Tag Archives: Risk Assessment – Ars Technica

Microsoft targets Fancy Bear’s domains in trademark lawsuit

/ Leave a Comment

Enlarge (credit: Harald Deischinger)

On Friday, representatives of the notorious hacking entity known as Fancy Bear failed to appear in a federal court in Virginia to defend themselves against a civil lawsuit brought by Microsoft.

As the Daily Beast first reported on Friday, Microsoft has been waging a quiet battle in court against the threat group, believed to be affiliated with the GRU, Russia’s foreign intelligence agency. For now, the company has managed to seize control of 70 domain names, but it’s going after many more.

The idea of the lawsuit, which was filed in August 2016, is to use various federal laws including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law as a way to seize command-and-control domain names used by the group, which goes by various monikers including APT28 and Strontium. Many of the domain names used by Fancy Bear contain Microsoft trademarks, like microsoftinfo365.com among hundreds of others.

Read 5 remaining paragraphs | Comments

http://ift.tt/2gQm3ej Source: https://arstechnica.com

Google drops the boom on WoSign, StartCom certs for good

/ Leave a Comment


reader comments
13

Last August, after being alerted by GitHub’s security team that the certificate authority WoSign had errantly issued a certificate for a GitHub domain to someone other than GitHub, Google began an investigation in collaboration with the Mozilla Foundation and a group of security professionals into the company’s certificate issuance practices. The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating “Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome.”

WoSign (based in Shenzen, China) and StartCom (based in Eliat, Israel) are among the few low-cost certificate providers who’ve offered wildcard certificates. StartCom’s StartSSL offers free Class 1 certificates, and $60-per-year wildcard certificates—allowing the use of a single certificate on multiple subdomains with a single confirmation. This made the service wildly popular. But bugs in WoSign’s software allowed a number of misregistrations of certificates. One bug allowed someone with control of a subdomain to claim control of the whole root domain for certificates. The investigation also found that WoSign was backdating the SSL certificates it issued to get around the deadline set for certificate authorities to stop issuing SHA-1 SSL certificates by January 1, 2016. WoSign continued to issue the less secure SHA-1 SSL certificates well into 2016.

Initially, Google only revoked trust for certificates issued after October 21, 2016. But over the past six months, Google has walked that revocation back further, only whitelisting certificates for domains from a list based on Alexa’s top one million sites. But today, Google announced that it would phase out trust for all WoSign and StartCom certificates with the release of Chrome 61. That release, about to be released for beta testing, will be fully released in September.

Mozilla has not yet announced a termination for support of older WoSign and StartCom certificates. However, as most of the certificates issued by the companies have a one-year expiration, many of the whitelisted certificates have already begun to expire.

http://ift.tt/2uExhIj Source: https://arstechnica.com

FCC has no documentation of DDoS attack that hit net neutrality comments

/ Leave a Comment

Enlarge / John Oliver takes on FCC Chairman Ajit Pai in net neutrality segment. (credit: HBO Last Week Tonight)

The Federal Communications Commission says it has no written analysis of DDoS attacks that hit the commission’s net neutrality comment system in May.

In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks "stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation." Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no "written documentation," the FCC provided no documents in response to this portion of the Gizmodo FoIA request.

The FCC also declined to release 209 pages of records, citing several exemptions to the FoIA law. For example, publication of documents related to "staffing decisions made by Commission supervisors, draft talking points, staff summaries of congressional letters, and policy suggestions from staff" could "harm the Commission’s deliberative processes," the FCC said. "Release of this information would chill deliberations within the Commission and impede the candid exchange of ideas."

Read 13 remaining paragraphs | Comments

http://ift.tt/2tiNeAc Source: https://arstechnica.com

Russian man who helped create notorious malware sentenced to 5 years

/ Leave a Comment

Mark Vartanyan, seen here in 2014. (credit: Mark Vartanyan / Instagram)

A Russian man who helped create and spread the notorious Citadel malware back in 2011 was sentenced Wednesday to five years in prison by a federal judge in Atlanta.

According to the Associated Press, Mark Vartanyan will receive two years’ credit for time already served in Norway, where he had been living previously. He was extradited to the United States in December 2016 and was arraigned and pleaded guilty to hacking charges in March 2017. Vartanyan had apparently been helping prosecutors with their investigation "from the start."

In September 2015, another Russian man, Dimitry Belorossov, was sentenced to 4.5 years on similar charges. In 2014, Ars reported how the malware was being used to target password managers and financial data.

Read 1 remaining paragraphs | Comments

http://ift.tt/2vjwie5 Source: https://arstechnica.com

Campaign managers for Clinton, Romney team up to fight foreign hackers

/ Leave a Comment

Enlarge / Eric Rosenbach, who served as the chief of staff to the secretary of defense from 2015 until 2017, seen here in 2014. (credit: Center for Strategic & International Studies)

A new group at Harvard University staffed by the former campaign managers of the Hillary Clinton and Mitt Romney campaigns, along with other top security experts, have banded together to help mitigate various types of online attacks that threaten American democracy.

The initiative, dubbed "Defending Digital Democracy," will be run by former chief of staff for the secretary of defense, Eric Rosenbach.

"Americans across the political spectrum agree that political contests should be decided by the power of ideas, not the skill of foreign hackers," Rosenbach said in a Tuesday statement. "Cyber deterrence starts with strong cyber defense—and this project brings together key partners in politics, national security, and technology to generate innovative ideas to safeguard our key democratic institutions."

Read 3 remaining paragraphs | Comments

http://ift.tt/2u4VYeu Source: https://arstechnica.com

Samba puts out new security update to address exploit that fueled WannaCry

/ Leave a Comment

Enlarge (credit: kelly sweeney)

On Wednesday, the Samba Team released new security updates to fix a vulnerability in "all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos," according to an announcement from the United States-Computer Emergency Readiness Team (US-CERT).

The upgrade comes in response to an invasive piece of malware which virally spread ransomware known as "WannaCry," "WCry," or "WannaCrypt." As Ars reported in May 2017, within hours of the attack, computer systems around the world were crippled, prompting hospitals to turn away patients while telecoms, banks, and companies such as FedEx were forced to turn off computers for the weekend.

Because of WannaCry, Microsoft took the rare step of issuing patches for three discontinued versions of Windows that hadn’t been updated in years. In a blog post released at the time, Microsoft believed that the ransomware worked due to a Samba exploit.

Read 1 remaining paragraphs | Comments

http://ift.tt/2tiZNKT Source: https://arstechnica.com

Miscreants have been pillaging credit cards from Trump Hotels’ booking system

/ Leave a Comment

Enlarge / Trump Chicago was one of the hotels targeted. (credit: Don Sniegowski)

If you stayed at one of 14 Trump hotel properties between July 2016 and March 2017, there’s a chance your credit card data and other personal information may have been pilfered. (We have posted the full list of new hacks here.)

According to a Tuesday statement posted on the Trump Hotels website, a booking service called Sabre notified the Trump Organization that "an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations…"

In short, they got hacked.

Read 3 remaining paragraphs | Comments

http://ift.tt/2tJjkaT Source: https://arstechnica.com