Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
Facebook Releases New Certificate Transparency Tools
http://www.securityweek.com/facebook-releases-new-certificate-transparency-tools
Following the release of the Certificate Transparency Monitoring utility in December 2016, Facebook has decided to release new tools for developers using the Certificate Transparency framework.
Last year’s tool was designed to provide access to data collected through Facebook’s own service monitoring the issuance of TLS certificates. It leverages Google’s Certificate Transparency (CT) framework, which can detect mis-issued TLS certificates and stop attempts to leverage them to intercept HTTPS traffic.
The tool allows developers to search for certificates and receive alerts when a new certificate is issued for their domains. The tool ensures that newly issued certificates that have been logged to Certificate Transparency Logs (CT logs) aren’t mis-used to perform man-in-the-middle attacks.
Tomi Engdahl says:
Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
Tomi Engdahl says:
No hack needed: Anonymisation beaten with a dash of SQL
Melbourne researchers warn government: don’t publish data down to the individual, ever
https://www.theregister.co.uk/2017/12/18/no_hack_needed_anonymisation_beaten_with_a_dash_of_sql/
Governments should not release anonymised data that refers to individuals, because re-identification is inevitable.
That’s the conclusion from Melbourne University’s Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague, who have shown that the Medicare data the government briefly published last year can be re-identified – trivially.
The researchers demonstrated last year that the (hopefully deprecated) formula the government used to derive “anonymous” identifiers for personal data was easily reversible.
The paper, here [PDF], examines the same data set that brought the wrath of sysadmin-in-chief George Brandis, who proposed legislation (not yet passed) to criminalise unauthorised research into re-identification.
The researchers explained that there are simply too many easily-available facts for a data release to properly protect individuals’ data.
HEALTH DATA IN AN OPEN WORLD
A REPORT ON RE-IDENTIFYING PATIENTS IN THE MBS/PBS DATASET AND THE IMPLICATIONS FOR FUTURE RELEASES OF AUSTRALIAN GOVERNMENT DATA
https://regmedia.co.uk/2017/12/17/report_on_deidentification.pdf
Tomi Engdahl says:
Stan Higgins / CoinDesk:
A man in New York allegedly stole $1.8M worth of ether cryptocurrency, kidnapping victim, forcing him to give up his digital wallet, then transferring the funds
Man Stole $1.8 Million in Ether After Armed Robbery, Prosecutors Say
https://www.coindesk.com/man-stole-1-8-million-ether-armed-robbery-prosecutors-say/
Prosecutors allege that Meza met with the victim, knowing they possessed the ether holdings and arranged to a car service for them after that meeting. According to the indictment, an as-yet-named individual connected to the crime was hiding in the vehicle, at which point they “demanded that the victim turn over his cell phone, wallet, and keys while holding the victim at gunpoint.”
From there, Meza allegedly went to the victim’s apartment where they stole the ethers, according to the DA’s office.
“We can expect this type of crime to become increasingly common as cryptocurrency values surge upward,” said Vance.
Tomi Engdahl says:
In Your Face: China’s all-seeing state
http://www.bbc.com/news/av/world-asia-china-42248056/in-your-face-china-s-all-seeing-state
China has been building what it calls “the world’s biggest camera surveillance network”. Across the country, 170 million CCTV cameras are already in place and an estimated 400 million new ones will be installed in the next three years.
Many of the cameras are fitted with artificial intelligence, including facial recognition technology. The BBC’s John Sudworth has been given rare access to one of the new hi-tech police control rooms.
Tomi Engdahl says:
WhatsApp ordered to stop sharing user data with Facebook
https://www.theverge.com/2017/12/18/16792448/whatsapp-facebook-data-sharing-no-user-consent
France’s ultra-strict privacy watchdog CNIL has ordered WhatsApp to stop sharing user data with parent company Facebook. The app has a month to comply with the order, according to a public notice posted to the French website.
The query began after WhatsApp added to its terms of service last year that it shares data with Facebook to develop targeted advertising, security measures, and to gather business intelligence.
Upon investigating these claims, the CNIL ruled that while WhatsApp’s intention of improving security measures was valid, the app’s business intelligence reason wasn’t as acceptable. After all, WhatsApp never told its users it was collecting data for business intelligence and there’s no way to opt out without uninstalling the app. That violates “the fundamental freedoms of users,” said the CNIL.
Tomi Engdahl says:
Russia meddled on Twitter after UK terror attacks, study says
http://www.bbc.com/news/technology-42393540
Suspected Russia-linked Twitter accounts were used to “extend the impact and harm” of four 2017 terrorist attacks in the UK, a study says.
Cardiff University researchers have found hundreds of related messages in 47 accounts previously tied to Russia.
Some posts were anti-Muslim in nature, while others were critical of those who held such views, they report.
Moscow has not commented but has denied past claims it sought to meddle in Western democracies via social media.
Even so, one influential MP has condemned the activity.
“It is wrong that any organisation should spread disinformation following a terrorist attack, with the purpose of spreading hatred and making worse an already desperate and confusing situation,” Damian Collins, chair of the digital, culture, media and sport select committee, told the BBC.
“The methods of organisations such as the Russian-backed Internet Research Agency are becoming increasingly clear. Through our inquiry into fake news, I am determined that they should be exposed.”
The researchers then determined that after:
March’s attack at Westminster Bridge, 35 relevant original messages had been posted by the accounts
May’s pop concert attack in Manchester, 293 messages had been posted
June’s London Bridge attack, 140 messages had been posted
June’s Finsbury Park attack, seven messages had been posted
This tally of 475 messages were reposted more than 153,000 times in total by others, the researchers determined.
Examples included: “Another day, another Muslim terrorist attack. Retweet if you think that Islam needs to be banned!”
“The evidence suggests a systematic strategic political communications campaign being directed at the UK designed to amplify the public harms of terrorist attacks,” concluded the authors.
Tomi Engdahl says:
Online sexual coercion and extortion is a crime
Public awareness and prevention
https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/online-sexual-coercion-and-extortion-crime
Online sexual coercion and extortion as a form of crime affecting children: law enforcement perspective
https://www.europol.europa.eu/publications-documents/online-sexual-coercion-and-extortion-form-of-crime-affecting-children-law-enforcement-perspective
Tomi Engdahl says:
Finnish girl kills herself after being sexually assaulted in Switzerland – cases exploded
A Finnish girl killed himself after having been subjected to sexual assault and exploitation on the Internet.
