Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports:
The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.
According to an alert sent to banks late last month, the entire scheme goes as follows:
1. Criminals intercept mail sent from a financial institution to large corporations that contain payment cards, targeting debit payment cards with access to large amount of funds.
2. The crooks remove the chip from the debit payment card using a heat source that warms the glue.
3. Criminals replace the chip with an old or invalid chip and repackage the payment card for delivery.
4. Criminals place the stolen chip into an old payment card.
5. The corporation receives the debit payment card without realizing the chip has been replaced.
6. The corporate office activates the debit payment card; however, their payment card is inoperable thanks to the old chip.
7. Criminals use the payment card with the stolen chip for their personal gain once the corporate office activates the card.
The reason the crooks don’t just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated.
A T-Mobile Austria customer representative made a shocking admission in a Twitter thread.
Security is hard. Computer systems get more complex by the day and software is eating up the world, making the task of keeping hackers out harder and harder.
Sometimes, however, companies just make it too easy for the bad guy by disregarding the most basic and universally accepted security best practices. Today’s culprit: T-Mobile Austria.
The company admitted on Twitter that it stores at least part of their customer’s passwords in plaintext. This is a big no-no in this day and age because if anyone breaches T-Mobile (and companies are breached all the time), they could likely guess or brute-force every user’s password. If the passwords were fully encrypted or hashed, it wouldn’t be that easy.
“knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest.”
“I really do not get why this is a problem. You have so many passwords for every app, for every mail-account and so on. We secure all data very carefully, so there is not a thing to fear,” the rep wrote back.
It’s hard to overstate just how incredibly reckless it is, in 2018, to still store people’s passwords in plaintext.
When another Twitter user questioned what happens if T-Mobile’s systems are breached, the representative nonchalantly stated “What if this doesn’t happen because our security is amazingly good?”
This isn’t the first time questions have been posed about T-Mobile’s data security. Late last year a security researcher identified a hole in the telecommunication company’s API.
The API was misconfigured and accepted queries containing a mobile phone number. If queried with a phone number, the API responded with account information associated with that phone number, including the customer’s email address, account numbers, answers to security questions and device identification numbers.
Cary O’Reilly / Bloomberg Law:
Department of Homeland Security to compile database of journalists, bloggers, and influencers in an effort to track 290K global news sources in 100 languages — The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile …
• Seeks contractor that can monitor 290,000 global news sources
• ‘Media influencer’ database to note `sentiment’ of coverage
The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile a database of journalists, editors, foreign correspondents, and bloggers to identify top “media influencers.”
It’s seeking a contractor that can help it monitor traditional news sources as well as social media and identify “any and all” coverage related to the agency or a particular event, according to a request for information released April 3.
The data to be collected includes a publication’s “sentiment” as well as geographical spread, top posters, languages, momentum, and circulation. No value for the contract was disclosed.
Blake Montgomery / BuzzFeed:
US seizes classifieds site Backpage.com and related domains, raids founder’s home, files 93 counts including money laundering and facilitating prostitution
Simina Mistreanu / Foreign Policy:
Life in Rongcheng offers inside preview of China’s social credit system, which mixes credit scores with monitoring data of citizens, launches nationally in 2020 — RONGCHENG, CHINA — Rongcheng was built for the future. Its broad streets and suburban communities were constructed with an eye …
You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.
[Mike Ryan] of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. From using an x-ray machine to do non-destructive reconnaissance on the device’s internals to methodically discovering all the commands it responds to over Bluetooth, it’s safe to say the FUZE Card is cracked wide open at this point.
The recently discovered KevDroid Android backdoor is tied to the North Korean hacking group APT37, Palo Alto Networks researchers say.
Also tracked as Reaper, Group 123, Red Eyes, and ScarCruft, the threat group was observed earlier this year to be using a Flash Player zero-day vulnerability and has been expanding the scope and sophistication of its campaigns over the past months.
Recently, the group was said to have targeted victims with Android spyware via spear phishing emails. Cisco’s Talos security researchers analyzed the malware, which they called KevDroid, but weren’t able to find a strong connection with the group.
According to Palo Alto Networks, however, KevDroid is indeed part of APT37’s arsenal of mobile tools. Furthermore, the security researchers were able to find a more advanced version of the spyware, as well as Trojanized iterations of legitimate applications that are used as downloaders for the malware.
A significant number of Cisco switches located in Iran and Russia have been hijacked in what appears to be a hacktivist campaign conducted in protest of election-related hacking. However, it’s uncertain if the attacks involve a recently disclosed vulnerability or simply abuse a method that has been known for more than a year.
Cisco devices belonging to organizations in Russia and Iran have been hijacked via their Smart Install feature. The compromised switches had their IOS image rewritten and their configuration changed to display a U.S. flag using ASCII art and the message “Don’t mess with our elections…”
The hackers, calling themselves “JHT,” told Motherboard that they wanted to send a message to government-backed hackers targeting “the United States and other countries.” They claim to have only caused damage to devices in Iran and Russia, while allegedly patching most devices found in countries such as the U.S. and U.K.
Researchers at Cisco Talos have identified several critical vulnerabilities that expose Natus medical devices to remote hacker attacks. The vendor has released firmware updates that patch the flaws.
The vulnerabilities allow remote code execution and denial-of-service (DoS) attacks and they impact the Natus NeuroWorks software, which is used by the company’s Xltek electroencephalography (EEG) equipment to monitor and review data over the network.
According to Cisco, an attacker with access to the targeted network can remotely execute arbitrary code on the device or cause a service to crash by sending specially crafted packets. An attack does not require authentication.
“Vulnerable systems are searched for by attackers as points of ingress and persistence within computer networks. A vulnerable system can be compromised by threat actors, used to conduct reconnaissance on the network, and as a platform from which further attacks can be launched,” Talos warned.
Remote code execution on vulnerable Natus devices is possible due to four different functions that can cause a buffer overflow. All of the code execution flaws have been rated “critical” with CVSS scores of 9 or 10. The DoS vulnerability, rated “high severity,” is caused by an out-of-bounds read issue.
Apple co-founder Steve Wozniak told USA TODAY he’s leaving Facebook out of growing concern for the carelessness with which Facebook and other Internet companies treat the private information of users.
“Users provide every detail of their life to Facebook and … Facebook makes a lot of advertising money off this,” he said in an email to USA TODAY. “The profits are all based on the user’s info, but the users get none of the profits back.”
Wozniak said he’d rather pay for Facebook than have his personal information exploited for advertising. And he heaped praise on Apple for respecting people’s privacy.
“Apple makes its money off of good products, not off of you,” Wozniak said. “As they say, with Facebook, you are the product.”
Zuckerberg hit back in a subsequent interview with Vox, calling Cook’s comments “extremely glib.”
“If you want to build a service which is not just serving rich people, then you need to have something that people can afford,” said Zuckerberg.”
Wozniak is one of the prominent users who have called it quits. On Sunday, he deactivated his Facebook account after posting the following message: “I am in the process of leaving Facebook. It’s brought me more negatives than positives. Apple has more secure ways to share things about yourself. I can still deal with old school email and text messages.”
In an email to USA TODAY, Wozniak said he was taken aback by the extent of Facebook’s data collection when he changed and deleted some of his information before deactivating his account.
Still, breaking up with Facebook isn’t easy. Wozniak chose not to delete his Facebook account. He didn’t mind bidding farewell to his 5,000 Facebook friends, many of whom he says he doesn’t know. But he didn’t want to give up his “stevewoz” screen name.
“I don’t want someone else grabbing it, even another Steve Wozniak,” he said.
You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.
Hackers have attacked networks in a number of countries including data centers in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”, the Iranian IT ministry said on Saturday.
“The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country,” the Communication and Information Technology Ministry said in a statement carried by Iran’s official news agency IRNA.
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.
Security is hard. Computer systems get more complex by the day and software is eating up the world, making the task of keeping hackers out harder and harder.
Sometimes, however, companies just make it too easy for the bad guy by disregarding the most basic and universally accepted security best practices. Today’s culprit: T-Mobile Austria.
