CyberSecurity Pulse 2017-05-29
|“Doing the unrealistic is easier than doing the realistic.”|
Qatar News Agency Hacked: Other Case of Fake News With Diplomatic Implications
Qatar has been targeted by hackers before. In May 2016, hackers leaked sensitive information involving thousands of Qatar National Bank customers, purportedly including government employees and members of the ruling family. Likewise, in 2012, a damaging malware crippled computer systems at Qatari natural gas producer RasGas soon after a similar attack was identified on Saudi Arabia's state-run oil company.
False news or fake news has become a subject of worldwide concern. Last March, leading monitors of freedom of expression around the world have come together to issue a Joint Declaration on freedom of expression, focusing fake news. In this sense, Mr Kaye said that fake news has emerged as a global topic of concern and there is a risk that efforts to counter it could lead to censorship, the suppression of critical thinking and other approaches contrary to human rights law. This is just another reminder of how the Internet has changed our lives with regard to being informed, but, at the same time, we can never forget the importance of the critical spirit of the reader to question the information circulating online.
Bill in US Congress Would Establish Vulnerabilities Equity Process Review Board
In the wake of the high-profile WanaCryptor ransomware attack, a bipartisan group of elected officials from both Congressional Houses have introduced the Protecting our Ability To Counter Hacking (PATCH) Act to improve cybersecurity and transparency at the federal level. The PATCH Act creates an intra-agency review board, which will be led by the Department of Homeland Security and will have the goal of ensuring to conduct consistent policies whenever the government evaluates whether a given vulnerability should be disclosed or not. "The Board will ensure a consistent policy for how the government evaluates vulnerability for disclosure and retention. The bill will also create new oversight mechanisms to improve transparency and accountability, while enhancing public trust in the process", the statement said.
Microsoft Unveils Special Version of Windows 10 For Chinese Government
China is very strict about censorship, which is why the country has become very paranoid when it comes to adopting foreign technologies. In fact, the country banned Microsoft's Windows operating system on government computers in 2014 because of the concerns about security and US surveillance. To deal with this issue and target the world's largest market, Microsoft's CEO for the Greater China region last year confirmed that the company was working on a Chinese version of Windows 10 that included "more management and security controls" and less applications preinstalled by default by manufactures. Apart from this, the Chinese manufacturer Lenovo has also announced that it is working on being the first partner that will ship devices with Windows 10 China Government Edition operating system installed on them.
Rest of the Week´s News
WikiLeaks Reveals Athena
The latest file revealed in WikiLeaks' Vault 7 catalog of CIA hacking toolkit is Athena, a surveillance tool apparently designed to capture communications from Windows XP to Windows 10 machines. Details of the Athena malware are available in a document allegedly created by the CIA in November 2015. The malware is said to have been made in conjunction with US cybersecurity firm Siege Technologies, which was acquired by Nehemiah Security late last year.
Google Chrome Flaw Could Allow Windows Credential Theft
A bug in Google's popular web browser Chrome could enable threats actors to place a malicious file onto a target PC that could then be used to siphon off Windows credentials and initiate a Server Message Block (SMB) relay attack, according to a post by Bosko Stankovic, an information security engineer at DefenseCode. Stankovic discovered the vulnerability in the default configuration of Chrome and all Windows versions supporting the browser.
All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack
Cloak and Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device without giving the user a chance to notice the malicious activity. These attacks only require two permissions that, in case the app is installed from the Play Store, the user does not need to explicitly grant and for which he is not even notified at all. These attacks affect all recent versions of Android (including the latest version, Android 7.1.2) and they are yet to be fixed.