Language Selection

English French German Italian Portuguese Spanish

Security

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Security: Updates, MacOS, AV Snakeoil, Containers, IoT, Windows Ransomware

Filed under
Security

Dumbo

Filed under
Microsoft
Security

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

Read more

Security: Swedish Breach, 'Hacked' [sic], Black Hat and Defcon and WordPress Patches

Filed under
Security
  • Following security breach, Sweden shores up outsourcing rules

    The Swedish government is restricting outsourcing of privacy sensitive data, following the possible leak of all of its vehicle data, outsourced to IBM in 2015 without the proper security checks. The stricter limits on what may be outsourced, were announced at a press conference on 24 July by Prime Minister Stefan Löfven.

  • 12 signs you've been hacked -- and how to fight back [Ed: Microsoft employee describes the symptoms of knowing your PC is hijacked by someone (other than Microsoft)]

    In today's threatscape, anti-malware software provides little peace of mind. In fact, anti-malware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.

    To combat this, many antimalware programs monitor program behaviors, often called heuristics, to catch previously unrecognized malware. Other programs use virtualized environments, system monitoring, network traffic detection and all of the above at once in order to be more accurate. Still they fail us on a regular basis.

  • Security This Week: The Very Best Hacks From Black Hat and Defcon

    As they do every year, hackers descended on Las Vegas this week to show off the many ways they can decimate the internet's security systems. Here's a collection of some of our favorite talks from this week's Black Hat conference, including some we didn't get the chance to cover in depth.

  • WordPress 4.8.1 Maintenance Release

    After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.

    This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.

Security: Updates, DDOS, Russia, and 'The Darkening Web'

Filed under
Security
  • Security updates for Wednesday
  • Kaspersky says that DDoS attacks are back in fashion
  • Man used DDoS attacks on media to extort them to remove stories, FBI says

    A 32-year-old Seattle man is behind bars while awaiting a federal hacking trial for launching a DDoS attack. He is being held without bail on allegations that he attacked a US-based legal services website to force it to remove a link to a case citation about his past criminal conduct. The authorities also say the suspect launched distributed denial of service attacks on various overseas media outlets for not removing stories about his credit-card scam and other crimes.

    The FBI says that the day after a DDoS attack in January, 2015, the suspect sent an e-mail to Leagle.com pretending to be the hacking group Anonymous. The e-mail explained that the DDoS attack was launched because the defendant, Kamyar Jahanrakhshan, "is being unjustly victimised by you" for not abiding by his numerous requests to remove the link and even pay $100 in cash to get the job done.

  • White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner Called Them “Morons”

    The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

    This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

    But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

  • 'The Darkening Web' warns of destruction through cyber means

Security: Updates, Reproducible Builds, RSA and "Echo" Bugging Devices

Filed under
Security
  • Security updates for Tuesday
  • Reproducible Builds: Weekly report #118
  • Episode 57 - We may never see amazing security research ever again

    Josh and Kurt talk about Black Hat and Defcon, safes, banks, voting machines, SMBv1 DoS attack, Flash, liability, and password masking.

  • Q&A: Former RSA CEO's new venture takes on Linux container security

    The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.

  • How a hacked Amazon Echo could secretly capture your most intimate moments

    It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.

    To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.

Security: Updates, Windows Disasters, Swedish Cabinet, Sonatype, Vault 7, Firejail, DEF CON 25, Windows 10, Svpeng, TLS

Filed under
Security
  • Security updates for Monday
  • Ransomware: Claim that 22% SMBs shutting shop after attacks [iophk: "Windows TCO"]

     

    Ransomware attacks caused 22% of small and medium-sized businesses in seven countries, including Australia, to pack up for good, a report from the security firm Malwarebytes claims.  

  • Swedish Cabinet reshuffled in wake of IT security row

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

  • Active Management of Open Source Components Delivers Measurable Improvements Claims Sonatype Report

    In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). Analysis also showed that applications built by teams utilising automated governance tools reduced the percentage of defective components by 63%.

  • The CIA’s Aeris Malware Can Exfiltrate Data From Linux Systems

    Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.

