CyberSecurity Pulse 2017-04-17
|“If you don’t have critics, you probably don’t have success either.”|
The Immediacy of the Message in the Internet as a Possible Risk to Credibility
Beyond the geopolitical interpretations of these actions, recent actions have also revealed the importance of digital media control. While the Western media were quick to point out the possession and use of chemical weapons by the Syrian regime, the main Russian news agency needed just a few hours later to point out Bashar al-Assad's struggle against facilities with chemical weapons in hand of the self-proclaimed Islamic State condemning the unilateral action of the United States government. A race for truth was already launched.
The immediacy, the ease with which the contents are viralized and the importance of ones news reaching quickly to the widest possible audience, gives a chance to commiting mistakes such as those on the same Tuesday a few minutes after the Champions League match between Borussia Dortmund and AC Monaco was finally cancelled. At about 21:30, several media pointed out that Marc Bartra was already at home while he was still undergoing a fractured wrist surgery at the hospital. Undoubtedly, conventional media are finding democratization of the media a tough rival in the struggle for credibility. Several constitutions and major laws already protecting our right to be well informed in similar terms to the onews argued by the Spanish Constitution: "[the right to] freely communicate or receive truthful information by any means of dissemination [is recognized and protected]". May it remain so.
Microsoft Says It Has Fixed Exploits Leaked by Shadow Brokers in March
Shadow Brokers group has released a new portion of the alleged archive of the NSA containing a number of hacking tools and exploits. The tools work against almost all versions of Windows, from Windows 2000 and XP to Windows 7 and 8, and Server 2000, 2003, 2008, 2008 R2 and 2012, except Windows 10 and Windows Server 2016. However, security experts at Microsoft have explained that most of the Windows vulnerabilities exploited by the above hacking tools have already been patched in the last month's Patch Tuesday update. On the other hand, experts have discovered that NSA operators have developed two tools specifically designed to target Solaris systems which would have also been used in the internet.
G7 Declaration on Responsible States Behavior in Cyberspace
Syria and Daesh were the items that dominated talks between foreign ministers from the Group of Seven most industrialized nations which took place in Italy last Monday. However, the increasing number of cyberattacks and even more sophisticated cyberthreats could have a destabilizing effect on international peace and security, particulary in democratic processes. In this sense, the declaration invites all the States to collaborate with the intent to reduce any risks against international peace, security, and stability by developing laws, policies and best-practices that effectively combat cybercrime.
Rest of the Week´s News
Facebook Dismantled a Huge Spam Campaign Leveraging Bogus Accounts
The security team at Facebook has disrupted an international spam operation after a six months investigation. The apparent intent of the campaign was to deceptively gain new friend connections by liking and interacting primarily with popular Facebook Pages, after which they would be preparing a major spam campaign. They observed that the bulk of these accounts became dormant after liking a number of Pages, suggesting that cybercriminals had not mobilized their bots yet to send spam to those people.
Researchers Warn of a Windows 0-Day Attack Observed In the Wild
Security researchers from McAfee and FireEye security firms are warning of hackers exploiting a Windows 0-day vulnerability in the wild. According to the researchers, just opening a MS Word document could put you at risk. The exploitation of the flaw could allow an attacker to silently install a malware on a fully patched Windows machine. The attack vectors are mainly malicious emails that come with a weaponized Word document containing a booby-trapped OLE2link object.
Home Routers Used to Attack WordPress Websites
WordPress security firm WordFence, who uncovered these attacks, says the group behind this campaign is leveraging security flaws in the TR-069 router management protocol to take over a number of devices. These flaw can be exploited by sending malicious requests to a router's 7547 port. Experts say that the attackers are launching only a few password-guessing attempts from each router on purpose, to keep a low profile for their attacks.