Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
Bird & Bird guide to the General Data Protection Regulation
https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/bird–bird–guide-to-the-general-data-protection-regulation.pdf?la=en
In publishing a draft General Data Protection Regulation in
January 2012, the European Commission fired the starting
pistol on 4 years of debate, negotiation and lobbying the like
of which the European Union (EU) has never previously seen.
This guide summarises the resulting Regulation which emerged
from that process – a law which will significantly overhaul
Europe’s cornerstone data protection legislation at a time when
information systems and digital business underpin human life
Tomi Engdahl says:
China is going full Black Mirror with a “Social Credit System”
https://www.techly.com.au/2017/10/25/china-going-full-black-mirror-social-credit-system/
Life is imitating art again, folks.
The Chinese government is planning to launch a “Social Credit System” which will be used to evaluate the trustworthiness of citizens.
Wired reports that the system was first announced in 2014 and is voluntary for now but will be mandatory by 2020.
Tomi Engdahl says:
New York Times:
A look at Google’s new Advanced Protection Program, which requires two $20 physical keys: easy to set up, offers good security, but limited app support for now — Why won’t the password just go away? The silly pet names, movie titles or sports teams that many people punch …
Google’s Key to Strong Password Protection Runs Into Limits
https://www.nytimes.com/2017/10/25/technology/personaltech/google-keys-advanced-protection-program.html
Why won’t the password just go away? The silly pet names, movie titles or sports teams that many people punch in to get into their online accounts are a weak spot that hackers continue to puncture.
Yet passwords remain the primary way we log in to online accounts containing our personal and financial information. Google has a new pragmatic solution: Embrace the password, but lock it down with extra physical security.
The company this month released its Advanced Protection Program, which is meant to make stealing your password pointless. To use it, you’ll need two inexpensive physical keys to log in to your Google account on your computer and smartphone.
Google’s strongest security, for those who need it most
https://www.blog.google/topics/safety-security/googles-strongest-security-those-who-need-it-most/
At the start, the program focuses on three core defenses.
The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.
Protecting your most sensitive data from accidental sharing: Sometimes people inadvertently grant malicious applications access to their Google data. Advanced Protection prevents this by automatically limiting full access to your Gmail and Drive to specific apps. For now, these will only be Google apps, but we expect to expand these in the future.
Blocking fraudulent account access: Another common way hackers try to access your account is by impersonating you and pretending they have been locked out. For Advanced Protection users, extra steps will be put in place to prevent this during the account recovery process—including additional reviews and requests for more details about why you’ve lost access to your account.
Tomi Engdahl says:
Charlie Osborne / ZDNet:
Kaspersky says it briefly obtained archive of NSA-linked Equation Group source code after scanning an infected PC in 2014; PC likely belonged to NSA contractor
Kaspersky says NSA hacking tools obtained after malware was found
Apparently, a pirate download of Microsoft Office could be the root of all the trouble.
http://www.zdnet.com/article/kaspersky-admits-to-reaping-nsa-code-from-us-pc/
On Wednesday, the Moscow-based firm said in a statement that the results of a preliminary investigation have produced a rough timeline of how the incident took place.
It was actually a year earlier than the Journal believed, in 2014, that code belonging to the NSA’s Equation Group was taken.
Kaspersky says the company was in the middle of an Advanced Persistent Threat (APT) investigation, and when on the trail of the Equation Group, detection subsystems “caught what appeared to be Equation malware source code files.”
There were over 40 active infections worldwide at the time, but one of the “infections” in the US “consisted in what appeared to be new, unknown and debug variants of malware used by the Equation group.”
Kaspersky’s antivirus detected the sample on a home computer which had Kaspersky’s Security Network (KSN) enabled, a system which automatically collects threat data and sends it to the cloud.
The company claims that the user in question had installed pirate software on their machine as illegal Microsoft Office keygens were present.
Tomi Engdahl says:
Preliminary results of the internal investigation into alleged incident reported by US media
https://usa.kaspersky.com/about/press-releases/2017_preliminary-results-of-the-internal-investigation-into-alleged-incident-reported-by-us-media
Tomi Engdahl says:
DUHK: Don’t Use Hard-Coded Keys
https://hackaday.com/2017/10/25/duhk-dont-use-hard-coded-keys/
The title reads like the name of a lecture in cryptography 101 or the first rule of Crypto Club. ‘DUHK‘ is in fact neither of those but the name of a recently disclosed vulnerability in a pseudorandom number generating algorithm (PNRG) that was until recently part of the federal standard X9.31.
Random numbers are essential to viable cryptography. They are also hard to obtain leading to solutions like using the physical properties of semiconductors or decaying matter, that are governed by quantum effects. The next best solution is to log events that are hard to predict like the timing of strokes on a keyboard. The weakest source of randomness is math, which makes sense, because one of maths most popular features is its predictability. Mathematical solutions have the one redeeming quality of being able to produce a lot of numbers that look random to a human in a short time.
PNRGs require a starting point from which they begin to produce their output. Once this seed is known the produced sequence becomes predictable.
Should I be Worried?
Probably, maybe not. The analysis (PDF) published by the team behind DUHK notes that the vulnerability is limited to legacy implementations and doesn’t allow to takeover the device running them, only to eavesdrop on ‘secure’ connections.
https://duhkattack.com/paper.pdf
Tomi Engdahl says:
Firms Increasingly Turn to Machine Learning for Security Solutions
http://www.securityweek.com/firms-increasingly-turn-machine-learning-security-solutions
Forty-seven percent of organizations have already deployed machine learning (ML) solutions, with another 23% engaged in pilot projects, to help detect increasingly sophisticated incursions and lower the cost of response.
A study (PDF) commissioned by Cylance and undertaken by Enterprise Strategy Group (ESG) surveyed 300 IT and security professionals from mid-market and large enterprises. The respondents are located in the United States (43%), Japan (21%), United Kingdom (13%), France (12%), and Germany (11%); and all are involved in the purchase process for endpoint security.
