Colin Packham, Manolo Serapio Jr., Florence Tan, Michael Perry and Joseph Radford( Reuters - August 25, 2014 )
(Reuters) - CME Group delayed the start of trade on its electronic platform by four hours on Monday due to technical problems, the latest glitch to hit the world’s largest futures market operator. But traders in Asia said the delay would have only a limited impact, with volumes likely thin on Monday morning in the absence of major market-moving news over the weekend. The start of trade in all contracts on the Globex Markets platform, apart from Bursa Malaysia derivatives, was halted because of an unspecified technical glitch, the top U.S. exchange operator said on its website. Trade eventually began at 2200 EST, but a spokesman for CME in Singapore declined further comment. Among contracts traded on CME include the benchmarks for U.S. crude and agricultural markets such as wheat, corn and soybeans. U.S. gold and silver futures are also traded on the system.

Lucian Constantin( PCWorld - August 25, 2014 )
Cybercriminals are using a new information-stealing malware program to target companies from the automobile industry in Europe, security researchers warned. The attack campaign started in early August and primarily targeted rental, insurance, transport and secondary market businesses for commercial and agricultural vehicles, according to a new report by researchers from antivirus vendor Symantec. The attackers distributed their malware program through spear-phishing emails claiming to originate from a company called Technik Automobile that was seeking to acquire used and pre-owned vehicles. The emails contained an attachment called TechnikAutomobileGMBH.pdf.zip that was supposedly a list of vehicles, but in fact contained an installer for a Trojan program called Carbon Grabber.

68 percent of top free Android apps vulnerable to cyberattack, researchers claim

Charlie Osborne( ZDNet - August 22, 2014 )
The majority of Android’s most popular apps are susceptible to SSL vulnerabilities, according to new research. Google’s Android operating system is an open-source, free framework which appeals to developers due to this unrestrictive nature. However, with such an open and free system, there is always the potential for abuse, a lack of patching and security consistency, and a wealth of Android-based operating systems and apps which many contain different vulnerabilities that can be exploited. After analyzing the 1,000 most-downloaded free Android applications in the Google Play store, the FireEye Mobile Security Team found that a significant por on of them are susceptible to Man-In-The-Middle (MITM) attacks. According to a blog post published Thursday, the researchers found that as of July 17, 2014, 674 out of 1,000 contained at least one of three SSL vulnerabilities studied. In other words, 68 percent of the most popular apps could become a pathway for cybercriminals to lift s
ensitive data. Man-In-The-Middle (MITM) attacks occur when an attacker is able to intercept data exchanged between a device and a remote server. Once intercepted, data can be lifted freely

How to hack Gmail 92 percent of the time

Charlie Osborne( ZDNet - August 22, 2014 )
US researchers have discovered a flaw which may exist across Android, Windows, and iOS operating systems, and could allow popular services such as Gmail to become compromised. Security experts from the University of California Riverside Bourns College of Engineering and the University of Michigan identified a weakness believed to exist in all of the above operating systems, which could allow a cyberattacker to steal sensitive data through malicious applications. The weakness was tested through an Android smartphone, but the researchers claim the method could be used across all of the platforms

Peter Bright( ARSTechnica - August 22, 2014 )
Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers. There are several ways of attacking encryption systems. At one end of the spectrum, there are flaws and weaknesses in the algorithms themselves that make it easier than it should be to figure out the key to decrypt something. At the other end, there are flaws and weaknesses in human flesh and bones that make it easier than it should be to force someone to offer up the key to decrypt something. In the middle are a range of attacks that don’t depend on flaws on the encryption algorithms but rather in the way they’ve been implemented. Encryption systems, both software and hardware, can leak information about the keys being used in all sorts of indirect ways, such as the performance of the system’s cache, or the time taken to perform encryption and decryption operations. Attacks us
ing these indirect information leaks are known collectively as side channel attacks. This research is a side-channel attack. The metal parts of a laptop, such as the shielding around USB ports, and heatsink fins, are notionally all at a common ground level. However, this level undergoes tiny fluctuations due to the electric fields within the laptop. These variations can be measured, and this can be used to leak information about encryption keys. The measurements can be done by directly attaching a digitizer to a metal part of the laptop, but they don’t have to be this obvious. The researchers showed that they could retrieve information with connections at the far end of shielded USB, VGA, and Ethernet connections. They also used human touch: a person in contact with metal parts of the laptop can in turn be connected to a digitizer, and the voltage fluctuations can be measured. The researchers note that this works better in hot weather, due to the lower resistance of sweaty fingers.

Juha Saarinen( itNews - August 21, 2014 )
Further details are emerging on the massive data breach at US hospital operator Community Health Systems (CHS) that saw around 4.5 million patient records leaked. Security vendor TrustedSec claimed yesterday that the “Heartbleed” in the open source OpenSSL cryptographic library was to blame for the data breach. According to what TrustedSec says is a “trusted and anonymous source close to the CHS investigation”, the attackers obtained credentials from an unspecified vulnerable Juniper device on the hospital provider’s network. With the credentials, the attackers were able to log in through a virtual private network (VPN) connection, and access the CHS network and patient database. Network equipment vendor Juniper has acknowledged that several of its products are vulnerable to Heartbleed, which permits attackers to siphon off data in memory unnoticed. The company issued updates for its products three weeks’ after the Heartbleed vulnerability was disclosed. Many network devices
around the world remain unpatched to the Heartbleed vulnerability, as vendors have been slow to issue patches or customers have not applied them in a timely fashion.

David Keonig( AZFamily - August 21, 2014 )
Some customers of The UPS Store may have had their credit and debit card information exposed by a computer virus found on systems at 51 stores in 24 states. A spokeswoman for UPS says the information includes names, card numbers and postal and email addresses from about 100,000 transactions between Jan. 20 and Aug. 11. United Parcel Service Inc. said Wednesday that it was among U.S. retailers who got a Department of Homeland Security bulletin about the malware on July 31. The malware is not identified by current anti-virus software. The company is not aware of any fraud related to the attack, spokeswoman Chelsea Lee said. Atlanta-based UPS said it hired a security firm that found the virus in systems at about 1 percent of the company’s 4,470 franchised locations. At many stores, the intrusion did not begin until March or April. Lee said that the problem was fixed by Aug. 11 and the company took additional steps to protect systems at other stores. She said the affected stores
were not linked electronically, and UPS is still investigating how they were compromised.