Friday, January 29, 2016

The NSA tells us how we have to defend against....the NSA

Today is Friday and we start the post upside down: by the reflexion text, which we usually place at the end. And it's particularly interesting and unusual the talk given by "chief hacker" of NSA. We will relate it and we will be also focus into a serious SSL hole which has been patched, the analysis of a curious ransomware and the last CCN-CERT convention videos.


Photo from @mrisher
Rob Joyce, "chief hacker" of the National Security Agency explained at the opening talk of the Usenix Enigma convection how this intelligence service attacks its objectives, mainly administrators and others with access to privileged levels at networks, comprehensively analyzing them to discover he minimum failure or using techniques like the code injection. Joyce has explained also how to defend against these attacks: limiting access privileges, segment, no clear passwords, traffic monitoring and reading logs.


Thursday, January 28, 2016

VirusTotal takes seriously virus that attack the BIOS

Less than a year ago we started to talk about a new kind of undetectable virus because they hide in computer's BIOS. VirusTotal has added a service to detect them. We'll talk today about the virus attack against Israel which we talked yesterday and the preparation for the RSA Conference, one of the most important events of the year for the global cybersecurity community.



The VirusTotal Google service has added a new tool to its arsenal which analyze the low profile code, the firmware. There, where the antivirus don't reach, can be hidden the malicious code which survives to formats. Today, this kind of virus are used by advanced attackers, like NSA and other intelligence agencies, but this doesn't prevent them of being more and more detected.


Wednesday, January 27, 2016

Attack to Israeli critical infrastructures

A virus would have damaged and paralyzed the computing systems of the Electric Authority of  Israel, according to the minister of energy of this country. We'll talk about this, and about the robbery of 70 million euros to a Belgian bank, a new and sad World record of DDoS and the presentation of the CCI Cybersecurity guide.



The attack, qualified as "critical" by the authorities, was detected last Monday, when a cold snap on Israel caused a large electric consumption. It's one of the biggest cyberattacks suffered by Israel, according the Ministry of energy, who hasn't given so much details, except that the incident forced to stop various computers, but there wasn't consequences for the population in shape of blackouts. The past month, Ukraine suffered a similar attack and 80.000 people had an electric outage which lasted for 6 hours.


Tuesday, January 26, 2016

The half of e-commerces don't know where they store payment data

The security of our payment data leaves much to be desired according to the Ponemon Institute's survey, which has interviewed more than 3.700 cybersecurity experts from different technological companies. We'll show this information, and also the last failure in the e-commerce Magento. We'll also talk about the Cybersecurity 500 ranking of security companies  last edition and we'll tell you the story of a specially evil ransomware: Magic.
´


According to the Ponemon Institute study, 55% of the cybersecurity professionals don't know where they store their client´s payment data. 54% ensure the security of this data isn't one of the five security maximum priorities for their company and the 59% affirm they allow the access of a third person to these payment data, in the majority of cases without a multiple factor authentication. Only the 44% of the companies use encryption to protect the payment data during a sale. Knowing that, we understand why the new payment methods, like the mobile payment, are considered with a 72% of risk.


Monday, January 25, 2016

A virus left a Melbourne hospital inoperative

A Melbourne hospital which was still using Windows XP despite lots of advices by computer security experts. And what had to happen, happened. We will tell it, and also the launching of private images recorded by unsafe webcams browser, about the not so safe encryption at Apple and a back door in Amazon and other services: it´s  customer service team.


There's not many information about it, but it seems that a virus would have infected seriously Royal Melbourne Hospital's computer systems, such extremes that jobs like blood, foil weave and urine processing,  must be done manually. The last official release said the infection was controlled and pathology and pharmacy programmes are working correctly. In any case, we advise other hospitals and critical systems whose managers, possibly and sadly, aren't reading us.


Sunday, January 24, 2016

Vicente Aguilera: "I'm not in favour of hacker credentials"

Vicente Aguilera. Co- founder of Internet Security Auditors.


Vicente Aguilera is a classic of the Spanish cybersecurity. Co-founder of the Internet Security Auditors company, which celebratres its 15 anniversary this year is his. Founder of  OWASP Spanishin 2005 and president since then. Vicente is always there, with his enigmatic smile, lucky possessor of an inestimable quality in his business: discretion.

From Catalonia, he was born in Badalona 42 years ago, Vicente is the exhausted but happy father of two angels of 4 and 2 years. When he has time, what only a happens few times we suppose, he works to improve his last creation: Tinfoleak, a monitoring tool to geolocate with more details and parameters Twitter users.