The company admitted on Twitter that it stores at least part of their customer’s passwords in plaintext. This is a big no-no in this day and age because if anyone breaches T-Mobile (and companies are breached all the time), they could likely guess or brute-force every user’s password. If the passwords were fully encrypted or hashed, it wouldn’t be that easy. But having a portion of the credential in plaintext reduces the difficulty of decoding the hashed part and obtaining the whole password.
“Based on what we know about how people choose their passwords,” Per Thorsheim, the founder of the first-ever conference dedicated to passwords, told me via Twitter direct message, “knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest.”
PCs don’t have beepers any more, but code to make’ em sound off lets you see files
Retro programmers may need to reconsider using the Linux beep command as an activity or progress alert.
One of the silliest bugs on record emerged late last week, when Debian project leader Chris Lamb took to the distro’s security to post an advisory that the little utility had a local privilege escalation vulnerability.
Worker perks-flinger Sodexo has told a number of customers to cancel their credit cards following “a targeted attack” on its cinema vouchers platform, Filmology.
The scheme, which provides UK employee rewards via discounted cinema tickets, has also taken its site down “for the foreseeable future” in order “to eliminate any further potential risk” to consumers and to protect consumers’ data.
In an email to customers, seen by The Register, Sodexo Filmology said it had informed the UK Information Commissioner’s Office and a specialist forensic investigation team.
“We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” it said.
“These incidents have been caused by a targeted attack on the system we use to host our Cinema Benefits platform, despite having put in place a number of preventative measures with CREST-approved security specialists.”
“While the merchant is ultimately responsible, that does not mean they caused the breach as it could be down to outsourcing a service to a third party, or a fault in one of the software products they are using. All will have to be PCI compliant [the payment card industry's data security standard].”
Advice to cancel cards might be due to either Visa, MasterCard or the card issuer having spotted a pattern of fraudulent activity and having alerted the merchant after suspecting they are the common point of purchase for fraudulent activity. “In which case they are taking a precautionary step by informing customers in this way,” Morris said.
Senior Congressmen have demanded “immediate action” over mysterious fake cell phone towers in Washington DC that they worry could be being operated by foreign governments.
“address the prevalence of what could be hostile, foreign cell-site simulators, or Stingrays, surveilling Americans in the nation’s Capital.”
The letter [PDF] cites news articles about the bogus phone towers as justification for the call to action, but those reports of “anomalous activity in the National Capital that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers” actually emerged in a letter from the US Department of Homeland Security to Senator Ron Wyden (D-OR).
A developer has discovered that Gmail’s email handling creates a handy phishing vector to attack Netflix customers.
The problem is that Netflix, like most systems, recognises dots in e-mail handles (so richardchirgwin and richard.chirgwin are different accounts) – but Gmail does not.
Since the e-mail arrived to the correct inbox, and since it genuinely came from Netflix, Fisher came close to accepting its request that he update his details – except that he didn’t recognise the credit card attached to the “dotted” account.
This, Fisher wrote, creates the phishing vector: if an attacker tried hard enough, they would find a Netflix account whose Gmail registration already exists, and can register another account with an extra dot in the Gmail address.
If the attacker signed up with a “throwaway” card number, and then cancelled the card, Netflix would email the “real” Gmail account-holder asking for a valid card. It only needs the recipient to do so without noticing a discrepancy, and the attacker has tricked someone into paying for their streaming.
Security luminary Bruce Schneier commented that the problem is subtle: “It’s an example of two systems without a security vulnerability coming together to create a security vulnerability.”
The groups, led by the Campaign for a Commercial-Free Childhood (CCFC), allege YouTube is violating the Children’s Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parents’ permission.
23 privacy and children’s advocacy groups filed a Federal Trade Commission complaint against YouTube, alleging the platform illegally collects data from children. The groups, led by the Campaign for a Commercial-Free Childhood (CCFC), allege YouTube is violating the Children’s Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parents’ permission.
“It’s just fundamentally unfair,” Josh Golin, executive director of the CCFC, told Gizmodo, “to use Google’s powerful behavioral targeting on a child that doesn’t yet understand what’s going on.”
n 2014, a researcher named Alexander Kogan created a personality quiz that 270,000 Facebook users would go on to install. From those downloads alone, he was able to harvest the personal information of up to 87 million people, according to Facebook’s most recent estimate. He then passed that data along to Trump-affiliated political firm Cambridge Analytica, which would use it to target voters in the 2016 presidential election. Now Facebook has finally released a tool that lets you know whether you were affected.
Beginning at noon EDT on Monday, some Facebook users will see one of two messages at the top of their News feed. Both use the header Protecting Your Information, with one focusing on Cambridge Analytica and the other providing more general guidance about controlling which apps and websites currently have access to your data.
YOU KNOW BY now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.
Over the last decade, reports have increasingly detailed the flaws and vulnerabilities that can plague insecure implementations of a set of networking protocols called Universal Plug and Play. But where these possibilities were largely academic before, Akamai found evidence that attackers are actively exploiting these weaknesses not to attack the devices themselves, but as a jumping off point for all sorts of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.
“We started talking about how many of these vulnerable devices are out there and what can they be leveraged for, because most people seem to have forgotten about this vulnerability,”
Down With UPnP
UPnP helps devices on a network find and essentially introduce themselves to each other, so that a server, say, can discover and vet the printers on a network.
When IoT devices expose too many of these mechanisms to the open internet without requiring authentication—or when credential checks are easily guessable or can be brute forced—attackers can then scan for devices that have implemented a few of these protocols badly all in one device, and then exploit this series of manufacturer missteps to launch an attack.
That’s also how the Akamai researchers found the malicious UPnP proxy schemes. Akamai says it found 4.8 million devices on the open internet that would improperly return a certain query related to UPnP. Of those, about 765,000 also had a secondary implementation issue that created a bigger network communication vulnerability. And then on more than 65,000 of those, Akamai saw evidence that attackers had exploited the other weaknesses to inject one or more malicious commands into the router mechanism that controls traffic flow. Those final 65,000 devices were grouped together in various ways and ultimately pointed to 17,599 unique IP addresses for attackers to bounce traffic around to mask their movements.
“In particular it’s annoying to build these attacks against hundreds of personal routers, and testing these attacks is hard too,”
Notably, the Akamai researchers saw evidence that UPnP proxying isn’t just being used for malicious activity. It also seems to be part of efforts to skirt censorship schemes in countries like China to gain unfettered web access.
Users won’t realize if their devices are being exploited for UPnP proxy attacks, and there is little they can do to defend themselves if they have a vulnerable device besides getting a new one. Some devices will allow users to disable UPnP, but that can lead to functionality issues.
Akamai found 73 brands and almost 400 IoT models that are vulnerable in some way.
Internet of Threats
Internet of Things security is still not enough of a priority-A big part of the problem is that every device is a black box, we don’t know what code these things are running and it’s all proprietary (aka unvetted)
Ransomware has become the most prevalent type of malware and it has increasingly targeted business-critical systems, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The 11th edition of the DBIR is based on data provided to Verizon by 67 organizations, and it covers more than 53,000 incidents and over 2,200 breaches across 65 countries.
According to Verizon, ransomware was found in 39% of cases involving malware. Experts believe ransomware has become so prevalent due to the fact that it’s easy to deploy — even for less skilled cybercriminals — and the risks and costs associated with conducting an operation are relatively small for the attacker.
Over 95% of the email domains managed by the Executive Office of the President (EOP) haven’t implemented the Domain Message Authentication Reporting & Conformance (DMARC) protocol, the Global Cyber Alliance (GCA) has discovered.
After analyzing 26 such domains, GCA discovered that 18 haven’t even started the deployment of DMARC, while 7 of them have implemented the protocol at the lowest level (“none”), which only monitors emails.
Because of that, none of these domains can prevent delivery of spoofed emails, GCA points out. Implementing DMARC ensures that fake emails (known as direct domain spoofing) that spammers and phishers send don’t end up in the users’ inboxes.
Malware activity declined in the first quarter of 2018, with both detections for ransomware and cryptominers lower than the last quarter of 2018, according to anti-malware vendor Malwarebytes. However, major reductions in consumer instances mask an increase in both activities against businesses, the company says.
