CyberSecurity Pulse 2016-10-27

CyberSecurity Pulse 2016-10-27

“The ballot is stronger than the bullet.”
Abraham Lincoln

Analyst Insight

Why Today It Is So Important to Achieve Full Operational Capabilities in Cybersecurity

Companies like Twitter, Spotify and Netflix, among other services, stopped working last Friday after the company Dyn, that provides support to many of these services, reported that it was being targeted by a massive DDoS attack to its DNS infrastructuere. The theory managed by Dyn with the help of Flashpoint and Akamai, is that such an attack could be originated in IoT devices infected by Mirai, an IoT botnet whose source code has been released recently.CyberSecurity Pulse 2016-10-27Actually, there is no clear responsibility for the attack. On the one hand, Wikileaks has confirmed that some of his followers could be responsible as a way of protesting against the decision of the Ecuatorian government to cut the Internet connection to Julian Assange. This act would be part of retaliation action against the founder of Wikileaks in response to the recent release of more leaks of information on US elections. On the other hand, Pierluigi Paganini, the editor of the Security Affairs blog, has contacted the NewWorldHackers group via Twitter after it claimed the authorship of the attacks to Dyn in collaboration with other groups linked to Anonymous.Once again, developing research capabilities in cybersecurity is the only way to being able to analyze these incidents to understand what has really happened. The fact that the Internet is a medium in which the evidence is easily forgeable and even contradictory makes cyberspace an environment in which the researcher needs to deal with uncertainty and chaos in order to achieve clear responsibility for attacks whose magnitude has reached some historical records.

Top Stories

The German Parliament Passes Controversial a Surveillance Law

CyberSecurity Pulse 2016-10-27The German Parliament last week approved a controversial espionage law that theoretically will tighten oversight of the BND intelligence agency, but that according to privacy advocates will give more power to the authorities. The experts focused their critic on a controversial clause of the law that allows the BND to eavesdrop communications of foreign organizations and individuals on German soil and abroad that is in transit through a major internet exchange point in Frankfurt.

» More information at Security Affairs

Online Gambling Probed by UK Competition Watchdog

CyberSecurity Pulse 2016-10-27The UK’s online gambling industry is being investigated by the country’s competition watchdog to test whether millions of customers are being treated fairly. The Competitions and Markets Authority has stepped in after the Gambling Commission raised concerns about a raft of potential breaches of consumer law, including misleading promotions and unfair terms being used by firms to block players’ payouts. The move follows a series of complaints from punters, who claimed that certain sites are deliberately making their terms obscure, and payouts harder to come by.

» More information at Ars Technica UK

Rest of the Week´s News

Revamped GM Bot Mobile Banking Malware Spotted in the Wild

IBM X-Force detected a recently updated version of the GM Bot mobile banking malware designed to deploy on Android 6 operating systems and bypass new security applied to the platform. Android officially released this Marshmallow OS, code-named M, in October 2015. The GM Bot version analyzed can work on all Android versions up to the Marshmallow distribution.

» More information at Security Intelligence

Researchers Gain Root Access to Android Devices Using Rowhammer Attacks

An international team of researchers has developed an exploit to root access Android phones made by LG, Samsung and Motorola using Rowhammer hardware attacks. The attacks allow threat actors to manipulate data stored in memory chips and relies on the predictable memory reuse patterns of standard physical memory allocators.

» More information at SC Magazine

Cellebrite Digital Forensics Tools Leaked Online by a Reseller

Cellebrite is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations. Now, the Cellebrite hacking firmware has been leaked online by one of its resellers, the McSira Professional Solutions.

» More information at Security Affairs

Further Reading

Graduate Recruitment Site Exposed 50,000 CVs Sent to Virgin Media UK

» More information at Ars Technica UK

Nuclear Plants Leak Critical Alerts in Unencrypted Pager Messages

» Más información at Ars Technica UK

Keen Team Won $215k by Hacking Nexus 6p and iPhone 6S

» More information at Security Affairs