This case was confirmed by the investigative director of the South East Finland Police Commissioner Arto Hietanen . He does not comment on the details of the case, the age of the victim, or more precisely because the prosecutor has ordered the investigation to be secret. This is the way to sexual offenses against children.
The case is reportedly the first in Finland after the victim has committed suicide. Foreigners are known.
According to a report released by Europol in the summer, criminals choose their children at the age of 7 years. The report states that the motive for crimes varies slightly depending on whether the victims are boys or girls. The majority of girls (84% of girl-related cases) are being tightened to provide more sexual material
Instead, boys (32% of cases) were forced to pay more for criminals money (girls 2% of cases)
Stimulating money in this way is a fairly new phenomenon as well
The consequences of Sextortion crimes have also been tragically tragic elsewhere: over the past few years, victims have been reported to have even committed suicide.
Instructions from Europol
If someone threatens to share your sexual images or videos, follow these steps:
1) Do not share more material, do not pay anything
2) Find help, you are not alone
3) Save the evidence, do not remove anything
4) Quit the conversation, prevent the extortion
5) Report to the police for an offense
Source: http://www.iltalehti.fi/kotimaa/201712192200614938_u0.shtml
Tomi Engdahl says:
“Zealot” Apache Struts Attacks Abuses NSA Exploits
http://www.securityweek.com/zealot-apache-struts-attacks-abuses-nsa-exploits
A sophisticated multi-staged Apache Struts cyber attack campaign is abusing NSA-linked exploits to target internal networks, researchers from F5 Networks have discovered.
Dubbed Zealot, the highly obfuscated attack uses the EternalBlue and EternalSynergy exploits to target Windows and Linux systems. The newly uncovered campaign employs a PowerShell agent to compromise Windows systems and a Python agent to target Linux/OS X. The scripts appear based on the EmpireProject post-exploitation framework, F5 says.
The attack is targeting servers vulnerable to CVE-2017-5638 (Apache Struts Jakarta Multipart Parser attack) and CVE-2017-9822 (a flaw in the DotNetNuke (DNN) content management system). The main purpose of the campaign is to mine for the Monero cryptocurrency.
“The Zealot campaign aggressively targets both Windows and Linux systems, with the DNN and Struts exploits together. When looking more closely at the unusually high obfuscated payload, we discovered a much more sophisticated multi-staged attack, with lateral movement capabilities, leveraging the leaked NSA-attributed EternalBlue and EternalSynergy exploits,” the researchers reveal.
The attack starts with two HTTP requests, one of which is the notorious Apache Struts exploit via the Content-Type header. Java code is executed to determine the underlying OS on the targeted system.
On Linux, shell commands are executed in the background to download and execute a spearhead bash script that checks whether the machine is already infected and then fetches and runs a crypto-miner file named “mule”.
The Python code checks whether a firewall solution is running and fetches more code from the command and control (C&C) server. The received response is encrypted so that it cannot be detected by typical network inspection devices.
On Windows systems, the Struts payload runs a PowerShell interpreter in a hidden mode, which in turn executes a base64-encoded script pointing to a file on a different domain.
The security researchers also determined that the Zealot attackers used the public EmpireProject, a PowerShell and Python post-exploitation agent.
The second HTTP request observed in this campaign is attempting to exploit the ASP.NET-based content management system DotNetNuke by sending a serialized object via a vulnerable DNNPersonalization cookie. T
Tomi Engdahl says:
Kremlin’s New Cyber Weapons Spark Fears and Fantasies
http://www.securityweek.com/kremlins-new-cyber-weapons-spark-fears-and-fantasies
From Donald Trump’s election to Brexit and the Catalan crisis, accusations that the Kremlin is meddling in Western domestic affairs have heightened fears over Russian hackers, trolls and state-controlled media.
While the first accusations against Moscow came following a 2016 hack attack on the US Democratic Party’s servers, they rapidly multiplied after Trump’s election, revealing a whole range of tools used by the Kremlin to serve its interests.
Fears initially centred on mysterious Russian hackers who supposedly worked for Moscow’s security services as part of a cyber war but then shifted to a flood of online articles and social media posts aiming to explain Moscow’s position and play up the failings of Western democracies.
In the latest episode of the saga that is dominating Trump’s presidency, Russian state television channel RT, accused of broadcasting Kremlin propaganda abroad, complied with Washington demands in November to register as a “foreign agent” in the US.
A few weeks earlier, social media giant Twitter announced it would stop distributing content sponsored by RT and linked news agency Sputnik while Facebook and Google promised to do more to fight Moscow’s “disinformation”.
Panic has spread across the Western world: Madrid is worried about Russian-controlled “manipulation” of the Catalan crisis, while British analysts see signs of Russian influence in the Brexit vote and concerns are growing in Germany and France over possible interference in various polls.
- ‘Information war’ -
The Kremlin, meanwhile, has dismissed the accusations as “hysterical” and “Russophobic,” insisting there is no hard evidence for any of the charges.
- Limited means -
But Mark Galeotti, a security expert and researcher at the Institute of International Relations in Prague, wrote in Tablet magazine in June that the Kremlin’s operation in 2016 “was about weakening Washington, not deciding who would sit in the White House” and aimed to “undermine the legitimacy of the American government, its capacity to act”.
Despite these efforts, Moscow’s ability to influence Western public opinion remains limited.
Russia spent $50,000 on Facebook ads during the US election campaign compared to the whopping $81 million that Trump and Hillary Clinton spent on their campaigns.
Tomi Engdahl says:
Finland puts a net vote on ice – security issues
The government does not intend to promote the adoption of online voting in Finland contrary to its earlier plans. Minister of Justice Antti Häkkänen has today received a report from the working group on online voting, which stated that there are significant risks for online voting.
For example, the security company F-Secure, which received its critical report in June, has been risk-aversed by a task force.
“Electoral security issues have recently become increasingly important. There have been several examples of how companies are affected by elections, and even on information holes, “Häkkänen says in a press release.
According to a team report, potential risks of online voting are extensive manipulation of the election results, disturbance of the elections with denial of service and breaking of the electoral election.