A significant number of Cisco switches located in Iran and Russia have been hijacked in what appears to be a hacktivist campaign conducted in protest of election-related hacking. However, it’s uncertain if the attacks involve a recently disclosed vulnerability or simply abuse a method that has been known for more than a year.
Several vulnerabilities have been found in the Linux command line tool Beep, including a potentially serious issue introduced by a patch for a privilege escalation flaw.
For well over a decade, Beep has been used by developers on Linux to get a computer’s internal speaker to produce a beep
The security hole has been assigned CVE-2018-0492 and it has been sarcastically described as “the latest breakthrough in the field of acoustic cyber security research.” Someone created a dedicated website for it (holeybeep.ninja), a logo, and named it “Holey Beep.”
The individual or individuals who set up the Holey Beep website have also provided a patch, but someone noticed that this fix actually introduces a potentially more serious vulnerability that allows arbitrary command execution.
“The patch vulnerability seems more severe to me, as people apply patches all the time (they shouldn’t do it as root, but people are people),”
“I question whether beep should be saved. It would require someone carefully reviewing the code and effectively become the new upstream. And all that for a tool talking to the PC speaker, which doesn’t exist in most modern systems anyway,”
Holey Beep (CVE-2018-0492) is the latest breakthrough in the field of acoustic cyber security research.
Am I vulnerable?
Most likely! If you have beep installed as setuid and it was compiled with a certain compiler version and options and your machine is compromised, your network is at risk.
Is this vulnerability serious?
Holey Beep is just a simple privilege escalation bug. However, it can be used in an exploit chain to trigger more serious issues.
How many people are affected?
Millions! Everyone, almost.
According to the Debian popularity contest, beep is installed on 1.86% of all machines. Extrapolating that by the earth population, we estimate roughly 130 million affected users.
Description
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
Web browsers are building a new way for you to log in, announced today by the W3C and FIDO Alliance standards bodies. Called WebAuthn, the new open standard is currently supported in the latest version of Firefox, and will be supported in upcoming versions of Chrome and Edge slated for release in the next few months.
WebAuthn has been working its way toward W3C approval for nearly two years, but today marks the first major announcement of browser support. Apple has not commented on Safari support for WebAuthn, although the company is part of the working group that developed the standard.
Today’s announcement the latest step in a years-long effort to move users away from passwords and toward more secure login methods like biometrics and USB tokens. The system is already in place on major services like Google and Facebook, where you can log in using a Yubikey token built to the FIDO standard.
YouTube’s music video for the hit song Despacito, which has had over five billion views, has been hacked.
The clip’s cover image was replaced with a photo showing a group of people wearing masks and pointing guns.
The video was temporarily taken offline until the problem was fixed.
But videos by more than a dozen other artists posted by the music hosting service Vevo – including Shakira, Selena Gomez, Drake and Taylor Swift – were also affected.
The hackers, calling themselves Prosox and Kuroi’sh, had replaced some of the videos’ titles with their own messages, including a call to “free Palestine” alongside their own nicknames.
“After seeing unusual upload activity on a handful of Vevo channels, we worked quickly with our partner to disable access while they investigate the issue,” a spokeswoman for YouTube told the BBC.
A Twitter account that apparently belonged to one of the hackers had posted: “It’s just for fun, I just use [the] script ‘youtube-change-title-video’ and I write ‘hacked’.”
“To upload and alter video content with code you should require an authorisation token,” he said.
Michelle Castillo / CNBC:
Facebook debuts a Data Abuse Bounty to reward those who report misuse of data by app devs; payouts are for cases affecting 10K+ users and range from $500-$40K
Facebook is launching a data abuse bounty program to ask its users to help it find companies using unauthorized data.
It will pay from $500 to upward of $40,000 for substantiated cases.
Only Facebook is included in the program at this time, not other platforms like Instagram.
The company currently has 10 people on the bug bounty team, but plans to hire more people and involve other teams in order to investigate substantiated claims.
Russell Brandom / The Verge:
FIDO Alliance and W3C announce WebAuthn, a new open standard for password-free logins, currently supported in Firefox, and to be supported in Chrome and Edge
Web browsers are building a new way for you to log in, announced today by the W3C and FIDO Alliance standards bodies. Called WebAuthn, the new open standard is currently supported in the latest version of Firefox, and will be supported in upcoming versions of Chrome and Edge slated for release in the next few months.
Today’s announcement the latest step in a years-long effort to move users away from passwords and toward more secure login methods like biometrics and USB tokens. The system is already in place on major services like Google and Facebook, where you can log in using a Yubikey token built to the FIDO standard.
Microsoft’s Patch Tuesday updates for April 2018 resolve a total of 66 vulnerabilities, including nearly two dozen critical issues affecting Windows and the company’s web browsers.
None of the flaws patched this month appear to have been exploited in the wild, but one privilege escalation vulnerability discovered by a Microsoft researcher in SharePoint has been disclosed to the public.
A majority of the critical flaws affecting Internet Explorer and Edge are related to scripting engines and they allow remote code execution.
A remote code execution flaw affecting the VBScript engine has also been rated critical. The security hole can be exploited via malicious websites or documents. Trend Micro’s Zero Day Initiative (ZDI) noted that while this is similar to browser bugs, the attack surface is broader due to the possibility of exploitation using Office documents.
Adobe has patched a total of 19 vulnerabilities across six of its products, including Flash Player, Experience Manager, InDesign CC, Digital Editions, ColdFusion and the PhoneGap Push plugin.
A total of six flaws rated critical and important have been fixed in Flash Player with the release of version 29.0.0.140, including use-after-free, out-of-bounds read, out-of-bounds write and heap overflow bugs that can lead to remote code execution and information disclosure.
Some of the most popular music videos on YouTube including mega-hit “Despacito” momentarily disappeared Tuesday in an apparent hacking.
Fans looking for videos by top artists including Drake, Katy Perry and Taylor Swift found the footage removed and replaced by messages that included “Free Palestine.”
Luis Fonsi’s “Despacito” — the most-watched video of all time at five billion views — was briefly replaced by an image of a gun-toting gang in red hoods that appeared to come from the Spanish series “Money Heist.”
Most videos were back up by early Tuesday US time but some still had defaced captions, which boasted of hacking by a duo calling themselves Prosox and Kuroi’SH.
Ransomware has become the most prevalent type of malware and it has increasingly targeted business-critical systems, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The 11th edition of the DBIR is based on data provided to Verizon by 67 organizations, and it covers more than 53,000 incidents and over 2,200 breaches across 65 countries.
According to Verizon, ransomware was found in 39% of cases involving malware. Experts believe ransomware has become so prevalent due to the fact that it’s easy to deploy — even for less skilled cybercriminals — and the risks and costs associated with conducting an operation are relatively small for the attacker.
Cybercriminals have increasingly started using ransomware to target mission-critical systems, such as file servers and databases, which causes more damage to the targeted organization compared to only desktop systems getting compromised.
Security Teams Must Prioritize Risk Mitigation Against Android Malware
Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.
Threat actors watch these trends too. They’re opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.
As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android’s official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.
Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations.
At exactly noon on the first Tuesday after Balint Seeber moved from Silicon Valley to San Francisco in late 2015, the Australian radio hacker and security researcher was surprised to discover a phenomenon already known to practically every other resident of the city: a brief, piercing wail that rose and then fell, followed by a man’s voice: “This is a test. This is a test of the outdoor warning system. This is only a test.”
The next week, at exactly the same time, Seeber heard it again.
Could a hacker like him hijack that command system to trigger all the sirens around the whole city at will, or to use them to broadcast even more alarming sounds?
The far-reaching tentacles of the likes of Google and Facebook have focused people’s attention on online privacy, but for anyone looking to retain a modicum of confidentiality it can be hard to know what to do. There are VPN tools, but these are not for everyone, for anyone looking for a quick solution, Avast Secure Browser could be the answer.
This new Chromium-based browser is billed as being “private, fast, and secure” and it’s designed to address the misconceptions many people have about privacy and security online. The browser is a renamed and updated version of SafeZone.
Cloudflare is conducting an experiment with APNIC, and it’s revealing plenty of dirty hacks.
