Month: October 2015

New Outlook mailserver attack steals massive number of passwords

Dan Goodin Cloud

Researchers have uncovered advanced malware that can steal virtually all of a large organization’s e-mail passwords by infecting its Outlook Web Application (OWA) mail server over an extended period of time.

Researchers from security firm Cybereason discovered the malicious OWA module after receiving a call from an unnamed company that had more than 19,000 endpoints. The customer had witnessed several behavioral abnormalities in its network and asked Cybereason to look for signs of an infection. Within a few hours, the security firm found a suspicious DLL file loaded into the company’s OWA server. While it contained the same name as a benign DLL file, this one was unsigned and was loaded from a different directory.

The OWAAUTH.dll file contained a backdoor. Because it ran on the server, it was able to retrieve all HTTPS-protected server requests after they had been decrypted. As a result, the attackers behind this advanced persistent threat—the term given to malware campaigns that target a specific organization for months or years—were able to steal the passwords of just about anyone accessing the server.

Read 2 remaining paragraphs | Comments

Secret Trans-Pacific Partnership accord reached—will IP law change?

David Kravets Uncategorized

Eleven Pacific Rim nations and the US agreed Monday to the so-called Trans-Pacific Partnership pact—a secret trade accord backed by nations from Australia to Vietnam.

According to the Electronic Frontier Foundation, “The TPP contains a chapter on intellectual property covering copyright, trademarks, and patents. Since the draft text of the agreement has never been officially released to the public, we know from leaked documents, such as the May 2014 [PDF] draft of the TPP Intellectual Property Chapter [PDF], that US negotiators are pushing for the adoption of copyright measures far more restrictive than currently required by international treaties, including the controversial Anti-Counterfeiting Trade Agreement (ACTA) [PDF].”

Negotiating nations include the US, Japan, Australia, Peru, Malaysia, Vietnam, New Zealand, Chile, Singapore, Canada, Mexico, and Brunei Darussalam. Combined, the nations represent about 40 percent of the global economy. The secret accord took more than five years to produce and must be approved by the US Congress. In all, there are 30 chapters, and they won’t be made public for at least a month. Negotiating nations thought it would be better to bargain in secret than in public. There have been leaks, but the citizens of the countries negotiating the pact have deliberately been kept in the dark about it.

Read 4 remaining paragraphs | Comments