Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
Thursday, August 10, 2017
Fuzzing Communication Protocols – Some Thoughts About a New Report
http://blog.iec61850.com/2017/08/fuzzing-communication-protocols-some.html
Any kind of testing to improve IMPLEMENTATIONS of protocols is helpful. You can test implementations only – not the protocols or stacks per se.
One of the crucial questions I have with the fuzz testing report is: Which IMPLEMENTATION(s) did they test? Did they test 10 different or 100? Open source implementations only? New implementations or old? Or what?
Testing is always a good idea … more testing even a better approach. At the end of the day, customers have to pay for it (e.g., higher rates per kWh).
As long as vendors have the possibility to self-certify their products we will see more problems in the future.
Anyway: The best approach would be to use a different protocol for each IED …
What about testing the wide spectrum of application software? Not easy to automate … to fuzz.
You may have a protocol implementation without any error within one year … but an application that easily crashes … a holistic testing approach would be more helpful. IEC TC 57 WG 10 has discussed many times to define measures for functional tests … without any useful result so far. Utility experts from all over the world should contribute to that project
Conclusion
The report is a nice promotion for the fuzzing tools offered by Synopsis.
The last page states: “Synopsys offers the most comprehensive solution for building integrity—security and quality—into your SDLC and supply chain. We’ve united leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. … our platform will help ensure the integrity of the applications that power your business.”
Testing is very crucial and very complex.
Report:
https://www.synopsys.com/content/dam/synopsys/sig-assets/reports/state-of-fuzzing-2017.pdf
Tomi Engdahl says:
Hackers can remotely access Smiths Medical Syringe Infusion Pumps to kill patients.
Hackers can remotely access Smiths Medical Syringe Infusion Pumps to kill patients
http://securityaffairs.co/wordpress/62918/hacking/syringe-infusion-pumps.html
The US-CERT is warning of hackers can remotely access Smiths Medical Syringe Infusion Pumps to control them and kill patients.
Tomi Engdahl says:
MongoDB Tightens Security Amid New Database Attacks
http://www.securityweek.com/mongodb-tightens-security-amid-new-database-attacks
A new series of ransomware attacks targeting MongoDB databases has prompted the company to implement new data security measures.
The new attacks follow a similar pattern to the MongoDB ransack campaign unleashed at the end of 2016 and beginning of 2017, when more than 33,000 MongoDB databases fell to the massacre within weeks. By mid-January, attackers began targeting Hadoop and CouchDB databases, though the campaign didn’t claim as many victims.
Cybercriminals were targeting poorly secured databases that were exposed to the Internet and allowed them to log in and wiped them clean, while leaving ransom notes behind. Attackers claimed to have copied the content of the databases before wiping them, but researchers such as Victor Gevers, chairman of the GDI Foundation, discovered that the attackers didn’t exfiltrate data, but simply erased it.
Three new hacking groups started hitting the MongoDB databases by the end of summer. By September 2, after less than a week of activity, the groups ransacked a total of over 26,000 databases. One group alone claimed over 22,000 of the attacks.
The new incidents, however, don’t represent a new risk, but merely show that hackers have found new targets, MongoDB says. Hackers are targeting misconfigured and unmaintained MongoDB deployments, just as before.
If left exposed to the Internet and without the proper security in place, these databases are bound to fall. Some were left connected to the Internet with no password to the admin account, MongoDB notes in a blog post.
To reduce the chance that databases are deployed insecurely, MongoDB has decided to make new changes in upcoming releases. The database software maker has already made localhost binding the default configuration (in most popular deployment package formats, RPM and deb) since version 2.6.0, meaning that all networked connections need to be explicitly configured by an administrator.
Victor Gevers, who has been long advocating for the inclusion of additional security features in MongoDB, has confirmed to SecurityWeek that version 3.6 will include “long awaited improvement for security which prevent unsafe default deployments.”
Update: How to Avoid a Malicious Attack That Ransoms Your Data
https://www.mongodb.com/blog/post/update-how-to-avoid-a-malicious-attack-that-ransoms-your-data
Tomi Engdahl says:
High Severity Flaws Patched in FreeXL Library
http://www.securityweek.com/high-severity-flaws-patched-freexl-library
An update released last week for the FreeXL library patches a couple of high severity remote code execution vulnerabilities discovered by Marcin Noga, a Polish researcher working for Cisco Talos.
FreeXL is an open source C-based library that allows users to extract data from Microsoft Excel (.xls) spreadsheets. A FreeXL package is available for several Linux distributions.
Noga noticed that the read_biff_next_record and read_legacy_biff functions in FreeXL, which are related to the Binary Interchange File Format (BIFF), are affected by heap-based buffer overflow vulnerabilities. An attacker can exploit the flaws by getting the targeted user to open a specially crafted Excel file via an application that uses the FreeXL library.
Tomi Engdahl says:
“Toast” Vulnerability in Android Allowed for New Overlay Attacks
http://www.securityweek.com/toast-vulnerability-android-allowed-new-overlay-attacks
One of the 81 vulnerabilities addressed in the September 2017 Android security bulletin was a High risk issue that could be exploited to launch a new type of overlay attacks, Palo Alto Networks reveals.
Tracked as CVE-2017-0752 and described as an elevation of privilege vulnerability in the Android framework (windowmanager), the bug abuses the “Toast” notifications in the operating system to modify what users see on the screen. Unlike similar overlay attacks, however, the new method does not require specific permissions or conditions to be effective, Palo Alto’s security researchers have discovered.
Tomi Engdahl says:
Apache Struts Flaw Reportedly Exploited in Equifax Hack
http://www.securityweek.com/apache-struts-flaw-reportedly-exploited-equifax-hack
A vulnerability affecting the Apache Struts 2 open-source development framework was reportedly used to breach U.S. credit reporting agency Equifax and gain access to customer data.
