CyberSecurity Pulse 2017-04-4
|“If you set your goals ridiculously high and it’s a failure, you will fail above everyone else’s success.”|
New Episodes in Vault 7 Case
On the other hand, a set of files named DarkMatter has been released and consists of user manuals and other documentation for exploits mainly targeting Apple MacBooks. It exploited the Thunderbolt interface to allow anyone with physical access to a MacBook to bypass password protection on firmware and install one of a series of Apple-specific CIA implants. In the same way, WikiLeaks has released the third batch of the CIA Vault7 archive that shed light on several anti-forensics tools codenamed Marble which were being used by the intelligence agency to hamper forensic investigators and threat intelligence companies from attributing viruses, Trojans and hacking attacks to actors linked in one way or another to the CIA.
Wikileaks has done nothing but start. According to Julian Assange, the visible head of the organization, it has already contacted the affected companies so that the rest will know the consequences of the vulnerabilities already disclosed by the organization in past (and future) releases of documents.
A Cybersecurity Arsenal That Will Help Protect Your Election
Jigsaw and Google, both divisions of Alphabet, are launching a suite of cybersecurity tools called "Protect Your Election". They hope to provide a set of free cyberdefenses that can support the independent news outlets, election monitoring and audit groups, activists, and human rights organizations that help elections run smoothly. The innovation in this case is not the innovation degree of the tools themselves, but the fact of deciding to package them in a way that makes them accessible to the people who these companies feel that will need these tools most. Packaging tools together like this, with a very clear targetted audience, sends a valuable message to a group that increasingly needs it while gaining visibility as security-concerned companies.
U.S. May Accuse North Korea in Bangladesh Cyberheist
US prosecutors are working on building a series of cases that would accuse North Korea of directing the theft of 81 million dollars from Bangladesh Bank's account at the Federal Reserve Bank of New York last year, and that would charge alleged Chinese middlemen to help with the operations. Richard Ledgett, deputy director of the US National Security Agency, publicly suggested that North Korea may be linked to the incident, while other private firms have long pointed the finger at the Democratic People's Republic of Korea. The current cases being pursued may not include concrete charges against North Korean officials, but anyway it cannot be discarded that they may implicate the country.
Rest of the Week´s News
HTTPS Interception Weakens TLS Security
Organizations that have performed a risk assessment and determined that HTTPS inspection is a requirement should ensure their HTTPS inspection products are performing correct transport layer security (TLS) certificate validation. Products that do not properly ensure secure TLS communications and do not convey error messages to the user may further weaken the end-to-end protections that HTTPS aims to provide.
Widespread Email Scam Targets Github Developers with Dimnie Trojan
Dimnie is a trojan that has been targeted Russians until early this year, when a new campaign took aim at multiple owners of Github repositories. One commenter in a thread reported the initial infection e-mail was sent to an address that was used solely for Github. The e-mails attached a Microsoft Word document that contained a malicious macro in charge of launching PowerShell commands to download and execute the payloads themselves.
APT29 Group Used Domain Fronting to Evade Detection
Security firm FireEye has revealed that APT29 have been using a technique called domain fronting to make hard the attribution of their attacks. This technique hides the remote endpoint of a communication. Domain fronting works at the application layer, using HTTPS, to communicate with a forbidden host while appearing to communicate with some other host which is already permitted by the censor.