• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Target Breached – WSWiR Episode 89

January 3, 2014 By Corey Nachreiner

SnapChat Snaffu, Backdoored Routers, and Target Turmoil

Happy New Years, and welcome to the first episode of WatchGuard Security Week in Review for 2014!

If you are new to the show, this is a weekly video podcast dedicated to summarizing the most important Information Security (InfoSec) news, while also sharing security tips and best practices. If you are too busy to follow the always active security industry yourself, this is a great way to catch up at the end of each week.

Today’s episodes covers a number of stories from past three weeks (due to our holiday hiatus), including news of the big Target data breach, info on a SnapChat vulnerability, the latest Hactivist attack, and a story about vulnerabilities in a number of consumer DSL routers. Watch the quick YouTube clip below, and check out the Reference section for more details, and links to extra stories. 

I hope you have a prosperous and secure year!

(Episode Runtime: 10:07)

Direct YouTube Link: http://www.youtube.com/watch?v=f4rsOzekEjQ

Episode References:

  • Target Breach:
    • Target suffers PoS system breach (affects physical stores) – Krebs on Security
    • Target breach may have been insider attack – CSO Online
    • Customer pins stolen during Target breach – Computer World
  • SnapChat vulnerability allows 4.6 millions phone records to leak – Forbes
  • OpenSSL defacement doesn’t affect OpenSSL software – OpenSSL
  • Syrian Electronic Army hijacks Skype Social Networks – Network World
  • Security researcher finds backdoor in DSL routers using Sercomm – Ars Technica
    • Github containing researcher’s materials – Github

Extras:

  • DERP group DDoS many game related sites, like Steam – T3
  • New Cryptolocker copycat is pretty lame – We Live Security
  • Latest NSA hacking revelations about ANT – Wired
  • Details on old DoE breach [PDF] – Energy.gov
  • DGA changer malware makes C&C harder to take down – ThreatPost
  • GNUPG security vulnerability – Security World
  • Jack Barnaby’s death (pacemaker hacker) was due to drug overdose – The Verge
  • Trojan targets WoW gamers – Kotaku

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Hacking, Infosec news, NSA, Snowden, Software vulnerabilities

Comments

  1. Aldestrawk says

    January 4, 2014 at 10:03 pm

    I just saw this website for the first time. Nice and useful summaries and you clearly elaborated on the details. There is one correction I should mention. Gibson Security did not harvest and publicly release the 4.6 million Snapchat username/phone number pairings. They only disclosed the full details of the Snapchat API and are providing a lookup mechanism to see if a username is part of this particular set. Even though they are Australian, I have to point out that this breach is very similar to the Goatse Security AT&T email/ICCID breach from June 2010. The US government prosecuted Weev in that case, who is currently appealing conviction and sentence of 3.5 years, Whoever was responsible for this leak could find themselves prosecuted and imprisoned as well even though the crime seems to be on the part of Snapchat for totally ignoring security and privacy.

    Reply
  2. Alexander Kushnarev says

    January 9, 2014 at 1:30 am

    Please, correct me, my thoughts can be wrong. With the latest stories about stealing of huge amount of data from magnetic stripes – the technical side of the story is the most important, and unclear…
    Getting the full memory dump (track1 and 2) of a card AND a PIN value (stolen with hardware skimmer) can give a way for cyber criminal to clone, create bogus cards and use it. In any way – intercept PIN data for debit transactions are required. So – we are speaking about different implementations: hardware skimmers with chips and specially crafted firmware OR malware program (to copy, store and send card dumps) and simple “recording and storing PIN” hardware (with camera-like embedded devices). Let’s call it “skimmer complex”. Why it’s so complicated? – because the PVV/PVKI/CVV etc. values can’t be determined easily after the reverse engineering of track1 and 2 data. Don’t forget – the final goal for cyber criminals is to steal money. Besides – don’t forget about “smart chip credit cards” with encryption of data.
    With the described cases (including “Target”):
    – are cyber criminals were able to install hardware parts of “skimmer complex” on the payment terminals of big stores?
    – or hacked video surveillance systems and compromised servers provides them possibilities to record and store PINs (it’s hardly possible, I think)?
    – with the lack of technical information – how it is possible to count even approximate damage BEFORE money will be transferred from stolen cards?

    Reply
  3. Alexander Kushnarev says

    January 9, 2014 at 4:20 am

    Interesting article about DGA-based malware. Should also add one point, noticed by the security researchers: modern implementations of DGA provide the botmasters not only with ability to hide C&C servers in a big “flow” of DNS-NXDomains requests and stay invisible for blacklists, but also with the ability to activate C&C servers for a small, limited period of time. For example – C&C servers for the BankPatch and ZeuS botnets were active no more than 24 hours in a couple of weeks: sending new DGA seeds, upload stolen data, send commands to quick-update…and then C&C servers were stopped (just turned off) then for a time being.
    DGA is a very dangerous technology, and modern research methods of “DGA-mailware-traffic” includes a lot of complex statistical methods (mainly to correlate DNS-NXDomains traffic to actual malware campaigns).

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use