Security

OutlawCountry: CIA’s Hacking Tool For Linux Computers Revealed

https://fossbytes.com/outlawcountry-cia-hacking-tool-linux/ Wikileaks has published fresh documents that deal with the CIA’s hacking and spying on Linux machines using a malware strain called OutlawCountry. This tool consists of a kernel module that creates invisible netfilter table for creating new rules with iptables command. Those rules can modify and redirect the network traffic. The OutlawCountry’s prerequisites for operation are

A new Petya-like malware hit

We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. With echoes of WannaCry, infections spread fast. The research is still in progress -Some security researchers describe malware as variant of Petya; others say it’s a brand new sample. The low-level attack works in the

The internet is actually controlled by 14 people who hold 7 secret keys | IFLScience

http://www.iflscience.com/technology/the-internet-is-actually-controlled-by-14-people-who-hold-7-secret-keys/ This sounds like something out of a Dan Brown book, but it isn’t: The whole internet is controlled by seven actual, physical keys. ICANN maps the numbers (easier for computers to use) with words (easier for humans to use). If someone were to gain control of ICANN’s database, that person would control the internet.  The physical

AES-256 keys sniffed in seconds using €200 of kit a few inches away • The Register

https://www.theregister.co.uk/2017/06/23/aes_256_cracked_50_seconds_200_kit/ Side-channel attacks that monitor a computer’s electromagnetic output to snaffle passwords are nothing new. They usually require direct access to the target system and a lot of expensive machinery – but no longer. Researchers at Fox‑IT have managed to wirelessly extract secret AES-256 encryption keys from a distance of one metre (3.3 feet) –

IoT goes nuclear: creating a ZigBee chain reaction | the morning paper

https://blog.acolyer.org/2017/06/22/iot-goes-nuclear-creating-a-zigbee-chain-reaction/ The popular Philips Hue smart lamps use ZigBee for example. Suppose you could build a worm that jumps directly from one lamp to another using their ZigBee wireless connectivity and their physical proximity. If the install base of lamps in a city is sufficiently dense, you could take them all over in no time,

Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3)

http://thehackernews.com/2017/06/windows-10-redstone3-smb.html?m=1 The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The WannaCry ransomware wreaked havoc last month. You can find more information on WannaCry at http://www.epanorama.net/newepa/2017/05/12/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

How To Patch and Protect Linux Kernel Stack Clash Vulnerability CVE-2017-1000364

https://www.cyberciti.biz/faq/howto-patch-linux-kernel-stack-clash-vulnerability-cve-2017-1000364/ A very serious security problem has been found in the Linux kernel called “The Stack Clash.” The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library (CVE-2017-1000366) which allow local privilege escalation by clashing the stack including Linux kernel. This bug affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris,

​How to use Linux’s built-in USB attack protection | ZDNet

http://www.zdnet.com/article/how-to-use-linuxs-built-in-usb-attack-protection/ USB is insecure. There are USB sticks that will destroy your computer, USB sticks loaded with spyware, and even official enterprise USB sticks infected with malware. Windows and Macs are easy to crack with USB-borne tools. There are devices like the USG USB stick firewall, which can protect you. Linux users can stop attackers armed with USB sticks with USBGuard software.