  • Firejail A Namespace Separation Security Sandbox

    ​Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique. 

    ​Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

  • Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

     

    Nearly 20 years later, the country's voting security debt has mounted to incredible heights, and finally, just maybe, the security researchers are getting the hearing they deserve.  

  • Def Con hackers showed how easily voting machines can be hacked [Ed: Windows powered]

    At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.”

    And they did. Most of the voting machines were purchased via eBay, but some did come from government auctions. Despite the various different manufacturers of the voting equipment boxes, there was a common theme—they are “horribly insecure.”

    Granted, come election day, officials would likely notice if hackers were physically taking apart the machines. Tinkering with an external USB port on a computerized voting box and using it to upload malicious software may or may not get noticed. Yet those are not the only ways hackers could potentially influence votes and an election’s outcome; there’s the sneaky way of remotely accessing the machine from a laptop.

  • How DEF CON Securely Streams Video to Hackers [Author: "Linux Powered!"]

    The DEF CON 25 security conference is famous for its wide variety and number of security sessions and events. Not everyone can be in every session and some even choose to watch remotely, which is where DEF CON TV (DCTV) comes into play.

    DCTV streamed several sessions from the event, both to local hotels as well as the outside internet. Securely setting up and managing the DCTV streaming is no easy task, but it's one that DEF CON hackers put together rapidly.

  • Windows 10 default user profile is potentially writable by everyone

     

    Microsoft refuses to fix the issue properly because there is a "simple command everyone can execute" but has not (to my knowledge) told anyone about this command because everyone assumes the issue has been fixed by KB4022715 and KB4022725

  • [Older] The Internet of Things : A disaster for no good reason

     

    The reason I'm frustrated is because if these things were designed this way, I would WANT them. I really wish my washing machine would tell me when the wash is done because I am EXTREMELY bad at remembering to go check on it. But I can't buy that, I can't buy something that just has a $5 microprocessor with just enough intelligence to connect to the internet and send me an email or a push notification if the buzzer on the washer goes off. The only thing I can buy is a washing machine that's had a horrible, unreliable PC full of quarter-baked software crammed into it which will stop working when some godforsaken cloud service is "sunset", and which is so dependant on the reliability and trustworthiness of the software on the computer that if someone hacks it or the software has a bug, the washer can start spraying water at me when I have the loading door open.

  • 'Most dangerous' banking trojan gets update

     

    Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.  

  • Enterprise Network Monitoring Needs Could Hamper the Adoption of TLS 1.3

    The upcoming version of the Transport Layer Security (TLS) protocol promises to be a game changer for web encryption. It will deliver increased performance, better security and less complexity. Yet many website operators could shun it for years to come.

    TLS version 1.3 is in the final stages of development and is expected to become a standard soon. Some browsers, including Google Chrome and Mozilla Firefox, already support this new version of the protocol on an opt-in basis and Cloudflare enables it by default for all websites that use its content delivery network.

Security: Mirai, Microsoft Lets Zero-Day Remain, Sweden Still Shocked Over Swedish Transport Agency Leak

Filed under
Security
  • Hackers accidentally create network busting malware

     

    The malware is a variant of the Mirai botnet. Mirai infected internet-connected security cameras and coordinated them to repeatedly access the same server at the same time. The traffic would overwhelm the targeted server with requests and knock it offline. That type of attack is known as a distributed denial of service (DDoS).  

  • Mirai Goes Open-Source and Morphs into Persirai [Ed: Sure, sure... make it sound like an "open source" issue...]

    The Mirai malware has become notorious for recruiting Internet of Things devices to form botnets that have launched some of the largest distributed denial-of-service (DDoS) attacks recorded to date. Mirai came onto the scene in late 2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It's also purported to have been the basis of the attack in October 2016 that brought down sites including Twitter, Netflix, Airbnb and many others. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.

    When the research team at Imperva accessed the Incapsula logs after the Krebs attacks last fall, they found that, indeed, the Mirai botnet had been active well before the notorious September attack. Imperva discovered a botnet of nearly 50,000 Mirai-infected devices spread throughout 164 countries, with the top-infected countries identified as Vietnam, Brazil and the United States. But even before Mirai became public, the Imperva team saw vulnerable IoT devices as a problem in the making.

