Thursday, April 30, 2015

Be careful when opening .docx! Macro viruses are coming back

Can you be infected by an attached invoice to an e-mail? A town hall notification? A love letter? Categorically yes, states Microsoft , who alerts of the resurgence of something we thought buried in the past century: macro viruses. We'll also discuss the recent... Error? from China blocking Facebook, how to monitor an online exam and an interesting reflection on how lax are we in our security software.

Millions of computers became infected in the 90s and we thought they were eradicated, but Microsoft has just noticed the return of macro viruses. They travel hidden along with documents created with Office Suite and some macro enabled. The victim opens the document attached to an email message, enables a macro asked to display and then gets infected. According to Microsoft, it has already affected half a million computers, especially in the United States, United Kingdom, Fracia, Italy and Germany.

Wednesday, April 29, 2015

What will happen to your Internet connection if there is an earthquake?

The earthquake that the gods sent this weekend to Nepal, once again has opened our minds to the fragility not only of human life but also of his creations, including telephone and Internet communications. Today we will talk about it and also about an excellent analysis of the recent attack by China against Github, about the DDoS plague which never ends, and about the growing critical voices in the US government against the NSA practices. 

In the chaos after an earthquake comes, behind the horror, the best of the human being: volunteers who are restoring a minimum organization to help survivors and receive help from outside... This is the main picture from Nepal right now, where infrastructure wire has been destroyed and what works is amateur radio solidarity. Thus, natural disasters are something to consider in any security plan, worth this as an example of warning to mariners.

Tuesday, April 28, 2015

Risk is global too

The Internet open encyclopedia, Wikipedia, defines globalization as "a technological, social and cultural planetary scale process, consisting of the increased communication and interdependence among countries of the world." In case we haven't had clear the extent we are in that process, the news on this Tuesday April 28 in INFOSEC related issues, clarifie all doubts.

First doubt solved: a planetary scale, ie without borders? Let's take note: Romanian police has arrested 25 people suspected of being part of a cybercriminal gang and responsible of a major fraudulent cash withdrawals operation which worth 15 million dollars. But here comes the global thing: the operations were directed against some Puerto Rico and Oman banks. If that is not globalization...

Monday, April 27, 2015

Apps creators keep raiding our privacy

Unencrypted passwords and applications exaggeratedly invading our privacy. The Security expert Troy Hunt has studied what kind of data are taking some mobile apps from our devices and he ensures he is impressed. We will discuss it, along with a failure which has jeopardized 25,000 iOS system apps, an interesting security maturity test for organizations and Twitter efforts to address the horrible scourge of cyberbullying.

According to the expert Troy Hunt, the nerve of mobile apps at the time of collecting our information, without the own app's operation requiring it, is so great that even PayPal service's app, which happen to be a serious service, incurs some invasive behaviors. Why would Paypal want our router ID, model and name of our phone, IP address, geolocation, SSID and storage space? "PayPal, do you really need to know all that?" Wonders Hunt.

Sunday, April 26, 2015

Top 5 infosec links of the week (LXXI)

In October this year should be arriving from 1985 Marty McFly, the character played by Michael J. Fox in the second part of 'Back to the Future'. McFly's jumps in time have something in common: As soon as you are not in your time, you are totally misplaced. The most read stories this week, from those chosen by CIGTR, talk about something similar to jumps in time.

'The Oscar' goes to the unfortunately well known Japanese nuclear power plant of Fukushima. Well, you must add now to its history that the Tokyo Electric Company (TEPCO), decided time ago that it was not worth upgrading the computers. So they left them running on Windows XP. And we're not talking about a few hundred computers, but staggering 48,000 ones. Story has finished coming to public, and TEPCO has had to accept that it's a time for a change. In 2015, Windows XP is the same as Marty McFly from 1985: a boy who does not understand his time.

Saturday, April 25, 2015

To protect... and to spy

We all remember the major European powers raising the tone when news about NSA spying began to circulate, right? The question is: was it an affected, feigned pose, just a gesture to the gallery? We got up on Saturday with a story close to the unpleasantness, because it is the bitter side of this question.

According to Der Spiegel, the German Federal Intelligence Service (BND), have been helping US National Security Agency (NSA) to spy on businesses and political office since 2008, and even before. There are no petty names. Here we have the aerospace firm EADS, manufacturer of Airbus, or Eurocopter from this same industry. Some initial revelations (2013) from Snowden noticed this aid between agencies, and that provoked the reaction from the German authorities. Today we know that such assistance espionage operations were much greater than that once was said.