Cloudflare’s new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Centre (APNIC).
The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy.
“We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque,” wrote APNIC’s chief scientist Geoff Huston in a blog post.
“We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs.
Robert Hutton / Bloomberg:
GCHQ director says UK carried out its first major cyber-attack in 2017, targeting Islamic State communications and propaganda infrastructure — Spy chief reveals his agency hit terror group’s communications — GCHQ boss also warns about levels of Russian online activity
Andy Greenberg / Wired:
After testing 1.2K Android phones from 2017, researchers find OEMs often don’t install the security patches they claim to install; ZTE and TCL each omitted 4+ — GOOGLE HAS LONG struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates.
Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone’s firmware is fully up to date, even while they’ve secretly skipped patches.
They found what they call a “patch gap”: In many cases, certain vendors’ phones would tell users that they had all of Android’s security patches up to a certain date, while in reality missing as many as a dozen patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.
“We find that there’s a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others,”
The problem, Nohl points out, is worse than vendors merely neglecting to patch older devices, a common phenomenon. Instead, it’s that they tell users they install patches that they in fact don’t, creating a false sense of security. “We found several vendors that didn’t install a single patch but changed the patch date forward by several months,” Nohl says. “That’s deliberate deception, and it’s not very common.”
Joseph Cox / Motherboard:
Investigation: State Dept. and some local police have bought $15K+ GrayKey tools to unlock up-to-date iPhones; Secret Service and DEA also interested in GrayKey — A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey …
A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.
Maria Deutscher / SiliconANGLE:
Cloudflare launches Spectrum security service for large enterprise clients, offering DDoS protection for any container or VM that connects to the internet
Cloudflare Inc. is expanding its effort to secure the internet beyond websites and cloud applications.
The provider, which helps companies block malicious traffic and make their online content load faster, today unveiled a new service for protecting the internet-connected infrastructure running in the background of the publicly facing web. This includes most everything from internal corporate email servers to connected devices deployed in the field.
The provider’s approach to fending off attacks is fairly straightforward. When there’s a sudden surge in traffic that may be caused by a DDoS campaign, Cloudflare simply offloads the requests to its network of 150 data centers, which is large enough to withstand the barrage without getting knocked offline.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
252 Comments
Tomi Engdahl says:
Secret Service Warns of Chip Card Scheme
https://news.slashdot.org/story/18/04/05/2029221/secret-service-warns-of-chip-card-scheme?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports:
Secret Service Warns of Chip Card Scheme
https://krebsonsecurity.com/2018/04/secret-service-warns-of-chip-card-scheme/
The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.
According to an alert sent to banks late last month, the entire scheme goes as follows:
1. Criminals intercept mail sent from a financial institution to large corporations that contain payment cards, targeting debit payment cards with access to large amount of funds.
2. The crooks remove the chip from the debit payment card using a heat source that warms the glue.
3. Criminals replace the chip with an old or invalid chip and repackage the payment card for delivery.
4. Criminals place the stolen chip into an old payment card.
5. The corporation receives the debit payment card without realizing the chip has been replaced.
6. The corporate office activates the debit payment card; however, their payment card is inoperable thanks to the old chip.
7. Criminals use the payment card with the stolen chip for their personal gain once the corporate office activates the card.
The reason the crooks don’t just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated.
Tomi Engdahl says:
In Finland big data leakage, 130 000 accounts with passwords and business planning information
https://www.tivi.fi/Kaikki_uutiset/nyt-todella-kannattaa-vaihtaa-salasana-massiivisen-tietomurron-salasanat-vietiin-selvakielisina-6719137
Tomi Engdahl says:
Facebook plans to let everyone unsend messages, won’t let Zuckerberg until then
https://techcrunch.com/2018/04/06/facebook-unsend-messages/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook
Tomi Engdahl says:
T-Mobile Stores Part of Customers’ Passwords In Plaintext, Says It Has ‘Amazingly Good’ Security
https://motherboard.vice.com/en_us/article/7xdeby/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-security
A T-Mobile Austria customer representative made a shocking admission in a Twitter thread.
Security is hard. Computer systems get more complex by the day and software is eating up the world, making the task of keeping hackers out harder and harder.
Sometimes, however, companies just make it too easy for the bad guy by disregarding the most basic and universally accepted security best practices. Today’s culprit: T-Mobile Austria.
The company admitted on Twitter that it stores at least part of their customer’s passwords in plaintext. This is a big no-no in this day and age because if anyone breaches T-Mobile (and companies are breached all the time), they could likely guess or brute-force every user’s password. If the passwords were fully encrypted or hashed, it wouldn’t be that easy.
“knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest.”
“I really do not get why this is a problem. You have so many passwords for every app, for every mail-account and so on. We secure all data very carefully, so there is not a thing to fear,” the rep wrote back.
It’s hard to overstate just how incredibly reckless it is, in 2018, to still store people’s passwords in plaintext.
Tomi Engdahl says:
T-MOBILE’S TWITTER TAILSPIN: THEY PARTLY STORE PASSWORDS IN PLAIN TEXT AND ‘DON’T GET WHY IT’S A PROBLEM’
https://indivigital.com/news/t-mobiles-twitter-tailspin-they-partly-store-passwords-in-plain-text-and-dont-get-why-its-a-problem/
When another Twitter user questioned what happens if T-Mobile’s systems are breached, the representative nonchalantly stated “What if this doesn’t happen because our security is amazingly good?”
This isn’t the first time questions have been posed about T-Mobile’s data security. Late last year a security researcher identified a hole in the telecommunication company’s API.
The API was misconfigured and accepted queries containing a mobile phone number. If queried with a phone number, the API responded with account information associated with that phone number, including the customer’s email address, account numbers, answers to security questions and device identification numbers.
Tomi Engdahl says:
In the rapidly expanding thread of replies, another Twitter user stated “you’re now number 1 target for black hats”.
Tomi Engdahl says:
Cary O’Reilly / Bloomberg Law:
Department of Homeland Security to compile database of journalists, bloggers, and influencers in an effort to track 290K global news sources in 100 languages — The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile …
Homeland Security to Compile Database of Journalists, Bloggers
http://biglawbusiness.com/homeland-security-to-compile-database-of-journalists-bloggers/
• Seeks contractor that can monitor 290,000 global news sources
• ‘Media influencer’ database to note `sentiment’ of coverage
The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile a database of journalists, editors, foreign correspondents, and bloggers to identify top “media influencers.”
It’s seeking a contractor that can help it monitor traditional news sources as well as social media and identify “any and all” coverage related to the agency or a particular event, according to a request for information released April 3.
The data to be collected includes a publication’s “sentiment” as well as geographical spread, top posters, languages, momentum, and circulation. No value for the contract was disclosed.
Tomi Engdahl says:
Department Of Homeland Security Compiling Database Of Journalists And ‘Media Influencers’
https://www.forbes.com/sites/michellefabio/2018/04/06/department-of-homeland-security-compiling-database-of-journalists-and-media-influencers/#168d08186121
Tomi Engdahl says:
Blake Montgomery / BuzzFeed:
US seizes classifieds site Backpage.com and related domains, raids founder’s home, files 93 counts including money laundering and facilitating prostitution
Backpage Has Been Taken Down By The US Government And Sex Workers Aren’t Happy
https://www.buzzfeed.com/blakemontgomery/backpage-service-disruption?utm_term=.yhwwOdqxr#.qq8ZqkvmD
Tomi Engdahl says:
Simina Mistreanu / Foreign Policy:
Life in Rongcheng offers inside preview of China’s social credit system, which mixes credit scores with monitoring data of citizens, launches nationally in 2020 — RONGCHENG, CHINA — Rongcheng was built for the future. Its broad streets and suburban communities were constructed with an eye …
Life Inside China’s Social Credit Laboratory
http://foreignpolicy.com/2018/04/03/life-inside-chinas-social-credit-laboratory/
The party’s massive experiment in ranking and monitoring Chinese citizens has already started.
Tomi Engdahl says:
Cracking A Bluetooth Credit Card
https://hackaday.com/2018/04/08/cracking-a-bluetooth-credit-card/
You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.
