World’s top spy agencies to hold secret Five Eyes meeting in New Zealand: New Zealand’s minister for the Government Communications and Security Bureau (GCSB) and Security Intelligence Service (SIS) are expected to attend the conference. According to reports, 15 international intelligence agencies that comprise the Five Eyes spy network will attend the government hosted conference. Reports of Five Eyes meeting comes as the CIA and the FBI launched a manhunt for a suspected insider, who they believe is the WikiLeaks source of the recent CIA leaks. A spokesperson for New Zealand Prime Minister Bill English confirmed that several senior officials would attend the conference. The Five Eyes is an international intelligence alliance between the UK, US, Canada, Australia and New Zealand. Julian Assange also faces the possibility of an arrest as the US government is mulling options to file charges against WikiLeaks members. However, as police have pointed out they are not aware of a visit to Queenstown by a current or former head of state,” the spokesperson said, New Zealand Herald reported. FBI chief James Comey and CIA director Mike Pompeo are expected to attend the conference. Reports speculate that the new US Director of National Intelligence could also be present at the meet. However, there is no word on what issues would be discussed at the event.
Hajime: Is a white hat hero trying to protect the IoT from Mirai with a vigilante computer worm?: “Unlike Mirai, which uses hard-coded addresses for its command and control (C&C) server, Hajime is built on a peer-to-peer network,” said Grange. Hajime itself doesn’t appear to be having any impact on users’ devices, which Symantec security researcher Waylon Grange said were “designed not to degrade network performance. The malware was able to spread rapidly through internet-connected consumer devices that had been left vulnerable by users, namely by them not changing factory-set usernames and passwords. From what security experts have observed, the worm is spreading to Mirai-infected IoT devices and blocking access to the device ports know to be targeted by Mirai, thereby preventing the malware from exploiting them. “There isn’t a single C&C server address, instead the controller pushes command modules to the peer network and the message propagates to all the peers over time. ” The only thing users can do to protect themselves is to ensure they take appropriate measures to protect their internet-enabled home gadgets: namely setting strong, custom login credentials, encrypting devices wherever possible and disabling features that are either not needed or make devices more susceptible to attack, such as Universal Plug and Play. A vigilante hacker is believed to be behind a new computer worm that’s spreading through IoT devices to protect them against a particularly dangerous piece of malware known as Mirai.
Up to 600,000 Android devices hit by malware posing as Pokemon Go and Fifa guides: Security researchers are warning that up to 600,000 Android devices have potentially been infected with a newly-discovered strain of botnet-malware, dubbed FalseGuide, caught posing as walkthroughs for popular mobile games including Pokémon Go and Fifa. “FalseGuide masquerades as guiding apps for games for two major reasons,” said researchers in a joint analysis. “Users shouldn’t rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar [products] on their PCs. Ultimately, Check Point said the malware was being used to display “illegitimate pop-up ads out of context” and using a “background service” that started running once the device is booted. “This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code. The malware was hidden in more than 40 separate guide applications with the oldest being uploaded to the official Google Play Store on 14 February 2014. Botnets are often used in cybercrime and typically consist of a series of infected devices, computers or internet of things (IoT) products. In this instance, Check Point said the malware relied on receiving an “administrator” permission (which meant it could avoid being deleted by the user) before registering to a cloud-based messaging service. According to the cybersecurity firm, FalseGuide was aiming to create a “silent botnet” out of the infected devices for adware purposes.
MilkyDoor: Malicious Android malware lets hackers access your phone’s connected network: Security researchers have discovered a new strain of malware that turns Android devices into backdoors, giving malicious attackers the ability to access any internal network that the infected device is connected to. The researchers said MilkyDoor seems to be a successor to DressCode, an Android malware that also employs a proxy using Socket Secure (SOCKS) protocol to gain access to an affected device’s internal networks without a user’s knowledge or consent. The server then responds with data containing a SSH server’s user, password and host which the malware uses to establish a tunnel between the infected device and the attacker. “MilkyDoor does this by using remote port forwarding via Secure Shell (SSH) tunnels through the often used Port 22 to help the malware better blend its malicious traffic and payload with normal network traffic and avoid detection. “Its stealth lies in how the infected apps themselves don’t have sensitive permissions and consequently exist within the device using regular or seemingly benign communication behaviour,” the researchers noted. Experts also warned that MilkyDoor poses a greater threat to businesses due its coding that is specifically designed to “attack an enterprise’s internal networks, private servers, and ultimately, corporate assets and data. Once executed, it requests a third-party server to retrieve the infected device’s local IP address, including the country, city and coordinates, and uploads the data to its command and control (C&C) server. ” MilkyDoor can covertly grant attackers direct access to a variety of an enterprise’s services – from web and FTP to SMTP in the internal network. According to security firm Trend Micro, around 200 unique Android apps available on the Google Play Store were embedded with the malicious backdoor program.
BBC exposes flaws in ‘world’s most secure’ email service: The default names and passwords found by Mr Helme were used to make it easy for customers to set up their device and they were encouraged to change it afterwards, he said. “The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail – they’ve already been proven that they are under attack millions of times daily,” he said. “We will selectively allow users to pick and choose when that becomes available but today we’re not forcing any types of updates,” he said, adding that updates can introduce vulnerabilities. Addressing the issue of old software, he said Nomx planned to let users choose which updates should be applied to their device. Mr Moore said the Nomx was an “overpriced and outdated mail server” and used one of the “most insecure PHP applications” he had ever encountered. He discovered that the software packages it used to handle mail were not proprietary and many were very old versions, five years old in one case, harbouring unpatched security bugs. Mr Helme said the set-up process for the Nomx was far from easy and at no point was he told to pick a new password. Mr Helme also found many problems with the web interface Nomx uses to administer the secure email service.