The study sought to identify the ‘top of mind’ security threats, and the impact those threats have on endpoint security purchasing decisions.
Phishing is the biggest concern for most respondents. In the last two years, 55% have experienced phishing with a malicious attachment, 54% have experienced phishing with a link to a malicious website, and 29% have experienced instant messaging phishing with a link to a malicious website.
https://pages.cylance.com/rs/524-DOM-989/images/ESG-Research-Insight-Report-Cylance-Oct-2017.pdf
Tomi Engdahl says:
Offshore Legal Firm Hacked, Braces for Media Leaks
http://www.securityweek.com/Appleby-offshore-legal-firm-hacked-braces-media-leaks
Financial details of some of the world’s richest people are set to be published after a Bermuda-based offshore firm suffered a data breach, a British newspaper reported Wednesday.
The legal firm, Appleby, said it was bracing for documents to be published after being approached by the media network behind the Panama Papers.
The US-based International Consortium of Investigative Journalists (ICIJ) and affiliated media raised allegations against the company’s operations and its clients, following information being leaked.
“Appleby has thoroughly and vigorously investigated the allegations and we are satisfied that there is no evidence of any wrongdoing, either on the part of ourselves or our clients,” said the law firm, which has multiple offices in locations including Bermuda and the Cayman Islands.
The expected publication of Appleby documents follows “a data security incident last year which involved some of our data being compromised,” the firm said, without giving further details.
The publication of 11.5 million digital records from the Panamanian law firm Mossack Fonseca revealed how many of the world’s wealthy used offshore companies to stash assets, leading to at least 150 inquiries or investigations in 79 countries as of March 2017.
The Telegraph put the Appleby case on its front page Wednesday, saying “some of the world’s richest people were braced for their financial details to be exposed”.
A “global consortium of left-leaning media organisations” is set to release the information “in the coming days,” added the conservative daily.
Tomi Engdahl says:
When Government Fails, Social Media Is the New 911
https://www.wired.com/story/mexico-earthquake-volunteer-response/
Social media has often sprung up in times of disaster, amplifying the voices of dissenters and the damned. It has a history of instigation, most famously during the Arab Spring and the Euromaidan protests in Ukraine. But in the past few months of epic catastrophes, it has served for another sort of recruitment. It has created a new set of first responders to step in where traditional aid has failed.
Tomi Engdahl says:
Smart? Don’t ThinQ so! Hacked robo-vaccuum could spy on your home
Security researchers dismantle LG’s IoT appliance range
https://www.theregister.co.uk/2017/10/26/lg_iot_smart_home_hack/
LG SmartThinQ smart home devices were totally hackable prior to a recent security update, according to new research.
The so-called HomeHack vulnerabilities in LG’s SmartThinkQ mobile app and cloud application created a means for hackers to remotely log into the SmartThinQ cloud application and take over the user’s LG account, Check Point security boffins said.
Once in control of an account, any LG device or appliance associated with that account could be controlled by the attacker – including a robot vacuum cleaner, refrigerators, ovens, dishwashers, washing machines and dryers, and air conditioners. Devices could be switched on and off, settings changed and more.
IoT hackers might be able to gain control of the LG Hom-Bot vacuum cleaner’s video camera. The technology streams live video to an associated LG SmartThinQ smartphone app as part of its HomeGuard Security feature. Hacking the system therefore creates a spying risk (as demonstrated below).
HomeHack: How Hackers Could Have Taken Control of LG’s IoT Home Appliances
https://blog.checkpoint.com/2017/10/18/homehack-how-hackers-could-have-taken-control-of-lgs-iot-home-appliances/
Tomi Engdahl says:
Panic of Panama Papers-style revelations follows Bermuda law firm hack
Cue incredibly wealthy people calling their PRs
https://www.theregister.co.uk/2017/10/25/bermuda_law_firm_hack/
A major offshore law firm admitted it had been hacked on Tuesday, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich.
Bermuda-based Appleby only admitted it had suffered the breach – which actually happened last year – after a group of journos from the International Consortium of Investigative Journalists (ICIJ), who had seen the leaked information, began asking awkward questions.
In a statement, Appleby denied allegations of any tax evasions or other wrongdoing by itself or its clients while admitting that it was “not infallible”. The law firm went on to state that it had shored up its security since the hack.
http://www.applebyglobal.com/news/news-2017/media-coverage-of-the-offshore-sector.aspx
Tomi Engdahl says:
Fappening celeb nudes hacking outrage: Third scumbag cops to charge
Phisher faces up to five years in the clink for raiding 550 accounts for private snaps
https://www.theregister.co.uk/2017/10/25/third_man_charged_fappening/
More than three years after miscreants splashed hundreds of stolen intimate photographs of celebrities online, a third man has been charged regarding the mass hack.
Emilio Herrera, 32, of Chicago, is accused of breaking the US Computer Fraud and Abuse Act logging into online accounts and stealing victims’ private snaps without permission. Herrera agreed on Monday to plead guilty in an Illinois district court, once his case has been transferred to the Land of Lincoln from Los Angeles, California.
What’s odd about the case is that police seized Herrera’s computers in June 2015 after back-tracing the IP address used in the emails to him. Quite why it has taken more than two years to bring the case to this point isn’t explained in the indictment.
The cops weren’t so tardy with the rest of the crew involved in the mass leaking of celebs’ naked selfies, which became known as the Fappening based on slang for masturbation.
Tomi Engdahl says:
UK households hit by 1.8m computer misuse offences in a year
Stats show few report such crimes to cops
https://www.theregister.co.uk/2017/07/20/uk_computer_misuse_statistics/
The number of incidents of computer misuse in England and Wales reached 1.8 million in the year up to March 2015, according to official crime statistics released today.
