CyberSecurity Pulse 2017-06-27
|“Champions keep playing until they get it right.”|
|Billie Jean King|
Google Will Stop Reading Your Emails for Gmail Ads
Government Spyware Targets Mexican Journalists and Their Families
Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person. The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups. But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families. In addition, under Mexican law, only a federal judge can authorize the surveillance of any private communications, and, in any case, whenever the authorised officials can demonstrate appropiately which are the basis that back the need for each and every request claimed.
The Wetminster Parliamentary Network Was Hit by a “Sustained and Determined” Cyberattack
By the end of the previous week, the British Parliament suffered a “sustained and determined” cyberattack that was repeatedly targetting weak passwords of different members of the parliament email accounts trying to compromise the access to their accounts. The attackers were also trying to get access to their assistants accounts as part of the same operation. Such an attack would have lasted for more than 12 hours while the officials and security responsibles of the parliamentary network were forced to lock MPs out of their own mail accoutns so as to contain any possible effects of these incidents, resulting in a de facto Denial of Service on the usage of the email accounts. Once again, the activation of a second factor of authentication is a desirable as well as recommend action to consider so as to prevent most of the the harmful effects of a major breach of reused passwords in several platforms or because of any bad habits in the renewal of authentication mechanisms.
Rest of the Week´s News
A Serious Privilege Escalation Bug in Unix OS Imperils Servers Everywhere
A series of Unix-based operating systems including GNU/Linux, OpenBSD, and FreeBSD would have included flaws that let attackers elevate low-level access on a vulnerable computer to unfettered root. The vulnerability is CVE-2017-1000364, but during this research Qualy has also discovered several new vulnerabilities which would be linked to the primary vulnerability (e. g., CVE-2017-1000365), while others are exploitable independently like CVE-2017-1000367.
Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly
WikiLeaks has published a new batch of the ongoing Vault 7 leak. This time detailing a tool suite which would have been used by the Central Intelligence Agency (CIA) to target Microsoft Windows systems in “closed networks by air gap jumping using thumb drives”. The tool suite has been named Brutal Kangaroo (v1.2.1), and would have been allegedly designed by CIA in 2012 to infiltrate a closed network or air-gapped computer without even requiring any direct access. The previous version of Brutal Kangaroo was named as EZCheese, which was exploiting a vulnerability that was a zero-day until March 2015, though the newer version is using an “unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system” according to the documents published.
NSA Opens Github Account With 32 Projects Developed by the Agency
The National Security Agency (NSA) has finally joined GitHub and launched an official GitHub profile page where it is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP) with the aim to transfer their technology to the commercial marketplace. Some of the NSA’s open source projects include Certificate Authority Situational Awareness (CASA), Control Flow Integrity, GRASSMARLIN, Open Attestation, RedhawkSDR or OZONE Widget Framework (OWF).