BGFJ0R (CYBER ATTACK) ...item 2.. Watching the crooks: Researcher monitors cyber-espionage ring (July 25, 2012 2:00 PM PDT) ...item 3.. Hackers swipe data from former Bright Futures recipients (11:01 PM, Oct. 24, 2012) ...

    Newer Older

    A computer security breach at Northwest Florida State College (NWFSC) has the Department of Education and the Division of Florida Colleges racing to keep affected students informed about the state of their personal information.
    .

    ........***** All images are copyrighted by their respective authors ........
    .

    ... message header for CNET News

    The growing menace from these "Advanced Persistent Threats" is detailed in a report unveiled today called "Chasing APT." In an interview at the Black Hat security conference here, Joe Stewart, director of malware research at Dell Secureworks Counter Threat Unit, said that over the last 18 months he's been monitoring attacks designed to steal data from organizations around the world.

    Two primary groups, in Shanghai and Beijing, appear to be behind the attack operations, he said.
    .

    ... message header for photo above

    BGFJ0R The words Cyber Attack revealed in computer machine code through a magnifying glass in highkey
    .

    ...................................................................... ...................................................................... ................................................
    .
    .....item 1).... Mail Online ... www.dailymail.co.uk/sciencetech ...

    Threat from new virus-infected emails which take over your PC even if you DON'T open their attachments
    .
    ...............................................

    img code photo ... CYBER ATTACK

    i.dailymail.co.uk/i/pix/2012/02/01/article-2094982-118D86...

    Cyber attack: The new attack can infect PCs even if people DON'T open email attachments - leaving even savvy web users vulnerable to attack

    ...............................................
    .
    .

    By ROB COLE
    Last updated at 7:46 AM on 2nd February 2012

    www.dailymail.co.uk/sciencetech/article-2094982/Threat-ne...

    A new class of cyber attack is threatening PCs - emails which infect PCs without the user having to open an attachment.

    The user will not even be warned this is happening - the only message that appears is 'loading'.
    The email automatically downloads malicious software into your computer from elsewhere the moment a user clicks to open it.

    The mails themselves are not infected - and thus will not 'set off' many web-security defence packages.
    Security experts say that the development is 'particularly dangerous'.

    'This sort of spam also affects cautious users which would never open an unknown attachment or link,' say security experts Eleven Research Team.

    Previous generations of email-borne viruses and trojans required users to click on an attachment - often an office document such as a PDF.

    The new emails - dubbed 'drive-by emails' - have been detected 'in the wild' by computer researchers Eleven Research Team.

    This driveby spam automatically downloads malware when the e-mail is opened in the e-mail client,' says Eleven Research Team.

    'Previous malware e-mails required the user to click on a link or open an attachment for the PC to be infected.'

    More...

    .....Sony CEO Sir Howard Stringer steps down as company braces for fourth year of net losses

    .....Mind-boggling! Science creates computer that can decode your thoughts and put them into words

    The new generation of e-mail-borne malware consists of HTML e-mails which automatically downloads malware when the e-mail is opened.'

    'This is similar to so-called driveby downloads which infect a PC by opening an infected website in the browser.'
    .
    ...........................................................

    img code photo ... malicious software

    i.dailymail.co.uk/i/pix/2012/02/01/article-2094982-118CF4...

    The new attack loads malicious software from remote websites into your PC as soon as you open an email

    ...........................................................
    .
    .

    The current wave of emails arrive with the title 'Banking Security Update.'

    To stay safe, the security company advises switching all security settings in email software to maximum, and updating your browser to the latest version so it's protected against malicious software.

    Share this article
    .
    .
    ...................................................................... ...................................................................... ..................................................
    .
    .....item 2).... CNET News ... news.cnet.com ... CNET News Security & Privacy ...

    Watching the crooks: Researcher monitors cyber-espionage ring

    Good guys are keeping an eye on large espionage and botnet campaigns that are stealing corporate secrets from government and private industry and money from peoples' bank accounts.

    by Elinor Mills
    July 25, 2012 2:00 PM PDT

    news.cnet.com/8301-1009_3-57479682-83/watching-the-crooks...

    LAS VEGAS -- Researchers have uncovered a huge amount of malware and registered domains being used by criminals linked to China who are conducting cyber-espionage on a wide range of government, industry, and human rights activists.

    The growing menace from these "Advanced Persistent Threats" is detailed in a report unveiled today called "Chasing APT." In an interview at the Black Hat security conference here, Joe Stewart, director of malware research at Dell Secureworks Counter Threat Unit, said that over the last 18 months he's been monitoring attacks designed to steal data from organizations around the world. Two primary groups, in Shanghai and Beijing, appear to be behind the attack operations, he said.

    The groups were using more than 200 unique families of custom malware. They were also using more than 1,100 domain names registered solely to serve as command-and-control servers or to send spear phishing messages targeting specific workers within a company to entice them to open a malicious e-mail attachment or Web link. No one is safe with carefully crafted and targeted messages, Stewart said.
    "You have to to have that kind of paranoia to know anything you get that is unsolicited is suspicious," he said. Companies should consider opening any unsolicited attachments and links, even from people who are known and trusted, in a virtual machine or a sanitized workstation in which an infection can be isolated.
    .
    ................................

    img code photo ... malware

    asset2.cbsistatic.com/cnwk.1d/i/tim/2012/07/25/Screen_sho...

    This graph shows the confirmed espionage malware samples researcher Joe Stewart has been monitoring. The blue dots are malware, the yellow dots are Domain Name System names, and the purple dots are subdomains. Click the image to see a larger version.
    (Credit: SecureWorks)

    ................................
    .
    ................................

    img code photo ... malware

    asset3.cbsistatic.com/cnwk.1d/i/tim/2012/07/25/Screen_sho...