The Office for National Statistics data, based on a household survey of around 17,000 people, reveal 1.19 million cases of computer viruses.
There were a further 603,000 incidents where someone gained unauthorised access to personal information, which includes hacking.
The data suggests people don’t tend to bother reporting computer viruses to the police, with just 3.7 per cent of people informing law enforcement.
However, more people thought cops should know when someone had access their personal info – 11.8 per cent said they reported such incidents.
Some 18 per cent of people surveyed said they fell victim to computer misuse crimes more than once during the year.
Crime in England and Wales: year ending Mar 2017
https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingmar2017
Tomi Engdahl says:
Crypto-Loot Is A New Service That Helps Websites Steal Cryptocurrency Using Your CPU Power
https://fossbytes.com/crpto-loot-coinhive-alternative/
With the explosive rise in the popularity of cryptocurrencies, the use of digital coins is being seen in every sphere of digital space. This has also created a new revenue source for website owners. While some of them, including The Pirate Bay, have chosen to keep their users in the dark, other are employing innovative methods.
Most of the websites using crypto mining scripts have been using Coin-Hive’s script. Now, it looks like a new player named Crypto-Loot is in the market. First reported by Bleeping Computer, Crypto-Loot appears to be just like Coin-Hive. It promises that running the miner on the website will go “unnoticed by users if the threads are set between 2-4.”
A New Player Joins Coinhive on the Browser Cryptojacking Scene
https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/
The browser cryptojacking scene has just expanded from one player to two with the recent launch of the Crypto-Loot service, a website that’s eerily similar to the now notorious Coinhive in-browser miner.
The two services are identical, and both provide a simple JavaScript file that website owners can load on their sites to mine Monero using their site visitors’ CPU power.
While both services allow website owners to keep the Monero funds mined on users’ computers, there is a big difference in the revenue share. Compared to Coinhive, which keeps 30% and gives 70% to site operators, the upstart Crypto-Loot is trying to pull the rug from under Coinhive’s feet by asking for only 12% and giving website owners 88%.
Tomi Engdahl says:
U.S. Can’t Pull Down China’s Data Wall
https://www.eetimes.com/author.asp?section_id=36&doc_id=1332491&
Recent protests of China’s new laws about cross-border data transfer may not sway regulators given rising digital walls around the world.
On September 26, the U.S. raised concerns at the World Trade Organization (WTO) about the Chinese Cybersecurity Law which took effect in June 2017. A U.S. letter stated that measures enforced in their current form could have a “significant adverse effect on trade in services.”
It was not the first time the U.S. has raised concerns over the cyber security laws in China. Similar episodes happened in 2015 after China promulgated its IT security guidelines for the banking industry.
The banking guidelines were suspended under the pressure from the WTO as they clearly favored domestic over foreign suppliers of IT equipment used in the banking industry. The U.S. might have a harder time to block the current cybersecurity measures.
The U.S. letter said China was too broad and vague in defining circumstances that would prohibit cross-border data transfers, including when transfers would pose a risk to national security, economic development, and social public interests.
Tomi Engdahl says:
ARM CEO Sounds Security Alarm
https://www.eetimes.com/document.asp?doc_id=1332506
ARM Technology CEO Simon Segars called on the technology industry to come together to address security in a connected world, an issue he said threatens to undermine the impact of the Internet of Things and its potential for enhancing human capabilities.
“Cybersecurity is a mess if you ask me. Unless we do something, it’s going to get worse,” Segars said in a keynote address at the ARM TechCon here Tuesday (Oct. 25). “When everything has an IP address; when everything is connected; then everything can be hacked,” he added.
In sounding the alarm on security, Segars joins a growing list of tech heavyweights calling for new software and hardware technologies for mitigating the risks posed by hacking and other forms of cyberattacks, which in aggregate cost industry and consumers billions of dollars each year. Security threats loom increasingly larger as the IoT — which already encompasses billions of devices and is expected to expand to include tens of billions more in coming years — continues to take shape.
A number of grassroots IoT security efforts are well underway, including several from ad hoc industry groups and agencies such as agencies such as UL, the former Underwriters Laboratories. ARM itself threw more weight by these efforts this week with the release of its “Security Manifesto”
ARM Boosts IoT Security
Architecture, IP target MCUs
https://www.eetimes.com/document.asp?doc_id=1332481
Tomi Engdahl says:
Let’s Enhance! How we found @rogerkver’s $1,000 wallet obfuscated private key
https://medium.freecodecamp.org/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433
We could have simply named this post “How great QR code are and how we recovered one from almost nothing.” But it’s much more interesting when the QR code is the key to a $1000 Bitcoin Cash wallet.
Bitcoin, Ethereum, Litecoin, Dash, Neo… Cryptocurrencies are all over and are moving fast.
If you don’t fully understand how all parts of this work you should avoid cryptocurrencies. If you don’t, you risk losing your money by falling in one of the many pitfalls. One of them, keeping your private key secure, is the subject of this post.
The most precious thing you have when you own cryptocurrencies is your private key. If you lose your private key, you lose your money. If someone gets access to your private key, you lose your money. Simple.
With this real-world example will show you step by step how we recovered the private key of the $1000 Bitcoin wallet created by @rogerkver for the French TV show “Complément d’enquête” even though it was obfuscated
Tomi Engdahl says:
Security vulnerabilities in W G E T
Update to newest version because every version before 1.19.2 is vulnerable
https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2017/haavoittuvuus-2017-037.html
Tomi Engdahl says:
Kaspersky: Hackers used backdoored MS Office key-gen to steal NSA exploits
http://securityaffairs.co/wordpress/64758/intelligence/kaspersky-nsa-exploits.html
More details emerge from the story of the hack of the Kaspersky antivirus that allowed Russian intelligence to stole secret exploits from the personal PC of the NSA staffer.