Equifax revealed last week that hackers had access to its systems between mid-May and late July. The incident affects roughly 143 million U.S. consumers, along with some individuals in the U.K. and Canada.
Tomi Engdahl says:
Virginia Scraps Electronic Voting Machines Hackers Destroyed At DefCon
https://it.slashdot.org/story/17/09/11/2216226/virginia-scraps-electronic-voting-machines-hackers-destroyed-at-defcon
Following the DefCon demonstration in July that showed how quickly Direct Recording Electronic voting equipment could be hacked, Virginia’s State Board of Elections has decided it wants to replace their electronic voting machines in time for the gubernatorial election due on November 7th, 2017. According to The Register, “The decision was announced in the minutes of the Board’s September 8th meeting: ‘The Department of Elections officially recommends that the State Board of Elections decertify all Direct Recording Electronic (DRE or touchscreen) voting equipment.”
Virginia scraps poke-to-vote machines hackers destroyed at DefCon
Three different machines fail tests, must be binned before November election
https://www.theregister.co.uk/2017/09/11/virginia_to_scrap_touchscreen_voting_machines/
Virginia’s State Board of Elections has decided its current generation of electronic voting machines is potentially vulnerable, and wants them replaced in time for the gubernatorial election due on November 7th, 2017.
The decision was announced in the minutes of the Board’s September 8th meeting: “The Department of Elections officially recommends that the State Board of Elections decertify all Direct Recording Electronic (DRE or touchscreen) voting equipment.”
In addition to the “current security environment”, the report cites the DefCon demonstration in July that showed how quickly DRE voting systems could be pwned.
With the DefCon bods showing some machines shared a single hard-coded password, Virginia directed the Virginia Information Technology Agency (VITA) to audit the machines in use in the state (the Accuvote TSX, the Patriot, and the AVC Advantage).
Tomi Engdahl says:
Everybody without Android Oreo vulnerable to overlay attack
‘Toast’ micro-messages can burn just about every Android users
https://www.theregister.co.uk/2017/09/11/everybody_without_android_oreo_vulnerable_to_overlay_attack/
Any unpatched Android phone running a version older than Oreo is going to need patching fairly soon, with researchers turning up a class of vulnerability that lets malware draw fake dialogs so users “okay” their own pwnage.
The risk, according to Palo Alto Networks’ researchers, comes from what’s known as an overlay attack.
It’s a straightforward way to trick users: draw a bogus screen for users to click on (for example, to install an app or accept a set of permissions), hiding what’s really happening.
Android is supposed to prevent this happening.
The vulnerability turned up by Palo Alto’s Unit 42 threat research team bypasses these requirements, by exploiting a notification type called Toast that Android documentation describes as “a view containing a quick little message for the user.
Palo Alto’s people say the overlay attack they’ve discovered “could carry out an overlay attack simply by being installed on the device”.
Threat Brief: Patch Today and Don’t Get Burned by an Android Toast Overlay
https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/
What our researchers have found is a vulnerability that can be used to more easily enable an “overlay attack,” a type of attack that is already known on the Android platform. This type of attack is most likely to be used to get malicious software on the user’s Android device. This type of attack can also be used to give malicious software total control over the device. In a worst-case attack scenario, this vulnerability could be used to render the phone unusable (i.e., a “brick”) or to install any kind of malware including (but not limited to) ransomware or information stealers. In simplest terms, this vulnerability could be used to take control of devices, lock devices and steal information after it is attacked.
An “overlay attack” is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window.
Of course, an overlay attack can be used to accomplish all three of these in a single attack:
Trick a user into installing malware on their device.
Trick a user into giving the malware full administrative privileges on the device
Use the overlay attack to lock up the device and hold it hostage for ransom
Of course, one of the best protections against malicious apps is to get your Android apps only from Google Play, as the Android Security Team aggressively screens against malicious apps and keeps them out of the store in the first place.
Tomi Engdahl says:
Your Users Have Left the Building
More than 50% of PCs today are mobile, enabling users to work and access data from anywhere in the world. This era of remote working poses an incredible challenge for security teams to protect users and their data from ever-savvy cyber criminals.
Tomi Engdahl says:
Samsung Mobile Security Rewards Program
https://security.samsungmobile.com/rewardsProgram.smsb
Tomi Engdahl says:
Linus Torvalds Wants Attackers to Join Linux Kernel Development
http://www.eweek.com/enterprise-apps/linus-torvalds-wants-attackers-to-join-linux-kernel-development
“The concept of absolute security doesn’t exist,” Torvalds said. “Even if we do a perfect job—and we try to do that—let’s be honest, there will always have bugs.”
Tomi Engdahl says:
The only safe email is text-only email
http://theconversation.com/the-only-safe-email-is-text-only-email-81434?utm_source=facebook&utm_medium=facebook
It’s troubling to think that at any moment you might open an email that looks like it comes from your employer, a relative or your bank, only to fall for a phishing scam.
Most people tend to think that it’s users’ fault when they fall for phishing scams: Someone just clicked on the wrong thing. To fix it, then, users should just stop clicking on the wrong thing. But as security experts who study malware techniques, we believe that thinking chases the wrong problem.
The real issue is that today’s web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It’s not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way.
Tomi Engdahl says:
LGBTQ Groups Condemn “Dangerous And Flawed” Facial Recognition Intended To Predict Your Sexuality
http://www.iflscience.com/technology/lgbtq-groups-condemn-dangerous-and-flawed-facial-recognition-intended-to-predict-your-sexuality/
LGBTQ groups have condemned as “dangerous” an algorithm developed by Stanford University to predict whether you are gay or straight based on your face.
Stanford claim the tech, which uses facial recognition, can distinguish between gay and straight men 81 percent of the time, and 74 percent of the time for women.
Tomi Engdahl says:
Billions of Bluetooth devices could get hit by this attack
https://www.cnet.com/news/bluetooth-devices-vulnerable-to-hack-blueborne-armis-labs/
More than 5 billion devices are vulnerable to a “highly infectious” malware attack. Go ahead, blame the internet of things.
