The Friday Tech Takeaway - 08.09.17
WikiLeaks: CIA Caught Planting Malicious Software In Windows – Codename ‘Angelfire’: A team of hackers at the US Central Intelligence Agency (CIA), allegedly used a Windows hacking tool against its targets to gain persistent remote access. As part of its Vault 7 leaks, last Thursday WikiLeaks revealed details of a new implant developed by the CIA named "AngelFire" which targets computers running the Windows OS. The AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector.
EE 4GEE Multiple Security Vulnerabilities: After performing security testing on the 4GEE Mobile WiFi router it was discovered to be susceptible to several security vulnerabilities. These vulnerabilities in combination make it possible for an attacker to remotely exploit the device, which can be achieved through a user viewing a texted message.
Equifax data breach could impact 143 million US consumers: According to a statement published by Equifax, crooks exploited an unnamed U.S. website application vulnerability from mid-May to July to access sensitive data in its systems. http://securityaffairs.co/wordpress/62853/data-breach/equifax-2017-data-breach.html
Palo Alto Networks spots a 2007 variant of Babar: In March 2015, researchers detected Babar for the first time, with analysis leading them to believe it was a product of French intelligence. According to experts, Babar malware was used by the General Directorate for External Security (DGSE) for surveillance and cyber espionage operations. http://securityaffairs.co/wordpress/62811/malware/babar-2007-sample.html
Shadow Brokers Leak another NSA hacking tool: The Shadow Brokers, a notorious hacking group that leaked several hacking tools from the NSA, is once again making headlines for releasing another NSA exploit—but only to its "monthly dump service" subscribers. http://thehackernews.com/2017/09/shadowbrokers-unitedrake-hacking.html
Inaudible Voice Commands Can Control Siri and Alexa: Researchers at China's Zhejiang University have demonstrated how attackers can remotely control digital assistants such as Apple's Siri, Amazon's Alexa, and Google Now using inaudible voice commands and roughly $3 worth of hardware.
Google Chrome to warn of MitM attacks: Google Chrome 63 will include a new security feature that detects when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection. A MitM attack is when an application installed on a user's computer or a local network intercepts the user's web traffic.
Crooks leverage Facebook CDN servers to bypass security solutions: Researchers from the MalwareHunter team have uncovered several campaigns leveraging Facebook CDN servers in the last two weeks. In the past, the same malware group used Dropbox and Google’s cloud storage services to store the same payloads. http://securityaffairs.co/wordpress/62909/malware/facebook-cdn-abuse.html
Chinese cyber security law to allow zero-day knowledge for its intelligence: The Chinese cyber security law is supposedly focused on the protection of Chinese users’ data, but a closer look reveals the potentially devastating effects on foreign companies and their technologies.
According to threat intelligence firm Recorded Future, the analysis will be assigned to the China Information Technology Evaluation Center (CNITSEC) that operates under the Ministry of State Security (MSS). https://www.recordedfuture.com/chinese-mss-behind-apt3/
UK Government hiring cyber experts for Dark Web investigations: The UK National Crime Agency (NCA) is recruiting cyber experts and dark web analysts to track crooks involved in illicit activities and dismantle drug rings and dark web marketplaces. The NCA is aiming to improve its abilities to investigate illegal activities in the dark web. In August, the UK agency was searching for a G5 Armed Surveillance Investigator in the Armed Operations Unit, working for the Intelligence and Operations Directorate. It offered a salary of £33,850.
European Union considering intrusive upload filter as "Link Tax" alternative: The "upload filter" measure was first proposed last year and aims to prevent users from uploading copyrighted content in the first place. The main problem with the "upload filter" proposal is that the measure is extremely intrusive, as websites would have to scan all of the user's uploads, even when the user is uploading personal data online.
Is public sector cybersecurity adequate? Around the world, the public sector is a particularly attractive target for cyber attacks, and the risks are numerous. How prepared are government entities to address the volume, velocity, and sophistication of today's threats?
Another unsecured AWS S3 bucket exposed 4 million Time Warner cable subscriber records: The unsecured Amazon storage was discovered by researchers at security firm Kromtech, it was left open on the Internet by BroadSoft, one of the top companies that provides cloud-based unified communications.