Source: https://www.tivi.fi/Kaikki_uutiset/jarki-voitti-suomi-panee-nettiaanestyksen-jaihin-turvallisuusongelmia-6693065
Tomi Engdahl says:
Announcing the New AWS Secret Region
https://aws.amazon.com/blogs/publicsector/announcing-the-new-aws-secret-region/
We are pleased to announce the new AWS Secret Region. The AWS Secret Region can operate workloads up to the Secret U.S. security classification level. The AWS Secret Region is readily available to the U.S. Intelligence Community (IC) through the IC’s Commercial Cloud Services (C2S) contract with AWS. The AWS Secret Region also will be available to non-IC U.S. Government customers with appropriate Secret-level network access and their own contract vehicles for use of the AWS Secret Region. These contract vehicles will not be part of the IC’s C2S contract.
With the launch of this new Secret Region, AWS becomes the first and only commercial cloud provider to offer regions to serve government workloads across the full range of data classifications, including Unclassified, Sensitive, Secret, and Top Secret. By using the cloud, the U.S. Government is better able to deliver necessary information and data to mission stakeholders.
Tomi Engdahl says:
Ban Sale of Mini Mobiles, Says Justice Minister
https://mobile.slashdot.org/story/17/12/18/1743254/ban-sale-of-mini-mobiles-says-justice-minister?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Online retail companies should ban the sale of mini mobile phones designed to be smuggled into prisons, said justice secretary David Lidington on Monday. From a report:
Often marketed as “Beat the Boss phones”, the tiny feature phones can be bought for around $25 to $40 online on sites including Amazon, Ebay and Gumtree. On the inside, they can change hands for up to $670.
Ban sale of mini mobiles used in prisons, says justice minister
https://www.cnet.com/uk/news/ban-sale-of-mini-mobiles-used-in-prisons-says-justice-minister/
Phones are illegal in British prisons, and yet guards seized 20,000 of them in 2016.
Online retail companies should ban the sale of mini mobile phones designed to be smuggled into prisons, said justice secretary David Lidington on Monday.
Often marketed as “Beat the Boss phones”, the tiny feature phones can be bought for around £20 to £30 online on sites including Amazon, Ebay and Gumtree. On the inside, they can change hands for up to £500.
The phones, which can be as small as lipsticks, are popular with prison inmates due to their discreet size and lack of metal, which allows them to beat metal detectors.
“It’s pretty clear that these miniature phones are being advertised and sold with the purpose of being smuggled,” said Lidington in a speech. “I am calling on online retailers and trading websites to take down products that are advertised to evade detection measures in prisons.”
Tomi Engdahl says:
South Korea Cryptocurrency Exchange Shuts Down After Hacking
http://www.securityweek.com/south-korea-cryptocurrency-exchange-shuts-down-after-hacking
A South Korean exchange trading bitcoin and other virtual currencies declared itself bankrupt on Tuesday after being hacked for the second time this year, highlighting the risk over cryptocurrencies as they soar in popularity.
The Youbit exchange said it had lost 17 percent of its assets in the attack on Tuesday.
It came eight months after nearly 4,000 bitcoin — then valued at 5.5 billion won ($5 million) and nearly 40 percent of the exchange’s total assets — were stolen in a cyber attack blamed on North Korea.
“We will close all trades, suspend all deposits or withdrawals and take steps for bankruptcy,” the exchange said in a statement which did not assign blame for the latest attack.
All its customers will have their cryptocurrency assets marked down by 25 percent, it said, adding it would do its best to “minimise” their losses by using insurance and selling the remains of the firm.
Tomi Engdahl says:
Bitcoin exchange Youbit shuts after second hack attack
http://www.bbc.com/news/technology-42409815
A crypto-currency exchange in South Korea is shutting down after it was hacked for the second time in less than eight months.
Youbit, which lets people buy and sell bitcoins and other virtual currencies, has filed for bankruptcy after losing 17% of its assets in the cyber-attack.
It did not disclose how much the assets were worth at the time of the attack.
In April, Youbit, formerly called Yapizon, lost 4,000 bitcoins now worth $73m (£55m) to cyberthieves.
South Korea’s Internet and Security Agency (Kisa) which investigates net crime, said it had started an enquiry into how the thieves gained access to the exchange’s core systems.
Kisa blamed the earlier attack on Youbit on cyber-spies working for North Korea. Separate, more recent, attacks on the Bithumb and Coinis exchanges, have also been blamed on the regime.
No information has been released about who might have been behind the latest Youbit attack.
In a statement, Youbit said that customers would get back about 75% of the value of the crypto-currency they have lodged with the exchange.
It said it was “very sorry” that it had been forced to shut down.
Tomi Engdahl says:
Android trojan has miner so aggressive it can bork your battery
Loapi found in smut apps, fake virus scanners
https://www.theregister.co.uk/2017/12/19/android_trojan_has_miner_so_aggressive_it_can_bork_your_battery/
Kaspersky researchers have turned up a strain of malware lurking in adult content and fake virus scanners, and it can run a victim’s Android mobe so hard they might suffer physical damage.
The Android trojan, dubbed “Loapi”, has a modular architecture that lets it be adapted to run cryptocurrency mining, take part in DDoS networks, or bombard suffering users with constant advertisements.
Loapi communicates with the following module-specific command and control servers:
ronesio.xyz (advertisement module);
api-profit.com:5210 (SMS module and mining module);
mnfioew.info (web crawler); and
mp-app.info (proxy module)
The Web crawler module, Kaspersky said, “is used for hidden Javascript code execution on web pages with WAP billing in order to subscribe the user to various services”, and works in conjunction with the SMS module to send the subscription message.
Tomi Engdahl says:
Chinese Backdoor Still Active on Many Android Devices
https://yro.slashdot.org/story/17/12/19/2056250/chinese-backdoor-still-active-on-many-android-devices?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes’ mobile security research team. Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China.
Chinese Backdoor Still Active on Many Android Devices
https://www.bleepingcomputer.com/news/security/chinese-backdoor-still-active-on-many-android-devices/
The Adups backdoor incident from late 2016
Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China.
According to Kryptowire, the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones.
The backdoor was hidden inside a built-in and unremovable app named com.adups.fota, the component responsible for the phone’s firmware-over-the-air update (FOTA) system.
At the time, experts believed Adups shipped out the backdoored component to other phone vendors and the component eventually made its way inside over 700 million devices, most of which were low-budget Android phones, and in some cases, some Android Barnes & Noble NOOK tablets.
