1. Al Jazeera comes under cyberattack as Persian Gulf crisis escalates:
In the last two weeks, a Qatari media outlet was hacked apparently to plant fake quotes from Emir Sheikh Tamim, emails were leaked from the United Arab Emirates ambassador to the United States and the Twitter account of Bahrain’s Foreign Minister was hacked to post pro-militant propaganda. The cyberattacks against Al Jazeera closely follow a rash of political hacks across Persian Gulf states that triggered a diplomatic crisis over alleged Qatari connections to radical and terrorist networks. Al Jazeera Media Network, the state-funded broadcaster partly owned by Qatar’s ruling family, is “undergoing systematic and continual hacking attempts,” the company announced on Thursday. When Saudi Arabia and Egypt cut off diplomatic links to Qatar on Monday, President Donald Trump took credit for the move. Qatar is a large military ally of the United States that plays host to the $60 million headquarters from which the US. runs its air war against the Islamic State. The FBI is apparently pointing the finger at Russia for some of the hacks, according to unconfirmed reports from CNN. ” There has been no compromise of any Al Jazeera systems, according to a statement on the news organization’s website. sympathizing with Qatar online has been pronounced a crime punishable by prison. No individual or group has taken credit for the hacks, while Russian officials have denied any involvement.
2. Your Windows firewall may be useless as malware can bypass it:
Microsoft says the Windows Defender Advanced Threat Protection is enough to detect such malicious injections and reiterates that the PLATINUM tool does not expose flaws in Intel’s AMT, but exposes an already compromised network to evade security monitoring tools. AMT allows remote access to networks or computers enabling administrators to easily install programs like an operating system on a remote computer. However, the hacker group is known to modify its hacking tools based on the network architecture of targeted organisations, indicating it could hit many more systems. The tool did not expose vulnerabilities in the management technology itself, but rather misused AMT SOL within target networks. For the attack to take place the AMT has to be enabled to connect to the remote network so in case it is switched off, there’s no way hackers can exploit it. Hackers may be able to use Intel’s Active Management Technology (AMT) to bypass Windows’ built-in firewall rendering it completely useless in detection of malware and ransomware. ” As of now, only a handful of computers within organisational networks in Southeast Asia have been targeted by the vulnerability. Reacting to the discovery Microsoft said: “We have shared information with Intel, and the two companies collaborated to analyse and better understand the purpose and implementation of the tool. A hacking group known as PLATINUM has reportedly figured how to use AMT’s low-level firmware for injecting potential malware into Windows systems. to keep communication stealthy and evade security applications.
3. US army uses cyberwarfare to repulse simulated tank attack:
The US army’s Rapid Capabilities Office (RCO) and the US Cyber Command are reportedly developing new technology with advanced cyber capabilities. According to the RCO, these kits include systems that can identify and analyse electromagnetic signals and offensive EW capabilities that are even more effective than existing signal jammers used by anti-missile systems. The cyber weapons used during the exercise, which took place at the Army National Training Centre in California, reportedly targeted radio and wireless communications systems of tankers. The US army has reportedly successfully used cyber weapons and electronic warfare (EW) to repulse a simulated tank attack during a training exercise. Soldiers reportedly used specific cyber tools to jam the tank’s communication signals and hack into networks to disable attacks and or manipulate communications to deliver false information to the enemy. “If we don’t win the cyber and EW fight, then the [next] manoeuver may not matter, because we may not get to it,” Defense Systems quoted Maj Gen Wilson A Shoffner, Director of Operations at the Army RCO as saying. “These tanks had to stop, dismount, get out of their protection, reduce their mobility,” Capt. George Puryear, an Irregular Operations Officer told Defense Systems. The US military has been increasingly focusing on cyber defense technology over the past year. The RCO has also developed new EW and cyber protection kits that can be mounted on vehicles or carried by soldiers in the field. The kits will be tested out by American troops in Europe.
4. Apple Macs CAN get viruses as security myth busted by experts:
The quantity of Mac malware traditionally has been very small but there is Mac malware and, unfortunately, even though there’s a small quantity the quality and nature of it pretty much copies what’s happening on Windows – such as bots and tools that use Tor,” Ducklin said. Rik Ferguson, during a separate keynote panel on the same day, largely echoed Ducklin’s position, saying “the first ever virus was targeted at Apple systems and malware for Apple devices has been ongoing since then. “There’s a myth among Mac users that you don’t need anti-virus because there’s no malware because St. If you own an Apple device – be it a Macbook or iPhone – you are instantly safe from malware and viruses, right. Malwarebytes, a cybersecurity firm, said in a report this year that the first quarter of 2017 had seen “quite a few new pieces of Mac malware, nearly equalling the number that appeared in all of 2016” and claimed most of the threats were “backdoors“, varying in capability and sophistication. “The bottom line is there isn’t a lot of Mac malware,” Ducklin admitted. Other splashes have been caused by iPhone-tampering software “X-Agent”, ransomware “KeRanger” and a “YiSpecter”, a highly-concerning exploit that could target Apple devices that were not jailbroken. Using a strain of malware known as Eleanor, impacting OSX, Ducklin revealed how hackers could use it to run commands, take screenshots and infiltrate core systems. So why is it that many Apple Mac users still act as if their systems are immune to infection. “All of those targeted at Apple were of course far lower in volume than we have seen target the WinTel platform.
