Monday, February 29, 2016

Chinese IPSs inject malware on the web

Soon we could not navigate calmly on the web because more and more webs are being infected with malware. What we didn't expect was the Chinese ISPs were also injecting odd things on the webs. We'll expand this information and keep talking about this matter because the Angler kit is still infecting high traffic webs with ransomware  and other ransomware, CTB Locker, has launched a new version specialized in attacking WordPress sites. The situation is starting to be desperate and the last thing we need is the antivirus don't working well.


Three Israeli researchers have discovered at least two important Chinese ISPs which inject ads and malware in its network traffic, without being necessary of their clients. They redirects to whom they want to websites with links which will infect or show ads which aren't in the original site. We hope this example doesn't spread to other ISPs of the world.


Sunday, February 28, 2016

Silvia Barrera, police: "I admire hackers and I’d like be like them"

Silvia Barrera. National Police Inspector and Technological Research Unity Section chief.


Silvia Barrera writes so good that it’s better she presents herself: “Although I’ve raised in Madrid, as soon as I could, when I was very young, I went out the capital. Yesterday was my 39th birthday (yes, 39) despite my child face, the experience (and also the grey hair) follow me and I can’t get away of it. I studied occupational therapy at the same way as 21 years ago university orientation committees did not exist the things weren’t clear. I always had present that helping other people makes me happy but I didn’t know how. I thought a grade focused in the human being knowledge could serve but it didn’t. I learnt a lot, I specialized on neurological pathologies but when I started to work on that, I realized it wasn’t my path”.

"That’s why I joined to the Air Force, a total change without fear, where I spent almost 5 years and from there I joined the Police. All my life working and studying until I passed the exam for Inspector. In all these years, I suffered personal and professional beats and in the end, I ended in the called BIT, 9 years ago and it was when I discovered the love of my live: Internet and its possibilities. A world where the knowledge never ends and where, you can also help other people."


Friday, February 26, 2016

Looking for keeping VPNs in a short leash step by step

Inside the global debate about encryption and governments intrusion, it have left a hole about how it can allow the anonymity offered in the private virtual networks. Now, a study gives light to the matter. Today we'll talk about the announcement of new holes on OpenSSL, another study about ATM attacks and a very interesting last year cybersecurity sum, made by the famous company Mandiant.


https://www.flickr.com/photos/52602528@N05/4858459218

Worldwide governments look thought their fingers the increasingly VPN services popularization and they start to legislate it. There are also companies which don't allow the access to their video services to VPN users, like Netflix or BBC iPlayer. We just knew an international study about how to regulate this topic in different countries, with examples like the Persian Gulf or China states, which block these traffic, until the extreme of Sirya, whose government created a fake VPN app with trojans included.


Thursday, February 25, 2016

A hacker can decide if you're live or dead in the hospital

Different pentestings have been made in hospitals in the last times and it has driven us crazy, but today´s pentesting is for championship. We'll expand this information, as well a Google initiative to help DDoS attacks victims, the Tor users complaints because they can't enter in some websites, and cybersecurity companies which joint an operation to track Sony hackers.



To this day it would be possible for someone to remotely manipulate a patient's monitor in a hospital and show vital signs which are not real. The attack would work also in other hospital devices like med dispensers. It was proved by an Independent Security Evaluators company team. Their research joins to the others which are being made and have proved, among other things, that it could manipulate even a magnetic resonance device.


Wednesday, February 24, 2016

Humans are the best hacker tool

The title isn't a joke: it's said by a research and also the observation of the increasing cyberattacks using social engineering or the art of cheating not to computers but humans. We'll show it, as well as another study from Kaspersky Lab, about the smartphone malwave evolution on 2015. We'll talk about how a collective demand against Asus for bad security has been solved and a hack: introducing orders in a machine through the owner's wireless mouse and keypad.



According to the "Human Factor 2016" study, the social engineering is the hacker's number one technique to cheat the humans who could give them sensitive information or access to a computer. Although this isn't new and the social engineering is an ancient hacker´s culture technique, the interesting thing is in the analysis, with graphics about what is the best hour to sent a phishing and others.


