CyberSecurity Pulse 2016-07-28

CyberSecurity Pulse 2016-07-28

“The past was dead, the future was unimaginable.”
Gerorge Orwell

Analyst Insight

Deep Web Is Under the Glass After the Munich Massacre

Once again, the recent Munich massacre has put on the table the use of Tor to acquire weapons. In this sense, the existence of underground markets dedicated to the sale of illegal products is a constant in the news related to cybersecurity, especially taking into account the existing offer of banking credentials and the distribution of large information leakages.

CyberSecurity Pulse 2016-07-28According to an official press conference by the German police, the shooter who killed nine people and wounded 35 used a manipulated Glock 9mm. According to some research lines also cited by various German newspapers and by the Bavarian Ministry of the Interior, Joachim Herrmann, there are evidences that the gun would have been obtained from markets in the deep web with the objective of escaping known restrictions in several European countries regarding the acquisition of weapons.

Even if some journalistic investigations in the past have seen how the attempts to buy weapons have ended up in a scam, the possibility of acquiring them anonymously via Tor platforms and paying for them using, for example, cryptocurrencies to preserve the identity of the buyer has become a real possibility technically speaking. These methods, that have gained prominence these days with the tragic event in Munich, also represent an alternative that can also be used to deal with other complementary markets such as retail distribution of narcotics or illegal pornographic content.

» More information at Reuters

Top Stories

The Security of Electronic Voting Machines Is Still Questionable

CyberSecurity Pulse 2016-07-28The use of electronic voting machines without paper trail of the votes performed by citizens is increasing the fear about the chances of a significant security incident that might compromise the integrity of the results in the upcoming presidential elections in the USA. Deffending a position that the Computer Science philantropist Richard Stallman has also defended in the past, the expert Joe Kiniry has also joined the concern about these incidents which, in his opinion, are technically possible given that only half of the states are currently conducting audits to verify the polling results according to Verified Voting.

» More information at Computerworld

Wikileaks Releases a Platform to Search on Hillary Clinton's Emails

wikileaksAlmost at the same time at which Hillary Clinton has been finally elected as the Democratic candidate for the US presidency, Wikileaks has released a platform that allows users to search the 19,252 emails and » More than 8,000 attachments of relevant members of the party to which the organization has got access recently. The leakage, which has been announced as the first part of a series of volumes related to the candidate and which has been released to the organization by a cyberidentity named as Guccifer 2.0, includes information linked to up to seven relevant figures of the party as the Communications Director and various others financial directors and avisors.

» More information at Wikileaks

Rest of the Week´s News

Malicious Computers Caught Snooping on Tor

Last Friday, researchers from Northeastern University said that they found at least 110 such systems actively snooping on sites that use Tor to mask their operators' identities. To achieve this, a series of hidden services were deployed as honeypots to monitor the traffic that these sites were receiving. Amongst the petitions received, different attack vectors where identified including SQLi, XSS, and user enumeration attemps.

» More information at Ars Technica UK

Telegram Vulnerability Recorded Anything MacOS Users Pasted

A bug in the Telegram Messenger app logged anything its users pasted into their chats in its syslog on MacOS, even if they had opted for the end-to-end encrypted mode. The vulnerability was spotted earlier this month by the Russian researcher on information security Kirill Firsov.

» More information at ZDNet

SMS-based Two-Factor Authentication Is Insecure

SMS-based Two-Factor Authentication (2FA) has been declared insecure and has been deprecated by NIST to the extent that it will not be covered in future releases of its Digital Authentication Guideline. The organization argues that it's too easy for anyone to obtain a phone while the operator has no way to verify whether the person who receives the 2FA code is the correct recipient.

» More information at NIST

Further Reading

Snowden Designed an iPhone That Alerts User to Surveillance Activity

» More information at The Telegraph

O2 Customers' Details Sold on Darkweb

» More information at SC Magazine UK

Researchers Exploited PHP 0‑Days to Hack PornHub

» More information at Security Affairs