Government-backed surveillance projects are deploying brain-reading technology to detect changes in emotional states in employees on the production line, the military and at the helm of high-speed trains

Vehicular terrorism is on the rise, but technology under development by the U.S. Department of Defense could save lives by disabling a weaponized car before it ever reaches its target. The Pentagon’s Joint Non-Lethal Weapons Program (JNLWD) is working on a device called a Radio Frequency Vehicle Stopper to address the prevalence of vehicle-based attacks targeting civilians, Defense One reports.

On 17 April 2018, the final day for U.S. citizens to file 2017 tax returns, the U.S. Internal Revenue Service (IRS) suffered a major system failure related to the hardware supporting its 58-year old, 20-million line Cobol-based Individual Master File system (pdf) which is still being used today to process the vast majority of individual tax returns. As a result of the failure, the IRS extended by a day the filing due date.

Chinese authorities revealed over the weekend that they have the capability of retrieving deleted messages from the almost universally used WeChat app. The admission doesn’t come as a surprise to many, but it’s rare for this type of questionable data collection tactic to be acknowledged publicly.

As noted by the South China Morning Post, an anti-corruption commission in Hefei province posted Saturday to social media that it has “retrieved a series of deleted WeChat conversations from a subject” as part of an investigation.

A French-born American has now sued his home country because, he claims, the Ministry of Foreign Affairs has illegally seized a domain that he’s owned since 1994: France.com.

In the mid-1990s, Jean-Noël Frydman bought France.com from Web.com and set up a website to serve as a “digital kiosk” for Francophiles and Francophones in the United States.

For over 20 years, Frydman built up a business (also known as France.com), often collaborating with numerous official French agencies, including the Consulate General in Los Angeles and the Ministry of Foreign Affairs.

However, sometime around 2015, that very same ministry initiated a lawsuit in France in an attempt to wrest control of the France.com domain away from Frydman.

By September 2017, the Paris Court of Appeals ruled that France.com was violating French trademark law. Armed with this ruling, lawyers representing the French state wrote to Web.com demanding that the domain be handed over.

Finally, on March 12, 2018, Web.com abruptly transferred ownership of the domain to the French Ministry of Foreign Affairs. The company did so without any formal notification to Frydman and no compensation.

On April 19, Frydman filed a federal lawsuit in Virginia in an attempt to get his domain name back. The suit names the French Republic, Atout France (a government tourism agency), the Ministry of Foreign Affairs, the minister himself (Jean-Yves Le Drian), and VeriSign as defendants.

Web.com, the original registrar, is not a party to the lawsuit.

The lawsuit accuses France of cybersquatting France.com and “reverse domain-name hijacking,” among other allegations.

The default configuration on the new Western Digital My Cloud EX2 storage device allows any users on the network to retrieve files via HTTP requests, Trustwave has discovered.

WD’s My Cloud represents a highly popular storage/backup device option, allowing users to easily backup important data (including documents, photos, and media files) and store it on removable media.

The new drive, however, exposes data to any unauthenticated local network user, because of a Universal Plug and Play (UPnP) media server that the device automatically starts when powered on.

By default, it allows any users capable of sending HTTP requests to the drive to grab any files from the device. Thus, any permissions or restrictions set by the owner or administrator are completely bypassed, Trustwave’s security researchers warn.

ESET security researchers have taken a deep dive into one of the tools heavily used by the Russian threat actor Sofacy over the past couple of years.

Dubbed Zebrocy, the tool serves as a first-stage malware in attacks and is comprised of a Delphi downloader, an AutoIt downloader and a Delphi backdoor. Used in multiple attacks, the malicious program often acts as a downloader for the actor’s main backdoor, Xagent.

Also referred to as APT28, Fancy Bear, Pawn Storm, Sednit, and Strontium, and active since around 2007, the group is focused on cyber espionage and has hit government, military, and defense organizations worldwide.

Supposedly the actor behind attacks targeting the 2016 presidential election in the United States, Sofacy has been known to target Ukraine and NATO countries, and has recently switched focus to targets in Asia.

Coexisting with another Sofacy first-stage tool, Seduploader, the Zebrocy malware has been used in attacks against victims in Azerbaijan, Bosnia and Herzegovina, Egypt, Georgia, Iran, Kazakhstan, Korea, Kyrgyzstan, Russia, Saudi Arabia, Serbia, Switzerland, Tajikistan, Turkey, Turkmenistan, Ukraine, Uruguay and Zimbabwe, ESET reveals.

Zebrocy is usually delivered via emails carrying malicious attachments and users are lured into opening them. These are either Microsoft Office documents that deliver the payload via VBA macros, exploits, or Dynamic Data Exchange (DDE), or archives containing executables with an icon and a document-like filename.

Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/

Mozilla announced this week that the upcoming Firefox 60 will introduce support for the same-site cookie attribute in an effort to protect users against cross-site request forgery (CSRF) attacks.

CSRF attacks allow malicious actors to perform unauthorized activities on a website on behalf of authenticated users by getting them to visit a specially crafted webpage. These types of attacks leverage the fact that every request to a website includes cookies and many sites rely on these cookies for authentication purposes.

Mozilla has pointed out that the current web architecture does not allow websites to reliably determine if a request has been initiated legitimately by the user or if it comes from a third-party script.

“To compensate, the same-site cookie attribute allows a web application to advise the browser that cookies should only be sent if the request originates from the website the cookie came from,”

Amazon’s Alexa cloud-based virtual assistant for Amazon Echo can be abused to eavesdrop on users, Checkmarx security researchers have discovered.

Present on more than 31 million devices around the world, Alexa enables user interaction after a wake-up word (specifically, “Alexa”) activates it. Next, the Intelligent Personal Assistant (IPA) launches the requested capability or application – called skill, it either comes built-in or is installed from the Alexa Skills Store.

Checkmarx researchers built a malicious skill application capable of recording user’s speech in the background and then exfiltrating the recording, all without alerting the user.

Because of the required wake-up word, the recording would have to be performed after the activation. However, the listening session would normally end after a response is delivered to the user, to protect privacy, yet the researchers found a way to keep the session alive and to hide that from the user.

A shouldEndSession flag allows a session to stay alive for another cycle, after reading back the service’s text as a response. However, reading back the text would reveal to the user that the device is still listening.