Tuesday, February 23, 2016

2.000 asistants to the Mobile Congress connected to a malicious wifi

As we predicted yesterday, the first security news of  Mobile World Congress start to appear. The first one is an experiment made in the airport, where 2.000 people connected to 3 malicious wifi networks. We'll expand this info as well how the hacker of Linux Mint acted, the malware for Android code released and the unstoppable advance of the banking trojans.



The experiment was made in the the Mobile World Congress register zone in Barcelona airport. The wifi points were called as "MWC Free WiFi". In only 4 hours 2.000 people "fell" and the researchers could see their navigation details like their visits to websites: the 62% googled something or saw their Gmail accounts, 15% accessed to Yahoo!, 2% listened music on Spotify and 1% connected to a dating app.


Monday, February 22, 2016

How to hack an operating system in a stylish way

This weekend the cybersecurity community has been witness of an interesting hack against 
nothing less than the possibly most used Linux distribution on personal computers: Linux Mint. We'll expand it, as well the last information about the serious bug in the glibc library, also in Linux, a vulnerability on AirDroid and how the "WarGames" movie influenced in the Reagan's policy. 



The official version says the hackers assaulted the website, made in WordPress, where Linux Mint offers its operating system. They used Apache to redirect the people who wanted to download it to a server with a manipulated ISO. Also, they stole the database of the Linux Mint forum and put it on sale in the black market. This happened on Saturday, so it only would affect the people who had downloaded Linux Mint the past Saturday.


Sunday, February 21, 2016

José de la Peña: "Attacks prevention does not justify over monitoring people"

José de la Peña Muñoz. Director of SIC magazine.


José de la Peña says he doesn't want to look like the "cybersecurity"curmudgeon old man (the quotation marks are his). The truth is, more than an old man, he always looks like a gentleman, a gentleman very well connected with the highest levels of the Spanish cybersecurity. People skills and discretion master, with his 56 years. Pepe knows a lot. Really, a lot.

Father of two children, fan of physics and science fiction, passionate guitar artist, Pepe de la Peña is a pure journalist forged in the Universidad Complutense of Madrid.
He runs the SIC magazine since 1992, created with the name of "Seguridad Informática" and he is a national reference in the sector. Every important company in the sector that receives the magazine by subscription. Co-organizes, since 26 years ago, the Secumática congress, associated to SIC and, with the magazine, a referent for companies, universities and administrations of this kingdom of security and computing privacy, where Pepe acts as the perfect chamberlain .


Friday, February 19, 2016

Nuts and bolts about the Apple Case

Which will be the next step of Apple? And the FBI? We finish the week assisting to the duel of the year, which faces a respectable government against a respectable company. How will the battle finish? Today we change a little bit the philosophy of our daily sums and we focus only in one matter: the Apple rebellion against the order of a judge which forces the company to create a code to break one of their iPhones. Who is in favour, who is against it and what is the opinion of some of the best thinking heads of the technological revolution.



We start with a good sum about the reactions to the Apple letter. As we could expect, Silicon Valley supports the Apple, including Google, Dropbox, Facebook, Linkedin, Microsoft, Twitter, Yahoo, etc. In the policy world, meanwhile the republicans join to the FBI, the democrats join to Apple, although we have to say that Hillary Clinton and Bernie Sanders were asked about this topic and they didn't answer.


Thursday, February 18, 2016

Hospital surrenders to the blackmail and pays 17.000 $

The ransomware had hit the mark and affected vital parts of Los Angeles Presbyterian Hospital IT systems. So they have decided to do what any cybersecurity expert don't recommend: paying the rescue. We'll expand it, as well as the irruption of a new ransomware with the sign of the Dridex bank trojan and a didactic text about how to make money with the Android malware. We'll finish with the victims of a good part of these "critters", the SMEs, to whom free courses are offered.



"The quickest and most effective way to restore our systems and administrative functions was to pay the ransom to obtain the decryption key. We did this thinking it was the best to restore normal operations", has explained Allen Stefanek, the president of the hospital. The strike has been really important and would have affected the electronic medical systems used in the clinic operations.