Friday, January 22, 2016

50 millions were stolen from one of the main airlines providers

We are increasingly feeling fear of flying and the cause aren´t our traumas, but the high insecurity in everything that has to do with planes and airlines. Today, we knew computer attackers stole 50 millions to a Boeing and other airlines provider. We will tell it, as well as the patch that had cost Apple 3 years of work, and about back doors at military equipment and a manual to create your own bug bounties program.


According to the Ponemon Institute, the average stolen money at computers attacks ranges from 3,8 million dollars. Well, 50 million euros, nearly 55 millions dollars, have been stolen to FACC, an air materials manufacturer. The Austrian company, with customers like Boeing and Airbus and whose main stockholder is a Chinese corporation, says that surprisingly they didn´t stole data neither intellectual property: only money.


Thursday, January 21, 2016

Why did Twitter fall yesterday?

 If we ask Twitter users if they remember yesterday in the morning the service was fallen globally, possibly they'll have to make an effort to remember that, like this cut down in their "timelime" belonged to a past quickly forgotten, after the tweets and retweets renewals boom. We'll talk about that and about the cybernetic bank account robots, and about a failure in Android devices affected by the 0day on Linux.



According to Twitter, yesterday´s fall was global and it was caused by the upload of a defective software. From Scandinavia to Saudi Arabia, passing by South Africa, India or Russia, thousand users suffered the "shut down" on web and mobile phones. The failure started in the north of Europe at 08:20 GMT and from there it extended to all the network. Six hours later, at 14.20 GMT, it was considered solved but at 18.00 GMT some users still had problems. Twitter shares fell a 7% and #Twitterdown was the Trending Topic of the day.


Wednesday, January 20, 2016

66% of Android users, in danger cause a Linux 0day

This morning all  Linux systems administrators knew that exists a critical vulnerability at the kernel of the most famous free system...present since 2012. We will talk about its range, also about a Linux Trojan, a data robbery study and a recommendation: the bests free antivirus for Windows.



The 0day discovered at Linux kernel, allows access to the system with administrator privileges and affects to millions of computers. But computers aren't the problem,  because a patch will appear soon, and administrators and users will install it with more or less celerity. The problem are the systems which carry Linux inlaid, and especially the 66% of Android phones, which are affected and their security updates depend on what foot had woke up the manufacturer that day.


Tuesday, January 19, 2016

A hospital "loses" thousand of radiographs due a computer error.

A hospital in Avila, has lost lots of radiographs, ultrasounds , mammograms, resonances and they do not know how many of them have they lost by a failure at their old computer systems. We talk today about this, also about a Virus at Ukrainian airport, a bank Trojan and a young group of hackers which is coughing out to top management positions of the United States.



The use of an old computer system, the obsolete material and the rescission of the contract with the company which was carrying the maintenance are the possible causes of the "evaporation" of thousands of radiographs, ultrasounds, mammograms and resonances performed at the Healthcare Complex in Avila. The tries to recover the lost material have been in vain, while thousands of people were waiting their results from the tests they´ll probably have to repeat.


Monday, January 18, 2016

A casino has reported a company because it didn´t remove a virus from its nets

It is one of the first cases that we know, of a company which reports a security company because it didn't do well his work. A Nevada casino wants to bring Trustwave to court because it didn´t remove a virus which stole thousands of data files. Today we also will talk about the Angler exploit, which still infects websites without being undetected; about one new insecurity from the password manager LastPass and about one demonstration: how insecure is disk encryption for hardware.



Affinity Gaming has 5 casinos in Nevada and 6 in the United States. At 2013,  it hired Trustwave after suffering a data robbery of 300.000 credit cards from their customers. The company researched networks from company´s restaurants and hotels, they found a virus and deleted it. But, one year later, the company has suffered a new credit cards robbery. This time it hired Mandiant, which ensured the virus was never removed. And Affinity Gaming has brought it to court. We will see how it finishes.


Sunday, January 17, 2016

Jesús Rodriguez: "The majority of clients don't ask about security"

Jesús Rodríguez (jerocu). Owner of VozTelecom Sistemas SL


I met Jesús Rodríguez, jerocu, in the 90's, when he was the visible face of the pro-BSD movement in Spain. They wrote articles, translated manuals and even they went to Usenix USA, in 1999, which Jesus reminds like "one of the best experiences I ever had". His first contact with FreeBSD, in 1995, came through the providers of Goya, born in Madrid´s Politechnic University when "registering a domain was a phone call".