More than 5.3 billion devices with Bluetooth signals are at risk of a malware attack newly identified by an internet of things security company.
If you’re not keeping count, that’s most of the estimated 8.2 billion devices that use Bluetooth, which allows for our gadgets to connect and communicate wirelessly. Nearly every connected device out there has Bluetooth capability. Your phones, laptops, speakers, car entertainment systems — the list goes on and on to even the most mundane gadgets.
With BlueBorne, all hackers need to spread malware is for their victims’ devices to have Bluetooth turned on, said Nadir Izrael, Armis’ chief technology officer.
And once one device has been infected, the malware can spread to other devices nearby with the Bluetooth turned on. By scattering over the airwaves, BlueBorne is “highly infectious,” Armis Labs said.
“We’ve run through scenarios where you can walk into a bank and it basically starts spreading around everything,” Izrael said.
The attack echoes the way the WannaCry ransomware spread earlier this year.
Ben Seri, Armis Labs’ head of research, fears that BlueBorne will lead to a similar massive outbreak. In several trials testing out BlueBorne, researchers were able to create botnets and install ransomware using Bluetooth, all under the radar of most protection.
“Imagine there’s a WannaCry on Bluetooth, where attackers can deposit ransomware on the device, and tell it to find other devices on Bluetooth and spread it automatically,” said Michael Parker, the company’s vice president of marketing.
BlueBorne is a collection of eight zero-day vulnerabilities that Armis Labs discovered.
It does this by taking advantage of how your Bluetooth uses tethering to share data, the company said. It’s able to spread through “improper validation,” Izrael said. The vulnerability affects devices on most operating systems, including those run by Google, Microsoft and Apple.
The three companies have released patches for the vulnerability. Apple confirmed that BlueBorne is not an issue for its mobile operating system, iOS 10, or later, but Armis noted that all iOS devices with 9.3.5 or older versions are vulnerable. Microsoft released a patch for its computers in July, and anybody who updated would be protected automatically, a spokesman said. Google said Android partners received the patch in early August, but it’s up to the carriers to release the updates. Pixel devices have already received the updates.
Of the 2 billion devices using Android, about 180 million are running on versions that will not be patched, according to Armis.
Of the potentially impacted devices, Armis Labs estimated that 40 percent are not going to be patched. That’s more than 2 billion devices that will be left vulnerable to attacks, they warned.
Tomi Engdahl says:
10 Youngest Hackers Who Caused Chaos
https://www.youtube.com/watch?v=9J9Og8_Xk3k
10 Most Dangerous Hackers In History
https://www.youtube.com/watch?v=4ginaEM2LfU
Tomi Engdahl says:
Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions
https://blog.checkpoint.com/2017/09/11/beware-bashware-new-method-malware-bypass-security-solutions/
With a growing number of cyber-attacks and the frequent news headlines on database breaches, spyware and ransomware, quality security products have become a commodity in every business organization. Consequently a lot of thought is being invested in devising an appropriate information security strategy to combat these breaches and providing the best solutions possible.
We have recently found a new and alarming method that allows any known malware to bypass even the most common security solutions, such as next generation anti-viruses, inspection tools, and anti-ransomware. This technique, dubbed Bashware, leverages a new Windows 10 feature called Subsystem for Linux (WSL), which recently exited Beta and is now a fully supported Windows feature.
This feature makes the popular bash terminal available for Windows OS users, and in so doing, enables users to natively run Linux operating system executables on the Windows operating system.
Existing security solutions are still not adapted to monitor processes of Linux executables running on Windows OS, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time. This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms
Tomi Engdahl says:
At Least 1.65 Million Computers Are Mining Cryptocurrency For Hackers So Far This Year
https://it.slashdot.org/story/17/09/12/2217250/at-least-165-million-computers-are-mining-cryptocurrency-for-hackers-so-far-this-year
So far in 2017, the company says it has detected 1.65 million infected machines. The total amount of infected computers for all of the previous year was roughly 1.8 million. The infected machines are not just home computers, the firm stated in a blog post, but company servers as well. “The main effect for a home computer or organization infrastructure is reduced system performance,”
At Least 1.65 Million Computers Are Mining Cryptocurrency for Hackers So Far This Year
2017 is on track to easily beat 2016.
https://motherboard.vice.com/en_us/article/vb74j3/at-least-165-million-computers-are-mining-cryptocurrency-for-hackers-so-far-this-year
Cryptocurrencies are a boon to all sorts of criminals, from online drug dealers to ransomware hackers, due to their semi-anonymous nature. But another set of scammers takes a different approach: loading up victims’ computers with software that “mines” currencies to generate a profit, without the owner’s knowledge.
Cryptocurrency mining can be lucrative.
According to new statistics released on Tuesday by Kaspersky Lab, a prominent Russian information security firm, 2017 is on track to beat 2016—and every year since 2011—in terms of the sheer number of computers infected with malware that installs mining software. So far in 2017, the company says it has detected 1.65 million infected machines. The total amount of infected computers for all of the previous year was roughly 1.8 million. The infected machines are not just home computers, the firm stated in a blog post, but company servers as well.
“The main effect for a home computer or organization infrastructure is reduced system performance,” Anton Ivanov, a security researcher for Kaspersky, wrote me in an email. “Also some miners could download modules from a threat actor’s infrastructure, and these modules could contain other malware such as Trojans [malware that disguises itself as legitimate software].”
Tomi Engdahl says:
Act fast to get post-Brexit data deal, Brit biz urges UK.gov
Last major data deal between EU and third country took 4 years
https://www.theregister.co.uk/2017/09/13/cbi_pushes_ukgov_to_act_fast_to_get_postbrexit_data_deal/
The UK is risking a data economy worth £240bn if it doesn’t secure a “simple” transition deal that minimises disruption of data flows after Brexit, the Confederation of British Industry will warn today.