Wednesday, February 17, 2016

The struggle between Apple and the USA government is intensifying

Today the North American company Apple has risen to the Valhalla of the most legendary cybernetic citizenship heroes after publicly refusing to obey the order of a judge which forced to design a backdoor for iPhone. We'll expand this information as well as a serious hole discovered in Linux, a picture which shows an incoming robbery mode and an interesting report about the algorithms which decide who should die by drone fire.



The letter written by Tim Cook  to their clients explaining his version of the case runs at the speed of light: a judge would have asked to design a new iPhone operating system which avoids the automatic format of the device after ten tries introducing a wrong password. With this measure they would help the FBI to crack by brute force the iPhone of a murderer. Apple refuses to do it, saying that the FBI wouldn't use this tool only for this case, but it will become their key to open many more iPhones. The struggle between Apple, and by association the biggest technological companies, and the USA government for the encryption in their devices lasts for months, even years. This is another episode, a dramatic one.


Tuesday, February 16, 2016

Careful with this Android malware: it is bad tempered

It can erase all the saved content of your smartphone, spy and send SMS, make phone calls, change your setting and even enter in Tor. It's the last and most sophisticated malware which is infecting Android smartphones and we'll explain how to prevent the infection. We'll talk about another active menace for Magento stores owners, as well as about a couple of issues to read calmly: the increasingly technological patents of the banks and a research about where are the authors of the mythical hack against Sony.



The malware is called Mazar BOT and although it is on sale in the black market since few months ago, we hadn't seen it in action until now. It enters in your smartphone with an SMS or MMS asking to the victim to download an app to read the message. The app doesn't exist, because it is the virus, which will take control of the smartphone and it can eliminate the content, install a proxy to spy the traffic or make attacks of man-in-the-middle and download an app to use Tor and automate their communications. How to protect yourself? Don't click on SMS or MMS links and ban the download of third party apps.


Monday, February 15, 2016

A cyber hijacking full of kindness

Who could have said the bad guys were so kind to attend us personally? As it's often said in the movies: "nothing personal, it's just business and I'm a professional". Do you have to pay a rescue for your devices and you don't know how to? The cybercriminal who infected you will guide you. The kindness and the security aren't always related, as we see today with the ransomware and Facebook, while we go to a hospital in the Mecca of Cinema and we'll meet the tenth edition of a veteran project.

The last ransomware is called PadCrypt and it enters in your device thanks to a fake PDF opened by the user with the best intentions. When the user opens the file, and without time to go back, all the files of the computer will be encrypted and it also appears random text and HTML files in every folder with files. But there's more: the infected user will see a popup that reads "live chat",  being  the first time this happens in a malware, because the CrytoWall precedent had a "help" chat but in website mode. To complete the picture, PadCrypr adds an uninstall executable which... of course DOESN'T work.


Sunday, February 14, 2016

Continuum Security: "50% of vulnerabilities could be avoided"

Cristina Bentué and Stephen de Vries. Founders of Continuum Security Solutions.


Continuum Security won the first prize for startups organized by the National Cybersecurity Institute (INCIBE).  There are two persons behind this little but ambitious company, Cristina Bentué and Stephen de Vries, who live and work in Barbastro.One day they decided to give a different twist to their cybersecurity consulting with the developing of their own products, focused on the analysis of software security.

Stephen is the hacker of the family. From his head has emerged BDD-Security, free and with free code, his most famous creation. And also the big shot of Continuum: IriusRisk. The objective isn't only to analyze the security but also getting a safe development from scratch. Important actors bet on this startup, which has been finalist on the BBVA Open Talent and on the European Cyber Security and Privacy Innovation Awards.


Friday, February 12, 2016

Software failure ruined an anthropological discovery

An important discovery based on the study of the genome of an African ancestor has run out of steam: it was due to a software failure. Well, omniscience of computer causes not only mistakes in communication networks or operating machines, but it affects all aspects of our life, including the theft of our cars. We will expand this information, as well as the appearance of the first criticisms to Let's Encrypt initiative and the presentation of the Global Report on Encryption Products.