Friday, April 24, 2015

The ransomware plague is out of control

At the time of writing, a wave of CriptoLocker attacks hits the Spanish Internet with messages claiming to come from the postal service. Unfortunately, it is not the first time. Viruses which blackmail their victims are now one of the best cybercrime business. We'll discuss about it and also about cybercrime as a service, and we´ll mention another important threat which is looming over eBay Stores.

They either encrypted their victims computers or accuse them of having visited banned sites and then they blackmail them. It is the booming ransomware business, increasingly joined by crooks, as botnet owners who install these viruses in thousands of machines under their control; or experts at infecting websites, who no longer intoxicate visitors with banking Trojans but with ransomware. And in a most difficult and profitable way: those who begin to encrypt websites databases of companies.

Thursday, April 23, 2015

INFOSEC greatest blunders

It could have ended badly!, would one say. So today we discovered that 48,000 computers at the Fukushima nuclear power plant are working with the outdated Windows XP operating system, for which there are no updates already. "It could have ended badly!" also when yesterday at the RSA Conference was revealed that a seller of sales terminals assigned exactly the same password to all devices he had selled since ... 1990! We'll also talk about children, and an interesting attack to NSA.

A Japanese government audit has revealed that Fukushima nuclear plant continues using Windows XP operating system, even though it's been almost a year since Microsoft stopped to update it, which represents a serious INFOSEC risk. Unfortunately, this is not news to those who know the status of critical infrastructures around the world, and know that the Japanese plant is no exception but the rule.

Wednesday, April 22, 2015

Attacking the White House with monkeys. Yes, seriously.

Monkeys doing funny things on videos. They were sent by email to White House employees with viruses hidden on it. It was explained on the analysis made by Kaspersky Lab's about Cozy Duke advanced attack, suffered by the US government last winter. But today the undisputed protagonist is not the White House but the RSA Conference, from where we get a lot of interesting security news.

CozyDuke had, like most advanced attacks, at least two ways of assaulting their victims via email. On the one hand, sending links to legitimate high profile sites as, who had been attacked and infected their visitors. Or sending funny flash videos, attachments to mail messages, such as "Monkeys in the office LOL Video. zip." When opened, a virus is installed on the victim computer. Both tricksare really old but helped CozyDuke to get into the White House andthe State Department, among others.

Tuesday, April 21, 2015

Is your webcam spying on you?

A new bug in Adobe Flash Player reminds us of one of the espionage techniques most widely used by cyber criminals: our computers cameras and microphones, phones and other devices. Experts recommend covering with stickers these cameras, but it's not so simple when you want to disable the microphones. We will talk about it, and also about a millionaire compensation to MasterCard, a new market for 0days and business security tips. Here we go. 

It is not the first time it's discovered a hole that could spy on what we do and say through our webcam and microphones. Much of malware dedicated to industrial and government spying allows to do so and the only defense is to have our devices upgraded. Adobe has already released a patch for this bug. Anyway, by way of a precaution, we recommend to be aware of, for example, how many sites are we going with our mobile phone in our pocket.

Monday, April 20, 2015

Interpol will develope its own virtual currency

It would be only for law enforcement training purposes, but it still remains curious that Interpol has decided to create their own virtual currency scheme. It seems that Bitcoin and other cryptcoins are increasingly used and should be taken seriously. Today, we'll also discuss on how banks report on INFOSEC incidents, a big improvement on Google ads and about cyberwar in the Middle East. 

As explained by Cyber Innovation Interpol director, the intention to create a virtual police currency is to better understanding how do they work, since they have become the default means of payment in the network underworld. Kaspersky Lab has discovered a major flaw in these coins scheme, which allow malicious code to be sent along with virtual transactions and would be studied by Interpol.

Sunday, April 19, 2015

Top 5 infosec links of the week (LXX)

It's been the most read story of the week with a huge difference and one of the most followed news of our history: Monday we recommended reading how some hacktivists imagined an original response to an unfortunate law. The law, passed by the Spanish government, prohibits people demonstrate outside sites like Congress. The imaginative response: organize a demonstration of holograms.

