Cyber Security

Hi

And here comes the next one. Not just one but instead one which is of such a high complexity that even top anti spy ware software companies are surprised about its quality, which they tell must be created from government institutions like other high complex Trojans like Stutnex or Flamer:

Regin: Top-tier espionage tool enables stealthy surveillance

You may heard about Quantum. This tool seems to be used with Quantum. If you check Figure 2 in the "Symantec" link, you will see that the "Regin" tool is also used to spy in India. Want to know more about it, here we go:

http://www.symantec.com/connect/blo...5d073c9abe&API1=100&API2=7596969&cjid=7596969

https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/

https://www.f-secure.com/weblog/archives/00002766.html

Take care and surf the net safe as far as you can / Dan

Hi

Today I will do a short, actual post about a regular occurring topic I guess users of any OS from Windows are a bit more interested compare to any users of any OS from Linux:

Self-Protection for Antivirus Software

An Internet security suite provides full system protection, employing all available protection technologies. But what about the self-protection of the system protectors? Do they use protection technologies such as DEP and ASLR for their own use? AV-TEST examined 32 applications to find out.

Want to know more, here we go: http://www.av-test.org/en/news/news-single-view/self-protection-for-antivirus-software/

And here a link posted in the past from an other member just to see what you may have today to update in your OS: http://filehippo.com

Surf save and have a good time / Dan

Do you use WhatsApp? If so, be also aware about the following:

A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ‘The Hacker News’.

Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst.

http://thehackernews.com/2014/12/crash-your-friends-whatsapp-remotely_1.html

@Edit ops Will update this post shortly

Did you ever hear about FIN4?

Stealing Insider Information for an Advantage in Stock Trading?

At FireEye, we investigate cyber threat activity that typically aligns with one of two goals: the pursuit of sensitive information to fulfill a government’s goals, or the theft of data for financial gain. The media echoes these two objectives daily in news stories about Eastern European cybercriminals stealing payment card data from retailers, or China-based threat groups targeting high tech firms’ latest innovations. A reader skimming the headline, “Hackers Steal Data from Pharmaceutical Firms” could be forgiven for assuming that the article tells the story of a government-backed group in pursuit of new drug innovations. However, in a campaign FireEye is uncovering today, this headline tells another story.

https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html

If you are interested in the complete report: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-fin4.pdf

In case you run a company you can test your OS with the following tool to recognize FIN4: https://github.com/fireeye/iocs/tree/master/FIN4

Surf save and have a good time / Dan

Hi

Here some specific links to expand knowledge about the Net and OS:

Sign Up for the Free Linux Foundation Publication "2014 Enterprise End User Report"

The extent of Linux adoption among the world’s largest enterprises continues to grow, according to the findings of the 2014 Enterprise End User Report produced by The Linux Foundation in partnership with Yeoman Technology Group.

In short: Windows (Cloud systems or OS) are no more the first choice in bigger companies because of lack of security.

http://www.linuxfoundation.org/publications/linux-foundation/linux-end-user-trends-report-2014

------------------------------

OPERATION AURORAGOLD: HOW THE NSA HACKS CELLPHONE NETWORKS WORLDWIDE

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.

The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

https://firstlook.org/theintercept/2014/12/04/nsa-auroragold-hack-cellphones/

-------------------------------

OPERATION CLEAVER

A new global cyber power has emerged; one that has already compromised some of the world’s most critical infrastructure. The Operation Cleaver report sheds light on the efforts of a coordinated and determined group working to undermine the security of at least 50 companies across 15 industries in 16 countries. Our report unveils the tactics, techniques and procedures used in what is still an ongoing campaign.

http://www.cylance.com/operation-cleaver/

Surf save and have a good time / Dan

Hi

The POODLE bites again (08 Dec 2014)

October's POODLE attack affected CBC-mode cipher suites in SSLv3 due to SSLv3's under-specification of the contents of the CBC padding bytes. Since SSLv3 didn't say what the padding bytes should be, implementations couldn't check them and that opened SSLv3 up to an oracle attack.

We're done pretty well at killing off SSLv3 in response to that. Chrome 39 (released Nov 18th) removed fallback to SSLv3 and Chrome 40 is scheduled to remove SSLv3 completely. Firefox 34 (released Dec 1st) has already removed SSLv3 support.