It was October 2015 when it was released one research on "Science Paper", that claimed to have found traces of ancestral farmer genes from Middle East and West and Central Africa. Now the authors have had to unsay. An incompatibility error between two software packages caused that some genetic variants were deleted from the analysis and conclusions were erroneous. Software fails can have large impacts on history and human culture.



Confirmed: Windows 10 spies you even if you don't want

Neither changing the privacy settings of Windows 10 and setting them in the most paranoid extreme is possible to achieve that Windows 10 doesn't take their clients data, according a recent report we'll talk about. We'll also talk about a hacker group who assault routers to securize them, a serious vulnerability on SAP and the second edition of the excellent compilation "Know your enemies".



According to the study, It's impossible to avoid Windows spying their clients, nor disabling the telemetry, neither using external programs. Windows 10 makes 5.500 connections against 93 different IP directions, the half of them belonging to Microsoft. in only 8 hours To make the matter worse, connections aren't safe, what would allow to an intruder intercept this data. The read of the article is worth it.


Wednesday, February 10, 2016

United States will have a Supreme Cybersecurity Chief

The President of the United States has presented his National Cybersecurity Plan which provides, among other things, the figure of a Federal Cybersecurity Chief. We'll talk about that, and about some stories not to sleep well from the other side: Tries to but Apple employees, manipulation of  foreign currencies with malware and a Portugueses group which has extort big companies.



"Is not a secret that too often the technological infrastructures of the government are like an Atari game in a Xbox world" wrote a few days ago Barack Obama on the Wall Street Journal. The great theft, last year, of the data of millions of functionaries has made a great impact in the Obama administration, which before he leaves presents a plan to improve cybersecurity not only the government but the whole country, with semminars for the population who want  to be part of  akind of cybernetic reserve and the promotion of the biometric authentication or the double factor. It will cost 19 thousand millions dollars.


Tuesday, February 9, 2016

The cyberattacks against banks are increasingly sofisticated

Today we celebrate two things: the safe Internet day and the Kaspersky Lab Congress on Tenerife, where it being reported cases like the increase of bank thefts through the technique of enter remotely in them and get the money via ATM. We'll talk about that and we'll keep talking about banks because the Russian police has arrested the band behind the bank Troyan number one.



Kaspersky Lab warned some time ago of APT Carbanak, which through spear-phishing and malware entered in different banks, and, after a few time spying their modus operandi, started to get out large amounts of money via ATMs, where the mules were waiting. Now, according to Kaspersky, the Carbanak bunch are back and new bunches are released using similar techniques, like the Metel bunch.


Monday, February 8, 2016

It has been a hacker? The Botnet which sent virus is antivirus now

Nobody can't explain it: some servers of the botnet which infects their victims with the famous bank Trojan Dridex have started to "infect" with the Avira antivirus. An avenging hacker? A mislead of Evil Corp, group who operates with Dridex? We'll talk about it today and also about the biggest password brute force attack known so far, about spam and phishing on 2015 and the ransomware report of CNN-CERT.



According to the company responsible of the Avira antivirus, some file servers which served the Trojan Dridex in malicious webs would have passed to serve the free version of this antivirus. According to Avira, someone with the "philosophy and lifestyle of Batman" would have assaulted these servers. At the end of the last month happened something similar when some "infected" routers to securize them.


Sunday, February 7, 2016

Raul Siles: "In Spain the experienced seniors aren't well considered"

Raul Siles. Founder of DinoSec.


Raul Siles is a natural born teacher who will leave us wanting to hear more stories and opinions, acquired in very different fields, from him at the end of the interview. He is from Madrid, 0 years old and with 2 sons, he studied in the Computing Faculty of the Universidad Politécnica de Madrid and, until he became in a cybersecurity independent professional, he learnt the rest on the way, in interesting projects like Honeynet España or SANS Institute.

Raul seems that kind of person who works hard and well, without making noise, which means he doesn't like talking about it: he has written articles and he gave a lot of talks and conventions, the next one on the RootedCon, with the attractive title of "La cena de los IdIoTas" (Dinner for Schmucks). On 2008, he co-founded DinoSec, company called by himself "a SME very S" because they only have two employees. We add, with love, it is "small but powerful", because governments and large corporations are among their clients.


