Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, DDOS, Russia, and 'The Darkening Web'

Filed under
Security
  • Security updates for Wednesday
  • Kaspersky says that DDoS attacks are back in fashion
  • Man used DDoS attacks on media to extort them to remove stories, FBI says

    A 32-year-old Seattle man is behind bars while awaiting a federal hacking trial for launching a DDoS attack. He is being held without bail on allegations that he attacked a US-based legal services website to force it to remove a link to a case citation about his past criminal conduct. The authorities also say the suspect launched distributed denial of service attacks on various overseas media outlets for not removing stories about his credit-card scam and other crimes.

    The FBI says that the day after a DDoS attack in January, 2015, the suspect sent an e-mail to Leagle.com pretending to be the hacking group Anonymous. The e-mail explained that the DDoS attack was launched because the defendant, Kamyar Jahanrakhshan, "is being unjustly victimised by you" for not abiding by his numerous requests to remove the link and even pay $100 in cash to get the job done.

  • White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner Called Them “Morons”

    The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

    This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

    But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

  • 'The Darkening Web' warns of destruction through cyber means

Security: Updates, Reproducible Builds, RSA and "Echo" Bugging Devices

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #118
  • Episode 57 - We may never see amazing security research ever again

    Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.

  • Q&A: Former RSA CEO's new venture takes on Linux container security

    The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.

  • How a hacked Amazon Echo could secretly capture your most intimate moments

    It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.

    To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.

Security: Updates, Windows Disasters, Swedish Cabinet, Sonatype, Vault 7, Firejail, DEF CON 25, Windows 10, Svpeng, TLS

Filed under
Security
  • Security updates for Monday
  • Ransomware: Claim that 22% SMBs shutting shop after attacks [iophk: "Windows TCO"]

     

    Ransomware attacks caused 22% of small and medium-sized businesses in seven countries, including Australia, to pack up for good, a report from the security firm Malwarebytes claims.  

  • Swedish Cabinet reshuffled in wake of IT security row

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

  • Active Management of Open Source Components Delivers Measurable Improvements Claims Sonatype Report

    In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). Analysis also showed that applications built by teams utilising automated governance tools reduced the percentage of defective components by 63%.

  • The CIA’s Aeris Malware Can Exfiltrate Data From Linux Systems

    Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.

  • Firejail A Namespace Separation Security Sandbox

    ​Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique. 

    ​Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

  • Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

     

    Nearly 20 years later, the country's voting security debt has mounted to incredible heights, and finally, just maybe, the security researchers are getting the hearing they deserve.  

  • Def Con hackers showed how easily voting machines can be hacked [Ed: Windows powered]

    At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.”

    And they did. Most of the voting machines were purchased via eBay, but some did come from government auctions. Despite the various different manufacturers of the voting equipment boxes, there was a common theme—they are “horribly insecure.”

    Granted, come election day, officials would likely notice if hackers were physically taking apart the machines. Tinkering with an external USB port on a computerized voting box and using it to upload malicious software may or may not get noticed. Yet those are not the only ways hackers could potentially influence votes and an election’s outcome; there’s the sneaky way of remotely accessing the machine from a laptop.

  • How DEF CON Securely Streams Video to Hackers [Author: "Linux Powered!"]

    The DEF CON 25 security conference is famous for its wide variety and number of security sessions and events. Not everyone can be in every session and some even choose to watch remotely, which is where DEF CON TV (DCTV) comes into play.

    DCTV streamed several sessions from the event, both to local hotels as well as the outside internet. Securely setting up and managing the DCTV streaming is no easy task, but it's one that DEF CON hackers put together rapidly.

  • Windows 10 default user profile is potentially writable by everyone

     

    Microsoft refuses to fix the issue properly because there is a "simple command everyone can execute" but has not (to my knowledge) told anyone about this command because everyone assumes the issue has been fixed by KB4022715 and KB4022725

  • [Older] The Internet of Things : A disaster for no good reason

     

    The reason I'm frustrated is because if these things were designed this way, I would WANT them. I really wish my washing machine would tell me when the wash is done because I am EXTREMELY bad at remembering to go check on it. But I can't buy that, I can't buy something that just has a $5 microprocessor with just enough intelligence to connect to the internet and send me an email or a push notification if the buzzer on the washer goes off. The only thing I can buy is a washing machine that's had a horrible, unreliable PC full of quarter-baked software crammed into it which will stop working when some godforsaken cloud service is "sunset", and which is so dependant on the reliability and trustworthiness of the software on the computer that if someone hacks it or the software has a bug, the washer can start spraying water at me when I have the loading door open.