New backdoor code found in another Adups component
But Malwarebytes says it found another Adups component doing bad things. Just like the previous Adups backdoor, this app is also unremovable, and users can’t disable it either.
This second component is found on phones under two names, such as com.adups.fota.sysoper or com.fw.upgrade.sysoper, which appear in the phone’s app list with the name UpgradeSys (FWUpgradeProvider.apk).
The good news is that this one does not collect user data, but instead only includes the ability “to install and/or update apps without a user’s knowledge or consent,” according to Nathan Collier, Senior Malware Intelligence Analyst.
Tomi Engdahl says:
Jack of all trades
https://securelist.com/jack-of-all-trades/83470/
Nowadays, it’s all too easy to end up with malicious apps on your smartphone, even if you’re using the official Google Play app store. The situation gets even worse when you go somewhere other than the official store – fake applications, limited security checks, and so on. However, the spread of malware targeting Android OS is not limited to unofficial stores – advertising, SMS-spam campaigns and other techniques are also used. Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more. We’ve never seen such a ‘jack of all trades’ before.
Samples of the Loapi family are distributed via advertising campaigns. Malicious files are downloaded after the user is redirected to the attackers’ malicious web resource. We found more than 20 such resources, whose domains refer to popular antivirus solutions and even a famous porn site.
After the installation process is finished, the application tries to obtain device administrator permissions, asking for them in a loop until the user agrees. Trojan.AndroidOS.Loapi also checks if the device is rooted, but never subsequently uses root privileges
After acquiring admin privileges, the malicious app either hides its icon in the menu or simulates various antivirus activity,
Loapi aggressively fights any attempts to revoke device manager permissions. If the user tries to take away these permissions, the malicious app locks the screen and closes the window with device manager settings
As well as this fairly standard technique to prevent removal, we also found an interesting feature in the self-protection mechanism. The Trojan is capable of receiving from its C&C server a list of apps that pose a danger.
Advertisement module
Purpose and functionality: this module is used for the aggressive display of advertisements on the user’s device. It can also be used for secretly boosting ratings. Functionality:
Display video ads and banners
Open specified URL
Create shortcuts on the device
Show notifications
Open pages in popular social networks, including Facebook, Instagram, VK
Download and install other applications
SMS module
Purpose and functionality: this module is used for different manipulations with text messages. Periodically sends requests to the C&C server to obtain relevant settings and commands.
Web crawling module
Purpose and functionality: this module is used for hidden Javascript code execution on web pages with WAP billing in order to subscribe the user to various services. Sometimes mobile operators send a text message asking for confirmation of a subscription. In such cases the Trojan uses SMS module functionality to send a reply with the required text.
Proxy module
Purpose and functionality: this module is an implementation of an HTTP proxy server that allows the attackers to send HTTP requests from the victim’s device.
Mining Monero
Purpose and functionality: this module uses the Android version of minerd to perform Monero (XMR) cryptocurrency mining.
Conclusion
Loapi is an interesting representative from the world of malicious Android apps. It’s creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time.
Tomi Engdahl says:
As part of our dynamic malware analysis we installed the malicious application on a test device. The images below show what happened to it after two days
Because of the constant load caused by the mining module and generated traffic, the battery bulged and deformed the phone cover.
Source: https://securelist.com/jack-of-all-trades/83470/
Tomi Engdahl says:
Elon Musk accidentally shared his personal phone number with 16M followers
https://thenextweb.com/shareables/2017/12/20/elon-musk-accidentally-shared-personal-phone-number-16m-followers/
There’s two golden rules of privacy on social media:
Don’t accidentally paste a password into a public message
Don’t share your phone number if you’re in any sort of position of prominence
Tomi Engdahl says:
Top-selling handgun safe can be remotely opened in seconds—no PIN needed
There’s no online update mechanism for defective electronic safe.
https://arstechnica.com/information-technology/2017/12/top-selling-handgun-safe-can-be-remotely-opened-in-seconds-no-pin-needed/
One of Amazon’s top-selling electronic gun safes contains a critical vulnerability that allows it to be opened by virtually anyone, even when they don’t know the password.
The Vaultek VT20i handgun safe, ranked fourth in Amazon’s gun safes and cabinets category, allows owners to electronically open the door using a Bluetooth-enabled smartphone app. The remote unlock feature is supposed to work only when someone knows the four- to eight-digit personal identification number used to lock the device. But it turns out that this PIN safeguard can be bypassed using a standard computer and a small amount of programming know-how.
As the video demonstration below shows, researchers with security firm Two Six Labs were able to open a VT20i safe in a matter of seconds by using their MacBook Pro to send specially designed Bluetooth data while it was in range.
Tomi Engdahl says:
Kaspersky Lab Sues U.S. Government Over Federal Software Ban
https://www.techworm.net/2017/12/kaspersky-lab-sues-u-s-government-federal-software-ban.html
Kaspersky Lab asks court to reverse U.S. government software ban
Earlier this year, we had reported that how U.S. President Donald Trump’s government removed the Russian cyber-security firm Kaspersky Lab from its list of approved vendors used by state departments and government agencies in the U.S. to purchase technology equipment due to its links with intelligence services in Moscow.
Recently, the Trump led government issued a formal federal ban on use of Kaspersky’s anti-virus software by both civilian and military agencies following a warning to U.S. federal agencies earlier this year to not use the company’s software on their computers.
Tomi Engdahl says:
Parrot Security OS 3.10 Released with New Powerful Hacking Tools
https://gbhackers.com/parrot-security-os-3-10/
Parrot Security OS 3.10 is a Penetration Testing & Forensics Distro dedicated to Ethical Hackers & Cyber Security Professionals.
The first big news is the introduction of a full firejail+apparmor sandboxing system to proactively protect the OS by isolating its components with the combination of different techniques which already has been released in 3.9 version.
The new version of Parrot Security OS 3.10 comes with Linux Kernel 4.14 LTS,
The program is certified to run on systems that have at least 265Mb of RAM and is suitable for both 32bit (i386) and 64bit (amd64).
It also has a special version running on old 32bit (486) machines. In addition, the program is available for armel and armhf architectures.
It also has a version (32bit and 64bit) developed for servers to perform Cloud pentesting
Tomi Engdahl says:
Facebook has new tools to prevent unwanted friend requests and messages
https://techcrunch.com/2017/12/19/facebook-has-new-tools-to-prevent-unwanted-friend-requests-and-messages/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
Facebook, like every social media platform, has issues with harassment and bullying. In order to prevent certain types of harassment, Facebook is introducing some new features to help prevent unwanted friend requests and messages.
