CyberSecurity Pulse 2017-06-27

CyberSecurity Pulse 2017-06-27

“Champions keep playing until they get it right.”
Billie Jean King

Analyst Insight

Google Will Stop Reading Your Emails for Gmail Ads

Google announced last June 23 G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in it free consumer Gmail service. This decision brings Gmail ads in line with how they personalize ads for other Google products. Ads shown are based on users’ settings. Users can change those settings at any time, including disabling ads personalization. In the same way, users will always be able to validate and control Google’s information about them through, such as their history, YouTube videos, mobile location or click-through ads. However, this change has not gone unnoticed in security and privacy sector and these movements may be due to different reasons. The first could be related to the adaptation of its products to the GDPR and the e-Privacy Directive aimed at providing the citizens of the European Union greater control over their personal data and also introducing the concept of privacy by default. And, on the other hand, the giant Google would have been involved in 2013 in the famous PRISM program of the NSA where it was given access to the data of the clients. After this, will we ever trust Google as the protector of our data?

» More information at Google

Top Stories

Government Spyware Targets Mexican Journalists and Their Families

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person. The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups. But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families. In addition, under Mexican law, only a federal judge can authorize the surveillance of any private communications, and, in any case, whenever the authorised officials can demonstrate appropiately which are the basis that back the need for each and every request claimed.

» More information at The New York Times

The Wetminster Parliamentary Network Was Hit by a “Sustained and Determined” Cyberattack

By the end of the previous week, the British Parliament suffered a “sustained and determined” cyberattack that was repeatedly targetting weak passwords of different members of the parliament email accounts trying to compromise the access to their accounts. The attackers were also trying to get access to their assistants accounts as part of the same operation. Such an attack would have lasted for more than 12 hours while the officials and security responsibles of the parliamentary network were forced to lock MPs out of their own mail accoutns so as to contain any possible effects of these incidents, resulting in a de facto Denial of Service on the usage of the email accounts. Once again, the activation of a second factor of authentication is a desirable as well as recommend action to consider so as to prevent most of the the harmful effects of a major breach of reused passwords in several platforms or because of any bad habits in the renewal of authentication mechanisms.

» More information at The Telegraph

Rest of the Week´s News

A Serious Privilege Escalation Bug in Unix OS Imperils Servers Everywhere

A series of Unix-based operating systems including GNU/Linux, OpenBSD, and FreeBSD would have included flaws that let attackers elevate low-level access on a vulnerable computer to unfettered root. The vulnerability is CVE-2017-1000364, but during this research Qualy has also discovered several new vulnerabilities which would be linked to the primary vulnerability (e. g., CVE-2017-1000365), while others are exploitable independently like CVE-2017-1000367.

» More information at Qualys

Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

WikiLeaks has published a new batch of the ongoing Vault 7 leak. This time detailing a tool suite which would have been used by the Central Intelligence Agency (CIA) to target Microsoft Windows systems in “closed networks by air gap jumping using thumb drives”. The tool suite has been named Brutal Kangaroo (v1.2.1), and would have been allegedly designed by CIA in 2012 to infiltrate a closed network or air-gapped computer without even requiring any direct access. The previous version of Brutal Kangaroo was named as EZCheese, which was exploiting a vulnerability that was a zero-day until March 2015, though the newer version is using an “unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system” according to the documents published.

» More information at The Hacker News

NSA Opens Github Account With 32 Projects Developed by the Agency

The National Security Agency (NSA) has finally joined GitHub and launched an official GitHub profile page where it is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP) with the aim to transfer their technology to the commercial marketplace. Some of the NSA’s open source projects include Certificate Authority Situational Awareness (CASA), Control Flow Integrity, GRASSMARLIN, Open Attestation, RedhawkSDR or OZONE Widget Framework (OWF).

» More information at Github

Further Reading

198 Million Americans Hit by Voter Records Leak

» More information at ZDNet

Attacker Mining Cryptocurrency Using Exploits for Samba Vulnerability

» More information at Threatpost

OpenVPN Fixed Several Remotely Exploitable Flaws Not Detected by Recent Audits

» More information at Security Affairs