Friday, February 5, 2016

The risks of cybersecurity in a new technological era



The evolution of technology is unstoppable and desirable in almost every area... but it has risks too. The present approach to the quantum computation makes some experts fear about the  future of encryption which are being applied in communications nowadays. 

Even present technologies present vulnerabilities not contemplated in their design and they seem difficult to solve. All this in an increasingly sensitive in the cybersecurity importance environment, and with the knowledge and past experience of the weapon potential which offer the intelligence technologies.


Thursday, February 4, 2016

An American functionary hack to others to steal nuclear secrets

For some time we don't have a clear case of  orchestrate case from inside. An employee of the Energy Department of the USA government infected the computers of 80 workers, opening their gates to attackers. Today also attract our attention the modus operandi of the new north American law of Cybersecurity Information Sharing Act (CISA), serious failures in the browser of the Comodo antivirus and a good analysis about the security of the main digital fingerprint sensors.



Charles Harvey Eccleston, of 62 years old, former employee of the Energy Department and the Unite States Nuclear Regulatory Commission, has been declared guilty of attack employees of Energy sending them emails with malware (spare phising) to steal nuclear secrets. Also, he tried to sell email addresses of thousands functionaries to foreign governments. Possibly he will stay in prison between 24 to 30 months and he has to pay a penalty of 95.000 dollars at most.


Wednesday, February 3, 2016

USA can't spy european citizien... or that is what they say

Unite States and Europe have reached an agreement in the last minute of the set time to find a solution to the break of the Safe Harbor agreement, concerning to the data exchange between both territories. We'll explain the details and, also, today is a day of great bugs: On Wordpress, on eBay and on Socat.


The agreement expand the points of Safe Harbor: in addition to pact the data traffic conditions between Unite States and Europe, the continent compromises to not spying in a massive way to their citizens and forces the United States to do the same. The agreement is unprecedented and, also, forces to create an organism to ensuring compliance with the same. It sounds pretty good.


Tuesday, February 2, 2016

A cybercriminal earns less than 30.000 per year according to a report

A survey of the famous Ponemon Institute destroys the myth which says that the cybercriminals earn a lot of money. We'll talk about this and also the activity in the court concerning to a king of the virtual money laundering and the first cyberterrorist judged in Unite States. We'll finish with something for the hackers: unexpected scan of IPv6 address.



The Ponemon report gives some interesting data, like that the average profit of a cyberattacker doesn't exceed the 30.000 dollars per year. Also, the 72% of respondents ensure that they don't spent their time in attacks that don't report them valuable information in a short period of time, preferring the easy targets. Thus, the 60% of the cyberattacks don't require more than 40 hours. Interesting data that our readers can extend in this article.


Monday, February 1, 2016

The SCADA system aren't prepared to respond to attacks

 It's a really difficult thing but the stability of our basic services like light, water or ambulances depend on it. The security of  SCADA systems are more and more questioned and we'll see why. We'll talk about a fulminating attack against the British bank HSBC, how massive is the medical data robbery and an article by the journalist Brian Krebs about Norse security company.



Industrial control systems fail disastrously in the response to incidents according this clarifying article. And the blame isn't only of the owners of these systems, but their great complexity too, which doesn't allow to move easily the responds scheme from the technological pure systems to industrial systems. It´s worth to take a look to it.


Enrique Fojón: "There's no national security without cybersecurity"

Enrique Fojón Chamorro. Expert on cyberwar and founder of THIBER, the Spanish cybersecurity Think Tank.


Enrique Fojón Chamorro is one of the greatest Spanish cyberwar experts... but he doesn't want to talk about his job. He has being system engineer in a Spanish State company more than 10 years, dedicated to offer support with consulting, managing and engineering to  the Administration and the Defense Ministry.

Enrique isn't a secret agent but, as good connoisseur of the power of the information, he gives us the less possible information about his person: "I was born in Cadiz 37 years ago. I'm a computer engineer and I live in The Hague (Netherlands). My first contact with the computing was when I was 7 years, when my parents decided to register me in a BASIC program as an extracurricular activity (I would have preferred soccer or judo)". That was all.