Ransomware attacks around the world grow by 50%: The rapid rise in the number of successful ransomware attacks was widely expected, said Marc Spitler, senior manager in Verizon’s security research division, simply because so many malicious hacking groups were adopting the tactic. A separate report by security firm Symantec found that the average amount paid by victims of ransomware had risen to $1,077 .”These attacks are all about getting a foothold on a system,” he said, adding that once attackers were inside an organisation they typically looked to use the back doors for many different types of attack. Ransomware attacks on businesses around the world rose 50% last year, research into successful cyber-breaches shows. Consumers were likely to be hit straight away with ransomware, said Mr Spitler, but attacks on businesses were stealthier. ” The Verizon report also spotted a shift in the targets of cyber-attacks with 61% of victims now being companies with fewer than 1,000 employees. The good news, said Mr Spitler, was that some industry sectors that had been hit hard before, now appeared less often in its attack statistics – suggesting their digital defences were starting to work. In most attacks, booby-trapped attachments sent via email were the main delivery mechanism for ransomware and other malware, found the report. Its popularity means malware is now responsible for 51% of all the incidents analysed in the annual Verizon data breach report. Often, he said, attackers burrowed deeper into a company’s infrastructure to find key databases that were then scrambled before payment was sought.
Antbleed: Massive Bitcoin backdoor could knock out ‘at least half’ of global hashing power: With Bitmain taking up the majority of the global bitcoin mining equipment market, it’s estimated that the backdoor could shut down up to 70% of all cryptocurrency mining hardware and with it a sizeable chunk of the global hash rate. Called Antbleed, the backdoor allows for the remote shutdown of Bitmain’s Antminer equipment including its S9, T9 and R4 platforms. An information website about the Antbleed backdoor offers information on how users can secure their Antminer equipment until a patch is released by Bitmain. Antbleed works as such: every one to 11 minutes, Antminer checks-in to a central server owned by Bitmain and hands over the equipment’s serial number, MAC address and IP address. The connection between Antminer machines and Bitmain isn’t authenticated either, leaving it vulnerable to hijacking by hackers or other third parties. Given that Bitmain collects personally-identifiable information, Antbleed could also be used to target specific machines and users “with the push of the button. A major security flaw affecting Bitcoin mining equipment from Bitmain has the potential to knock out more than half of the global Bitcoin network’s hashing power, according to reports. The code that was pointed out is a feature to allow owners of the Antminers to be able to remotely control their miners. “It is not a secret and it does not provide any kind of remote control to Bitmain for the Antminers it does not own or operate in its own mining farms. Bitmain, which is believed to have introduced the backdoor in July 2016, said in a statement: “The code running on the machines is open source, everyone can review it so no secret features exist in it.
Tech Mahindra Fined for Leaking Singtel Data: PDPC administers the Personal Data Protection Act 2012 in Singapore and aims to safeguard individuals personal data against misuse and promote proper management of personal data in organizations According to PDPC, the investigations began in 2016, after Singtel customers noticed other people’s personal details, including NRIC (alphanumeric identity code used by citizens in Singapore) number and account number, on the company’s website and on the My Singtel mobile application. Saying that is a case of gaps in application security, Kin notes: “The Tech Mahindra employee who prepared the database script had omitted a ‘where’ clause in the script, which was required to limit the application of the changes to the affected customer’s profile. 78 million ONEPASS users’ accounts were affected, out of which 2,518 users had viewed the affected customer’s NRIC number through the MySingtel Application, leading Singtel to temporarily disable the application. However, on February 29, 2016, Singtel received several reports from ONEPASS users complaining that their profiles had been modified to reflect that affected customer’s personal details. Singapore’s Personal Data Protection Commission has fined India-based IT services firm Tech Mahindra S$10,000 for failing to protect the personal details. During its investigation, PDPC concluded that Singtel had taken necessary measures in instructing Tech Mahindra on updating the affected customer’s profile on the ONEPASS database. Tech Mahindra subsequently determined that an update was needed to the affected customer’s profile on the ONEPASS database, and it executed a database script to update the profile. The PDPC said that Tech Mahindra was acting as a data intermediary for Singtel.
Interpol operation finds nearly 9,000 malware-infected servers, compromised websites in Southeast Asia: In the wake of recent high-profile cyberattacks across the globe, Interpol said the operation highlighted the growing need for law enforcement agencies to proactively investigate vulnerabilities exploited by cybercriminals, rather than wait for reports from victims of devastating cyberattacks. An Interpol-led operation targeting cybercrime has discovered nearly 9,000 malware-riddled servers and hundreds of compromised websites, including government portals across Southeast Asia. Domestic law enforcement agencies from seven Asian countries, including Indonesia, Malaysia, Thailand, Philippines and Vietnam, also supported the investigation while China provided some cyberintelligence, the international police body said. “It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via Interpol, and is a blueprint for future operations. The investigation found 8,800 infected Command and Control servers in eight Association of Southeast Asian Nations (Asean) countries responsible for targeting financial institutions with malware, spreading ransomware, launching DDoS attacks and spreading spam. “Cooperation between the public sector working alongside both local and international law enforcement is a necessity to turn the tide against organised cybercrime. “Cybercrime is an increasingly organized endeavour consisting of a sophisticated web of compromised systems that make it easier for criminals to scale attacks and discourage attribution of their activities,” Derek Manky, a global security strategist at Fortinet, said in a statement. “Compounding these challenges, cybercriminals have no regard for political boundaries or national lines and will leverage various geopolitical protocols to their advantage.