Tomi Engdahl says:
National data breach notification law proposed by Senate Commerce Committee members
https://www.cyberscoop.com/national-data-breach-notification-law-bill-nelson-uber-equifax-hack/
Three Democratic senators introduced legislation Thursday requiring companies to notify customers of data breaches within 30 days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches.
The new bill, called the Data Security and Breach Notification Act, comes in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users.
“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Sen. Bill Nelson, D-Fla., said in a statement. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what’s best for consumers, the choice is clear.”
The scope of the legislation is limited. For instance, if only a last name, address or phone number is revealed in a breach, the law would not apply. If an organization “reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct,” the incident is considered exempt from the legislation.
Tomi Engdahl says:
Artificial intelligence will detect child abuse images to save police from trauma
http://www.telegraph.co.uk/technology/2017/12/18/artificial-intelligence-will-detect-child-abuse-images-save/
Artificial intelligence will take on the gruelling task of scanning for images of child abuse on suspects’ phones and computers so that police officers are no longer subjected to psychological trauma within “two to three years”.
The Metropolitan Police’s digital forensics department, which last year trawled through 53,000 different devices for incriminating evidence, already uses image recognition software but it is not sophisticated enough to spot indecent images and video, Mark Stokes, the Met’s head of digital and electronics forensics, told the Telegraph.
“We have to grade indecent images for different sentencing, and that has to be done by human beings right now, but machine learning takes that away from humans,” he said.
The force is currently drawing up an ambitious plan to move its sensitive data to cloud providers such as Amazon Web Services, Google or Microsoft, Mr Stokes said.
With the help of Silicon Valley providers, AI could be trained to detect abusive images “within two-three years”, Mr Stokes said.
The Met’s digital forensics team uses bespoke software that can identify drugs, guns and money while scanning someone’s computer or phone. But it has proven problematic when searching for nudity. “Sometimes it comes up with a desert and it thinks its an indecent image or pornography,” Mr Stokes said during the (ISC)2 Secure Summit in London.
“For some reason, lots of people have screen-savers of deserts and it picks it up thinking it is skin colour.”
Tomi Engdahl says:
North Korea rejects U.S. accusation, says it is not linked to any cyber attacks
https://www.reuters.com/article/us-northkorea-missiles-cyber/north-korea-rejects-u-s-accusation-says-it-is-not-linked-to-any-cyber-attacks-idUSKBN1EF0BD
A spokesman for North Korea’s foreign ministry said on Thursday Pyongyang is not linked to any cyber attacks, the North’s first response since the United States publicly blamed it for a massive worldwide cyber security breach.
“As we have clearly stated on several occasions, we have nothing to do with cyber attack and we do not feel a need to respond, on a case-by-case basis, to such absurd allegations of the U.S.,” the spokesman said, according to the North’s official KCNA news agency.
Tomi Engdahl says:
Euro ransomware probe: Five Romanians cuffed
Alleged extortionists wielded CTB-Locker aka Critroni and Cerber file-scrambling nasties
https://www.theregister.co.uk/2017/12/21/five_romanians_ransomware_allegations/
Five people suspected of infecting Windows PCs with ransomware – and extorting money from more than 170 victims in Europe and the US – have been arrested.
Tomi Engdahl says:
Mirai-makers plead guilty, Hajime still lurks in shadows
http://rethinkresearch.biz/articles/mirai-makers-plead-guilty-hajime-still-lurks-shadows/
Riot doesn’t go in for New Year predictions much, but we think Hajime will be a name on most security reporters’ lips at some point in 2018 – a more potent version of the Mirai malware that threatens to run rampant across the Internet of Many Unsecured Things. Mirai itself has made the news this week, because its apparent author has now plead guilty to such accusations, leveled against him by the FBI. However, this isn’t the end for the now open-sourced Mirai.
Tomi Engdahl says:
Firefox 57′s been quietly delaying tracking scripts
Trying to stop snoops stalling page loads
https://www.theregister.co.uk/2017/12/21/firefox_57s_been_quietly_delaying_tracking_scripts/
When Mozilla lobbed Firefox 57 over the fence last month, it introduced an anti-tracking feature without saying anything much about it.
The changes are in the browser’s “network requests scheduler”, and developer Honza Bambas explained the change in detail here.
Bambas wrote that during page load, the scheduler uses the Tracking Protection database “to delay load of scripts from tracking domains when possible during the time a page is actively loading and rendering”.
The feature, which Bambas called “tailing”, should time on page load performance, since a Web page’s images and scripts will get priority.
Bambas noted that the feature doesn’t disable tracking scripts: those requests are “kept on hold only while there are site sub-resources still loading and only up to about 6 seconds.”
That applies to “scripts added dynamically or as async”, while tracking images (eg, transparent GIFs) “are always delayed”.
The feature won’t behave perfectly in every case – but that, Bambas wrote, is because some pages are simply badly written.
Firefox 57 delays requests to tracking domains
https://www.janbambas.cz/firefox-57-delays-requests-tracking-domains/
Firefox Quantum – version 57 – introduced number of changes to the network requests scheduler. One of them is using data of the Tracking Protection database to delay load of scripts from tracking domains when possible during the time a page is actively loading and rendering – I call it tailing.
This has a positive effect on page load performance as we save some of the network bandwidth, I/O and CPU for loading and processing of images and scripts running on the site so the web page is complete and ready sooner.
Tomi Engdahl says:
DARPA Takes Chip Route to ‘Unhackable’ Computers
https://www.eetimes.com/document.asp?doc_id=1332764
Cybersecurity experts have long preached that the only way to make computers “unhackable” is with on-chip hardware, but no one has done it yet. The
Defense Advanced Research Agency (DARPA) is pursuing the goal under such efforts as its High-Assurance Cyber Military Systems program and the Cyber
Grand Challenge. Most recently, under its System Security Integrated through Hardware and Firmware (SSITH) program, DARPA has doled out $3.6 million
to the University of Michigan for continued development of a microarchitecture that its creators say is unhackable.
Instead of the usual “patch and pray” software method of plugging security holes, DARPA wants to leverage new technologies to develop integrated
circuits that are inherently impervious to software “end runs,” said Linton Salmon, program manager at the agency’s Microsystems Technology Office.