[Mike Ryan] of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. From using an x-ray machine to do non-destructive reconnaissance on the device’s internals to methodically discovering all the commands it responds to over Bluetooth, it’s safe to say the FUZE Card is cracked wide open at this point.
Stealing Credit Cards from FUZE via Bluetooth
https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
Tomi Engdahl says:
Researchers Link New Android Backdoor to North Korean Hackers
https://www.securityweek.com/researchers-link-new-android-backdoor-north-korean-hackers
The recently discovered KevDroid Android backdoor is tied to the North Korean hacking group APT37, Palo Alto Networks researchers say.
Also tracked as Reaper, Group 123, Red Eyes, and ScarCruft, the threat group was observed earlier this year to be using a Flash Player zero-day vulnerability and has been expanding the scope and sophistication of its campaigns over the past months.
Recently, the group was said to have targeted victims with Android spyware via spear phishing emails. Cisco’s Talos security researchers analyzed the malware, which they called KevDroid, but weren’t able to find a strong connection with the group.
According to Palo Alto Networks, however, KevDroid is indeed part of APT37’s arsenal of mobile tools. Furthermore, the security researchers were able to find a more advanced version of the spyware, as well as Trojanized iterations of legitimate applications that are used as downloaders for the malware.
Tomi Engdahl says:
Cisco Switches in Iran, Russia Hacked in Apparent Pro-US Attack
https://www.securityweek.com/cisco-switches-iran-russia-hacked-apparent-pro-us-attack
A significant number of Cisco switches located in Iran and Russia have been hijacked in what appears to be a hacktivist campaign conducted in protest of election-related hacking. However, it’s uncertain if the attacks involve a recently disclosed vulnerability or simply abuse a method that has been known for more than a year.
Cisco devices belonging to organizations in Russia and Iran have been hijacked via their Smart Install feature. The compromised switches had their IOS image rewritten and their configuration changed to display a U.S. flag using ASCII art and the message “Don’t mess with our elections…”
The hackers, calling themselves “JHT,” told Motherboard that they wanted to send a message to government-backed hackers targeting “the United States and other countries.” They claim to have only caused damage to devices in Iran and Russia, while allegedly patching most devices found in countries such as the U.S. and U.K.
Tomi Engdahl says:
Critical Flaws Expose Natus Medical Devices to Remote Attacks
https://www.securityweek.com/critical-flaws-expose-natus-medical-devices-remote-attacks
Researchers at Cisco Talos have identified several critical vulnerabilities that expose Natus medical devices to remote hacker attacks. The vendor has released firmware updates that patch the flaws.
The vulnerabilities allow remote code execution and denial-of-service (DoS) attacks and they impact the Natus NeuroWorks software, which is used by the company’s Xltek electroencephalography (EEG) equipment to monitor and review data over the network.
According to Cisco, an attacker with access to the targeted network can remotely execute arbitrary code on the device or cause a service to crash by sending specially crafted packets. An attack does not require authentication.
“Vulnerable systems are searched for by attackers as points of ingress and persistence within computer networks. A vulnerable system can be compromised by threat actors, used to conduct reconnaissance on the network, and as a platform from which further attacks can be launched,” Talos warned.
Remote code execution on vulnerable Natus devices is possible due to four different functions that can cause a buffer overflow. All of the code execution flaws have been rated “critical” with CVSS scores of 9 or 10. The DoS vulnerability, rated “high severity,” is caused by an out-of-bounds read issue.
Tomi Engdahl says:
Apple co-founder Steve Wozniak says he’s left Facebook over data collection
https://www.usatoday.com/story/tech/2018/04/08/apple-co-founder-steve-wozniak-says-hes-leaving-facebook/497392002/
Apple co-founder Steve Wozniak told USA TODAY he’s leaving Facebook out of growing concern for the carelessness with which Facebook and other Internet companies treat the private information of users.
“Users provide every detail of their life to Facebook and … Facebook makes a lot of advertising money off this,” he said in an email to USA TODAY. “The profits are all based on the user’s info, but the users get none of the profits back.”
Wozniak said he’d rather pay for Facebook than have his personal information exploited for advertising. And he heaped praise on Apple for respecting people’s privacy.
“Apple makes its money off of good products, not off of you,” Wozniak said. “As they say, with Facebook, you are the product.”
Zuckerberg hit back in a subsequent interview with Vox, calling Cook’s comments “extremely glib.”
“If you want to build a service which is not just serving rich people, then you need to have something that people can afford,” said Zuckerberg.”
Wozniak is one of the prominent users who have called it quits. On Sunday, he deactivated his Facebook account after posting the following message: “I am in the process of leaving Facebook. It’s brought me more negatives than positives. Apple has more secure ways to share things about yourself. I can still deal with old school email and text messages.”
In an email to USA TODAY, Wozniak said he was taken aback by the extent of Facebook’s data collection when he changed and deleted some of his information before deactivating his account.
Still, breaking up with Facebook isn’t easy. Wozniak chose not to delete his Facebook account. He didn’t mind bidding farewell to his 5,000 Facebook friends, many of whom he says he doesn’t know. But he didn’t want to give up his “stevewoz” screen name.
“I don’t want someone else grabbing it, even another Steve Wozniak,” he said.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/te-nordea-luopuu-pahvisista-koodilistoista-tilalle-sovellus-tai-laite-6719319
Tomi Engdahl says:
Cracking A Bluetooth Credit Card
https://hackaday.com/2018/04/08/cracking-a-bluetooth-credit-card/
You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.
Tomi Engdahl says:
Iran hit by global cyber attack that left U.S. flag on screens
https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH?feedType=RSS&feedName=technologyNews&utm_source=Twitter&utm_medium=Social&utm_campaign=Feed%3A+reuters%2FtechnologyNews+%28Reuters+Technology+News%29
Hackers have attacked networks in a number of countries including data centers in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”, the Iranian IT ministry said on Saturday.
“The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country,” the Communication and Information Technology Ministry said in a statement carried by Iran’s official news agency IRNA.
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.
Tomi Engdahl says:
T-Mobile Stores Part of Customers’ Passwords In Plaintext, Says It Has ‘Amazingly Good’ Security
A T-Mobile Austria customer representative made a shocking admission in a Twitter thread.
https://motherboard.vice.com/en_us/article/7xdeby/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-security
Security is hard. Computer systems get more complex by the day and software is eating up the world, making the task of keeping hackers out harder and harder.
Sometimes, however, companies just make it too easy for the bad guy by disregarding the most basic and universally accepted security best practices. Today’s culprit: T-Mobile Austria.
The company admitted on Twitter that it stores at least part of their customer’s passwords in plaintext. This is a big no-no in this day and age because if anyone breaches T-Mobile (and companies are breached all the time), they could likely guess or brute-force every user’s password. If the passwords were fully encrypted or hashed, it wouldn’t be that easy. But having a portion of the credential in plaintext reduces the difficulty of decoding the hashed part and obtaining the whole password.
“Based on what we know about how people choose their passwords,” Per Thorsheim, the founder of the first-ever conference dedicated to passwords, told me via Twitter direct message, “knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest.”
Tomi Engdahl says:
Linux Beep bug joke backfires as branded fix falls short
https://www.theregister.co.uk/2018/04/09/linux_beep_bug/
PCs don’t have beepers any more, but code to make’ em sound off lets you see files
Retro programmers may need to reconsider using the Linux beep command as an activity or progress alert.
One of the silliest bugs on record emerged late last week, when Debian project leader Chris Lamb took to the distro’s security to post an advisory that the little utility had a local privilege escalation vulnerability.
[SECURITY] [DLA 1338-1] beep security update
https://lists.debian.org/debian-lts-announce/2018/04/msg00002.html
It was discovered that there was a local privilege escalation
vulnerability in beep, an “advanced PC speaker beeper”.
For Debian 7 “Wheezy”, this issue has been fixed in beep version
1.3-3+deb7u1.
We recommend that you upgrade your beep packages.