The PC was hacked after the NSA employee installed a backdoored key generator for a pirated copy of Microsoft Office.
Kaspersky Lab, published a detailed report on the case that explains how cyber spies could have easily stolen the software exploits from the NSA employee’s Windows PC.
Tomi Engdahl says:
Whois? No, Whowas: Incoming Euro privacy rules torpedo domain registration system
Internet policy wonks scramble over GDPR
https://www.theregister.co.uk/2017/10/26/whois_gdpr_europe/
The internet policy world is scrambling as one of the most critical and fiercely contested aspects of the global domain name system – its registration system – has started to fall apart.
The Whois system, which publicly publishes the name, address, email and telephone number of every domain name registrant, has been a bone of contention for over 20 years. But passionate disagreement has resulted in stasis and the system has remained unchanged while the broader internet has evolved.
That policy paralysis has finally become unsustainable however with the adoption of Europe’s new privacy policy – the General Data Protection Regulation (GDPR).
GDPR will kick in next May, and, critically, it impacts not just European business but any business that holds data on European citizens. Put most simply, GDPR requires businesses to get the consent of people to gather, store and process their information.
Tomi Engdahl says:
Panic of Panama Papers-style revelations follows Bermuda law firm hack
Cue incredibly wealthy people calling their PRs
https://www.theregister.co.uk/2017/10/25/bermuda_law_firm_hack/
A major offshore law firm admitted it had been hacked on Tuesday, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich.
Bermuda-based Appleby only admitted it had suffered the breach – which actually happened last year – after a group of journos from the International Consortium of Investigative Journalists (ICIJ), who had seen the leaked information, began asking awkward questions.
Tomi Engdahl says:
US voting server in election security probe is mysteriously wiped
Nothing to see here, comrade. Move along, move along
https://www.theregister.co.uk/2017/10/26/voting_server_georgia_wiped/
Analysis A computer at the center of a lawsuit digging into woeful cyber-security practices during the US presidential election has been wiped.
The server in question is based in Georgia – a state that narrowly backed Donald Trump, giving him 16 electoral votes – and stored the results from the state’s voting systems. The deletion of its data makes analysis of whether the computer was compromised impossible to ascertain.
There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could have be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record.
It is feared the machine may have been hacked by Russian agents, who have taken a keen interest in the 2016 White House race, or potentially any miscreant on the planet.
Tomi Engdahl says:
Car trouble: Keyless and lockless is no match for brainless
Nissan brings new meaning to ‘open door policy’
https://www.theregister.co.uk/2017/10/27/car_trouble_keyless_and_lockless_is_no_match_for_brainless/
Tomi Engdahl says:
HomeHack: How Hackers Could Have Taken Control of LG’s IoT Home Appliances
https://blog.checkpoint.com/2017/10/26/homehack-how-hackers-could-have-taken-control-of-lgs-iot-home-appliances/
The second season of award-winning TV thriller Mr. Robot premiered with a scene that sent shivers down the cybersecurity world’s spine. In uncomfortably realistic detail, hackers virtually broke into a smart home, turning the home-based IoT technology against its inhabitants. The TV and stereo started switching on and off randomly, the water temperature in the shower went from boiling to freezing with little warning, and the air conditioning brutally forced the characters to leave their homes by reaching arctic temperatures. The most unsettling part of the whole sequence isn’t that this type of cyberattack might happen.
It’s unsettling because it’s already happening.
Recently, Check Point discovered vulnerability, dubbed HomeHack, in LG’s smart home infrastructure exposing it to critical user account takeover. If attackers would have exploited this vulnerability, , they would have been able to log into LG users’ SmartThinQ® home appliances accounts and take remote control of the devices connected to the account.
The HomeHack vulnerability gave attackers the potential to spy on users’ home activities via the Hom-Bot robot vacuum cleaner video camera, which sends live video to the associated LG SmartThinQ app as part of its HomeGuard Security feature. Depending on the LG appliances in the owner’s home, attackers could also switch dishwashers or washing machines on or off.
LG HomeHack – Secure Your IoT
https://www.youtube.com/watch?v=BnAHfZWPaCs
Tomi Engdahl says:
Security Flaw Could Have Let Hackers Turn on Smart Ovens
http://www.securityweek.com/security-flaw-could-have-let-hackers-turn-smart-ovens
A security flaw in LG’s smart home devices gave hackers a way to control the household appliances of millions of customers, including the ability to turn on ovens, a computer security firm revealed on Thursday.
Check Point Software Technologies said the vulnerability, called “HomeHack”, in the LG SmartThinkQ mobile app and cloud application allowed their research team to take over a user’s account and control connected appliances such as their oven, refrigerator, dishwasher, washing machine, air conditioner and more.
The HomeHack vulnerability also “gave attackers the potential to spy on users’ home activities via the Hom-Bot robot vacuum cleaner video camera,” Check Point said in a statement.
Tomi Engdahl says:
LG’s internet-connected ovens can be remotely set to pre-heat, meaning malicious hackers could create a potential safety risk.
LG sold 80 million smart home devices across the world in 2016, all of which were potentially affected by the flaw.
Source: http://www.securityweek.com/security-flaw-could-have-let-hackers-turn-smart-ovens
Tomi Engdahl says:
Microsoft Open Sources Website Scanning Tool ‘Sonar’
http://www.securityweek.com/microsoft-open-sources-website-scanning-tool-sonar
Microsoft announced this week the availability of Sonar, an open source linting and website scanning tool designed to help developers identify and fix performance and security issues.
Developed by the Microsoft Edge team, Sonar has been made open source and donated to the JS Foundation. Microsoft will continue making improvements to the project, but external contributions are also welcome.
Linting is the process of analyzing code for potential errors. Sonar looks for a wide range of issues, including related to performance, accessibility, security, Progressive Web Apps (PWA), and interoperability.