Today Jesus is 43 years old, lives in Castelldefels (Barcelona), alongside the sea, one of their biggest passions, and has 9 years old daughter whom he teaches " a rational use of all the devices with buttons and touchscreen that surrounds her". He also explains: "I'm a radio amateur, one withlarge aerials in the ground despite the neighbours and now I'm discovering the SDR". Jerocu has his own company, founded with two friends, VozTelecom, a communication service operator for SME with 120 employees and thousands clients.


Friday, January 15, 2016

Mom, a man speaks to me in my room

Day by day we have more insecurities about the Internet of the Things: a bell which can guess our wifi password, a thermometer which ensures it needs access to our photos... Of all, it put us goose bumps a story about a Washington family, whose "baby monitor" was hacked. We´ll tell how a big trouble at SSH, a hack which doubles gasoline discount coupons of and a reflexion text about the Bitcoin revolution.



Jan and Sarah´s son, 3 years old, told his parents that a man spoke him some nights, at his bedroom. They ignored him, but a day, worried, his mother went to his bedroom and heard a voice that was saying: "Wake up little boy, daddy is looking for you". The scare was very big: someone was talking with the child using the "baby monitor", which was hacked.


Thursday, January 14, 2016

How to hunt a 0DAY

Today it was very easy to determinate what will be our first informative recommendation of the day, and it´s because the best experts at security are sharing in Twitter this notice: how Kasperky Lab hunted an important hole at Silverlight, a Microsoft program. We will talk about this and also about a new bank Trojan for Android, a program which freezes their users and a reflexion of Bruce Schneier about the Internet of Things.


Kaspersky Lab explains with details how discovered and hunted a 0day at Silverlight, a plugin for browsers used by services like Netflix to show their content in streaming. All started last year with the stole of documents to Hacking Team. Among them was an email where a Russian hacker offered the 0day to the Italian company. The email peak the curiosity to Kaspersky researchers, who started a large investigation, explained in this text with excruciating detail, and were the Spanish service VirusTotal got lot of leadership.


Wednesday, January 13, 2016

New back doors in essential devices on Internet infrastuctures

The Fortinet firewalls and Citrix platforms virtualization are the news stages, using massively, where back doors have been found in the last hours. Someone claims that are attending at the dismantling of the spying infrastructure which we be warned about by Snowden in its days. We will discuss it, as well as the strange friendship between Verizon and the spammer crime and the detection of members from the DDoSers, DD4BC warning group.



Yesterday, at last hour, breaking news: the Fortinet firewalls allows to access with privileges through SSH, with a password given by the system if we access like an user called "Fortimanager_Access". Fortinet reacted immediately, claiming that it wasn´t a back door, but, an access for his personal, unveiled already in 2014 and it has a patch that close it. Although anyone knows about this patch until now...


Tuesday, January 12, 2016

Maximun danger: no more security on Internet Explorer 8, 9 and 10

Today, Tuesday 12th of January 2016 , is the day to finish the maintenance of the Internet Explorer´s versions 8, 9 and 10 and the popular browser won't have new patches for their security holes. We'll talk about that, and the discovery of serious failures in the TrendMicro antivirus, the information of the North American police about their citizens and the 10 main "influencers" about bank cybersecurity.

Only in 2015 231 security holes have been discovered on Internet Explorer, and fixed efficiently by Microsoft patches. But, now the company leaves behind the security support for 8, 9 and 10 versions, nobody will fix the future holes that will be discovered. This means a fatal risk for all big organizations which haven't updated to the last version of Internet Explorer or, directly and more cleverly, have abandoned the browser.


Monday, January 11, 2016

How to steal millons from cash machines with a trojan

Romanian government assures that they have arrested 8 Romanian citizens who stole millions of euros from cash machines through the so called “Jackpotting atacks”. This is the first operation in Europe and we will amplify it. Also, it will be place to talk about an attack with blackmail included to a breathalyzer company, one epic error by FORBES magazine and a research from CNN about attacks to corporations which are hidden to community.



The arrested  Romanian criminals used the trojan Tyupkin for their felonies: they installed it into the machines that they wanted to assault and they gave the orders by the keyword, making the machine giving all the money that it had inside. Their detention has been achieved in a joint operation with the Romanian police and the Europol which started on 2014, when a financial institution requested it, when Kaspersky Lab identified it the first time, the trojan had already attacked more than 50 cash machines in East Europe.