Tomi Engdahl says:
Microsoft adds ransomware protection and file restore to OneDrive cloud storage
Outlook.com also gets encrypted email support
https://www.theverge.com/2018/4/5/17201660/microsoft-onedrive-files-restore-feature-ransomware-protection
Tomi Engdahl says:
Cinema voucher-pusher tells customers: Cancel your credit cards, we’ve been ‘attacked’
Website taken down ‘for the foreseeable future’
https://www.theregister.co.uk/2018/04/09/cinema_voucher_biz_tells_customers_to_cancel_credit_cards_following_breach/
Worker perks-flinger Sodexo has told a number of customers to cancel their credit cards following “a targeted attack” on its cinema vouchers platform, Filmology.
The scheme, which provides UK employee rewards via discounted cinema tickets, has also taken its site down “for the foreseeable future” in order “to eliminate any further potential risk” to consumers and to protect consumers’ data.
In an email to customers, seen by The Register, Sodexo Filmology said it had informed the UK Information Commissioner’s Office and a specialist forensic investigation team.
“We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” it said.
“These incidents have been caused by a targeted attack on the system we use to host our Cinema Benefits platform, despite having put in place a number of preventative measures with CREST-approved security specialists.”
“While the merchant is ultimately responsible, that does not mean they caused the breach as it could be down to outsourcing a service to a third party, or a fault in one of the software products they are using. All will have to be PCI compliant [the payment card industry's data security standard].”
Advice to cancel cards might be due to either Visa, MasterCard or the card issuer having spotted a pattern of fraudulent activity and having alerted the merchant after suspecting they are the common point of purchase for fraudulent activity. “In which case they are taking a precautionary step by informing customers in this way,” Morris said.
Tomi Engdahl says:
You. FCC. Get out there and do something about these mystery bogus cell towers, huff bigwigs
It’s the Ruskies! Or maybe the FBI! Stingray secrecy rebounds
https://www.theregister.co.uk/2018/04/09/fcc_stingrays_fake_cellphone_towers/
Senior Congressmen have demanded “immediate action” over mysterious fake cell phone towers in Washington DC that they worry could be being operated by foreign governments.
“address the prevalence of what could be hostile, foreign cell-site simulators, or Stingrays, surveilling Americans in the nation’s Capital.”
The letter [PDF] cites news articles about the bogus phone towers as justification for the call to action, but those reports of “anomalous activity in the National Capital that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers” actually emerged in a letter from the US Department of Homeland Security to Senator Ron Wyden (D-OR).
https://regmedia.co.uk/2018/04/09/stringray-fcc-apr18.pdf
Tomi Engdahl says:
Gmail is secure. Netflix is secure. Together they’re a phishing threat
Google doesn’t recognise dots in email addresses, which creates an opportunity for evil
https://www.theregister.co.uk/2018/04/10/gmail_netflix_phishing_vector/
A developer has discovered that Gmail’s email handling creates a handy phishing vector to attack Netflix customers.
The problem is that Netflix, like most systems, recognises dots in e-mail handles (so richardchirgwin and richard.chirgwin are different accounts) – but Gmail does not.
Since the e-mail arrived to the correct inbox, and since it genuinely came from Netflix, Fisher came close to accepting its request that he update his details – except that he didn’t recognise the credit card attached to the “dotted” account.
This, Fisher wrote, creates the phishing vector: if an attacker tried hard enough, they would find a Netflix account whose Gmail registration already exists, and can register another account with an extra dot in the Gmail address.
If the attacker signed up with a “throwaway” card number, and then cancelled the card, Netflix would email the “real” Gmail account-holder asking for a valid card. It only needs the recipient to do so without noticing a discrepancy, and the attacker has tricked someone into paying for their streaming.
Security luminary Bruce Schneier commented that the problem is subtle: “It’s an example of two systems without a security vulnerability coming together to create a security vulnerability.”
Obscure E-Mail Vulnerability
https://www.schneier.com/blog/archives/2018/04/obscure_e-mail_.html
Tomi Engdahl says:
YouTube Is Illegally Collecting Data From Children, Say Advocacy Groups
https://news.slashdot.org/story/18/04/09/191202/youtube-is-illegally-collecting-data-from-children-say-advocacy-groups?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
The groups, led by the Campaign for a Commercial-Free Childhood (CCFC), allege YouTube is violating the Children’s Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parents’ permission.
Advocacy Groups Say YouTube Is Illegally Collecting Data From Children
https://gizmodo.com/advocacy-groups-say-youtube-is-illegally-collecting-dat-1825109066
23 privacy and children’s advocacy groups filed a Federal Trade Commission complaint against YouTube, alleging the platform illegally collects data from children. The groups, led by the Campaign for a Commercial-Free Childhood (CCFC), allege YouTube is violating the Children’s Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parents’ permission.
“It’s just fundamentally unfair,” Josh Golin, executive director of the CCFC, told Gizmodo, “to use Google’s powerful behavioral targeting on a child that doesn’t yet understand what’s going on.”
Tomi Engdahl says:
How to Check if Cambridge Analytica Could Access Your Facebook Data
https://www.wired.com/story/did-cambridge-analytica-access-your-facebook-data
n 2014, a researcher named Alexander Kogan created a personality quiz that 270,000 Facebook users would go on to install. From those downloads alone, he was able to harvest the personal information of up to 87 million people, according to Facebook’s most recent estimate. He then passed that data along to Trump-affiliated political firm Cambridge Analytica, which would use it to target voters in the 2016 presidential election. Now Facebook has finally released a tool that lets you know whether you were affected.
Beginning at noon EDT on Monday, some Facebook users will see one of two messages at the top of their News feed. Both use the header Protecting Your Information, with one focusing on Cambridge Analytica and the other providing more general guidance about controlling which apps and websites currently have access to your data.
Tomi Engdahl says:
A LONG-AWAITED IOT CRISIS IS HERE, AND MANY DEVICES AREN’T READY
https://www.wired.com/story/upnp-router-game-console-vulnerabilities-exploited
YOU KNOW BY now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.
Over the last decade, reports have increasingly detailed the flaws and vulnerabilities that can plague insecure implementations of a set of networking protocols called Universal Plug and Play. But where these possibilities were largely academic before, Akamai found evidence that attackers are actively exploiting these weaknesses not to attack the devices themselves, but as a jumping off point for all sorts of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.
“We started talking about how many of these vulnerable devices are out there and what can they be leveraged for, because most people seem to have forgotten about this vulnerability,”
Down With UPnP
UPnP helps devices on a network find and essentially introduce themselves to each other, so that a server, say, can discover and vet the printers on a network.
When IoT devices expose too many of these mechanisms to the open internet without requiring authentication—or when credential checks are easily guessable or can be brute forced—attackers can then scan for devices that have implemented a few of these protocols badly all in one device, and then exploit this series of manufacturer missteps to launch an attack.
That’s also how the Akamai researchers found the malicious UPnP proxy schemes. Akamai says it found 4.8 million devices on the open internet that would improperly return a certain query related to UPnP. Of those, about 765,000 also had a secondary implementation issue that created a bigger network communication vulnerability. And then on more than 65,000 of those, Akamai saw evidence that attackers had exploited the other weaknesses to inject one or more malicious commands into the router mechanism that controls traffic flow. Those final 65,000 devices were grouped together in various ways and ultimately pointed to 17,599 unique IP addresses for attackers to bounce traffic around to mask their movements.
“In particular it’s annoying to build these attacks against hundreds of personal routers, and testing these attacks is hard too,”
Notably, the Akamai researchers saw evidence that UPnP proxying isn’t just being used for malicious activity. It also seems to be part of efforts to skirt censorship schemes in countries like China to gain unfettered web access.
Users won’t realize if their devices are being exploited for UPnP proxy attacks, and there is little they can do to defend themselves if they have a vulnerable device besides getting a new one. Some devices will allow users to disable UPnP, but that can lead to functionality issues.
Akamai found 73 brands and almost 400 IoT models that are vulnerable in some way.