In the case of security, Sonar looks for eight types of weaknesses, including SSL configuration problems using SSL Labs’ SSL Server Test.
Another test looks for HTTPS connections that don’t use the Strict-Transport-Security header, which ensures that a website can only be accessed via secure connections to prevent man-in-the-middle (MitM) attacks.
https://github.com/sonarwhal/sonar
Tomi Engdahl says:
The Ten Cybersecurity Commandments
http://www.securityweek.com/ten-cybersecurity-commandments
1. Ensure that systems, applications and users are patched.
2. Share preventions natively. The best chance of preventing cyberattacks and defeating adversaries is when effective security controls on the network, endpoint and cloud operate together as parts of a single platform.
3. Implement a consistent security model, regardless of user location or device type.
4. Practice the principle of least privilege. Segmentation is a requirement, and micro-segmentation is fast becoming one. No one or no one thing needs to talk to everything. There should be no default trust for any entity, regardless of what it is or where it is.
5. Embrace advanced endpoint methodologies. Ensure that endpoint protection can share threat intelligence seamlessly across the network and endpoint, and prevent known and unknown malware on the endpoint itself.
6. Make safe application enablement a requirement. Security teams must be able to determine the exact identity of applications traversing the network, irrespective of port, protocol, evasive tactic or encryption (TLS/SSL or SSH), and apply safe application enablement policies based on business needs.
7. Gain leverage from threat intelligence. Controls and preventions are only as good as their visibility into known and unknown threats, and their ability to instrument security infrastructure that blocks what’s discovered.
8. Understand your threat environment.
9. Aim for efficient consumption of new security technologies. Deploying and orchestrating siloed capabilities from multiple vendors is a struggle and could leave your organization exposed.
10. Think holistically about your prevention philosophy. Ensure that all of the decisions and investments made map back to a philosophy that strives to prevent successful cyberattacks, with the ultimate goal of making your organization safer and protecting our way of life in the digital age.
Tomi Engdahl says:
Industrial Products Also Vulnerable to KRACK Wi-Fi Attack
http://www.securityweek.com/industrial-products-also-vulnerable-krack-wi-fi-attack
Some industrial networking devices are also vulnerable to the recently disclosed KRACK Wi-Fi attack, including products from Cisco, Rockwell Automation and Sierra Wireless.
KRACK, or Key Reinstallation Attack, is the name assigned to a series of vulnerabilities in the WPA2 protocol, which secures modern Wi-Fi networks. The flaws can allow an attacker within range of the targeted device to read information that the user believes is encrypted and, in some cases, possibly even inject and manipulate data (e.g. inject malware into a website).
The vulnerabilities are tracked as CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088. The security holes have been confirmed to affect products from tens of vendors, but many of them have already started releasing patches.
In the case of Cisco, many of the company’s products are affected, including Cisco 829 Industrial Integrated Services routers and Industrial Wireless 3700 series access points.
According to an advisory from ICS-CERT, Rockwell Automation is working on releasing a firmware update for its Stratix 5100 Wireless Access Point/Workgroup Bridge.
Sierra Wireless has also released an advisory to inform customers that a dozen of its products, including access points and client devices, are affected by the vulnerabilities.
Tomi Engdahl says:
NATO chief says allies concerned about Russian phone jamming
https://www.defensenews.com/electronic-warfare/2017/10/26/nato-chief-says-allies-concerned-about-russian-phone-jamming/#.WfLJP7QQJ69.twitter
NATO allies have raised concerns about what they call Russia’s use of a kind of electronic warfare during military exercises last month that jammed some phone networks, alliance Secretary-General Jens Stoltenberg said Oct. 26.
“At least two allies have reported about that,”
Phone services in Latvia, Norway and Sweden’s Oeland islands were reported to have been shut down for a few hours during the Sept. 14-20 Zapad exercises that Russia held with Belarus. The jamming is suspected to have been launched by a Russian communications ship from the Baltic Sea.
Aftenposten newspaper that Russia had also used a kind of electronic attack that could have endangered civilian aircraft in the area.
“There were exercises in GPS jamming — in electronic warfare,”
Tomi Engdahl says:
AI bot rips off human eyes, easily cracks web CAPTCHA codes. Ouch
I’m not a robot, muhaha, hahah
https://www.theregister.co.uk/2017/10/26/captcha_ai_solver/
Computer software that mimics how the human visual cortex works can solve text-based CAPTCHA challenges, the image recognition tasks often used by websites to differentiate human visitors from spam bots.
A paper describing the code was published on Thursday in the journal Science.
Tomi Engdahl says:
Hacker Wants $50K From Hacker Forum or He’ll Share Stolen Database With the Feds
https://www.bleepingcomputer.com/news/security/hacker-wants-50k-from-hacker-forum-or-hell-share-stolen-database-with-the-feds/
Extortion can also be funny when it happens to the bad guys, and there’s one extortion attempt going on right now that will put a big smile on your face.
The victim is Basetools.ws, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools.
Earlier this week, on Tuesday, an anonymous user appears to have breached the site, and uploaded samples of its database online, along with a ransom demand.
To prove the validity of his claims, the hacker shared an image of the Basetools admin panel and an image containing the site admin’s login details and IP address.
In addition, the hacker also dumped tools that Basetools users were selling on the site, such as login credentials for C-Panel accounts; login credentials for shells, backdoors, and spambots hosted on hacked sites; credentials for RDP servers; server SSH credentials, user data leaked from various breaches at legitimate sites, and many other more.
Basetools portal went offline and entered maintenance mode.
According to other text included in the ransom demand, the hacker also appears to have carried out the hack out of revenge
All the Basetools seller data that was supposedly being sold on the forums before the hack is now online and easily accessible to anyone. This means that credentials for thousands of servers are now in easy reach to anyone who knows where to look for it.
