CyberSecurity Pulse 2017-03-20
|“The father of doubts has a son of knowledge.”|
WikiLeaks Will Disclose CIA Exploits to Tech Companies Under Specific Conditions
However, WikiLeaks withheld the code for the exploits from the first round of releases to prevent it from being misused. By releasing the code to tech firms first, the organisation said it wants to allow them time to patch the vulnerabilities before they are made public. In this sense, Assange would have contacted tech companies, including Apple, Microsoft, and Google to explain how Wikileaks intends to share the knowledge about the vulnerabilities the CIA was allegedly taking advantage. It seems that Wikileaks requested the satisfaction of specific conditions to the tech companies, for example, a 90-day disclosure deadline.
Of course, the best option for tech firms is to accept the conditions and fix the issues as soon as possible. Meanwhile, the CIA questions the reliability of the source and the content of the data leak: "We don't comment on the authenticity of purported intelligence documents released by Wikileaks or on the status of any investigation into the source of the documents. As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity", the spokesperson wrote. Only time will tell us who is right.
Proposed Bill Would Legally Allow Cybercrime Victims to Hack Back
A new proposed bill intended to amend section 1030 of the Computer Fraud and Abuse Act that would allow victims of ongoing cyberattacks to fight back against hackers by granting victims more powers to engage in active defense measures to identify the hacker and disrupt the attack. The new bill has been proposed by Representative Tom Graves of Georgia and is named the "Active Cyber Defense Certainty" (ACDC) Act. However, this new bill allowing hacking back attackers is already raising up some concerns about potential unintended effects that the abuse of such actions may cause if the limits and procedures are not properly defined.
NCSC Warns of Cyberattacks Powered by Russia Against the Political System
The alert was raised by the UK National Cyber Security Center (NCSC) that is informing political parties in the UK to warn about "the potential for hostile action against the UK political system". The warning does not confirm that Russia is the most dangerous state for political hacking but many members of the British intelligence community have few doubts about cyber capabilities of Russians state-sponsored hackers. In a separate context, the British Foreign Secretary Boris Johnson explained that there is no evidence of cyber attacks powered by Russian entities against the Brutish politicians and parties. "We have no evidence the Russians are actually involved in trying to undermine our democratic processes at the moment but what we do have is plenty of evidence that the Russians are capable of doing that", Johnson declared on a national television programme this Sunday.
Rest of the Week´s News
Malware Found Preinstalled on 38 Android Phones Used by Two Companies
An assortment of malware was found on 38 Android devices belonging to two unidentified companies. According to Checkpoint, the malicious apps weren't part of the official firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In at least six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected.
How One Photo Could Have Hacked Your WhatsApp and Telegram Accounts
A new security vulnerability has recently been patched by WhatsApp and Telegram that could have allowed hackers to completely take over user account just by having a user simply click on a picture. According to Checkpoint, the vulnerability resided in the way both messaging services process images and multimedia files without verifying that they might have hidden malicious code inside.
Hundreds of High-Profile Twitter Accounts Hacked through 3rd-Party App
In a large-scale Twitter hack, thousands of Twitter accounts from media outlets to celebrities were compromised last Wednesday. This strange Twitter activity on numerous high-profile accounts is the result of a vulnerability found in the third-party app called Twitter Counter. However, the company has made it very clear that no "Twitter account credentials (passwords)" or "credit card information" has been compromised.