By ROSS LOGAN
Oct 26, 2017
The online activist network announced it was launching “Operation Catalonia” after taking down a number of state-owned websites in recent weeks.
The latest cyber attack took place on Tuesday night, when the Royal House website was taken down by hacktivists.
That follows the website of the Constitutional Court – which ruled Catalonia’s October 1 referendum illegal – crashing due to an Anonymous-led DoS attack.
The website for the Ministry of Public Works and Transport was also hacked to display a “Free Catalonia” banner.
A number of Twitter accounts claiming to be part of the Anonymous network have warned of future attacks on Spanish government websites, which has been criticised for its violent response to the ballot.
According to another Anonymous account, the Spanish police, who were filmed brutally attacking Catalans with batons and pepper spray, will be attacked shortly.
Anonymous had previously stated its support fro the Catalonian referendum in a video posted on YouTube shortly before the vote took place.
by Bradley Barth
October 25, 2017
An offshore law firm representing wealthy clientele suffered a data breach earlier this year that reportedly is preparing for its sensitive financial information to be publicly leaked, in an incident similar to the 2015 Panama Papers case.
According to a report in the The Telegraph, the exposed information could place a high amount of scrutiny on various tax havens used by the rich.
In an online statement, the Bermuda-based firm said that it was recently approached by members of the International Consortium of Investigative Journalists (ICIJ), who made unspecified allegations against the company after viewing the exposed documents.
The ICIJ, which operates an Offshore Leaks Database that reveals corporate tax haven secrets, is known for publishing the Panama Papers, a trove of 11.5 million leaked documents — detailing private offshore business dealings — that were stolen following a breach of the law firm Mossack Fonseca.
In its statement, Appleby acknowledged the breach, but denied any illegal activity on the part of the law firm or its clients.
By Mohit Kumar
October 24, 2017
DUHK — Don’t Use Hard-coded Keys — is a new ‘non-trivial’ cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions.
DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack.
The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — ‘in conjunction with a hard-coded seed key.’
Before getting removed from the list of FIPS-approved pseudorandom number generation algorithms in January 2016, ANSI X9.31 RNG was included into various cryptographic standards over the last three decades.
Pseudorandom number generators (PRNGs) don’t generate random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on initial secret values called a seed and the current state. It always generates the same sequence of bits for when used with same initial values.
Some vendors store this ‘secret’ seed value hard-coded into the source code of their products, leaving it vulnerable to firmware reverse-engineering.
Discovered by cryptography researchers — Shaanan Cohney, Nadia Heninger, and Matthew Green — DUHK, a ‘state recovery attack,’ allows man-in-the-middle attackers, who already know the seed value, to recover the current state value after observing some outputs.
OCT 25, 2017
Cybercrime is growing ever more pervasive—and costly. According to researcher Cybersecurity Ventures, the annual cost of cybercrime globally will rise from $3 trillion in 2015 to $6 trillion in 2021. Enabling this boom are thriving marketplaces online, where hackers sell tools and services to criminals. Virtually anything is available for the right price, points out Andrei Barysevich, director of advanced collection (“a fancy name for ‘spy,’ ” he says) at threat intelligence firm Recorded Future. A former consultant for the FBI’s cybercrime team in New York, Barysevich trawled the shadiest corners of the web to compile the cybercrime shopping list above, exclusively for Fortune. In the market for some basic malware? It’ll cost you as little as $1.
24 October 2017
A new strain of ransomware nicknamed “Bad Rabbit” has been found spreading in Russia, Ukraine and elsewhere.
The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.
It bears similarities to the WannaCry and Petya outbreaks earlier this year.
However, it is not yet known how far this new malware will be able to spread.
“In some of the companies, the work has been completely paralysed – servers and workstations are encrypted,” head of Russian cyber-security firm Group-IB, Ilya Sachkov, told the TASS news agency.
Two of the affected sites are Interfax and Fontanka.ru.
Meanwhile, US officials said they had “received multiple reports of Bad Rabbit ransomware infections in many countries around the world”.
23 OCT 2017
Hackers are targeting users of the cryptocurrency exchange Poloniex, with two credential-stealing apps that masquerade as official mobile apps for the service.
ESET researchers discovered them on Google Play, built to not only harvest Poloniex login credentials, but also to trick victims into making their Gmail accounts accessible.
“Poloniex is one of the world’s leading cryptocurrency exchanges with more than 100 cryptocurrencies in which to buy and trade,” the researchers said, in a blog. “With all the hype around cryptocurrencies, cyber-criminals are trying to grab whatever new opportunity they can—be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.”
Both apps work the same way: First, they display a bogus screen requesting Poloniex login credentials, which are then sent on to the attackers. With the logins in hand, attackers can carry out transactions on the user’s behalf, change their settings or even lock them out of their account by changing their password.
The next step is a prompt, seemingly on behalf of Google, asking them to sign in with their Google account “for two-step security check.” The apps then ask for permission to view the user’s email messages and settings, and basic profile info. If the user grants the permissions, the app gains access to their inbox.
By Tony Bradley
Oct 17, 2017
It’s commonly accepted that your users are the weakest link in your security chain. That is actually not true in a lot of cases, though. The reality is that your true Achilles heel is probably your board of directors.
That may seem crazy. I mean, the members of the board are ostensibly respected individuals with integrity—people you trust with sensitive company plans and information. That, however, is precisely what makes members of the board of directors an attractive target for would-be attackers.
See, you have security tools in place on Alice’s computer in Sales, and you have security policies in place to govern access and information handling for David in Accounting, but Alice and David don’t have access to the most sensitive information the company owns.
Rick Howard, chief security officer of Palo Alto Networks, pointed out that board members, on the other hand, are not employees and generally operate completely outside the scope and protection of your information security tools and policies—using personal computers and mobile devices.
Furthermore, many board members are members of multiple boards, meaning there is a good chance that their computer or mobile device is a goldmine of sensitive data spanning multiple organizations. It’s easy to understand why board members are simultaneously the low hanging fruit and the Holy Grail for would-be attackers.
A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns.
Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange (DDE), to perform malicious code execution on the targeted device without requiring Macros enabled or memory corruption.
DDE protocol is one of the several methods that Microsoft uses to allow two running applications to share the same data.
The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic for one-time data transfers and for continuous exchanges for sending updates to one another.
The DDE exploitation technique displays no “security” warnings to victims, except asking them if they want to execute the application specified in the command—although this popup alert could also be eliminated “with proper syntax modification.”
By Alex Hern
WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers, highlighting potential for internet traffic to be exposed
The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.
Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.
Vanhoef emphasised that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Ser a plataforma mobile mais usada no mundo tem as suas desvantagens, e a série de problemas com malwares e vírus enfrentados pelo Android é uma prova disso. A mais recente nota nesse imenso caderno de situações incômodas do sistema da Google foi revelada nesta quarta-feira (18), quando a Symantec anunciou que oito aplicativos da Play Store conectavam os dispositivos nos quais estavam instalados a uma botnet.
Durante os testes realizados em laboratório, os pesquisadores descobriram que os aplicativos em questão realizavam uma conexão persistente por meio do protocolo Socket Secure (SOCKS) com um servidor responsável por distribuir anúncios. O app então passa a realizar uma série de requisições de anúncios desses servidores, apesar de não exibir anúncios na tela.
De acordo com a Symantec, essa estrutura permitiria que os dispositivos tivessem seu tráfego transferidos para outros servidores e fossem utilizados para distribuir ataques de negar o serviço, os famigerados DoS capazes de derrubar servidores da web e retirar páginas do ar temporariamente.