According to the body – which represents UK businesses – the government has made the right noises about data protection policy, but now needs to ensure the country doesn’t fall off a “data cliff-edge” when Britain leaves the European Union.
Tomi Engdahl says:
Samsung mobile launches bug bounty program
Crack a Galaxy or bash Bixby and score US$20k to $200k
https://www.theregister.co.uk/2017/09/13/samsung_mobile_launches_bug_bounty_program/
Samsung’s mobile limb has become the latest major vendor to launch a bug bounty program, and within its tight rules, it offers a tasty maximum prize of US$200,000.
The bounty is for newer devices only – 38 mobile devices launched since 2016, including Galaxies S, Note, A, J, and Tab, and the top-of-the-line the S8, S8+, and Note 8.
Sammy also wants researchers to look over its branded services (like Bixby and Pay) and applications signed by Samsung Mobile or approved third-party packages.
Only currently-active services and fully-updated applications are eligible, and third-party app vulnerabilities have to be Samsung-specific.
Tomi Engdahl says:
Google Online Security Blog:
Google details plan to distrust Symantec-issued certificates starting with Chrome 66 in 2018
Chrome’s Plan to Distrust Symantec Certificates
September 11, 2017
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
Tomi Engdahl says:
.NET Zero-Day Flaw Exploited to Deliver FinFisher Spyware
http://www.securityweek.com/net-zero-day-flaw-exploited-deliver-finfisher-spyware
One of the vulnerabilities patched by Microsoft with this month’s security updates is a zero-day flaw exploited by threat actors to deliver FinFisher malware to Russian-speaking individuals.
The vulnerability, reported to Microsoft by researchers at FireEye, is tracked as CVE-2017-8759 and it affects the .NET framework, specifically a SOAP WSDL (Web Services Description Language) parser. An attacker can exploit the security hole for remote code execution by getting the targeted user to open a specially crafted document or application.
In the attacks observed by FireEye, a threat actor exploited the vulnerability via malicious documents that download several components before deploying the final payload – a variant of FinFisher.
FinFisher, also known as FINSPY and WingBird, is a lawful interception tool whose developer claims is only sold to governments.
Earlier this year, Kaspersky noticed the FinFisher malware being delivered via a Microsoft Office zero-day (CVE-2017-0199) by a Middle Eastern threat actor named “BlackOasis.” FireEye also spotted attacks exploiting CVE-2017-0199 to deliver FinFisher earlier this year, and the security firm believes CVE-2017-8759 may have also been used by other groups, although currently there is no evidence to support this theory.
Tomi Engdahl says:
Billions of Devices Potentially Exposed to New Bluetooth Attack
http://www.securityweek.com/billions-devices-potentially-exposed-new-bluetooth-attack
Billions of Android, iOS, Windows and Linux devices that use Bluetooth may be exposed to a new attack that can be carried out remotely without any user interaction, researchers warned.
Armis Labs, a company that specializes in protecting Internet of Things (IoT) devices, has discovered a total of eight Bluetooth implementation vulnerabilities that expose mobile, desktop and IoT systems to an attack it has dubbed “BlueBorne.”
According to the security firm, the attack only requires Bluetooth to be enabled on the targeted device – no pairing is needed between the victim and the attacker’s device, and the Bluetooth connection does not even have to be discoverable.
Tomi Engdahl says:
Adobe Patches Two Critical Flaws in Flash Player
http://www.securityweek.com/adobe-patches-two-critical-flaws-flash-player
Adobe has patched only two vulnerabilities in Flash Player this month, but they can both be exploited for remote code execution and both have been classified as critical.
The flaws, tracked as CVE-2017-11281 and CVE-2017-11282, were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero in Flash Player 26.0.0.151 and earlier. The security holes are caused by memory corruption issues.
Adobe said there was no evidence that either of the two flaws had been exploited in attacks before the patches were released.
Tomi Engdahl says:
North Korea’s hackers are reportedly targeting bitcoin exchanges
https://techcrunch.com/2017/09/13/north-korea-hackers-bitcoin-ethereum/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
North Korea’s hackers have been linked with many attacks, including the 2014 Sony hack, but it looks like the totalitarian state is now targeting bitcoin, and crypto coin exchanges in particular, with its hacking teams.
That’s according to a new report from cybersecurity firm FireEye, which claims to have tracked at least five attacks on bitcoin exchanges, or individual bitcoin wallets, within the past six months.
Tomi Engdahl says:
Dustin Volz / Reuters:
Trump administration issues directive giving agencies 90 days to discontinue use of Kaspersky software, citing concerns about ties to Russian government — WASHINGTON (Reuters) – The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products …
Trump administration orders purge of Kaspersky products from U.S. government
http://www.reuters.com/article/us-usa-security-kaspersky/trump-administration-orders-purge-of-kaspersky-products-from-u-s-government-idUSKCN1BO2CH?feedType=RSS&feedName=topNews
The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.
Tomi Engdahl says:
Peter Bright / Ars Technica:
Windows 10 Fall Creators Update will require third-party apps ask permission to access camera and other sensitive information or hardware
Windows 10 Fall Creators Update shaking up privacy settings some more
And Enterprise users will get even more control over analytics data.
https://arstechnica.com/gadgets/2017/09/windows-10-fall-creators-update-shaking-up-privacy-settings-some-more/
Microsoft is continuing to tinker with the privacy configuration and options in Windows 10, with the Fall Creators Update, due for release on October 17, including yet more changes to the privacy controls above and beyond those made in the previous update.
The biggest change surrounds not Windows itself, but third-party applications. Similar to applications on mobile platforms, Windows Store applications require permission to access things that might have privacy sensitivity—the camera, microphone, calendar, contacts, and so on. Currently, that permission has been provided implicitly; except for access to location information, which requires an explicit user grant, applications get access to these sensitive things by default. Access can be revoked after the fact, from the Privacy section of the Settings app, so users still have control, but the model is one of opting out of giving applications access, rather than opting in.