This law, called "Gag Law", is being investigated by European Union because could step on some civil rights. Hacktivists authors of this action would be of European origin and not Spanish. But let's now the second most read story: an important bug that affects all Windows versions, including 10th. The flaw allows to steal credentials and Microsoft knew for years but did not matter. In fact, it's still not patched.

Saturday, April 18, 2015

Don't get stung

What about learning some piano? In 1902 Scott Joplin composed 'The Entertainer' ('The Entertainer'), a piece that went unnoticed until 71 years later, when Marvin Hamlisch arranged it for the film 'The Sting'. Two swindlers who devise an ingenious plan to avenge the death of a colleague. And a film that leaves us one of those immortal quotes: "What was I supposed to do - call him for cheating better than me?".

Researchers and cybercriminals, face to face. Which of the two is faster cheating the system? Who hacks quicker? Bad guys don't let up environments like Java. Again there has been found some vulnerabilities presenting several risks for millions of applications, and the Oracle team can do nothing but certify the hole. It is time to patch, and to do it asap.

Friday, April 17, 2015

The nightmare goes on for Sony.

It is undoubtedly the news of the day: when we thought  the attack on Sony Pictures corporation was over, Wikileaks organization publishes online all documents and emails stolen from Sony, with a search engine so they are easier to find. There is no talk of nothing else in the gossip and social networks. We, however, will also talk about targeted attacks, employees who do not follow security policies and the opening to the public of the IBM X-Force Exchange platform.

Last Christmas was a bitter one for Sony Pictures, due to a bloody attack which stole a large amount of information from the company and made it public. But today we discover that there was more than what was shown and because Wikileaks has decided offer it to the public. There are 30,000 documents and 173,000 emails where we can read, among other activities, about the "lobby" activity of the corporation, it´s friendship and financing of the US Democratic Party and its role in the closure of the Megaupload site.

Thursday, April 16, 2015

More and more voices warn of aircraft insecurity

The spaniard Hugo Teso has spent years warning about aircraft INFOSEC problems and how easy it would be for someone malicious hijack their communications. It's been said by an independent agency which conducts research for the US government. We'll also talk about a new virus which attacks sales points in physical stores, banks which do not report about their security breaches and companies trapped in the cyberwar crossfire.

The Government Accountability Office (GAO) of the United States has just issued a study ensuring that its airlines do not pay enough attention to gaps which could jeopardize their passengers safety. Among other failures, emphasizes that WiFi connections used by pilots are the same as those used by passengers, so it would allow to spy or manipulate these communications.

Wednesday, April 15, 2015

Cyber villains attacking Cyber villains

It is not the first time we see a gang war in the network. But the first in the elitist world of Advanced Persistent Threatsw (APT), specialized in attacking governments and corporations. This story has been unveiled by Kaspersky Lab people and so we'll tell you, along with other issues like virtual kidnappings boom in Spain and several tips and information of interest for executives and entrepreneurs.

APT groups in contention are the powerful Naikon; one of the busiest in Asia, specialiced on introducing backdoors to spy on all types of organisms; and Hellsing, smaller and elitist. According to the Kasperksy company, they have sent to each other "spear-phishing" messages hidding virus to install backdoors on its rivals computers. We had seen other gang wars before, as when they stole botnets to each other, but this is something new.

Tuesday, April 14, 2015

Widespread failure on all Windows systems... since 1997

A vulnerability that affects all versions of Windows operating systems for almost 20 years has been discovered. The failure would allow the theft of passwords stored in the system. Today is also the day when the authors of one of the largest botnets in history, Mariposa, are being tried at the Spanish National Court. At least, we will discuss leaks and illegal sale of data.

At the time we're writing this lines, the Microsoft company downplayed the bug, dubbed "SMB Redirection" because it fools the SMB system registry. According to Microsoft, it has been tested in a laboratory only and no one will exploit it, so they haven't released any patch. Meanwhile, the news spreads like wildfire, because it affects all versions of Windows, including 10, and some programs from other brands like Adobe, Apple, Oracle and Symantec.

Monday, April 13, 2015

Holographic demonstration in front of the Spanish Congress.

Renew or die. After years stuck in data theft, the "deface" of websites and shelling, hacktivism searches new paths and shows it by celebrating the first holographic protest in history. While, Anonymous initiates the closure of the #OpIsrael2015 campaign. Simda. Speaking of closures, law enforcement forces have closed the bank Trojan botnet. Meanwhile, other Trojans dedicated to extortion, are rapidly gaining in popularity. Let's get started. 