  • 'Most dangerous' banking trojan gets update

     

    Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.  

  • Enterprise Network Monitoring Needs Could Hamper the Adoption of TLS 1.3

    The upcoming version of the Transport Layer Security (TLS) protocol promises to be a game changer for web encryption. It will deliver increased performance, better security and less complexity. Yet many website operators could shun it for years to come.

    TLS version 1.3 is in the final stages of development and is expected to become a standard soon. Some browsers, including Google Chrome and Mozilla Firefox, already support this new version of the protocol on an opt-in basis and Cloudflare enables it by default for all websites that use its content delivery network.

Security: Mirai, Microsoft Lets Zero-Day Remain, Sweden Still Shocked Over Swedish Transport Agency Leak

Filed under
Security
  • Hackers accidentally create network busting malware

     

    The malware is a variant of the Mirai botnet. Mirai infected internet-connected security cameras and coordinated them to repeatedly access the same server at the same time. The traffic would overwhelm the targeted server with requests and knock it offline. That type of attack is known as a distributed denial of service (DDoS).  

  • Mirai Goes Open-Source and Morphs into Persirai [Ed: Sure, sure... make it sound like an "open source" issue...]

    The Mirai malware has become notorious for recruiting Internet of Things devices to form botnets that have launched some of the largest distributed denial-of-service (DDoS) attacks recorded to date. Mirai came onto the scene in late 2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It's also purported to have been the basis of the attack in October 2016 that brought down sites including Twitter, Netflix, Airbnb and many others. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.

    When the research team at Imperva accessed the Incapsula logs after the Krebs attacks last fall, they found that, indeed, the Mirai botnet had been active well before the notorious September attack. Imperva discovered a botnet of nearly 50,000 Mirai-infected devices spread throughout 164 countries, with the top-infected countries identified as Vietnam, Brazil and the United States. But even before Mirai became public, the Imperva team saw vulnerable IoT devices as a problem in the making.

  • Microsoft refuses to fix 20-year-old SMB zero-day

     

    A 20-year-old flaw in the server message block protocol used in Windows has been uncovered by two researchers who presented the details of their finding at last week's DEFCON security conference in Las Vegas.  

  • Swedish Cabinet reshuffled in wake of IT security row

    IT scandal turns into political crisis for Swedish government following outsourcing of Swedish Transport Agency contract

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

Security: Tesla, Black Hat, Sweden, and Vault 7

Filed under
Security

Security: DDoS, Broadcom, Black Hat, Google Play, Vault 7 “Aeris”

Filed under
Security
  • Seattle man held over DDoS attacks in Australia, US and Canada

     

    The DDoS attacks took place in 2015 and many of the businesses were contacted by an individual who made unspecified demands from them.

  • Joint international operation sees US citizen arrested for denial of service attacks on IT systems [iophk: "no word yet on any arrests of those that deployed Microsoft systems and connected them  to the network in the first place"]

     

    A two and a half year joint operation between the Australian Federal Police (AFP), Federal Bureau of Investigation (FBI) and Toronto Police Department has resulted in a 37-year-old Seattle man being arrested in connection with serious offences relating to distributed denial of service attacks on IT systems.  

  • Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack

    It's not often that a security researcher devises an attack that can unleash a self-replicating attack which, with no user interaction, threatens 1 billion smartphones. But that's just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.

    At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm "Broadpwn."

  • Sounds bad: Researchers demonstrate “sonic gun” threat against smart devices

    At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS). A sonic "gun" could in theory be used to knock drones out of the sky, cause robots to fail, disorient virtual or augmented reality software, and even knock people off their "hoverboard" scooters. It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.

    Many of the commercial gyroscope sensors in electronic devices are tuning fork gyroscopes—MEMS devices that use the vibrations of two "proof masses" to track rotation and velocity. But an outside source of vibration matching the resonant frequency of the gyroscope could interfere with the sensor's stability and cause the sensor to send bad data to the device it is embedded in.