Tomi Engdahl says:
Owen Bowcott / The Guardian:
Turkey allegedly arrested 75K citizens who downloaded now-defunct messaging app ByLock, after 2016 failed coup; legal study by opposition finds arrests illegal
Turks detained for using encrypted app ‘had human rights breached’
https://www.theguardian.com/world/2017/sep/11/turks-detained-encrypted-bylock-messaging-app-human-rights-breached
Legal opinion published in UK argues that the arrest of 75,000 suspects, primarily for downloading ByLock app, is illegal
Tens of thousands of Turkish citizens detained or dismissed from their jobs on the basis of downloading an encrypted messaging app have had their human rights breached, a legal opinion published in London has found.
The study, commissioned by opponents of the Turkish president, Recep Tayyip Erdoğan, argues that the arrest of 75,000 suspects primarily because they downloaded the ByLock app is arbitrary and illegal.
It reflects growing concern about the legality of the Turkish government’s crackdown in the aftermath of last year’s failed coup.
“The evidence that the [ByLock] app was used exclusively by those who were members or supporters of the Gülen movement [is] utterly unconvincing and unsupported by any evidence,”
The detention of people on this basis is “arbitrary and in breach of article 5” of the European convention on human rights, which guarantees the right to liberty, the report says.
The opinion says ByLock was available to everyone, it had been downloaded around the world and was in the top 500 apps in 41 separate countries
ByLock was available to download free of charge on Apple’s App Store and Google Play.
“It was downloaded over 600,000 times between April 2014 and April 2016 by users all over the world,” Moore says. “It is, in my opinion, therefore nonsensical to suggest that its availability was restricted to a particular group of people.”
There is no suggestion in the MIT report that downloads were restricted to a territory or jurisdiction.”
Other secure communication services, such as Telegram, have been exploited because of their secure encryptions. “There is compelling evidence to show that Telegram has been used by Isis as a secure communication tool and yet there is no move by law enforcement authorities to detain every user of the service,” Moore says.
Tomi Engdahl says:
TrickBot Habla Español: Trojan Widens Its Attack Scope in Spain, Brings Redirection Attacks to Local Banks
https://securityintelligence.com/trickbot-habla-espanol-trojan-widens-its-attack-scope-in-spain-brings-redirection-attacks-to-local-banks/?cm_mmc=PSocial_Facebook-_-Security_Protect%20against%20web%20fraud%20and%20cyber%20crime-_-WW_WW-_-22076080_Tracking%20Pixel&cm_mmca1=000000MR&cm_mmca2=10000177&cm_mmca4=22076080&cm_mmca5=46801385&cm_mmca6=c57cb14d-ee36-437a-9234-9e63195d5164&cvosrc=social%20network%20paid.facebook.Boosted%20Post%20Discover%20Trickbot_SD%20Behav_DesktopMobileTablet_1x1&cvo_campaign=000000MR&cvo_pid=22076080&linkId=39989947
The TrickBot Trojan has been steadily ramping up its activity this year, going into a rather intensive period of updates and attacks that started in Q2 2017. From the looks of it, TrickBot’s operators have been investing heavily into widening the scope of their attacks and are preparing redirection attacks against banks in 19 different countries.
After adding French and Nordic banks, the latest additions to TrickBot’s target list are Spanish banks.
Tomi Engdahl says:
Zoe Tillman / BuzzFeed:
Filing: prosecutors say Facebook gag order, preventing it from notifying users about search warrants for DC case, is no longer needed
The Government Has Dropped Its Demand That Facebook Not Tell Users About Search Warrants
https://www.buzzfeed.com/zoetillman/the-government-has-dropped-its-demand-that-facebook-not?utm_term=.yt4YLMjWXB#.kfm7nympjz
Federal prosecutors said that nondisclosure orders stopping Facebook from telling customers about search warrants for their account information “are no longer needed.”
Tomi Engdahl says:
Missed patch caused Equifax data breach
Apache Struts was popped, but company had at least TWO MONTHS to fix it
https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/
Equifax has revealed that the cause of its massive data breach was flaw it should have patched weeks before it was attacked.
The company has updated its http://www.equifaxsecurity2017.com/ site with a new “A Progress Update for Consumers” that opens as follows:
Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.
As the Apache Foundation pointed out earlier this week, it reported CVE-2017-5638 in March 2017. Doubt us? Here’s the NIST notification that mentions it as being notified on March 10th.
Tomi Engdahl says:
Intelligence director pulls national security BS on spying question
Senator Wyden not happy with continued obfuscation
https://www.theregister.co.uk/2017/09/13/intelligence_director_on_spying_question/
The director of national intelligence (DNI) has refused to say whether US spying agencies are using legislation specifically intended to cover only foreigners in order to spy on American citizens.
Alarm bells
“I have asked Director Coats repeatedly to answer the question I actually asked,” Wyden said in a statement on Wednesday. “But now he claims answering the question would be classified, and do serious damage to national security. The refusal of the DNI to answer this simple yes-no question should set off alarms. How can Congress reauthorize this surveillance when the administration is playing games with basic questions about this program?”
Tomi Engdahl says:
Linux Malware Could Run Undetected on Windows: Researchers
http://www.securityweek.com/linux-malware-could-run-undetected-windows-researchers
A new Windows 10 feature that makes the popular Linux bash terminal available for Microsoft’s operating system could allow for more malware families to target the operating system, Check Point researchers claim.
Called Windows Subsystem for Linux (WSL), the feature exited beta a couple of months ago and is set to become available to all users in the upcoming Windows 10 Fall Creators Update (FCU), set to be released by Microsoft in October 2017.