The first holographic demostration in history took place at the Spanish Congress, to protest against the so-called "Gag Law", prohibiting protests from real people. Hence the idea came from a group of hacktivists: Flesh and blood people can not march but the law says nothing about holograms. It's been a long time since hacktivism has not showed us such a cool idea, maybe too accustomed to violent tactics, as in the past.

Sunday, April 12, 2015

Top 5 infosec links of the week (LXIX)

Epic fails, terrorists sharing on social media, porn webs watching you... There is everything in this top 5 infosec links of the week, as disposed by our own readers. It has been seven days when so much has happened, and so fast, so we should have a Sunday break to look back and prop the most important headlines.

In Internet carelessness is not forgiven. The epic fail of French television TV5Monde has been the issue with the greatest impact of the week. First we read that it had been hacked, but 24 hours later we contemplate astonished that the TV station itself gave the thieves "the keys to home", with detailed plans and more favorables hours to strike. That is, they showed on air all their computer passwords. For bad guys, it was plain sailing.

Saturday, April 11, 2015

On cybersecurity anthill

"A wise man can sit on an anthill, but only a fool remains seated on it". It is a bit ironic the origin of this proverb, China, and its teachings applicable to cybersecurity throughout the world. The Asian giant is now the main headline because of the discovery of the huge hacking platform from Chinese Government, the Grand Canyon. But each day is full of small players sitting on anthills.

University of Toronto and University of California at Berkeley have unvelid this government platform, working in parallel with the Great Firewall. Among one and the another, the Great Wall is nothing more than a little joke. Firewall is used to keep under lock where Chinese people can or can not surf, but Canyon lets authorities to attack any device trying the morbid curiosity what is Chinese Internet like. It is not only forbidden for natives to think, but it is for strangers to snoop.

Friday, April 10, 2015

Hacking physical activity bracelets

The Internet of Things is still unbeatable, giving news every single day about its poor INFOSEC. This time it's fitness bracele's turn, which seems so innocent but can make us ending up with our medical data in the wrong hands. Today we'll also talk about the serious mistake that possibly caused the French chain TV5Monde's hacking, plus a bank trojan alert and an interesting text on programming languages and business philosophy that comes straight from the prestigious "MIT Technology Review". 
Smart bracelets are increasingly all around: at parks, gymnasiums and other spaces for sport. They count calories, capture physical state data of its owner and interact with your mobile phone. The Kaspersky company has detected that this interaction is not at all secure and allows others to connect to the bracelet, send orders and steal data. Hopefully, our athletic readers can consider themselves warned.

Thursday, April 9, 2015

Historical fine for data mismanagement

The Federal Communications Commission (FCC) of the US government has reached an agreement with the AT&T company, forcing them to pay $25 million, the highest fine ever imposed by this organism on privacy and data security issues. We'll talk about it and also about "cyber jihad" resurgence, and how police chases terrorism on the Internet. 

The FCC considers proved that AT&T call center employees from Mexico, Colombia and the Philippine traded with data from nearly 300,000 customers. Specifically, employees sold to third parties who trafficked with stolen phones personal data that could be used to unlock AT&T mobile phones.

Wednesday, April 8, 2015

Who looks at who in Internet?

Be careful with that! An investigative reportage warns on the monitoring services of those who use pornography services at the Internet. This is a sensitive issue not only about privacy but about security, because these data could be used to "set traps" to managerial positions and put the security of a whole company at risk. Today we also put an eye on other news: the voracity of Facebook, Russia assaults the White House and telephonic crime. 

We are already used to websites monitoring our steps and building profiles: where we came from, which links we click, how long we stay at the site... But we may not have in mind that so do 88% of online porn sites, plus the advertisements and statistical services of these sites monitoring, regardless browsing in incognito mode. It's told by an interesting journalistic investigation.

Tuesday, April 7, 2015

How much would you sell your paswords for?

Privacy has an increasingly high price . But what about the lack of privacy? A study by the Ponemon Institute and Trend Micro has concluded that 56% of us will ease our personal information in exchange for money. Who also offers money to know us better is the Spanish government: there's 1.6 million for the person who built a system that monitor us on social networks.
Markus Winkler
According to the statement submitted by the Spanish Ministry of Internal Affairs, this software tool would capture and store data and from social networks, call records, medical records, emails, travelers information, etc. Its aim is to detect potential terrorists among citizens who are not "on file".