  • Stealthy Google Play apps recorded calls and stole e-mails and texts

    Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data.

  • For a security conference that everyone claims not to trust the wifi, there sure was a lot of wifi
  • WikiLeaks releases Manual for Linux Implant “Aeris”

Security: Updates, GCC Bug, Mt. Gox, Bad Taste, Vault 7, IPv6 Firewalls and More

Filed under
Security

Security: Updates, Swedish Government, Citadel Trojan, Anchore Navigator, Kaspersky, Budapest Transit Authority, Cryptography

Filed under
Security
  • Security updates for Wednesday
  • Swedish Government Scrambles to Contain Damage From Data Breach

    In addition, the identities of people working undercover for the Swedish police and the Swedish security service, known as Sapo, may have been revealed, along with names of people working undercover for the special intelligence unit of the Swedish armed forces.

  • How a Citadel Trojan Developer Got Busted

    Aquabox took the bait, and asked the FBI agents to upload a screen shot of the bug they’d found. As noted in this September 2015 story, the FBI agents uploaded the image to file-sharing giant Sendspace.com and then subpoenaed the logs from Sendspace to learn the Internet address of the user that later viewed and downloaded the file.

  • Anchore Navigator 2.0 beta now available - container analysis and security toolkit
  • Kaspersky Launches Free Antivirus For Everybody — Download It Here [Ed: Or don't. It's proprietary software and may contain secret back doors.]

    With the increasing rise in the intensity and volume of online threats, our computers and smartphones are becoming more prone to attacks. In such situations, it becomes necessary to look for a capable antivirus solution to make sure that your online life is safe and sound. Along the similar lines, Russian cybersecurity giant has released a free version of its antivirus named Kaspersky Free.

  • Teenager Reports Laughable Flaw In Budapest Transit Authority's Ticketing System And Is Promptly Arrested

    For some reason, this keeps happening and I will never understand why. For years, we have covered incidents where security researchers benignly report security flaws in the technology used by companies and governments, doing what can be characterized as a service to both the public and those entities providing the flawed tools, only to find themselves threatened, bullied, detained, or otherwise dicked with as a result. It's an incredibly frustrating trend to witness, with law enforcement groups and companies that should want to know about these flaws instead shooting the messenger in what tends to look like a fit of embarrassment.

  • SK Telecom makes light of random numbers for IoT applications

    Quantum random number generators aren't new, but one small enough to provide practical security for Internet of Things applications is interesting.

    That's what South Korean telco SK Telecom reckons its boffins have created, embedding a full quantum random number generator (QRNG) in a 5x5mm chip.

    The company's pitch is that QRNGs are large and (at least compared to IoT requirements) expensive, and it wants a commercial tie-up to make its research into an off-the-shelf device.

  • Post Quantum Cryptography

    Traditional computers are binary digital electronic devices based on transistors. They store information encoded in the form of binary digits each of which could be either 0 or 1. Quantum computers, in contrast, use quantum bits or qubits to store information either as 0, 1 or even both at the same time. Quantum mechanical phenomenons such as entanglement and tunnelling allow these quantum computers to handle a large number of states at the same time.

    Quantum computers are probabilistic rather than deterministic. Large-scale quantum computers would theoretically be able to solve certain problems much quicker than any classical computers that use even the best currently known algorithms. Quantum computers may be able to efficiently solve problems which are not practically feasible to solve on classical computers. Practical quantum computers will have serious implications on existing cryptographic primitives.

  • Rethinking the Stack Clash fix

Wikileaks: "Imperial"

Filed under
Security

Today, July 27th 2017, WikiLeaks publishes documents from the Imperial project of the CIA.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

Read more

Syndicate content

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see. Read more

Today in Techrights

Android Leftovers

today's leftovers

  • MX Linux Review of MX-17 – For The Record
    MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.
  • Samsung Halts Android 8.0 Oreo Rollouts for Galaxy S8 Due to Unexpected Reboots
    Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users. SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.
  • Xen Project Contributor Spotlight: Kevin Tian
    The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.
  • Initial Intel Icelake Support Lands In Mesa OpenGL Driver, Vulkan Support Started
    A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.
  • LunarG's Vulkan Layer Factory Aims To Make Writing Vulkan Layers Easier
    Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory. The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.