CyberSecurity Pulse 2016-09-15

CyberSecurity Pulse 2016-09-15

“It’s easier to fool people than to convince them that they have been fooled.”
Mark Twain

Analyst Insight

The World Anti Doping Agency Is Again in the Spotlight

One of the news that splattered the start of the Olympics was filtering the Russian government could have been systematically concealing doping a lot of athletes. The incident, in which the filtering Yuliya Stepanova was crossed out even Judas in the words of Vladimir Putin, almost cost a penalty IOC to veto the participation of the entire Russian delegation at the last Olympic Games in Rio.

CyberSecurity Pulse 2016-09-15In middle August 2016, a hacktivist group leaked, apart from more than 537 MB in 62 files, the email and personal data of the Russian athlete in an incident that we have already discussed in this section. The information exposed was relevant for Yuliya taking into accoutn that the affected platform stores the current location of the athlete to fasten the conduct of doping controls. In August 19, Threat Connect reported that it had recorded a running spear phishing campaign against WADA stakeholders with the aim of harvesting credentials in the framework of different operations taken against the domain

This week, the group Fancy Bear Hack Team has released of a number of personal documents linked to different renowned athletes like Venus and Serena Williams sisters on September 13 and cyclists Chris Froome and Bradley Wiggins on September 15. The leaked documents include personal information and certificates of exemption of certain therapeutic drugs that otherwise would be positive in doping controls. You can visit ElevenPaths blog so as to check the technical analysis performed by our analists team about this information leak.

» More information at ElevenPaths

Top Stories

ISPs in UK Concerned about Government Surveillance

CyberSecurity Pulse 2016-09-15According to a report released by the UK Internet Services Providers Association (ISPA), the most common concern among companies is that government surveillance will weaken network security and make providers a target of attackers. The report, released on September 6, found that 54 percent of respondents were attacked at least every week. Currently, denial-of-service attacks and SQL injection attacks are their main types of cyberthreats: 91 percent of respondents have already suffered a denial-of-service attack, 64 percent an SQL injection attack and up to 36 percent a phishing attack.

» More information at Eweek

Google Will Pay You $200,000 to Hack Android OS

CyberSecurity Pulse 2016-09-15Google has launched its own Android hacking contest with the first prize winner receiving $200,000 in cash, the second $100,000 and the third $50,000. Starting on September 13 and ending on March 14, 2017, the contest will only award cash prizes to contestants who can successfully hack any version of Android Nougat on Nexus 5X and 6P devices. However, the catch here is that Google wants experts to hack the devices by knowing only the devices' phone numbers and email addresses. Besides cash prizes, winners will also be invited to write a short technical report describing their entry, which will then be posted on the company's Project Zero Blog.

» More information at Project Zero

Rest of the Week´s News

Thousands of Infected FTP Servers Net Attackers $88k in Cryptocurrency

Although mining Bitcoins is no longer profitable, there are plenty of other digital currencies that are quite new and are significantly less difficult to mine like Monero. Criminals has recognized this and started to spread a new malware payload that uses infected machines to mine this coin at the expense of the system owner’s CPU and GPU resources.

» More information at Sophos

Google Chrome to Label Sensitive HTTP Pages as "Not Secure"

Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit card details as "not secure". This is the first step in Google's plan to discourage the use of sites that don't use encryption at all to protect sensitive information.

» More information at The Hacker News

GovRAT 2.0 continues to target US companies and Government

Vxers recently released a new version of the RAT, so-called GovRAT 2.0 that has been used by cybercriminals to target the US Government and other organizations in the country. The new strain of GovRAT 2.0 includes several new features, including improved detection evasion methods, remote command execution, automatically mapping hard disks and network shares.

» More information at Security Affairs

Further Reading

How America’s 911 Emergency Response System Can Be Hacked

» More information at The Washington Post

PIL Filed in Court to Ban Pokémon Go in India for Hurting Religious Sentiments

» Más información at The Hacker News

This USB Can Kill a PC in Seconds

» More information at The Hacker News