CyberSecurity Pulse 2017-07-24
|“I am always doing things I can’t do, that’s how I get to do them.”|
Microsoft's Effective War Against Fancy Bear
Last year, attorneys working for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks. The action, though, is not about dragging the hackers into court as they did not appear. The lawsuit is a tool for Microsoft to target what it calls "the most vulnerable point" in Fancy Bear’s espionage operations: the command-and-control servers that these hackers would be using to, covertly, take control of the malware installed on the computers of the infected victims.
Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been performing several efforts to take over the Internet domain names used to route to them. Known domains include "livemicrosoft.net" or "rsshotmail.com" that Fancy Bear would be registering under aliases for just $10 each. Microsoft is still waiting for a final default judgment against Fancy Bear for the giving Microsoft ownership of the domains that it has seized in another example of the slow way with which things are being faced when it comes to take the path of the law.
US Customs and Border Protection Cannot Search Travelers' Cloud Data
While US Customs and Border Protection (CBP) does have the authority to search travelers' mobile devices without their consent and often without a warrant, that authority does not extend to travelers' data stored in the cloud. The CBP acknowledged the limitation in response to a letter from Senator Ron Wyden (D-Oregon). According to several reports, their authority is just limited to "information that is physically resident on an electronic device transported by an international traveler".
Kaspersky Says It Will Share Code with US Government
The White House has taken Kaspersky Lab off the list of approved vendors for government agencies. Eugene Kaspersky said he will disclose his company's source code with the US government to prove that the company's products do not contain malware that could be used by Russia's government. Meanwhile, Russia is said to be considering regulations that would eliminate foreign antivirus vendors from competing in the Russian market for similar reasons.
Rest of the Week´s News
Devil's Ivy Exploits IoT Flaw in Millions of Devices
A 0-day known as Devil's Ivy affects millions of Internet of Things (IoT) devices, including security cameras and access card readers. The flaw lies in gSOAP open source code library, and it can be exploited remotely. Genivia, the company responsible for gSOAP, has released a fix for the issue.
Critical Code Injection Flaw In Gnome File Manager
A German security researcher has discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager. Dubbed Bad Taste, the vulnerability (CVE-2017-11421) was discovered by Nils Dagsson Moskopp, who also released a PoC code on his blog to demonstrate the vulnerability.
Critical RCE Vulnerability Found in Cisco WebEx Extensions
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, which could allow attackers to remotely execute malicious code on a victim's computer. The remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension.