CyberSecurity Pulse 2016-08-25
|“The man of integrity walks securely, but he who takes crooked paths will be found out.”|
|Proverbs 10:9 (CSB)|
Automatic Replies (“Out of Office”). Data leakage?
These are the security threats involved within this scenario:
- Spam: An “Out of Office” message ensures the sender that the email address is correct, as well as may disclose other email addresses, referred to alternative contact points, within the content of the automatic reply message.
- Information leaks (OPSEC): Context information gathering, both at personal (mobile phone, victim geolocation, etc.) and professional (hierarchical and operational structure of the department, working teams, product and service information, etc.) levels.
- Social engineering attacks: On the basis of the information gathered about the victim and their environment, an attacker could perform a targeted attack (phishing/whaling).
- Communicate in advance your absence to people involved in critical tasks, as well as provide them with an alternative point of contact during this period.
- Do not reveal too much information. It should only include the period of absence and a default contact point (a generic mailbox if possible). Delete any type of generic signature which could reveal sensitive information such role, telephone number, etc.
- Deliver different notifications, distinguishing between internal and external contacts.
- These type of recommendations should be included within the Organization’s information security policies.
Group Wants to Shut Down Tor for a Day
The temporary shut down of the Tor network has been requested for 24 hours. The call has been made through the website GhostBin for September 1, motivated by the way that Tor project members are handling the sexual accusations against Jake Applebaum (one of the most relevant members), as well as the accusations related to an alleged collaboration with intelligence agencies like CIA. The debate concerning the support for this iniciative, is mainly argued based on the need users have for this network as a mean of communication in countries whose governments do not respect the fundamental right to freedom of expression.
Russian State Hackers Tried to Hack New York Times and Other Reporters
The FBI is investigating a hacker group, allegedly linked to Russian intelligence services, regarding their possible involvement within the attacks carried out against the New York Times journalists and other US media in recent months. The email and sensitive information theft from non-governmental organizations has become a new focus of interest for intelligence agencies, since this data might show the jourlanlists point of view regarding governmental affairs, data, communications and private documents containing sensitive information, thus providing a much more valuable vision from the intelligence side.
Rest of the Week´s News
A Winning Anonymous Bidder Bought 2,700 Bitcoins at US Government Auction
Only 5 bidders participated in the auction of 2,719 bitcoins organized by the US government (USMS United States Marshals Service). The bitcoins came from several criminal, civil and administrative cases (most of them related with the Silk Road market). The anonymous winner invested 1.6 million dollars in this purchase.
Epic Games Forums Hacked
Epic Games was the last company of the entertainment industry (video games) to have become a target from a cyberattack . The company has contacted the members of their forums in order to notify them that their personal data has been compromised.
DCNS Massive Data Leak Discloses Scorpene Submarines Combat Capabilities
The DCNS French shipyard has been affected by a massive data leakage of over 22,000 classified documents. The documents detail the combat capabilities of the new Scorpene submarines. This data leak becomes a significant risk to the national security of different countries like India, Brazil, Chile, Malaysia and Australia.