    This is a small section of the graph up close. Click the image to see a larger version.
    (Credit: SecureWorks)

    ................................
    .

    Targets include Japanese government ministries, universities, municipal governments, trade organizations, news media, think tanks and manufacturers of industrial equipment. "Now it's not just a limited set of targets," Stewart said. "It's anybody who has a competitor."

    Stewart also found a private security organization in Asia, but not in China, that's conducting a powerful cyber-espionage operation against another country's military, while also offering security services and so-called "ethical hacking courses" as part of its legitimate business. He wouldn't name the company.

    Attackers are using a tool called HTran to disguise the location of their command-and-control servers and a new piece of malware called "Elirks" that uses a microblogging service called Plurk as a first-stage command-and-control server.

    Related stories

    ...Global cyber-espionage operation uncovered
    ...China linked to new breaches tied to RSA
    ...Report details successful China-based cyber-espionage

    Meanwhile, another SecureWorks researcher has done a deep dive into the Zeus Gameover malware campaign and found 678,205 infections -- including in 14 of the 20 Top Fortune 500 firms -- making it one of the largest financial botnets around. The operation, believed to be based in Russia, uses the Cutwail spam botnet to send out spam to trick people into clicking malicious links and to recruit money mules in the U.S. and Europe, according to a report on the malware.

    Once a computer is infected, the malware enlists an arsenal of tools to stay in stealth mode and get as much financial data from the victim as possible, said Brett Stone-Gross of the Dell SecureWorks Counter Threat Unit. It uses Web Injects when it detects a victim visiting particular e-commerce sites to display a pop up window via the browser that prompts for sensitive information such as social security number and credit card number.

    It also uses infected machines to launch Distributed Denial-of-Service attacks against financial sites after money has been pilfered from bank accounts so that victims can't reach the site to see if their account is OK. Its peer-to-peer infrastructure makes it impossible to shut down because there is no central command-and-control server running it.

    Topics:Vulnerabilities and attacks Tags:cyberwarfare, botnets, hacking, cyber-espionage, security, malware Elinor Mills

    Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.
    .
    .
    ...................................................................... ...................................................................... ..............................................
    .
    .....item 3).... FSU News ... www.fsunews.com ...

    Hackers swipe data from former Bright Futures recipients
    Computer security breach at NWFSC compromises 200,000 students' personal information

    11:01 PM, Oct. 24, 2012 |

    Written by
    Jordan Obi
    Contributing Writer

    FILED UNDER
    FSU News
    FSU News Campus

    www.fsunews.com/article/20121025/FSVIEW1/121024034/Hacker...|newswell|text|frontpage|s

    A computer security breach at Northwest Florida State College (NWFSC) has the Department of Education and the Division of Florida Colleges racing to keep affected students informed about the state of their personal information.

    It is still unknown and it had not been announced whether or not former Florida State University students were affected by this security breach.

    Florida State University Technology Services representatives told the FSView they were unable to speak to reporters about the security breach as it relates to FSU students.

    Northwest Florida State College is still in the process of investigation.

    “We want to be sure that we fully understand the situation and provide accurate information to those impacted,” said Florida College System Chancellor Randy Hanna in a statement. “While some of the contact information is dated, we will be trying to reach every student whose records may have been captured.”

    Florida State students, however, remain weary of internet privacy in wake of the breach.

    “It’s definitely very scary,” said Florida State University student Robin Harvey. “We live in a world were hackers can easily crack into our computers and collect our personal information, and that’s worrisome.”

    According to NWFSC’s website, an internal review conducted earlier this month by the University revealed a breach in the their computer system that occurred sometime between May 21, 2012 and Sept. 24, 2012.

    The college reported that over 3,000 of their current, past, and retired employees had their personal and financial information stolen. Nearly 76,000 Northwest Florida State College current and former students’ personal information was also compromised.

    “We speculate this was a professional, coordinated attack by one or more hackers,” said Northwest Florida State College President Ty Handy in a memo that, according to an article by Gary Fineout of Associated Press, went out to employees of the university on Monday.

    Students and faculty with ties to the University weren’t the only one’s affected, however. On a more widespread level, the Department of Education reported that hackers may have also swiped the personal records of approximately 200,000 Florida students that were eligible for the Bright Futures scholarships for the 2005-06 and 2006-07 school years. The personal data stolen could have included information about a students gender, birthday, social security number and ethnicity.

    According to an article by Tallahassee Democrat writer Travis Pillow, the Florida Department of Education has been trying to track down all 200,000 students, sending out a mass email last week from the state’s Office of Student Financial Aid.

    In the email, the NWFSC was said to be “working closely with local, state and federal agencies to determine the extent of the breach.”

    As a graduate of the University of Florida and one of the 200,000 affected former students, Pillow said he had received the email early saturday morning.

    “I never applied to Northwest Florida College, I never attended the university, and I’ve never even been there–I’m a graduate of the University of Florida,” said Pillow. “But through the colleges’ systems [hackers] accessed the identities of everyone within the pool of bright futures scholars during those two years, not just students at Northwest Florida College.”

    According to the email, all postsecondary institutions in the state of Florida receive this private eligibility information every year to “ensure funding is available for students regardless of the institution of enrollment,” which would explain why students at other universities were affected.

    “As the Department suggested to in their email, I placed a fraud alert on my own accounts,” said Pillow. “The most important thing right now is to check credit reports and monitor potential uses of your account.”
    .
    .
    ...................................................................... ...................................................................... ..................................................
    .
    .

    Anne994, marcomancosu, and AshleySuth added this photo to their favorites.

    keyboard shortcuts: previous photo next photo L view in light box F favorite < scroll film strip left > scroll film strip right ? show all shortcuts