Internet of Threats
Internet of Things security is still not enough of a priority-A big part of the problem is that every device is a black box, we don’t know what code these things are running and it’s all proprietary (aka unvetted)
Tomi Engdahl says:
Business-Critical Systems Increasingly Hit by Ransomware: Verizon 2018 DBIR
https://www.securityweek.com/business-critical-systems-increasingly-hit-ransomware-verizon-2018-dbir
Ransomware has become the most prevalent type of malware and it has increasingly targeted business-critical systems, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The 11th edition of the DBIR is based on data provided to Verizon by 67 organizations, and it covers more than 53,000 incidents and over 2,200 breaches across 65 countries.
According to Verizon, ransomware was found in 39% of cases involving malware. Experts believe ransomware has become so prevalent due to the fact that it’s easy to deploy — even for less skilled cybercriminals — and the risks and costs associated with conducting an operation are relatively small for the attacker.
Tomi Engdahl says:
DMARC Not Implemented on Most White House Email Domains: Analysis
https://www.securityweek.com/dmarc-not-implemented-most-white-house-email-domains-analysis
Over 95% of the email domains managed by the Executive Office of the President (EOP) haven’t implemented the Domain Message Authentication Reporting & Conformance (DMARC) protocol, the Global Cyber Alliance (GCA) has discovered.
After analyzing 26 such domains, GCA discovered that 18 haven’t even started the deployment of DMARC, while 7 of them have implemented the protocol at the lowest level (“none”), which only monitors emails.
Because of that, none of these domains can prevent delivery of spoofed emails, GCA points out. Implementing DMARC ensures that fake emails (known as direct domain spoofing) that spammers and phishers send don’t end up in the users’ inboxes.
Tomi Engdahl says:
Malware Activity Slows, But Attacks More Sophisticated: Report
https://www.securityweek.com/malware-activity-slows-attacks-more-sophisticated-report
Malware activity declined in the first quarter of 2018, with both detections for ransomware and cryptominers lower than the last quarter of 2018, according to anti-malware vendor Malwarebytes. However, major reductions in consumer instances mask an increase in both activities against businesses, the company says.
Tomi Engdahl says:
Cisco Switches in Iran, Russia Hacked in Apparent Pro-US Attack
https://www.securityweek.com/cisco-switches-iran-russia-hacked-apparent-pro-us-attack
A significant number of Cisco switches located in Iran and Russia have been hijacked in what appears to be a hacktivist campaign conducted in protest of election-related hacking. However, it’s uncertain if the attacks involve a recently disclosed vulnerability or simply abuse a method that has been known for more than a year.
Tomi Engdahl says:
Vulnerabilities Found in Linux ‘Beep’ Tool
https://www.securityweek.com/vulnerabilities-found-linux-beep-tool
Several vulnerabilities have been found in the Linux command line tool Beep, including a potentially serious issue introduced by a patch for a privilege escalation flaw.
For well over a decade, Beep has been used by developers on Linux to get a computer’s internal speaker to produce a beep
The security hole has been assigned CVE-2018-0492 and it has been sarcastically described as “the latest breakthrough in the field of acoustic cyber security research.” Someone created a dedicated website for it (holeybeep.ninja), a logo, and named it “Holey Beep.”
The individual or individuals who set up the Holey Beep website have also provided a patch, but someone noticed that this fix actually introduces a potentially more serious vulnerability that allows arbitrary command execution.
“The patch vulnerability seems more severe to me, as people apply patches all the time (they shouldn’t do it as root, but people are people),”
“I question whether beep should be saved. It would require someone carefully reviewing the code and effectively become the new upstream. And all that for a tool talking to the PC speaker, which doesn’t exist in most modern systems anyway,”
https://holeybeep.ninja/
Holey Beep (CVE-2018-0492) is the latest breakthrough in the field of acoustic cyber security research.
Am I vulnerable?
Most likely! If you have beep installed as setuid and it was compiled with a certain compiler version and options and your machine is compromised, your network is at risk.
Is this vulnerability serious?
Holey Beep is just a simple privilege escalation bug. However, it can be used in an exploit chain to trigger more serious issues.
How many people are affected?
Millions! Everyone, almost.
According to the Debian popularity contest, beep is installed on 1.86% of all machines. Extrapolating that by the earth population, we estimate roughly 130 million affected users.
Description
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
Tomi Engdahl says:
Chrome and Firefox will support a new standard for password-free logins
One small step towards a world without phishing
https://www.theverge.com/2018/4/10/17215406/webauthn-support-chrome-firefox-edge-fido-password-free
Web browsers are building a new way for you to log in, announced today by the W3C and FIDO Alliance standards bodies. Called WebAuthn, the new open standard is currently supported in the latest version of Firefox, and will be supported in upcoming versions of Chrome and Edge slated for release in the next few months.
WebAuthn has been working its way toward W3C approval for nearly two years, but today marks the first major announcement of browser support. Apple has not commented on Safari support for WebAuthn, although the company is part of the working group that developed the standard.
Today’s announcement the latest step in a years-long effort to move users away from passwords and toward more secure login methods like biometrics and USB tokens. The system is already in place on major services like Google and Facebook, where you can log in using a Yubikey token built to the FIDO standard.
Tomi Engdahl says:
https://www.yubico.com/product/security-key-by-yubico/
Tomi Engdahl says:
Despacito YouTube music video hacked plus other Vevo clips
http://www.bbc.com/news/technology-43712137
YouTube’s music video for the hit song Despacito, which has had over five billion views, has been hacked.
The clip’s cover image was replaced with a photo showing a group of people wearing masks and pointing guns.
The video was temporarily taken offline until the problem was fixed.
But videos by more than a dozen other artists posted by the music hosting service Vevo – including Shakira, Selena Gomez, Drake and Taylor Swift – were also affected.
The hackers, calling themselves Prosox and Kuroi’sh, had replaced some of the videos’ titles with their own messages, including a call to “free Palestine” alongside their own nicknames.
“After seeing unusual upload activity on a handful of Vevo channels, we worked quickly with our partner to disable access while they investigate the issue,” a spokeswoman for YouTube told the BBC.
A Twitter account that apparently belonged to one of the hackers had posted: “It’s just for fun, I just use [the] script ‘youtube-change-title-video’ and I write ‘hacked’.”
“To upload and alter video content with code you should require an authorisation token,” he said.
Tomi Engdahl says:
Michelle Castillo / CNBC:
Facebook debuts a Data Abuse Bounty to reward those who report misuse of data by app devs; payouts are for cases affecting 10K+ users and range from $500-$40K
Facebook is offering a $40,000 bounty if you find the next Cambridge Analytica
https://www.cnbc.com/2018/04/10/facebook-will-pay-up-to-40000-if-you-find-a-big-data-leak.html
Facebook is launching a data abuse bounty program to ask its users to help it find companies using unauthorized data.
It will pay from $500 to upward of $40,000 for substantiated cases.
Only Facebook is included in the program at this time, not other platforms like Instagram.
The company currently has 10 people on the bug bounty team, but plans to hire more people and involve other teams in order to investigate substantiated claims.
Tomi Engdahl says:
Russell Brandom / The Verge:
FIDO Alliance and W3C announce WebAuthn, a new open standard for password-free logins, currently supported in Firefox, and to be supported in Chrome and Edge
Chrome and Firefox will support a new standard for password-free logins
One small step towards a world without phishing
https://www.theverge.com/2018/4/10/17215406/webauthn-support-chrome-firefox-edge-fido-password-free
Web browsers are building a new way for you to log in, announced today by the W3C and FIDO Alliance standards bodies. Called WebAuthn, the new open standard is currently supported in the latest version of Firefox, and will be supported in upcoming versions of Chrome and Edge slated for release in the next few months.
Today’s announcement the latest step in a years-long effort to move users away from passwords and toward more secure login methods like biometrics and USB tokens. The system is already in place on major services like Google and Facebook, where you can log in using a Yubikey token built to the FIDO standard.
https://www.yubico.com/
Tomi Engdahl says:
Microsoft Patches Two Dozen Critical Flaws in Windows, Browsers
https://www.securityweek.com/microsoft-patches-two-dozen-critical-flaws-windows-browsers
Microsoft’s Patch Tuesday updates for April 2018 resolve a total of 66 vulnerabilities, including nearly two dozen critical issues affecting Windows and the company’s web browsers.
None of the flaws patched this month appear to have been exploited in the wild, but one privilege escalation vulnerability discovered by a Microsoft researcher in SharePoint has been disclosed to the public.
