, and Arts and Culture.

“This is a natural partnership, arising from our shared values and interests, and our strategic maritime locations,”

Modi said at a joint press conference with Abbott. “Security and defence are important and growing areas of the new India-Australia partnership – for advancing regional peace and stability, and combating terrorism and trans-national crimes,” he said.

The security framework, finalised hours before the talks, lays out an extensive “action plan” including annual prime ministerial summits and maritime military exercises, besides cooperation in counter-terrorism, border control and close consultations on regional and international institutions.

 Modi said the two sides also “agreed on seeking early closure on the civil nuclear agreement, which will give Australia a chance to participate in one of the most secure and safe nuclear energy programme in the world.”

India is open for business and keen to forge stronger business relations with resource-rich Australia, Prime Minister Narendra Modi said on Tuesday and invited Australian business leaders to cooperate in developing green technology, LNG, gas and tourism sectors.

 Modi, who held a roundtable with top Australian CEOs here, discussed prospects for bilateral cooperation specially in the field of education, services, energy, banking and information technology and tourism.

 Modi, during the hour-long roundtable hosted by Victoria’s Governor Alex Chernov at Government house, said India was open for business and was also keen to forge stronger business relations with Australia.

 Noting that the new government has identified several areas of cooperation, Modi said there was a huge potential for developing educational ties especially at school level.

“Victoria has taken a good initiative of tying up with India. We have Youth. I would like to focus on two main area – one is research and the other is education,” Modi said.

 As Victoria was leading in the field of research, a collaboration in that area could be looked at, he said.

 “We just launched our ‘Make in India’ initiative and this presents opportunities in our country,” he said, adding that issues of concerns for those keen to invest in India would be looked at in the next budget.

He invited Australian businessmen to collaborate with India in the field of green technology, LNG, gas and tourism sector.

 Modi said that the government was keen to build cruise tourism.

 “We discussed various issues, but the area which I would like to focus is tourism sector where I find several opportunities and possibilities,” Modi said adding Monday’s announcement about visa on arrival facility for Australian tourists would also benefit business community too.

“I extend an invitation to look at this sector too,” Modi said, noting that India’s long coastline provides huge opportunities for developing the cruise sector.

© Muscat Press and Publishing House SAOC 2014 Provided by SyndiGate Media Inc. (Syndigate.info).