Intel has provided on-chip V-Pro security hardware in its Xeon microprocessor family for years. But DARPA is looking for a higher degree of
protection, especially for military field computers, as a hardware security breach in the field could put soldiers’ lives at risk.
DARPA’s stated goal of “hack resistance” appears to hedge a bit on whether truly unhackable hardware is achievable.
Morpheus works its magic by constantly changing the location of the protective firmware with hardware that also constantly scrambles the location of
stored passwords. Because passwords are encrypted — which takes time for hackers to decode — even the fastest hacker cannot find the vulnerability a
second time after decryption.
The technique used in Morpheus is already being used by military computers today in software. By casting key operations in hardware, however, Austin
believes he can eliminate all classes of known vulnerabilities: permissions and privileges, buffer errors, resource management, information leakage,
numeric errors, crypto errors, and code injection.
Tomi Engdahl says:
These Are The 25 Most Frequently Hacked Passwords Of 2017
http://www.iflscience.com/technology/these-are-the-25-most-frequently-hacked-passwords-of-2017/
Each December for the past seven years, security applications and service provider, SplashData, has published a list of the most frequently hacked passwords of the last year. The results are depressingly predictable – year after year millions of us rely on simple word and number patterns, our birthdays, partner’s names, and, of course, “password” to keep our online accounts secure.
Tomi Engdahl says:
Leveraging web application vulnerabilities to steal NTLM hashes
https://blog.blazeinfosec.com/leveraging-web-application-vulnerabilities-to-steal-ntlm-hashes-2/
NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local attacks that take advantage of the way Windows perform automatic NTLM authentication, and abusing this feature is undoubtedly on the playbook of every penetration tester and red teamer.
Here at Blaze Information Security we recently spent some time investigating how we could abuse this feature using remote vectors, especially from the standpoint of web application vulnerabilities.
The goal is to discuss how issues such as Server-Side Request Forgery and Cross-Site Scripting can be weaponized to steal Net-NTLM hashes, which can be useful to get further access into a network.
Tomi Engdahl says:
Notorious Lizard Squad and PoodleCorp co-founder pleads guilty to running hacking-for-hire service
http://www.ibtimes.co.uk/notorious-lizard-squad-poodlecorp-co-founder-pleads-guilty-running-hacking-hire-service-1652220
Lizard Squad rose to notoriety after targeting Sony’s PlayStation Network and Microsoft’s Xbox Live during Christmas 2014.
A Maryland man linked to the notorious hacking groups Lizard Squad and PoodleCorp has pleaded guilty to running a “hacking-for-hire” service that plagued companies worldwide and harassing thousands of people. Zachary Buchta, 20, pleaded guilty to one count of conspiracy to commit damage to protected computers in a federal court in Chicago on Tuesday (19 December).
In his plea agreement, he also admitted to being a founding member of the hacker groups Lizard Squad and PoodleCorp that charged a $20 (£15) fee to target anyone for online harassment.
Lizard Squad rose to international notoriety after targeting Sony’s PlayStation Network and Microsoft’s Xbox Live with massive DDoS attacks on Christmas 2014, crippling their platforms during the holiday season. In January 2015, they claimed to have hijacked the social media accounts of pop singer Taylor Swift.
Tomi Engdahl says:
Romanian hackers infiltrated 65% of DC’s outdoor surveillance cameras
http://edition.cnn.com/2017/12/20/politics/romanian-hackers-dc-cameras/
Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme, according to federal court documents.
In a criminal complaint filed last week in the US District Court for the District of Columbia, the US government alleges that the two Romanian hackers operating outside the United States infiltrated 65% of the outdoor surveillance cameras operated by DC city police — that’s 123 cameras out of 187 in the city. The alleged hacking occurred during a four-day period in early January.
In the affidavit, the Romanians are accused of “intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers.”
Tomi Engdahl says:
Here’s How Europe Is Practicing Going On The Counterattack In The Event Of Cyberwar
https://www.buzzfeed.com/amphtml/holgerroonemaa/inside-europes-push-to-go-on-the-offense-online
Talking about cyberweapons that can be used to go on the attack was once taboo in Europe. But as Russia flexes its muscles online, more countries are becoming willing to talk about just what they can do.
As ever more Western countries suffer cyberattacks and election meddling suspected of coming from Russia, they are finally talking openly about their own offensive cyber strategies as well.
The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), based in Tallinn, Estonia, has been organizing “the world’s most complex” international cyber defense exercise — known as Locked Shields — since 2010. Sitting outside NATO’s military chain of command, the CCDCOE drew 900 participants from 25 nations to the event this year. But alongside Locked Shields, a smaller and less talked-about exercise is taking place. There, a small number of handpicked hackers practice with regular military units how to conduct cyber operations against enemies in case of war.
There are two teams that take part in most cyber exercises: In this case, there’s the blue — on defense — and red — on offense. Usually, the main focus is on training the blue team to defend when cyberattacks occur. But in this particular exercise, known as “Crossed Swords,” it’s the red team that’s in the spotlight. And it’s the red team that emerges from Crossed Swords that will go up against the blue team during the next Locked Shields, said Aare Reintam, the technical exercise director at CCDCOE.
“In order to know how to defend yourself better, you need to know how the attacks are carried out,” said Reintam. And with the exercises they offer the possibility to understand most current cyberthreats inside and out, he added.
The hackers participating in the exercise were there by invitation only — the number of invitees is being kept secret because of the sensitive nature of exercise.
The participants were divided into three teams. The first, a “client site” team, worked to “spear-phish” their targets — attempting to trick their opponents into handing over vital information, implanting malware into the system in the process. The second team probed the opponent’s networks, looking for weaknesses and security holes in the network the adversary was using. And the third, a web team, tried to exploit different services the system hosts to gain access.
When the red team learned the whereabouts of the server, the exercise transitioned from behind computer screens into the real world. The information was given to a special forces team that had to enter the server room — a hotel suite rented in the center of Tallinn. They entered the room, laid down a white bedsheet, placed all the devices on it, took photos of the devices, copied them, and put everything back in exactly the same position as they had been, Reintam said.