Tomi Engdahl says:
Alison Snyder / Axios:
Researchers at Vicarious AI have developed a new brain-inspired AI technique that can solve CAPTCHAs with less training data than other AI techniques
Computers are learning to recognize letters like we do
https://www.axios.com/computers-are-learning-to-recognize-letters-like-we-do-2501809295.html
Tomi Engdahl says:
Backdoor Account Found in Popular Ship Satellite Communications System
https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-popular-ship-satellite-communications-system/
A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form.
These vulnerabilities affect the AmosConnect 8
Flaws won’t receive patches
they won’t receive any patches because Stratos retired the AtmosConnect 8 product just months before, in June 2017, according to an end-of-life announcement on the company’s site.
AtmosConnect 8 boxes are SATCOM systems that are specifically designed to work on ships, oil rigs, and other isolated maritime environments.
The system provides Internet connectivity to ships via a satellite connection. AtmosConnect 8 is a password-protected platform that a ship’s crew can use to access on-ship Internet services.
Backdoor account grants full system access
username is unique per device, and is the “Post Office” ID showed on each AtmosConnect 8 login screen.
The password is derived from this ID
platform was also affected by a blind SQL injection vulnerability
Vulnerabilities can’t be mass-exploited, but are bad
this server would be usually located within the IT network of a vessel
these vulnerable systems are most likely to be exploited by nation-state actors and financially motivated attackers. These systems handle a ship’s entire external communications and are a treasure trove of information.
Inmarsat had begun a process to retire AmosConnect 8 from our portfolio prior to IOActive’s report and, in 2016, we communicated to our customers that the service would be terminated in July 2017.
Tomi Engdahl says:
Mozilla devs discuss ditching Dutch CA, because cryptowars
We don’ want no STEENKIN’ proxies, as will be possible under new local laws
https://www.theregister.co.uk/2017/10/30/mozilla_mistrust_dutch_ca/
Concerns at the effect of The Netherlands’ new security laws could result in the country’s certificate authority being pulled from Mozilla’s trust list.
The nation’s Information and Security Services Act will come into force in January 2018. The law includes metadata retention powers similar to those enacted in other countries, and also grants broad-based interception powers to Dutch security services.
Mozilla maintainers worry that interception could be enabled by abusing SSL proxying, giving rise to the proposal that the national CA – the CA of the Staat der Nederlanden – be taken off Firefox’s automatic trust list.
Tomi Engdahl says:
VPN Law Latest Step in Kremlin Online Crackdown: Experts
http://www.securityweek.com/vpn-law-latest-step-kremlin-online-crackdown-experts
A law coming into force on Wednesday will give the Kremlin greater control over what Russians can access online ahead of a presidential election next March.
Providers of virtual private networks (VPNs) — which let internet users access sites banned in one country by making it appear that they are browsing from abroad — will be required to block websites listed by the Russian state communications watchdog.
The law is the latest in a raft of restrictions introduced by President Vladimir Putin’s government and is expected to affect journalists and opposition activists, even though several VPN providers say they will not comply.
Tomi Engdahl says:
Vulnerabilities Found in Ship Communication System
http://www.securityweek.com/vulnerabilities-found-ship-communication-system
IOActive has long been interested in the security of satellite communications. In 2014, it published a report on “multiple high risk vulnerabilities” in all the satellite systems it studied.
More recently, it was prompted to examine the security of ship-based satellite communications following the release of a Shodan tool that tracks the location of VSAT systems (typically employed by vessels to provide Internet connectivity at sea). In particular, it examined an Inmarsat product, AmosConnect 8 (AC8), used by ships at sea to optimize and compress data in transit to reduce satellite costs.
“We have identified two critical vulnerabilities in this software,” blogged IOActive principal security consultant Mario Ballano on Thursday, “that allow pre-authenticated attackers to fully compromise an AmosConnect server. We have reported these vulnerabilities but there is no fix for them, as Inmarsat has discontinued AmosConnect 8.”
CERT agrees. Its Vulnerability Note VU#586501 comments, “Attackers having network access to an AmosConnect server can log into it using a backdoor account that has full system privileges. Among other things, this vulnerability allows attackers to execute commands with SYSTEM privileges on the remote system by abusing AmosConnect Task Manager.”
The NIST National Vulnerability Database classifies the vulnerability (CVE-2017-3222) as critical, with a severity score of 9.8.
Ballano adds, “some of the vulnerabilities uncovered during our SATCOM research might enable attackers to access these systems via the satellite link.”
Tomi Engdahl says:
Security News This Week: Equifax Was Warned of Vulnerability Months Before Breach
https://www.wired.com/story/equifax-warned-of-vulnerability-months-before-breach/
This week, some old security threats came back to haunt the internet, a fitting horror trope this close to Halloween.
Remember the Mirai botnet that took out the internet for a big chunk of the East Coast and beyond last year? It’s back, sort of. More specifically, a new botnet called Reaper is steadily growing, based on Mirai but with an added trick. It doesn’t just seek out IoT devices with poor password protections; it can actively take advantage of known vulnerabilities. With over a million networks already infected
In that same vein, a new ransomware based on NotPetya, called BadRabbit, has struck the Ukraine.
A bug in a popular maritime platform—since fixed—underscores just how ill-prepared infrastructure at sea is for an age in which everything connects to the internet.
Equifax Was Warned About Its Security Hole Six Months Before Breach
WhatsApp Lets You Delete Sent Messages on Both Ends Now
Even Robot Vacuum Cleaners Are Security Risks Now
AI Can Beat CAPTCHA Now, So Start Packing Those Go Bags
Tomi Engdahl says:
The Reaper IoT Botnet Has Already Infected a Million Networks
https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/
The Mirai botnet, a collection of hijacked gadgets whose cyberattack made much of the internet inaccessible in parts of the US and beyond a year ago, previewed a dreary future of zombie connected-device armies run amuck. But in some ways, Mirai was relatively simple—especially compared to a new botnet that’s brewing.
