CyberSecurity Pulse 2016-11-3

CyberSecurity Pulse 2016-11-3

“Turpe est in re militari dicere non putaram.”
Publius Cornelius Scipio Africanus

Analyst Insight

Were Or Weren’t You Hacked by The NSA? That Is The Question

Shadow Brokers is back with a new leak that the group says reveals hundreds of organizations targeted by the NSA over more than a decade. “TheShadowBrokers is having special trick or treat for Amerikanskis tonight,” said the Monday morning post, which was signed by the same encryption key used in the August posts. “Many missions into your networks is/was coming from these ip addresses.”, added.CyberSecurity Pulse 2016-11-3Monday’s dump contains 352 distinct IP addresses and 306 domain names allegedly hacked by the NSA. The timestamps included in the leak indicate that the servers were targeted between August 22, 2000 and August 18, 2010. In all, the targets were located in up to 49 countries, with the top 10 being China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. Other purported NSA tools discussed in Monday’s dump have names including DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK, and STOCSURGEON.

In the manifesto accompanying the most recent leak, The Shadow Brokers, though seemingly financially motivated, criticized the US government for misguided democratic principles as well as its perceived double standards regarding cyberattacks. In the statement, the group appeared to mock the cyberattack operation allegedly launched by the CIA in response to alleged Russian involvement in various hacking incidents intended to subvert the 2016 US elections. US is getting enemies but this has been the straw that broke the camel’s back.

» More information at Medium

Top Stories

UK Government Launches Its New National Cybersecurity Strategy

CyberSecurity Pulse 2016-11-3In a bid to become one of the “safest places in the world to do business”, the United Kingdom government has launched its new five-year National Cyber Security Strategy. The strategy will confirm a previously announced budget of £1.9 billion that nearly doubles the amount invested in the previous cybersecurity strategy. As expected, much of this budget will be directly spent on existing programmes related to several intelligence agencies. In this regard, the National Cyber Security Centre (NCSC) became operational on 1 October 2016 as part of the Government Communications Headquarters (GCHQ). Led by chief executive Ciaran Martin, the NCSC will have a team of approximately 700 full-time people to be placed in the Nova Building, Victoria, London by the beginning of next year.

» More information at SC Magazine

Google Warns about a Windows 0‑Day Under Attack

CyberSecurity Pulse 2016-11-3Google researchers last Saturday disclosed that they had found and reported to Microsoft a critical vulnerability in Windows that Microsoft has not yet fixed and which would have being used by attackers in the wild. The Windows vulnerability is a local privilege-escalation flaw in the Windows kernel that can be used to bypass a security sandbox. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” the Google team wrote in an official post in their security blog released recently. Google has opted to publicly disclose the flaw just 10 days after privately reporting it to Microsoft, giving the company a very little time to issue security updates what has brought some disputes regarding the ethics of the security report.

» More information at Google Online Security Blog

Rest of the Week´s News

Google AI Invents Its Own Cryptographic Algorithm

Google Brain Team has created two AI that have developed their own cryptographic algorithm to protect their messages from a third AI, which, at the same time, was also trying to evolve its own method to crack the AI-generated crypto. The study was a success: the first two AIs learnt how to communicate securely from scratch and without being told how to do it.

» More information at

PREDATOR: Proactive Recognition and Elimination of Domain Abuse Tool

A team of Princeton students has developed PREDATOR, a tool that detects malicious domain names as soon as they get registered. PREDATOR is an acronym that stands for Proactive Recognition and Elimination of Domain Abuse at Time Of Registration, a proactive reputation system that can accurately and automatically identify malicious domains as soon as they are registered. PREDATOR is capable of distinguishing between legitimate and malicious domain registrations by achieving a detection rate of 70% with a false positive rate of just 0.35%.

» More information at The ICSI Networking and Security Group

Lotus Blossom Chinese Cyberspies Leverage on Fake Conference Invites in the Last Campaign

The Chinese APT Lotus Blossom, also known as Elise and Esile, is behind a new cyber espionage campaign that is trying to lure victims with fake invitations to Palo Alto Networks’ upcoming Cybersecurity Summit. With this social engineering trick the attackers are trying to deceive users into installing a strain of malware that could be used to spy on victims’ machines. Security experts that have already analyzed the activity of the Lotus Blossom APT think that a nation state actor that has been around since at least 2012 is behind it.

» More information at Security Affairs

Further Reading

NHS Trust Cancels Operations after Malware Hits IT System

» More information at The Guardian

An Information Disclosure Flaw Still Impacts SAP Systems in the Internet

» Más información at Security Affairs

Massive Hacking Campaign on Joomla Sites Via Recently Patched Flaws

» More information at Security Affairs