Kategorie

Here we are with our weekly roundup, briefing this week's top cyber security threats, incidents and challenges. This week has been very short with big news from shutting down of two of the largest Dark Web marketplaces and theft of millions of dollars in the popular Ethereum cryptocurrency to the discovery of new Linux malware leveraging SambaCry exploit. We are here with the outline of this

Enlarge (credit: Harald Deischinger)

On Friday, representatives of the notorious hacking entity known as Fancy Bear failed to appear in a federal court in Virginia to defend themselves against a civil lawsuit brought by Microsoft.

As the Daily Beast first reported on Friday, Microsoft has been waging a quiet battle in court against the threat group, which is believed to be affiliated with the GRU, Russia's foreign intelligence agency. For now, the company has managed to seize control of 70 domain names, but it's going after many more.

The idea of the lawsuit, which was filed in August 2016, is to use various federal laws—including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law—as a way to seize command-and-control domain names used by the group, which goes by various monikers, including APT28 and Strontium. Many of the domain names used by Fancy Bear contain Microsoft trademarks, like microsoftinfo365.com and hundreds of others.

Read 5 remaining paragraphs | Comments

By now you might be aware of the took down of two of the largest online dark websites—AlphaBay and Hansa—in what's being called the largest-ever international operation against the dark web's black market conducted by the FBI, DEA (Drug Enforcement Agency) and Dutch National Police. But the interesting aspect of the takedown was that the federal authorities shut down AlphaBay, but took

Researchers with IBM and Flashpoint warn the Trickbot Trojan is growing more potent and now targeting U.S. banks.

Apple's latest updates include a patch for the vulnerability that could have attacked your device's wireless hardware

How would you feel about your insurer or your finance company having access to data about your driving and where you go?

Twitter's moves to tackle abuse on the platform seem to be making their mark - but there's a way to go before everyone feels safe there

A shift in APT tactics is emerging as characterized by the destructive ExPetr attacks hidden in ransomware, and WannaCry, which also failed to turn a profit.

Ničivý útok ransomwaru WannaCry ochromil v květnu značnou část zdravotnických zařízení na britských ostrovech. Britská vláda bude proto investovat 21 miliónů liber (620 miliónů korun) do lepšího zabezpečení počítačových sítí zdravotnických zařízení Národní zdravotní služby (NHS).

Introduction Today’s world is Android World. Almost 90% of devices are running on Android, and each one of us is using Android in some or the other way. There are various devices which run on Android, but Android is widely used on Smart Phones. Also, if you check the Global Smart Phone Market Share Android […]

The post Practical Android Phone Forensics appeared first on InfoSec Resources.

GhostCtrl, being distributed by rogue versions designed to look like legitimate apps, can monitor what you do and lock up your device - beware!

Two key marketplaces for illegal drugs go dark as it's revealed that Dutch police secretly ran Hansa for a month during its investigation

LinuxSecurity.com: Last Christmas, Nathan Seidle's wife gave him a second-hand safe she'd found on Craigslist. It was, at first glance, a strange gift. The couple already owned the same model, a $120 SentrySafe combination fire safe they'd bought from Home Depot. But this one, his wife explained, had a particular feature: The original owner had locked it and forgotten the combination. Her challenge to Seidle: Open it.

What could be the best way to take over and disrupt cyber espionage campaigns? Hacking them back? Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups. It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by "

LinuxSecurity.com: The FBI has issued an advisory to businesses over a recent string of DDoS extortion attempts. The perpetrators are claiming to be affiliated with Anonymous or Lizard Squad, and their demands threaten sustained attacks unless a Bitcoin payment is made.

Švédská Bezpečnostní policie (Säpo) prověřuje možný únik dat, s nimiž nakládají švédské vládní úřady. Důvodem je podle listu Dagens Nyheter to, že dopravní správa Transportstyrelsen dopustila únik dat o řidičích a autech registrovaných ve Švédsku. Data se měla dostat mimo jiné do České republiky, konkrétně k pracovníkům české pobočky společnosti IBM, která pro švédský úřad zajišťovala IT služby.

(credit: Michael Rosenstein)

Last August, after being alerted by GitHub's security team that the certificate authority WoSign had errantly issued a certificate for a GitHub domain to someone other than GitHub, Google began an investigation in collaboration with the Mozilla Foundation and a group of security professionals into the company's certificate issuance practices. The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating "Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome."

WoSign (based in Shenzen, China) and StartCom (based in Eliat, Israel) are among the few low-cost certificate providers who've offered wildcard certificates. StartCom's StartSSL offers free Class 1 certificates, and $60-per-year wildcard certificates—allowing the use of a single certificate on multiple subdomains with a single confirmation. This made the service wildly popular. But bugs in WoSign's software allowed a number of misregistrations of certificates. One bug allowed someone with control of a subdomain to claim control of the whole root domain for certificates. The investigation also found that WoSign was backdating the SSL certificates it issued to get around the deadline set for certificate authorities to stop issuing SHA-1 SSL certificates by January 1, 2016. WoSign continued to issue the less secure SHA-1 SSL certificates well into 2016.

Initially, Google only revoked trust for certificates issued after October 21, 2016. But over the past six months, Google has walked that revocation back further, only whitelisting certificates for domains from a list based on Alexa's top one million sites. But today, Google announced that it would phase out trust for all WoSign and StartCom certificates with the release of Chrome 61. That release, about to be released for beta testing, will be fully released in September.

Read 1 remaining paragraphs | Comments

One of the most important benefits of the use of cloud instances over traditional network configurations is that one can be literally setup within seconds, by the click of a few buttons. This ability has dramatically reduced deployment times for test, model, and production systems. It also allows for great flexibility both from a technical […]

The post Security Concerns Around Zombie Cloud Infrastructure appeared first on InfoSec Resources.

With the growing number of cyber attacks and breaches, a significant number of companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded. Following major companies and organisations, the non-profit group behind Tor Project – the largest online anonymity network that

Posted by Andrew Whalley and Devon O'Brien, Chrome Security

As previously announced, Chrome has been in the process of removing trust from certificates issued by the CA WoSign and its subsidiary StartCom, as a result of several incidents not in keeping with the high standards expected of CAs.

We started the phase out in Chrome 56 by only trusting certificates issued prior to October 21st 2016, and subsequently restricted trust to a set of whitelisted hostnames based on the Alexa Top 1M. We have been reducing the size of the whitelist over the course of several Chrome releases.

Beginning with Chrome 61, the whitelist will be removed, resulting in full distrust of the existing WoSign and StartCom root certificates and all certificates they have issued.

Based on the Chromium Development Calendar, this change is visible in the Chrome Dev channel now, the Chrome Beta channel around late July 2017, and will be released to Stable around mid September 2017.

Sites still using StartCom or WoSign-issued certificates should consider replacing these certificates as a matter of urgency to minimize disruption for Chrome users.