Tomi Engdahl says:
U.S. Energy Department Invests $20 Million in Cybersecurity
http://www.securityweek.com/us-energy-department-invests-20-million-cybersecurity
The United States Department of Energy announced on Tuesday its intention to invest up to $50 million in the research and development of tools and technologies that would make the country’s energy infrastructure more resilient and secure. Over $20 million of that amount has been allocated to projects focusing on cyber security.
Tomi Engdahl says:
Is Winter Coming in Industrial Control Systems Cybersecurity?
http://www.securityweek.com/winter-coming-industrial-control-systems-cybersecurity
In 2005, the breach of Card Systems (a major payment card processor), which exposed 40+ million credit cards, was labeled “The Biggest Hack of All Time” – the breach made worldwide news and the cover of Newsweek with a multipage article highlighting the dangerous new reality of cyberthreats. Fast forward to just last week with the announcement of the Equifax breach impacting 143 million individuals’ personally identifiable information, credit histories and card details and it should be apparent that nothing has gotten better in the world of IT security in the past 12 years. To the contrary, our ability to counter and combat threats has been nothing short of a failure.
Why reference these IT network breaches if my focus is on the industrial control systems (ICS) or operational technology (OT) networks that power critical infrastructure and run our global economy? I point to them as stark reminders to anyone thinking that the security of these networks is either “on par” (a horrible standard at best) or better than those of their IT counterparts. This could not be further from the truth. IT networks have been where “the bloodshed” has been for so long now that they’ve rightfully commanded the lion’s share of investment in new solutions, people and processes. Conversely, despite all the conversations related to how we must prepare against nightmare outcomes from breaches in the OT domain – as there (until recently) has been a lack of major threat activity in this space – there has been a dearth of funding and advancement.
Just last week, Symantec released a report claiming that an advanced adversary has gained access to the OT networks of dozens of firms in the energy sector – giving them the ability, Symantec claims, to “turn off the lights” if they so wished. This follows the July disclosure of a major campaign targeting U.S. energy and nuclear facilities – which was likely conducted through lateral movement from IT to OT networks.
Tomi Engdahl says:
Hey, Turn Bluetooth Off When You’re Not Using It
https://www.wired.com/story/turn-off-bluetooth-security
You intuitively know why you should bolt your doors when you leave the house and add some sort of authentication for your smartphone. But there are lots of digital entrances that you leave open all the time, such as Wi-Fi and your cell connection. It’s a calculated risk, and the benefits generally make it worthwhile. That calculus changes with Bluetooth. Whenever you don’t absolutely need it, you should go ahead and turn it off.
Minimizing your Bluetooth usage minimizes your exposure to very real vulnerabilities.
Tomi Engdahl says:
Edward Snowden And Bunnie Huang Built A Privacy Add-On For The iPhone
The security gurus prototyped a hardware hack and phone case meant to help protect users like journalists and human rights activists.
https://www.fastcompany.com/40466986/edward-snowden-bunnie-huang-built-a-privacy-surveillance-add-on-case-for-smartphones-iphone
Edward Snowden and hardware hacker Andrew “bunnie” Huang have built a prototype iPhone add-on called the Introspection Engine that will detect if the devices are secretly transmitting.
Edward Snowden and hardware hacker Andrew “bunnie” Huang have built a prototype iPhone add-on called the Introspection Engine that will detect if the devices are secretly transmitting.
The tool is meant to help users like journalists and human rights activists—especially those in repressive regimes that have smartphone-hacking capabilities—verify that when their phones are in airplane mode, they’re truly not sending or receiving signals. Developed as open source hardware, the overlay sits in an iPhone’s battery case and displays when the phone is using its Wi-Fi, cellphone, Bluetooth, or GPS radio systems.
“Today, journalists, activists, and rights workers occupy a position of vulnerability,” Huang and Snowden write. They cite the case of reporter Marie Colvin, who, according to a lawsuit against the Syrian government filed in 2016, was deliberately targeted and killed by Syrian government artillery fire in 2012. Her location was discovered in part through the use of intercept devices that monitored satellite-dish and cellphone communications.
“A great portion of this vulnerability originates from the opacity of modern devices,” they write.
“Given the relative simplicity, robustness, and elegance of the Silent Phone solution, we intend to pivot our efforts from validating the Introspection Engine to creating a set of Silent Phones and associated wired connectivity accessories for field use by journalists,” they write.
Against the Law: Countering Lawful Abuses of Digital Surveillance
https://www.pubpub.org/pub/direct-radio-introspection
Governments and powerful political institutions are actively exploiting the unwitting emissions of phones, leaving journalists, activists, and rights workers in a new position of constant vulnerability. This work aims to give journalists a tool for observing when their smart phones are creating emissions, even when the devices are supposed to be in airplane mode. We propose to accomplish this via direct introspection of signals controlling the phone’s radio hardware. The Introspection Engine will be an open source, user-inspectable and field-verifiable module attached to an existing smart phone that makes no assumptions about the trustworthiness of the phone’s operating system.
Tomi Engdahl says:
Software business needs disruption
“It’s called sotware because it does not stand upright.” An old joke came to mind when WannaCry tightening program grabbed over 300,000 computers through an old smb hole. At the same time, the epidemic came to show how distorted software business is.
When a defective product allows for a wide-ranging attack, accused the victims: your own failure when you did not update. That may not be so. The actual culprit was the Microsoft encoder, whose negligent work left Windows vulnerable to that vulnerability.
Then there was something that made the whole chain look like a bad parody: a hole was found by the intelligence agency NSA – maybe others, we do not know – who used it in all silence to run the US national interest.
For some reason, hackers succeeded in stealing the NSA spy program and publishing the information, after which the criminals also began to exploit the gap
The result was a worldwide epidemic that the media called the cyber attack.
Updating Vista and Windows 7 is already in itself a risk. You can never be sure that something will break with the upgrade. Newer windows are better in this respect.