  • Microsoft refuses to fix 20-year-old SMB zero-day

     

    A 20-year-old flaw in the server message block protocol used in Windows has been uncovered by two researchers who presented the details of their finding at last week's DEFCON security conference in Las Vegas.  

  • Swedish Cabinet reshuffled in wake of IT security row

    IT scandal turns into political crisis for Swedish government following outsourcing of Swedish Transport Agency contract

    It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

Security: Tesla, Black Hat, Sweden, and Vault 7

Filed under
Security

Security: DDoS, Broadcom, Black Hat, Google Play, Vault 7 “Aeris”

Filed under
Security
  • Seattle man held over DDoS attacks in Australia, US and Canada

     

    The DDoS attacks took place in 2015 and many of the businesses were contacted by an individual who made unspecified demands from them.

  • Joint international operation sees US citizen arrested for denial of service attacks on IT systems [iophk: "no word yet on any arrests of those that deployed Microsoft systems and connected them  to the network in the first place"]

     

    A two and a half year joint operation between the Australian Federal Police (AFP), Federal Bureau of Investigation (FBI) and Toronto Police Department has resulted in a 37-year-old Seattle man being arrested in connection with serious offences relating to distributed denial of service attacks on IT systems.  

  • Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack

    It's not often that a security researcher devises an attack that can unleash a self-replicating attack which, with no user interaction, threatens 1 billion smartphones. But that's just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.

    At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm "Broadpwn."

  • Sounds bad: Researchers demonstrate “sonic gun” threat against smart devices

    At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS). A sonic "gun" could in theory be used to knock drones out of the sky, cause robots to fail, disorient virtual or augmented reality software, and even knock people off their "hoverboard" scooters. It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.

    Many of the commercial gyroscope sensors in electronic devices are tuning fork gyroscopes—MEMS devices that use the vibrations of two "proof masses" to track rotation and velocity. But an outside source of vibration matching the resonant frequency of the gyroscope could interfere with the sensor's stability and cause the sensor to send bad data to the device it is embedded in.

  • Stealthy Google Play apps recorded calls and stole e-mails and texts

    Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data.

  • For a security conference that everyone claims not to trust the wifi, there sure was a lot of wifi
  • WikiLeaks releases Manual for Linux Implant “Aeris”
Syndicate content

More in Tux Machines

Plasma 5.12 LTS beta available in PPA for testing on Artful & Bionic

Adventurous users, testers and developers running Artful 17.10 or our development release Bionic 18.04 can now test the beta version of Plasma 5.12 LTS. Read more Also: Kubuntu 17.10 and 18.04 Users Can Now Try the KDE Plasma 5.12 LTS Desktop

Leftovers: Proprietary Software, HowTos, and GXml

Debian Developers: Google Summer of Code, Quick Recap of 2017

  • RHL'18 in Saint-Cergue, Switzerland
    In between eating fondue and skiing, I found time to resurrect some of my previous project ideas for Google Summer of Code. Most of them are not specific to Debian, several of them need co-mentors, please contact me if you are interested.
  • Quick recap of 2017
         After the Stretch release, it was time to attend DebConf’17 in Montreal, Canada. I’ve presented the latest news on the Debian Installer front there as well. This included a quick demo of my little framework which lets me run automatic installation tests. Many attendees mentioned openQA as the current state of the art technology for OS installation testing, and Philip Hands started looking into it. Right now, my little thing is still useful as it is, helping me reproduce regressions quickly, and testing bug fixes… so I haven’t been trying to port that to another tool yet. I also gave another presentation in two different contexts: once at a local FLOSS meeting in Nantes, France and once during the mini-DebConf in Toulouse, France. Nothing related to Debian Installer this time, as the topic was how I helped a company upgrade thousands of machines from Debian 6 to Debian 8 (and to Debian 9 since then). It was nice to have Evolix people around, since we shared our respective experience around automation tools like Ansible and Puppet.

Devices: Raspberry Pi and Android