5. More than 50,000 Android devices may be infected with dangerous ‘Dvmap’ malware:
Unuchek said DvMap is the “first Android malware that injects malicious code into the system libraries in runtime” and warned its developers found a way to bypass Google’s security checks by uploading a clean app, then updating it with malware for a short period of time – and repeat. More than 50,000 Android devices have downloaded a strain of Android malware, known as “DvMap”, which contains rare abilities to allow hackers and cybercriminals to gain “root” access to a smartphone or tablet and inject malicious code directly into system libraries. But Dvmap is very special rooting malware,” said Kaspersky malware analyst Roman Unuchek in a blog post. “I don’t know what kind of files will be executed, but they could be malicious or advertising files,” he said. The file can turn off “Verify Apps”, Google’s main way of scanning software as it’s installed, and permit the installation of dodgy apps from third-party sources. The Trojan uses four different exploit pack files, three for 32-bit systems and one for 64-bit-systems, Kaspersky said. I think the authors are still testing this malware, because they use some techniques which can break the infected devices. “This Trojan was distributed through the Google Play Store and uses a number of very dangerous techniques, including patching system libraries,” he continued. Each malware-ridden application had the same capabilities: it attempts to gain root – or core – rights on the device and then install several “tools” into the system. Then, it checks the Android version installed and overwrites existing code with malicious code with a patch.
6. ‘Cloak and Dagger’ attacks could be the biggest security threat facing Android:
“The two features involved are very useful in mapping, chat or password manager apps, so preventing their misuse will require users to trade convenience for security. This is as dangerous an attack as we could possibly describe. Nearly 10% of the top 5,000 Android apps currently use overlay features. “In cloak and dagger, we identified two different Android features that when combined, allow an attacker to read, change or capture the data entered into popular mobile apps,” said Wenke Lee, a professor in Georgia Tech’s School of Computer Science. While Google currently uses a system known as ‘Bouncer’ to scan applications in an attempt to fend off those containing viruses, some malware still slips through the cracks. In a release this week experts warned the issue will likely be difficult to resolve because it relies on commonly-used Android features which can be misused even when they behave as normal. “This is a design flaw that some might say allows the app functionality to work as intended, but our research shows that it can be misused,” said researcher Yanick Fratantonio. In a hypothetical attack scenario, the overlay capabilities show a mirrored version of the application to capture the user’s credentials for the hacker, while the accessibility permission would then enter the data into the real app hidden beneath. The Georgia Tech scientists tested a simulated cloak and dagger attack on 20 users of Android mobile devices and worryingly found that none of them noticed the hack taking place. Smartphones running Google’s Android operating system (OS) are currently vulnerable to a new threat dubbed a “cloak and dagger” attack, which could hijack handsets to steal private data. The second permission, known as “SYSTEM_ALERT_WINDOW,” is a legitimate overlay feature often used in pop-up chat and social media applications.
7. Britney Spears’ Instagram is toxic: Hackers use celeb’s account to hide malware code:
To prevent cyberattacks, apart from disclosing security vulnerabilities in popular software and operating systems, cybersecurity researchers and law enforcement agencies also analyse the code in malware to locate the address to C&C servers so they can block traffic from being sent to the hackers and get the servers and domains shut down. The malware steals data from the target’s machine and then it wants to send the data back to the hackers’ C&C server, but it needs a URL. Cybersecurity firm ESET detected that the Russian hacking group Turla has been hiding links for its malware to pick up in coded messages in the comments on Britney Spears’ Instagram account. Once the malware takes over a target’s computer, it can quietly monitor the computer and send data back to the hackers’ command and control (C&C) servers over a long period of time without being detected, acting like an automated spy link that the malware can then use to send stolen data to the C&C server. In 2015, the hacking group hijacked unencrypted satellite internet connections belonging to satellite internet providers in the Middle East and Africa to send data via the satellite links, but now Turla has moved onto an even cleverer method. Hacking a Firefox extension to look for coded Instagram comments The hacking group’s latest technique involves sending malicious Microsoft Word documents in a mass email spear phishing campaign. Turla has been trialling different methods to hide the IP addresses of its C&C servers so that cybersecurity experts can’t stop them. Turla has existed for well over a decade and is well known for creating and distributing advanced persistent threat (APT) malware designed specifically to extract data from nations, businesses and organisations for political espionage purposes. ESET believes that Turla is only testing out this technique at this stage
8. Is your printer spying on you? Full list of manufacturers who use secret ‘tracking dots’ revealed:
Below is a link to list of printer manufacturers the non-profit digital privacy organisation, EFF (Electronic Frontier Foundation), has put together to show which are using invisible yellow dot forensic technology to give away location, time, date, serial number and user ID every time they are used. When NSA contractor Reality Winner allegedly printed out a trove of top secret government information, little did she know that a hidden feature within the printer called tracking dots could forensically lead authorities straight back to her. Major brands from Canon to Xerox all feature on the lengthy list. So, is your printer able to track you. What you may not know is that most laser printers made today, found everywhere from offices to public libraries, all have the same tracking technology.
9. WannaCry on Android: Copycat ransomware hitting smartphones in China:
The ransom message has been framed in Chinese in an identical template like WannaCry used and is asking users to pay the ransom fee of 40 Chinese Renminbi ($6) via Chinese payment providers QQ, Alipay, or WeChat. Encryption is solid but less effective although the ransom payment method may be amature, the encryption on the ransomware is quite solid. Hackers in China have developed an Android ransomware that copies WannaCry using similar graphics to trick users into paying the ransom. Moreover, it only encrypts files present on a smartphone’s external storage so internal storage apps and other files are safe. Despite the solid encryption the ransomware can only encrypt files under 10KB. The ransomware successfully encrypts files unlike most Android ransomware that can only lock the screen. Then, it starts encrypting files stored on the device’s external storage. The hackers are spreading it through Chinese gaming forums where the ransomware is disguised as a plugin for the King of Glory, a very popular mobile game in China. Experts say the fact that the ransom is not being demanded in bitcoins points towards the hackers being amateurs. Although there have been reports suggesting that the original WannaCry hackers may be from China, it is highly unlikely they have any link to this ransomware creator.