“Combining cyber with [this] foot-on-the ground approach is a vital and unique part of the exercise,”
Tomi Engdahl says:
Man jailed for 5½ years, fined US$76,000 for selling VPN in southern China
Prison sentence comes amid Beijing’s crackdown on internet censorship
http://www.scmp.com/news/china/policies-politics/article/2125326/man-jailed-51/2-years-fined-us76000-selling-vpn
A man in southern China was sentenced to 5½ years in prison for selling a virtual private network to bypass internet censorship, amid Beijing’s crackdown to enforce its infamous “Great Firewall”.
Wu Xiangyang, from the Guangxi Zhuang autonomous region, was also fined 500,000 yuan (US$76,000) in Pingnan county for not holding the proper licence for his VPN business, according to a report on Wednesday in the Procuratorate Daily, the gazette for China’s highest prosecution and inspection agency.
providing software and modified routers to help people access foreign websites restricted in China, the report said.
Wu’s sentencing comes after Beijing announced a 14-month “clean-up” campaign in January to clamp down on unauthorised tools used to circumvent internet censorship.
It is not illegal to sell VPN software in China, but such businesses are required to register with the authorities.
Tomi Engdahl says:
Braking news: Nissan Canada hacked, up to 1.1m Canucks exposed
Only beeping took 10 beeping days to admit it was been beep-beeping beep pwned
https://www.theregister.co.uk/2017/12/22/nissan_canada_hacked/
Nissan Canada’s vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers in the hands of miscreants.
In an email to Nissan car buyers, seen by The Register, the biz admitted its computer systems were compromised, with “unauthorized person(s) gaining access to the personal information of some customers that have financed their vehicles through Nissan Canada Finance or Infiniti Financial Services Canada.”
Tomi Engdahl says:
North Korean Hackers Targeting Individuals: Report
http://www.securityweek.com/north-korean-hackers-targeting-individuals-report
North Korean state-sponsored hacking group Lazarus has started targeting individuals and organizations directly, instead of focusing exclusively on spying on financial institutions, Proofpoint reports.
Active since at least 2009, the Lazarus Group is considered one of the most disruptive nation-state sponsored actors, accused of being involved in numerous high-profile attacks. Some of these include the 2014 Sony Pictures hack, last year’s theft of $81 million from the Bangladesh Bank, and this year’s WannaCry ransomware attack.
The group was recently observed to be increasingly focused on financially motivated attacks and was named as the most serious threat against banks earlier this year. More recently, the group also started showing high interest in the skyrocketing prices of cryptocurrencies.
Tomi Engdahl says:
Google Warns DoubleClick Customers of XSS Flaws
http://www.securityweek.com/google-warns-doubleclick-customers-xss-flaws
Google has warned DoubleClick customers that some of the files provided by third-party vendors through its advertising platform can introduce cross-site scripting (XSS) vulnerabilities.
The tech giant has shared a list of more than a dozen advertising firms whose files are vulnerable to XSS attacks. The company has advised website owners and administrators to check if the files are present on their server – they are typically hosted in the root domain – and remove them.
Tomi Engdahl says:
Lithuania Bans Kaspersky Software as ‘Potential’ Threat
http://www.securityweek.com/lithuania-bans-kaspersky-software-potential-threat
Lithuania will ban Moscow-based cyber security firm Kaspersky Lab’s products from computers managing key energy, finance and transport systems due to security concerns, authorities said Thursday.
The Russian firm’s software was banned from US government networks earlier this year amid allegations that it helped Russian intelligence steal top secret information.
“The government… recognised that Kaspersky Lab software is a potential national security threat,” the Baltic EU state’s defence ministry said in a statement.
Tomi Engdahl says:
Keeper Sues Ars Technica Over Reporting on Critical Flaw
http://www.securityweek.com/keeper-sues-ars-technica-over-reporting-critical-flaw
Keeper Security has filed a lawsuit against Ars Technica and reporter Dan Goodin over an article covering a serious vulnerability found by a Google researcher in the company’s password manager.
Google Project Zero researcher Tavis Ormandy revealed last week that he had identified a critical vulnerability in the browser extension for the Keeper password manager.
The flaw, very similar to one discovered by the expert just over one year ago in the same application, could have been exploited by hackers to steal passwords stored by the extension if they could convince an authenticated user to access a malicious website.
Tomi Engdahl says:
Fake Bitcoin Wallet Apps Removed from Google Play
http://www.securityweek.com/fake-bitcoin-wallet-apps-removed-google-play
Three fake Bitcoin applications were recently removed from Google Play after security researchers discovered they were tricking users into sending funds to their developers, mobile security firm Lookout has discovered.
The impressive increase in Bitcoin value over the past several months has stirred interest from individuals worldwide, including cybercriminals. The number of attacks involving the cryptocurrency has increased recently, and it appears that they moved to mobile as well.
3 fake Bitcoin wallet apps appear in (and are quickly removed from) Google Play Store
https://blog.lookout.com/fake-bitcoin-wallet
Tomi Engdahl says:
Backdoored Captcha Plugin Hits 300,000 WordPress Sites
http://www.securityweek.com/backdoored-captcha-plugin-hits-300000-wordpress-sites
Yet another plugin was removed from the WordPress repository after a backdoor was added to it following a recent update.
Called “Captcha” and featuring 300,000 active installs at the time it was removed, the plugin was found to have changed ownership several months ago. Initially developed and maintained by BestWebSoft, it was owned by an unnamed developer at the time the backdoor was added.
Through an update on December 4, code designed to trigger an automatic update process and download a ZIP file from the simplywordpress[dot]net domain was added to the plugin. The archive would extract and install itself over the copy of the Captcha plugin already running on site.
Inside the ZIP archive, a file called plugin-update.php, which was found to be the backdoor, was included, in addition to small changes to the plugin itself. The file would grant the author unauthorized administrative access to the WordPress websites using the plugin.
Tomi Engdahl says:
Chinese Hackers Target Servers With Three Types of Malware
http://www.securityweek.com/chinese-hackers-target-servers-three-types-malware
An established Chinese crime group uses a large coordinated infrastructure to target servers running database services with three different types of malware, GuardiCore security researchers say.
The group is operating worldwide and has been observed launching multiple attacks over the past several months. Each of the three malware families employed – Hex, Hanako and Taylor – is targeting different SQL servers and has its own goals, scale and target services.
