CyberSecurity Pulse 2016-11-3
|“Turpe est in re militari dicere non putaram.”|
|Publius Cornelius Scipio Africanus|
Were Or Weren’t You Hacked by The NSA? That Is The Question
In the manifesto accompanying the most recent leak, The Shadow Brokers, though seemingly financially motivated, criticized the US government for misguided democratic principles as well as its perceived double standards regarding cyberattacks. In the statement, the group appeared to mock the cyberattack operation allegedly launched by the CIA in response to alleged Russian involvement in various hacking incidents intended to subvert the 2016 US elections. US is getting enemies but this has been the straw that broke the camel’s back.
UK Government Launches Its New National Cybersecurity Strategy
In a bid to become one of the “safest places in the world to do business”, the United Kingdom government has launched its new five-year National Cyber Security Strategy. The strategy will confirm a previously announced budget of £1.9 billion that nearly doubles the amount invested in the previous cybersecurity strategy. As expected, much of this budget will be directly spent on existing programmes related to several intelligence agencies. In this regard, the National Cyber Security Centre (NCSC) became operational on 1 October 2016 as part of the Government Communications Headquarters (GCHQ). Led by chief executive Ciaran Martin, the NCSC will have a team of approximately 700 full-time people to be placed in the Nova Building, Victoria, London by the beginning of next year.
Google Warns about a Windows 0‑Day Under Attack
Google researchers last Saturday disclosed that they had found and reported to Microsoft a critical vulnerability in Windows that Microsoft has not yet fixed and which would have being used by attackers in the wild. The Windows vulnerability is a local privilege-escalation flaw in the Windows kernel that can be used to bypass a security sandbox. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” the Google team wrote in an official post in their security blog released recently. Google has opted to publicly disclose the flaw just 10 days after privately reporting it to Microsoft, giving the company a very little time to issue security updates what has brought some disputes regarding the ethics of the security report.
Rest of the Week´s News
Google AI Invents Its Own Cryptographic Algorithm
Google Brain Team has created two AI that have developed their own cryptographic algorithm to protect their messages from a third AI, which, at the same time, was also trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch and without being told how to do it.
PREDATOR: Proactive Recognition and Elimination of Domain Abuse Tool
A team of Princeton students has developed PREDATOR, a tool that detects malicious domain names as soon as they get registered. PREDATOR is an acronym that stands for Proactive Recognition and Elimination of Domain Abuse at Time Of Registration, a proactive reputation system that can accurately and automatically identify malicious domains as soon as they are registered. PREDATOR is capable of distinguishing between legitimate and malicious domain registrations by achieving a detection rate of 70% with a false positive rate of just 0.35%.
Lotus Blossom Chinese Cyberspies Leverage on Fake Conference Invites in the Last Campaign
The Chinese APT Lotus Blossom, also known as Elise and Esile, is behind a new cyber espionage campaign that is trying to lure victims with fake invitations to Palo Alto Networks’ upcoming Cybersecurity Summit. With this social engineering trick the attackers are trying to deceive users into installing a strain of malware that could be used to spy on victims’ machines. Security experts that have already analyzed the activity of the Lotus Blossom APT think that a nation state actor that has been around since at least 2012 is behind it.