And, meanwhile some take so much work to gather our data, others buy them directly. According to the Ponemon survey and Trend Micro to 1,900 people, half of them will sell their passwords for $76, their health-related information for 58, their buying habits by 20, or their phone number for $6.

Another way to get our data is stealing it, something which are doing increasingly viruses that reach us by mobile phone. Most of them "live" in Android environment, although it should be made clear that it's normal since Android is where there are most "apps" by far. Google has just released a report summarizing the security status of Android, modifications made during the year and new features.

And we have kept for last the best news: finally it's possible to recover data encrypted with CryptoLocker, a dangerous virus. It´s estimated that 500,000 people and businesses have been its victims. A police operation managed to get into criminal's computers and recover the decryption keys, which is offering free by the company FireEye. A bravo! written with capital letters.

With this good news and a smile, our daily recap is over. 

Monday, April 6, 2015

(Cyber) comparisons are odious

"Sunt bona sunt quaedam, bad sunt pure". In the epigrams of Martial, we find this quote that means "some people are good, some others stand in the middle and most of them are bad." Comparisons are always odious, but sometimes we have no choice but to compare. And sometimes even the comparisons make us to look away, because the differences between them are overwhelming.

It´s the case of cyber defense expenditure of the United States and the rest of the western countries. The US cyber defense budget is 5,100 million dollars in 2015, and is estimated to reach 14,000 million dollars in 2018, an increase of almost 300%. If we compare the figures with other countries, we find 219 million pounds two years ago, and an expected increase of only a 3.4% until 2017 in cyber defense, and a 5.7% in cybersecurity. In Spain, global expense in cybersecurity (both public and private) last 2014, is estimated at 150 million euros approximately , nothing compared to a global investment of over 72,000 million. These are figures we find in the recently published report from "INFOSEC market: analysis and characterization by INCIBE".

Sunday, April 5, 2015

Hacker culture, soda and popcorn

"Exactly. There's no way to win. The game itself is pointless! But back at the war room, they believe you can win a nuclear war. That there can be "acceptable losses"."It is one of the mythical quotes from hacker movies: 'War Games' (1983), directed by John Badham; 32 years after its release, it remains at the 'top-of-mind' of cyberculture.

After all, War Games is one of four finalists films in the hacker culture movie competition by tech magazine Ars Technica, which reaches semifinals facing Office Space. The other semifinal confronts another immortal classic, Tron, with a play where hacking is a secondary argument but nevertheless is a major part of the story: Jurassic Park. What better to do on a Sunday like today to give you some cinema, popcorn and soda, returning to see some of these films, or discovering them if you didn't do it before?

Thursday, April 2, 2015

$ 5000 for discovering a bug on Youtube

Sometimes Internet experience could be compared to a race through a minefield: Facebook intrudes on our privacy beyond the limits of legality, easy money hungry companies flood us with illegal advertising and several bugs in services used by millions expose us to money and data steals, affecting our peace. Luckily, there are people who are on the ball, de-miners discovering bugs and scams and warning the rest. Google just reward one of them with $ 5,000.

The researcher Kamil Hismatullin discovered a really serious failure that allowed to delete any Youtube video very easily. Simply by sending the order "delete" from a console command to Youtube, along with video ID. Google, the company that owns Youtube, has rewarded Hismatullin with $ 5,000. Some voices have suggested that the researcher should have received more, remembering that Facebook recently paid 11,500 euros for another "bug".

Wednesday, April 1, 2015

Are governments making the network most insecure?

China has finally stopped the bombing versus the famous Github programmers community. It's been six days of a brutal DDoS that will be discussed by experts and possibly, reprisals will be taken at a political levelIn the meanwhile, an uncomfortable feeling is installed in society, the one which opens business on the net and use online services, because anyone with enough weapons and equipment, can take Internet as a battlefield in which there are no more rules but the law of the strongest, and anyone can become a victim from night to day. "Was" this the desired scenario?

"All systems nominal". Since last night, Github programmers community's Twitter account displays this warning, meaning that a DDoS attack started at March 26 is just finished, as we reported at the time. The attack came from from China and tried to force the site to remove two projects that allow Chinese citizens to see websites like Google or some news providers prohibited by their country. Novel techniques have been used in the attack, and now are being researched by experts.