According to GuardiCore, a campaign targeting a single server has started in March of this year and evolved into thousands of attacks per day during summer, hitting numerous MS SQL Server and MySQL services. The compromised machines were used for various activities, including cryptocurrency mining, distributed denial of service (DDoS), and for implanting Remote Access Trojans (RATs).
While most of the compromised machines are located in China, some were observed in Thailand, the U.S., Japan, and other countries. Database services on both Windows and Linux machines are targeted.
Tomi Engdahl says:
Scientists can match photos to individual smartphones
http://hexus.net/ce/news/mobile-phones/113405-scientists-can-match-photos-individual-smartphones/
Researchers at the University at Buffalo NY have discovered that it is possible to identify individual smartphones from just a single photo taken by the device. The technique is compared directly to ‘barrel matching’ or identifying a gun which has fired a particular bullet. In the case of smartphones, each one takes photos with a telltale “pattern of microscopic imaging flaws that are present in every picture they take”. Specifically, the manufacturing imperfections creating tiny variations in each camera’s sensor is referred to as its photo-response non-uniformity (PRNU).
Explaining why there are differences in recorded photos from these mass produced products, the UB Blog says that while camera modules and lenses are built for identical performance, manufacturing imperfections cause tiny variations and “these variations can cause some of sensors’ millions of pixels to project colours that are slightly brighter or darker than they should be.”
The differences between the different smartphone outputs, especially shots of the same scene by the same device model are not easily to see by the naked eye, if at all. However, the lack of uniformity in mass production “forms a systemic distortion in the photo called pattern noise”. Extracted by special filters, the pattern is unique for each camera and can be saved as its PRNU.
In tests scientists accurately identified which of 30 different iPhone 6s smartphones and 10 different Galaxy Note 5s smartphones took each of 16,000 images in a database correctly 99.5 per cent of the time.
Beyond the obvious implications that come from the comparison between smartphone camera output and gun barrels / bullets, there are other uses for this tech. The UB team suggests that you could register your PRNU with a bank or retailer, for example, and it adds an extra layer of security to ID verification. Potentially the tech could be used to defeat three of the most common tactics used by cybercriminals, think the researchers; fingerprint forgery attacks, man-in-the-middle attacks, and replay attacks.
Your smartphone’s next trick? Fighting cybercrime.
http://www.buffalo.edu/news/releases/2017/12/013.html
Like bullets fired from a gun, photos can be traced to individual smartphones, opening up new ways to prevent identity theft
“Like snowflakes, no two smartphones are the same. Each device, regardless of the manufacturer or make, can be identified through a pattern of microscopic imaging flaws that are present in every picture they take,” says Kui Ren, the study’s lead author. “It’s kind of like matching bullets to a gun, only we’re matching photos to a smartphone camera.”
The new technology, to be presented in February at the 2018 Network and Distributed Systems Security Conference in California, is not yet available to the public. However, it could become part of the authentication process — like PIN numbers and passwords — that customers complete at cash registers, ATMs and during online transactions.
Tomi Engdahl says:
Yeelight, the Bluetooth LED Bedside Lamp from Xiaomi that Spies on You, Part One
https://medium.com/@slinafirinne/yeelight-the-bluetooth-led-bedside-lamp-from-xiaomi-that-spies-on-you-part-one-a651207c70bd
bedside LED lamp that she could control from her phone, something she could turn off without having to get out of bed. Amazon recommends Yeelight from Xiaomi as adequate competitor of Philips Hue, the latter being the maker of the smart LED bulbs that you can use with Alexa.
In fact, a lot of the Yeelight products have great reviews on Amazon.
I downloaded the apk to take a look.
The AndroidManifest.xml defines the permissions, activities and intents of an apk. This “little” android application has 108 defined activities, thankfully only 4 of these are exported
The permissions this application asks for are extremely sketchy, given its supposed function.
As soon as the application is installed, and before a user has a chance to create an account, the phone tries to connect to the above hosts on port 5222. A lot of Xiaomi services call home to these endpoints.
There’s a mipush sdk which sends a bunch of wifi related information and the latitude and longitude coordinates I mentioned earlier back to Xiaomi as well
This is extremely worrying because logcat shows a lot of debug information and as a customer I don’t feel comfortable sending my logcat information to a server in China.
I have no idea if any of the other information we looked at is being sent using the XMPP service on port 5222, or via UDP as there is a bunch of UDP Datagram classes as well, or by some other method
this application is vulnerable to man-in-the-middle attacks and can be sniffed pretty easily if you’re on a public wireless network.
Summary
The Yeelight application claims to control a Bluetooth LED lamp. I couldn’t get the application to work with the lamp at all; it couldn’t find it. It was essentially useless. However, the application scans and records wireless networks that are in range, appears to try to connect to some of them, scans Bluetooth devices which I would expect given its supposed functionality, records every wireless network you have saved on your device. The above “fuctionality” is repeated continuously while the application is installed. It also appears to send the contents of logcat to Xiaomi as well.
Tomi Engdahl says:
How to block ads in Windows
https://www.techadvisor.co.uk/how-to/windows/how-block-ads-in-windows-3669292/
Microsoft has been sneaking some ads into Windows over the past few updates, find out how to disable them.
Tomi Engdahl says:
Russian submarines are prowling around vital undersea cables. It’s making NATO nervous.
https://www.washingtonpost.com/world/europe/russian-submarines-are-prowling-around-vital-undersea-cables-its-making-nato-nervous/2017/12/22/d4c1f3da-e5d0-11e7-927a-e72eac1e73b6_story.html?hpid=hp_hp-top-table-main_russiasubs712pm%253Ahomepage%252Fstory&utm_term=.8da9f8ec47fa
Russian submarines have dramatically stepped up activity around undersea data cables in the North Atlantic, part of a more aggressive naval posture that has driven NATO to revive a Cold War-era command, according to senior military officials.
The apparent Russian focus on the cables, which provide Internet and other communications connections to North America and Europe, could give the Kremlin the power to sever or tap into vital data lines, the officials said.
Britain’s top military commander also warned that Russia could imperil the cables that form the backbone of the modern global economy. The privately owned lines, laid along the some of the same corridors as the first transatlantic telegraph wire in 1858, carry nearly all of the communications on the Internet
If severed, they could snarl the Web. If tapped, they could give Russia a valuable picture of the tide of the world’s Internet traffic.
“It’s a pattern of activity, and it’s a vulnerability,”
Kremlin has also pressed against NATO in the air and on land.