A majority of the critical flaws affecting Internet Explorer and Edge are related to scripting engines and they allow remote code execution.
A remote code execution flaw affecting the VBScript engine has also been rated critical. The security hole can be exploited via malicious websites or documents. Trend Micro’s Zero Day Initiative (ZDI) noted that while this is similar to browser bugs, the attack surface is broader due to the possibility of exploitation using Office documents.
Tomi Engdahl says:
Adobe Patches Vulnerabilities in Six Products
https://www.securityweek.com/adobe-patches-vulnerabilities-six-products
Adobe has patched a total of 19 vulnerabilities across six of its products, including Flash Player, Experience Manager, InDesign CC, Digital Editions, ColdFusion and the PhoneGap Push plugin.
A total of six flaws rated critical and important have been fixed in Flash Player with the release of version 29.0.0.140, including use-after-free, out-of-bounds read, out-of-bounds write and heap overflow bugs that can lead to remote code execution and information disclosure.
Tomi Engdahl says:
Top Music Videos Including ‘Despacito’ Defaced by Hackers
https://www.securityweek.com/top-music-videos-including-despacito-defaced-hackers
Some of the most popular music videos on YouTube including mega-hit “Despacito” momentarily disappeared Tuesday in an apparent hacking.
Fans looking for videos by top artists including Drake, Katy Perry and Taylor Swift found the footage removed and replaced by messages that included “Free Palestine.”
Luis Fonsi’s “Despacito” — the most-watched video of all time at five billion views — was briefly replaced by an image of a gun-toting gang in red hoods that appeared to come from the Spanish series “Money Heist.”
Most videos were back up by early Tuesday US time but some still had defaced captions, which boasted of hacking by a duo calling themselves Prosox and Kuroi’SH.
Tomi Engdahl says:
Business-Critical Systems Increasingly Hit by Ransomware: Verizon 2018 DBIR
https://www.securityweek.com/business-critical-systems-increasingly-hit-ransomware-verizon-2018-dbir
Ransomware has become the most prevalent type of malware and it has increasingly targeted business-critical systems, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The 11th edition of the DBIR is based on data provided to Verizon by 67 organizations, and it covers more than 53,000 incidents and over 2,200 breaches across 65 countries.
According to Verizon, ransomware was found in 39% of cases involving malware. Experts believe ransomware has become so prevalent due to the fact that it’s easy to deploy — even for less skilled cybercriminals — and the risks and costs associated with conducting an operation are relatively small for the attacker.
Cybercriminals have increasingly started using ransomware to target mission-critical systems, such as file servers and databases, which causes more damage to the targeted organization compared to only desktop systems getting compromised.
Tomi Engdahl says:
Mitigating Digital Risk from the Android PC in Your Pocket
https://www.securityweek.com/mitigating-digital-risk-android-pc-your-pocket
Security Teams Must Prioritize Risk Mitigation Against Android Malware
Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.
Threat actors watch these trends too. They’re opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.
As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android’s official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.
Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations.
Tomi Engdahl says:
This Radio Hacker Could Hijack Citywide Emergency Sirens to Play Any Sound
https://www.wired.com/story/this-radio-hacker-could-hijack-emergency-sirens-to-play-any-sound
At exactly noon on the first Tuesday after Balint Seeber moved from Silicon Valley to San Francisco in late 2015, the Australian radio hacker and security researcher was surprised to discover a phenomenon already known to practically every other resident of the city: a brief, piercing wail that rose and then fell, followed by a man’s voice: “This is a test. This is a test of the outdoor warning system. This is only a test.”
The next week, at exactly the same time, Seeber heard it again.
Could a hacker like him hijack that command system to trigger all the sirens around the whole city at will, or to use them to broadcast even more alarming sounds?
Tomi Engdahl says:
Privacy: Avast launches Chromium-based Secure Browser
https://betanews.com/2018/04/09/avast-secure-browser/
The far-reaching tentacles of the likes of Google and Facebook have focused people’s attention on online privacy, but for anyone looking to retain a modicum of confidentiality it can be hard to know what to do. There are VPN tools, but these are not for everyone, for anyone looking for a quick solution, Avast Secure Browser could be the answer.
This new Chromium-based browser is billed as being “private, fast, and secure” and it’s designed to address the misconceptions many people have about privacy and security online. The browser is a renamed and updated version of SafeZone.
Tomi Engdahl says:
1.1.1.1: Cloudflare’s new DNS attracting ‘gigabits per second’ of rubbish
https://www.zdnet.com/article/1-1-1-1-cloudflares-new-dns-attracting-gigabits-per-second-of-rubbish/
Cloudflare is conducting an experiment with APNIC, and it’s revealing plenty of dirty hacks.
Cloudflare’s new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Centre (APNIC).
The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy.
“We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque,” wrote APNIC’s chief scientist Geoff Huston in a blog post.
“We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs.
APNIC Labs enters into a Research Agreement with Cloudflare
https://labs.apnic.net/?p=1127
Tomi Engdahl says:
Robert Hutton / Bloomberg:
GCHQ director says UK carried out its first major cyber-attack in 2017, targeting Islamic State communications and propaganda infrastructure — Spy chief reveals his agency hit terror group’s communications — GCHQ boss also warns about levels of Russian online activity
U.K. Reveals Its First Major Cyber-Attack Was Against IS
https://www.bloomberg.com/news/articles/2018-04-12/u-k-reveals-its-first-major-cyber-attack-was-against-is
Tomi Engdahl says:
Reuters:
Czech cybersecurity and antivirus firm Avast plans London IPO, seeking around $200M at a ~$4B valuation
https://www.reuters.com/article/us-ipo-avast/cyber-security-firm-avast-plans-watershed-london-tech-listing-idUSKBN1HJ0QU
Tomi Engdahl says:
Andy Greenberg / Wired:
After testing 1.2K Android phones from 2017, researchers find OEMs often don’t install the security patches they claim to install; ZTE and TCL each omitted 4+ — GOOGLE HAS LONG struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates.
How Android Phones Hide Missed Security Updates From You
https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you
Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone’s firmware is fully up to date, even while they’ve secretly skipped patches.
They found what they call a “patch gap”: In many cases, certain vendors’ phones would tell users that they had all of Android’s security patches up to a certain date, while in reality missing as many as a dozen patches from that period—leaving phones vulnerable to a broad collection of known hacking techniques.
“We find that there’s a gap between patching claims and the actual patches installed on a device. It’s small for some devices and pretty significant for others,”
The problem, Nohl points out, is worse than vendors merely neglecting to patch older devices, a common phenomenon. Instead, it’s that they tell users they install patches that they in fact don’t, creating a false sense of security. “We found several vendors that didn’t install a single patch but changed the patch date forward by several months,” Nohl says. “That’s deliberate deception, and it’s not very common.”
Tomi Engdahl says:
Joseph Cox / Motherboard:
Investigation: State Dept. and some local police have bought $15K+ GrayKey tools to unlock up-to-date iPhones; Secret Service and DEA also interested in GrayKey — A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey …
Cops Around the Country Can Now Unlock iPhones, Records Show
https://motherboard.vice.com/en_us/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police
A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.
Tomi Engdahl says:
Maria Deutscher / SiliconANGLE:
Cloudflare launches Spectrum security service for large enterprise clients, offering DDoS protection for any container or VM that connects to the internet
Cloudflare moves beyond web services with new Spectrum security service
https://siliconangle.com/blog/2018/04/12/cloudflare-moves-beyond-web-services-new-spectrum-security-service/
Cloudflare Inc. is expanding its effort to secure the internet beyond websites and cloud applications.
The provider, which helps companies block malicious traffic and make their online content load faster, today unveiled a new service for protecting the internet-connected infrastructure running in the background of the publicly facing web. This includes most everything from internal corporate email servers to connected devices deployed in the field.
The provider’s approach to fending off attacks is fairly straightforward. When there’s a sudden surge in traffic that may be caused by a DDoS campaign, Cloudflare simply offloads the requests to its network of 150 data centers, which is large enough to withstand the barrage without getting knocked offline.