We're removing SSLv3 in favour of TLS because TLS fully specifies the contents of the padding bytes and thus stops the attack. However, TLS's padding is a subset of SSLv3's padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn't check the padding bytes but that wouldn't cause any problems in normal operation. However, if an SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections.

https://www.imperialviolet.org/2014/12/08/poodleagain.html

POODLE Test for your browser:

If you see a poodle below, then your browser supports SSLv3 via block ciphers, and you may be vulnerable. If you see a Springfield Terrier below, your browser doesn't support SSLv3, or only supports SSLv3 using stream ciphers.

https://www.poodletest.com (Acknowledgements: Thanks Andreas for suggesting a javascript trick to avoid image caching) So the test is safe.

If it shows that the browser you use is vulnerable, then you really must update to the newest version and for safety also update your OS to the newest standard.

Surf save and have a good time / Dan

By the way: Just check this link to see if there are other, new updates for software which runs on your OS like adobe products and more, as today is Windows patch day and many other companies do update there software on the same day like Windows: http://filehippo.com

www.poodletest.com says about my browsers :

Firefox, IE, Chrome - VULNERABLE
Opera - NOT VULNERABLE

Thanks Dan :thumb:

Hi

How Easy Is It to Stalk Someone with Twitter?

The downsides to using Twitter’s geo-tagging, where each tweet gives out your location, seem pretty clear: Any creep knows where you are.

Providing one's location is obviously the reason why people opt in for Geolocation tagging on their Twitter account, but it may not occur to them just how much they are giving away and to how many people. To raise awareness, Chris Weidemann developed the application Twitter2GIS. Users can test their—or anyone’s—Twitter handle at GeoSocial Footprint to see what they’re showing to the world.

Here the full article: http://motherboard.vice.com/blog/how-easy-is-it-to-stalk-someone-with-twitter and here the last two parts of this article to be noticed:

Weidemann doesn't see Twitter coming forward to explain the risks of location data any time soon, even if he wishes they would. "While I understand their business motives, I just wish they'd try harder to educate the users on over sharing (both location and non-location over sharing)," he said. "Since they're not going to, this [application] seems like a good means for doing so."

Because even if you don't care that your location data is out there, someone else is paying attention. "If social media providers are going to use this public data, along with large enterprises, and the intelligence community—all to profit off us—we as users should have a tool to view and manage our own location footprints," Weidemann said.

Now after reading the above, I guess some of you who use Twitter are interested in the following link in which you can enter your Twitter.com user name and get additional information about your stored GeoSocial Footprints. Some may are very surprised how much is stored about them and about where they go and meet. You will get additional information about: Alerts (Areas of concern), about Risk (Retrieve your tweets and we'll analyze the results and calculate your Geosocial risk) and finally Suggestions (After you've submitted your twitter username, we'll make suggestions on how to cut down on your personal Geosocial footprint).

GeoSocial Footprint:

A geosocial footprint is the combined bits of location information that a user divulges through social media, which ultimately forms the users location "footprint". For Twitter.com users, this footprint is created from GPS enabled tweets, social check-ins, natural language location searching (geocoding), and profile harvesting.

http://geosocialfootprint.com/#

Have a nice, coming weekend and take care / Dan

Hi

Did you ever hear about: HTTP Switchboard? One of the best extensions I have so far seen in the past to stop any scripts in any link. Very strong and very flexible tool.

Even I use ABP (AdBlock Plus), some scripts still show up when I open certain links in the net. With HTTP Switchboard I am able to stop even those scripts. I use it mainly when browsing the net with the Opera browser. There are more tools you can use in this extension. You may have to play around a bit with the tools to recognize the full potential of HTTP Switchboard. At least for me: I love it.

HTTP Switchboard (FOSS) put you in FULL control of where your browser is allowed to connect, what type of data it is allowed to download, and what it is allowed to execute. Nobody else decides for you: You choose. You are in full control of your privacy...

https://addons.opera.com/en/extensions/details/http-switchboard/?display=en

Have a good start into the new week and take care / Dan