CyberSecurity Pulse 2017-07-24

CyberSecurity Pulse 2017-07-24

“I am always doing things I can’t do, that’s how I get to do them.”
Pablo Picasso

Analyst Insight

Microsoft's Effective War Against Fancy Bear

A new offensive by Microsoft has been making inroads against Fancy Bear, the alleged Russian government group of hackers, behind last year's election actions in United States. But, how are they facing it?

CyberSecurity Pulse 2017-07-24Last year, attorneys working for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks. The action, though, is not about dragging the hackers into court as they did not appear. The lawsuit is a tool for Microsoft to target what it calls "the most vulnerable point" in Fancy Bear’s espionage operations: the command-and-control servers that these hackers would be using to, covertly, take control of the malware installed on the computers of the infected victims.

Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been performing several efforts to take over the Internet domain names used to route to them. Known domains include "livemicrosoft.net" or "rsshotmail.com" that Fancy Bear would be registering under aliases for just $10 each. Microsoft is still waiting for a final default judgment against Fancy Bear for the giving Microsoft ownership of the domains that it has seized in another example of the slow way with which things are being faced when it comes to take the path of the law.

» More information at The Hacker News


Top Stories

US Customs and Border Protection Cannot Search Travelers' Cloud Data

CyberSecurity Pulse 2017-07-24While US Customs and Border Protection (CBP) does have the authority to search travelers' mobile devices without their consent and often without a warrant, that authority does not extend to travelers' data stored in the cloud. The CBP acknowledged the limitation in response to a letter from Senator Ron Wyden (D-Oregon). According to several reports, their authority is just limited to "information that is physically resident on an electronic device transported by an international traveler".

» More information at NBC News
 

Kaspersky Says It Will Share Code with US Government

CyberSecurity Pulse 2017-07-24The White House has taken Kaspersky Lab off the list of approved vendors for government agencies. Eugene Kaspersky said he will disclose his company's source code with the US government to prove that the company's products do not contain malware that could be used by Russia's government. Meanwhile, Russia is said to be considering regulations that would eliminate foreign antivirus vendors from competing in the Russian market for similar reasons.

» More information at Reuters


Rest of the Week´s News

Devil's Ivy Exploits IoT Flaw in Millions of Devices

A 0-day known as Devil's Ivy affects millions of Internet of Things (IoT) devices, including security cameras and access card readers. The flaw lies in gSOAP open source code library, and it can be exploited remotely. Genivia, the company responsible for gSOAP, has released a fix for the issue.

» More information at CNET
 

Critical Code Injection Flaw In Gnome File Manager

A German security researcher has discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager. Dubbed Bad Taste, the vulnerability (CVE-2017-11421) was discovered by Nils Dagsson Moskopp, who also released a PoC code on his blog to demonstrate the vulnerability.

» More information at Dasson's PoC
 

Critical RCE Vulnerability Found in Cisco WebEx Extensions

A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, which could allow attackers to remotely execute malicious code on a victim's computer. The remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension.

» More information at The Hacker News


Further Reading

Law Enforcement Agencies Take Down Dark Web Marketplace AlphaBay

» More information at Wired
 

Tor Bug Bounty Program Is On

» More information at Hackerone
 

UAE Allegedly Responsible for Qatari Cyberattacks

» More information at Washington Post


facebooktwitterlinkedinmail