While Mirai caused widespread outages, it impacted IP cameras and internet routers by simply exploiting their weak or default passwords. The latest botnet threat, known as alternately as IoT Troop or Reaper, has evolved that strategy, using actual software-hacking techniques to break into devices instead. It’s the difference between checking for open doors and actively picking locks—and it’s already enveloped devices on a million networks and counting.
Tomi Engdahl says:
Terror threat as Heathrow Airport security files found dumped in the street
http://www.mirror.co.uk/news/uk-news/terror-threat-heathrow-airport-security-11428132
Britain’s biggest airport launched a “very, very urgent” investigation after the Sunday Mirror alerted them to the frightening security lapse
Heathrow chiefs are reeling after a memory stick crammed with confidential information was found in the street – posing “a risk to national security”.
Britain’s biggest airport launched a “very, very urgent” investigation after the Sunday Mirror alerted them to the frightening security lapse.
The USB stick – containing 76 folders with maps, videos and documents – was not encrypted and did not require a password.
The man who found it plugged it into a library computer and was alarmed at what he saw. It revealed:
The exact route the Queen takes when using the airport and security measures used to protect her.
Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
Routes and safeguards for Cabinet ministers and foreign dignitaries.
Details of the ultrasound radar system used to scan runways and the perimeter fence.
The USB stick was found by a member of the public and handed to the Sunday Mirror.
A security source said: “In the wrong hands this would represent a profound threat in terms of terrorism or espionage.
“Aviation security is under the microscope because of the desire by terrorists to bring planes down in a spectacular fashion. Security services would not want this leaked or sold to hostile parties.”
Met Police detectives were liaising with airport chiefs to work out how the USB drive, with a massive 2.5GB of data, ended up in the street.
Airport insiders revealed they were trying to determine if there had been an “incompetent data breach” or if someone had been accessing files intentionally.
Police fear it may have been copied and circulated on the “dark web” – where terrorists and criminals buy information.
An alarming breach that could hurt the UK
The implications for a trove of information on airport security falling into the wrong hands are extremely serious and terrifying.
Islamic State is known to be pursuing a “spectacular” to match the 9/11 attacks.
Codes, maps, routes used by royals and emergency procedures would be of huge, perhaps inestimable, value to a terror cell.
Crucially, investigators will want to know how and why someone was able to get the information on to a USB stick. And worse, get it out of their workplace – then apparently lose it.
It is deeply alarming. That it should happen at a time of such a heightened terror threat may show security procedures and controls are not as nailed down as we had all hoped.
Tomi Engdahl says:
A positive approach to cyber
https://home.kpmg.com/fi/fi/home/uutiset-ja-julkaisut/2017/06/se-news-ceo-outlook-a-positive-approach-to-cyber.html
Cyber attacks is a threat that can strike anywhere. Attitudes towards cyber security, however, are not identical around the world. This is clear in the 2017 CEO Outlook. Nordic CEOs are much more likely to see cyber security as an opportunity, rather than a threat. This may be counterintuitive to CEOs from other regions who are more likely to focus on cyber threats than the commercial opportunities from security products and services which they necessitate.
They are, for example, more likely than their global counterparts to believe that data security prompts innovation in products and services. Nearly all (94%) take this view, almost double the 53% of global CEOs who say the same.
Mika Laaksonen, KPMG Cyber Advisory Partner in Finland, says that Nordic CEOs see data security as an integral part of new, innovative services. They are successful only if the client can trust them. For example, the buyers of cloud‑based HR systems tend to be conscious of the need for data privacy, especially in terms of sensitive data, and the compliance to EU’s General Data Protection Regulation (GDPR).
They understand that they must be able to show their clients high standards of data security, and that their partners’ and suppliers’ standards are equally high. Nordic CEOs are more likely than their international counterparts to see revenue opportunities in such cyber risk mitigation. They are also more likely to see preparedness as part of their leadership role.
Tomi Engdahl says:
Seven out of the ten pay the ransom
Ransom programs are at present the most common security threats in Finland and internationally. At Check Point’s security seminar in Helsinki, it was clear why 70% of the victims pay for the ransom, even if that is not the case under official instructions.
The year 2016 was particularly good for the scouts. According to Sköld, cyber criminals succeeded in supplying a blackmail program to 40 percent of corporate networks, and 70 percent of those who had been subjected to extortion paid for the ransom. More than half of those in the United States paid over $ 10,000 and every five dollars over $ 40,000 to get their information back. Both the FBI and the Finnish Communications Regulatory Commission are guided by the fact that no payers should pay.
This year, the pace of retreaters has not been calmed down at all. WannaCry caused problems for example in UK healthcare. NotPetya became expensive, for example, from its container vessels to a well-known logistics company, Maersk. The newest is the BadRabbit, which spread especially in Eastern Europe before last week reported stoppage.
According to Check Point’s calculations, the number of frustration programs in malware detected in Finnish corporate networks was 48 percent in the first half of this year. Mobile fraud programs accounted for 26 percent, the same as those of bankers. The figures for the entire EMEA were 56, 16 and 28 percent.
- The popularity of tightening programs among criminals is also due to the development of a secure payment method. The recipient of Bitcoin payments can not be traced. It’s easy to make payments online, and the victim does not have to tell anyone about it either. Few people report to the police because they do not want publicity, Sköld said.
Source: http://etn.fi/index.php?option=com_content&view=article&id=7077&via=n&datum=2017-10-30_14:44:17&mottagare=31202
Tomi Engdahl says:
UEFI BIOS holes. So Much Magic. Don’t Come Inside.
https://embedi.com/blog/uefi-bios-holes-so-much-magic-dont-come-inside
In recent years, embedded software security has become a red-hot topic, attracting the attention of high profile security researchers from all around the globe. However, the quality of code is still far from perfect as long as its security is considered. For instance, the CVE-2017-5721 SMM Privilege Elevation vulnerability in the firmware could affect such scope of vendors like Acer, ASRock, ASUS, Dell, HP, GIGABYTE, Lenovo, MSI, Intel, and Fujitsu. This white paper is intended to describe how to detect a vulnerability in a motherboard firmware
Tomi Engdahl says:
Report Scores Cities to See if Technology Makes Them Safer
https://spectrum.ieee.org/tech-talk/computing/networks/report-scores-cities-to-figure-out-if-investing-in-technology-makes-them-safer
More and more people are migrating to cities. By 2030, 60 percent of the world’s population will live in an urban setting, according to the United Nations. How can these growing cities reduce conflicts, crime, violence, and terrorism?
In a word: technology. Cameras, command centers, social media alerts, predictive algorithms, and other digital and mobile technologies are already improving public safety in some capital cities, says a new report from the Brookings Institution. It finds that some of the safest cities in the world have made it a priority to invest in digital infrastructure and to support communities and law enforcement with tech-based initiatives. The results of these actions not only save lives, but improve the city’s productivity and national competitiveness.
Tomi Engdahl says:
802.11ac -based sniffer/injector allows law enforcement to target and monitor Wi-Fi communications
http://www.cablinginstall.com/articles/pt/2017/10/802-11ac-based-sniffer-injector-allows-law-enforcement-to-target-and-monitor-wi-fi-communications.html?cmpid=enl_cim_cim_data_center_newsletter_2017-10-30
Intelligraphics lauches its IGX Bloodhound Sniffer/Injector For 802.11AC.
Intelligraphics Inc., a specialist in intelligent fast-roaming network solutions and wireless security, has announced the release of its most advanced IGX Bloodhound Wi-Fi Sniffer/Injector, now with support for 802.11AC chipsets.
Per the company: “This 802.11ac -based sniffer/injector allows law enforcement agencies to target and proactively surveil Wi-Fi communications in real-time so they can make informed decisions, both remotely and at the mission location. Agencies can more effectively identify and evaluate threats, prevent network casualties, and protect critical infrastructure.”
“The addition of flow analysis can be combined with data analytics to enhance the ability of retailers, mall operators, entertainment, public transportation, and healthcare facilities to better understand how people enter, interact, move through physical spaces as well as improve their security.”
Tomi Engdahl says:
Researchers Downplay Size of Reaper IoT Botnet
http://www.securityweek.com/researchers-downplay-size-reaper-iot-botnet
The Mirai-like “Reaper” botnet that began infecting Internet of Things (IoT) devices in late September has only ensnared up to 20,000 bots so far, according to estimates from Arbor Networks.
Called Reaper, the botnet was said a couple of weeks ago to have infected over one million organizations worldwide, but Arbor claims that the actual size of the botnet fluctuates between 10,000 and 20,000 bots in total.
The botnet’s size, the researcher reveal, could change at any time. An additional 2 million hosts have been already identified by the botnet scanner as potential nodes, although they haven’t been ensnared into Reaper yet.
“At this time, it is not clear why these candidate bots have not been co-opted into the botnet. Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism,” Arbor’s ASERT researchers note.
Tomi Engdahl says:
Police Probe Hack of London Plastic Surgery Clinic
http://www.securityweek.com/police-probe-hack-london-plastic-surgery-clinic
British police said Tuesday they were investigating the theft of data from a London plastic surgery clinic, with reports that sensitive images of celebrities have been stolen.
London Bridge Plastic Surgery said it was still establishing the extent of the hack, adding that it believed those responsible have previously targeted US medical providers.
“On Tuesday, 17 October the Metropolitan Police Service was informed of a data theft from a cosmetic surgery clinic in London,” the police force said in a statement.
Tomi Engdahl says:
Code Execution Flaws Patched in Apache OpenOffice
http://www.securityweek.com/code-execution-flaws-patched-apache-openoffice
Researchers at Cisco Talos have discovered three vulnerabilities in Apache OpenOffice that can be exploited by malicious actors for remote code execution using specially crafted document files.
The vulnerabilities affect Apache OpenOffice versions 4.1.3 and prior, along with OpenOffice.org. Patches are included in version 4.1.4, which the Apache Software Foundation announced earlier this month.
Tomi Engdahl says:
FireEye Releases Managed Password Cracking Tool
http://www.securityweek.com/fireeye-releases-managed-password-cracking-tool
FireEye on Monday released a tool designed to help red teams manage password cracking tasks across multiple GPU servers. Called GoCrack, the open source tool provides an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.
Developed in house by FireEye’s Innovation and Custom Engineering (ICE) team, users can deploy a GoCrack server along with a worker on every GPU/CPU capable machine with tasks being automatically distributed across the GPU/CPU machines.
GoCrack currently supports the hashcat v3.6+ engine and requires no external database server, and includes support for both LDAP and database backed authentication.
https://www.fireeye.com/blog/threat-research/2017/10/gocrack-managed-password-cracking-tool.html
Tomi Engdahl says:
Heathrow Probes How Security Data Found on London Street
http://www.securityweek.com/heathrow-probes-how-security-data-found-london-street
Heathrow Airport said Sunday it has launched an internal investigation after a memory stick containing extensive security information was found on a London street by a member of the public.
The USB drive contained dozens of folders with maps, videos and documents — some marked confidential or restricted — detailing security at Europe’s busiest airport, according to the Sunday Mirror newspaper, which first reported the incident.
A man discovered the unencrypted device discarded on a west London pavement, and handed it into the paper, which said it reviewed the contents and passed it on to Heathrow officials.
The airport said the breach led to an immediate review of all security plans and it was “confident that Heathrow remains secure”.
A spokeswoman added: “We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future.”