Sunday, January 10, 2016

A year in Security: Top Ten Posts of 2015 - Episode II

We welcome the new year but did not want to leave behind so vibrant twelve months that 2015 has given us. So we have chosen the most excitng 10 posts from CIGTR on the basis of the clicks made on those links. It was an intense year. We will tell you which was the main item and which other matters we draw attention those 10 days. This is our special Information Security Top 10 in 2015.
We saw positions 6 to 10 past Sunday. So let's go now with our Top 5: the 5 most read posts of CIGTR in 2015. This is a Top 5 with continuous attacks on privacy, to everyday apps, to Android OS... with some guys showing off their good life. And attention: FOUR posts from this Top 5 were published in September, three of them in a row. Yep, THREE! Clearly, there are months and months :)


Friday, January 8, 2016

Be careful when accepting cookies in a website: it can be a trap!

The cybercrime has found a new way to defraud us: using the famous windows to inform us, web after web, of their obligations by European laws about cookies. We'll explain how and we'll talk about new massive data robberies, a security alert of EZCast and a delicious hack which closed the last year, in the Chaos Communication Congress.



MalwareBytes warns about a malicious campaign that uses the cookies information windows of a website. Clicking in "Accept" we could be clicking, actually, in a transparent ad which the bad guys would have placed above this window. Through this, our clicks reports money to cybercriminals, who collect money from the advertiser every time somebody clicks in their ad. And that would be the most innocent use.


Thursday, January 7, 2016

Two powerful agents join into the backdoors discussion

The USA Cryptowars continues while the Dutch government has finished it, with good news to the defenders of the strong protection of our data. And while the castling of the topic goes on in the Empire, a famous criptographer offers a polemic solution. We'll talk about it, and about the attack suffered by the cloud provider Linode and the security problems in Drupal.



The Dutch government starts the year talking about the Cryptowarsdeclaring they're against the introduction of backdoors in the computer systems and in favour of a strong encryption to protect data and the communication of people and machines. And if someone doubts of their intentions, they give a subvention grant of 500.000 € to OpenSSL project. Here it is.


Tuesday, January 5, 2016

New year's purpose: being more serious on cybersecurity

Today we wake up with the new of another possible and spectacular corporate hacking case: the PSN (Playstation Network) servers of SONY were shut down to million players who tried to enjoy their subscription... and if they can beat the Asian giant and a consultancy firm has announced that half of the United Kingdom bank entities have vulnerable SSL certifications, we  are sure you'll benefit of the advices we share today to start this year reinforcing the security of your computers, as the responsible of Android does with their last update.



If recently we insisted in the need of transparency and collaboration to fight against cybercrime, today we talk about an example of the opposite, because the Playstation Network (PSN) servers are inaccessible to their subscribers and SONY insists it´s caused by a routine of maintenance, despite it seems an intentional attack, probably a DDoS, like the Phantom Squad mennaced they were going to do this Christmas.



Monday, January 4, 2016

2016 is here and the cybersecurity show goes on

We start the year and don't doubt 2016 will be very interesting from the cybersecurity point, with the common difficulties, new challenges and a few surprises, like the fact of some companies of digital services are sending notifications to their clients warning them they could being victims of the attack of a government, the different reactions provoked by the famous Cybersecurity Act of 2015, the IBM publication to repair a vulnerability in its WebSphere Portal or the work of the BlackEnergy Trojan to attack Ukrainian objectives... 



The cybernetic attacks known as "state sponsored" have the objective of exposing part of the user´s information for national security or intelligence purposes and they're increasing, many times with the collaboration of big of Internet services companies, but the trend has inverted with companies like Facebook, Yahoo, Microsoft or the omnipresent Google, that not only warn to their user, but they even have implemented new encryption systems that leave the public key in user's hands, instead of the company hands.



Sunday, January 3, 2016

A year in Security: Top Ten Posts of 2015 - Episode I

We welcome the new year but did not want to leave behind so vibrant twelve months that 2015 has given us. So we have chosen the most excitng 10 posts from CIGTR on the basis of the clicks made on those links. It was an intense year. We will tell you which was the main item and which other matters we draw attention those 10 days. This is our special Information Security Top 10 in 2015.
In this first part we will see positions 6-10, and within seven days you may read our true top 5: the 5 most read posts in 2015. In this chapter we combine the most "FREAKs" with "little things" that know what you can not imagine, so hackable phones that maybe you should need to change them completely, and there are even big fails, that kind of fails to celebrate: the mistakes that would blush the most conceited cybercriminal. Fasten your seat belts.