The root cause of May was not an update, but in Windows for 16 years there was a latent product error. In other areas, the author is responsible for his product, but in fact the opposite is true: the customer is responsible for everything. We consider it natural because it has always been so.
It consultants tend to admire the disruption and blame traditional industries for their slow change. It should be said to think out-of-the-box and bravely reject the old operating models.
The media sector has had to renew its business from selling paper sheets to web pages and retailing has expanded from the base to e-commerce. Artificial intelligence and robotics revolutionize the rest.
Only the IT sector itself is an exception. Perhaps the limited lifecycle of software and updating is so good business that the industry does not have to think about its own disruption at all? When the support ends, the customer is forced to buy a new one.
A continuous upgrade is just selling a pancreatic drug: it cures symptoms but does not cure the disease.
The Smb vulnerability was a classic programming error in which the 32-bit integer was attempted after processing to infiltrate the 16-bit variable
Despite the evolution, in the darkness of the night, there is a suspicion that there must be something beyond endless security problems. Are there any deliberate gaps left in order for the NSA to have enough tools to spy? Maybe American coders are not bad but patriotic.
Source: http://www.tivi.fi/blogit/softabisnes-kaipaa-disruptiota-6676129
Tomi Engdahl says:
Bluetooth Vulnerability Affects All Major OS
https://hackaday.com/2017/09/14/bluetooth-vulnerability-affects-all-major-os/
Security researchers from Armis Labs recently published a whitepaper unveiling eight critical 0-day Bluetooth-related vulnerabilities, affecting Linux, Windows, Android and iOS operating systems. These vulnerabilities alone or combined can lead to privileged code execution on a target device. The only requirement is: Bluetooth turned on. No user interaction is necessary to successfully exploit the flaws, the attacker does not need to pair with a target device nor the target device must be paired with some other device.
The research paper, dubbed BlueBorne (what’s a vulnerability, or a bunch, without a cool name nowadays?), details each vulnerability and how it was exploited.
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
Tomi Engdahl says:
Backdoored Plugin Impacts 200,000 WordPress Sites
http://www.securityweek.com/backdoored-plugin-impacts-200000-wordpress-sites
Around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code, Wordfence reports.
Dubbed Display Widgets, the plugin was sold by its original author to a third-party developer on May 19, 2017, for $15,000. Roughly one month after that, the plugin was updated by its new owner and started displaying malicious behavior. By early September, the plugin had gone through several updates and had been already removed from the plugin repository multiple times.
The first malicious Display Widgets iteration was version 2.6.0, released on June 21 and removed from the repository two days later. It was downloading 38 megabytes of code (a large Maxmind IP geolocation database) from an external server.
Tomi Engdahl says:
Can We Find a Balance Between Security and Convenience?
http://www.securityweek.com/can-we-find-balance-between-security-and-convenience
The fact is that IoT is here to stay, but the ubiquity of these devices is creating a much larger attack surface and easy entry points for hackers to gain access to users’ networks. So what’s the solution? It starts with implementing real-time, continuous visibility and establishing a policy framework that encourages the development of a robust IoT ecosystem globally. Only with this enhanced infrastructure in place will we be able to protect the data that consumers are creating through the use of their Internet-connected devices.
Protecting this data is a necessity as more and more consumers are voluntarily offering up their rights to security or privacy in search for convenience.
Here’s how it’s happening:
On the Internet: A certain level of trust in the system has become innate, which has led to many people ceasing to worry about so-called “minor” items being leaked on the Internet. Many users feel no qualms about using their legal full name on Facebook, for instance, or posting their email address and phone number on LinkedIn or when signing up for a contest or giveaway. If it isn’t a social security or credit card number, the typical user doesn’t concern themselves with the amount of personal data that’s available online
In the home: Over the past few years, data has gone beyond the computer screen and into our day-to-day lives. Smart speakers such as the Amazon Echo have turned the home into connected locations, where a shopping purchase or music playlist is never more than an “Alexa” away. These types of devices are extremely handy for busy individuals or families, but they also introduce an unprecedented level of data gathering.
On (or in) your person: Smartphones have practically turned humans into living tracking beacons, with devices in their pockets that constantly monitor their physical activity and location. Going even a step further, consider the Wisconsin company that recently made headlines for RFID chipping their employees.
Amidst all of this data collection, there has been a cry from many about implementing a form of policy to regulate what organizations can or cannot do with the data they receive from their various products
Regardless of what form of regulation ultimately is put in place, the important piece to consider is ensuring that any and all policy is drafted in a way that helps progress, not impedes it.
This could then snowball into a burden on businesses that would constantly have to upkeep devices with software or full hardware rip-and-replace refreshes.
That’s why it’s so important to maintain security in the entire network, not at the device level – whether that device is a computer, a smartphone or a human being. As such, effective security management means having a unified approach that consolidates policy management, visibility and reporting across all physical, private and public networks.
Tomi Engdahl says:
Voter Registration Websites for 35 States are Vulnerable to Voter ID Theft
https://spectrum.ieee.org/tech-talk/telecom/security/new-report-suggests-its-surprisingly-easy-to-tamper-with-online-voter-registration-rolls
Tomi Engdahl says:
Voter Registration Websites for 35 States are Vulnerable to Voter ID Theft
https://spectrum.ieee.org/tech-talk/telecom/security/new-report-suggests-its-surprisingly-easy-to-tamper-with-online-voter-registration-rolls
Tomi Engdahl says:
Voter Registration Websites for 35 States are Vulnerable to Voter ID Theft
https://spectrum.ieee.org/tech-talk/telecom/security/new-report-suggests-its-surprisingly-easy-to-tamper-with-online-voter-registration-rolls
Tomi Engdahl says:
Inappropriate mobile activity – how serious is the problem?
https://www.wandera.com/blog/inappropriate-mobile-activity/?tag=exp098-20
Mobile devices such as smartphones and iPads are inherently personal and we expect to be able to use them that way. Today’s businesses face the challenge of altering this user behavior to limit inappropriate mobile activity and make sure activity on company issued devices remains compliant.
It is generally accepted that consuming adult, extreme or illegal content on corporate mobile devices is inappropriate. But when you think nobody’s watching and that the only thing at stake is your personal reputation, the lure of the internet’s shady side might be all too tempting.
But what are the other risks, the greater risks, that can cause deep harm to the business and your personal life beyond mild embarrassment and judgment?
Malware lurks in the darkest corners
Malware can be found in any content category, but as this article states, almost a quarter of malware on mobile devices comes from porn websites. In other words, watching mobile porn on your smartphone is a much higher risk than watching it on your PC. Smartphone operating systems, especially Android, are not as secure as desktops, there are many vulnerabilities that can be easily exploited by hackers.
How to safely browse porn on your smartphone
https://www.dailydot.com/debug/how-to-safely-browse-porn-on-phone/
Most everyone watches porn at some point. Men do it, women do it, and we do it a lot. According to PornHub statistics in 2015, 4,392,486,580 hours of porn were watched on the site. That’s 2.5 times longer than humans have been on Earth, and that’s just one site.
With so many people watching porn stars on their phones, it’s important to consider ways to protect yourself
How to watch porn safely on your smartphone
1) Get a private browser
2) Don’t download any apps that are just for porn
3) Use protection
4) Try Reddit
5) Visit only the safest porn sites
6) Give erotica a spin
7) Get a VPN
8) Don’t download anything!
Tomi Engdahl says:
Apple’s FaceID Could Be a Powerful Tool for Mass Spying
https://www.wired.com/story/apples-faceid-could-be-a-powerful-tool-for-mass-spying
This Tuesday Apple unveiled a new line of phones to much fanfare, but one feature immediately fell under scrutiny: FaceID, a tool that would use facial recognition to identify individuals and unlock their phones.
Unsurprisingly, this raised major anxiety about consumer privacy given its profound ramifications: Retailers already crave facial recognition to monitor consumers, and without legally binding terms, Apple could use FaceID to track consumer patterns at its stores, or develop and sell data to others. It’s also possible that police would be able to more easily unlock phones without consent by simply holding an individual’s phone up to his or her face.
Tomi Engdahl says:
ExpensiveWall: A dangerous ‘packed’ malware on Google Play that will hit your wallet
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Check Point’s mobile threat research team identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges users’ accounts for fake services without their knowledge. According to Google Play data, the malware infected at least 50 apps and was downloaded between 1 million and 4.2 million times before the affected apps were removed.
The new strain of malware is dubbed “ExpensiveWall,” after one of the apps it uses to infect devices, “Lovely Wallpaper.” ExpensiveWall is a new variant of a malware found earlier this year on Google Play. The entire malware family has now been downloaded between 5.9 million and 21.1 million times.
What makes ExpensiveWall different than its other family members is that it is ‘packed’ – an advanced obfuscation technique used by malware developers to encrypt malicious code – allowing it to evade Google Play’s built-in anti-malware protections.
Tomi Engdahl says:
Torvalds: There is no absolute security
Absolute security concept does not exist, said Linus Torvalds at the Open Source Summit in Los Angeles. – As a technical person I am always impressed by those who are attacking our code against. I wish these talented people would be on our side, Torvalds said.
Torvalds clearly does not hate hackers. We should not hate big companies either. – Many of the big companies will help to make our project better. It’s not about a small man in the face of big businesses, but about cooperation.
In the past, many companies were very open to open code projects. According to Torvalds, companies saw that it was out of the company’s own projects. – Over the years, the Linux Foundation and many others have taught businesses that it is ok to be involved in open code projects.
Source: http://www.etn.fi/index.php/13-news/6838-torvalds-taeydellistae-turvallisuutta-ei-ole
Tomi Engdahl says:
Packet Manipulation Framework: PcapPlusPlus
https://n0where.net/packet-manipulation-framework-pcapplusplus/
Tomi Engdahl says:
‘South Park’ Screws With Viewers’ Google Home, Echo Devices
https://consumerist.com/2017/09/14/south-park-screws-with-viewers-google-home-echo-devices/?utm_source=facebook&utm_medium=socialflow
Fans of the show South Park who watched the season premiere last night got more than the usual fart jokes and foul-mouthed rants: Amazon Echo and Google Home devices were woken up throughout the episode, triggered by commands from the characters. Of course, hilarity — or headaches, depending on your point of view — ensued.
In one example in the episode, Cartman conducts a veritable potty-mouthed orchestra, getting a group of Echo and Home devices to repeatedly trigger each other to say things about human genitalia.
For the most part, it seems viewers were pretty amused by the stunt, posting clips on Twitter showing their devices adding things like “titty chips” and “hairy balls” to their shopping lists, or setting an unwanted alarm for (gasp) 7 a.m.
Tomi Engdahl says:
First Ever Malvertising Campaign Uses JavaScript To Mine Cryptocurrencies In Your Browser
https://developers.slashdot.org/story/17/09/14/2137230/first-ever-malvertising-campaign-uses-javascript-to-mine-cryptocurrencies-in-your-browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people’s browsers (mostly Monero), without their knowledge. The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code. The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser.
Malvertising Campaign Mines Cryptocurrency Right in Your Browser
https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people’s browsers, without their knowledge.
Crooks are currently deploying this technique on Russian and Ukrainian websites, but expect this trend to spread to other regions of the globe.
Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user’s computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites.
Both types of sites use lots of resources, and users wouldn’t get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.
ESET, the security firm that discovered the malvertising campaign, says the JavaScript mining scripts were capable of mining for Monero, Feathercoin, and Litecoin.
Crooks appear to have used only the Monero mining feature. The Litecoin miner configuration was left blank, while the Feathercoin miner was left in its default config, using the same Feathercoin address from this demo page hosted on GitHub.