Thursday, March 31, 2016

Android diversity makes its safer, according to a researcher

The Android ecosystem diversity would be its biggest strength and isn't its weakness, the researcher Dino Dai Zovi has ensured. It's the provocative statement of the day we thought interesting to highlight, as well as the appearance of a ransomware which attacks the Magento e-commerce platform, information robots in large law firms and a new standard to encrypt health and banking data.

This Tuesday started the Black Hat Asia and there gave a speech Dino Dai Zovi, Square security expert, leader on Mobile payments. Zovi says the many existing Android versions, caused by each manufacturer to adapt it to its device, difficulting to cybercriminals making massive attacks, because they have to adapt to a highly diverse ecosystem. It seems proved the fact that, although they exist dangerous holes on Android, few devices are attacked.

Wednesday, March 30, 2016

A ransomware attacks the biggest US health fund. Why?

The ransomware campaign against sanitary institutions in USA has targeted 
a precious prey: MedStar, the biggest USA health organization. Why? We'll explain it. We'll also talk about how Mattel lost 3 million dollars and what have been printed at the same time by thousands printers.

Although yesterday it wasn't given enough importance, today "The Washington Post" shows the size of the ransomware attack against MedStar Health, infecting 10 hospitals and 250 external consultation centers, where the employees keep without access to their email and to different tasks. The attack has affected to the MedStar patient central database: now it is possible to read the information, but without updating or modifying it.

Tuesday, March 29, 2016

Apple wins the fight against the FBI

It's the undisputed new of the day: the US Justice Department has announced they will withdraw legal actions against Apple, after the FBI had unlocked the iPhone of a terrorist, the task they demanded Apple´s help for. We'll also talk about an alert in the Truecaller app, a new fraud using the traffic data and a new step in the terrible ransomware evolution.

The struggle between Apple and the FBI has been tough and it clearly proved the confrontation between the technological industry and the US government. The government ensure the solution only applies to the terrorist iPhone, something many people question. From the large amount of articles generated by this news, we choose an Oren Falkowitz's editorial article, NSA former employee, who puts the situation in an interesting context.

Monday, March 28, 2016

Cyberattacks against hospitals are increasingly in a daily basis

In the last weeks, different ransomware virus have attacked hospitals, leaving important services disabled. The cyberunsecurity in medical centers is an increasingly serious matter and it needs an urgent review. We'll expand this information as well as a cyberattack reported by Verizon against something it's even more frightening: a water utility company. We'll drive to the end with an interesting interview about exploit-kits.

In the last weeks, a ransomware wave has focused against different USA hospitals, leaving them knocked out: the Methodist hospital from Kentucky, the Chinese Valley medical center from California among others. In the Methodist hospital the intern emergency was declared. The ransomware was Locky, one of the newest and specially dangerous ransomwares.

Sunday, March 27, 2016

Top 5 issues of infosec

Tags, tags and more tags. Along almost 900 posts, with 4 to 6 news each one, there is so many time to speak about a lot of things, and to tag them for guiding the reader. Some of those tags, let's paraphrase replicant Roy Batty from 'Blade Runner', get lost on time, "like tears in rain". But some other tags become strong. We want to talk about these ones, in this pause of the habitual interviews in Sunday, due to Easter Holidays. Which are the top 5 issues on CIGTR? Which of the tags shown on the right sidebar of this blog are the most important?

First one, with 114 appearances, we have Cybercrime (also as cyber crime). First time we treated with this item, it was at a bar enjoying a coffee. Well, not really, but then it was Summer (July 5th, 2013), so we imagined the darkest terraces of Internet, where we found the cybercrime as a service. Thanks to it, we have learnt some important lessons in the office, like to be careful even with the Postal Service, and even we discussed about black and blue or white and gold.

Wednesday, March 23, 2016

This is how does the "Yahoo Password without password" work

"Welcome to the password-free world!". This is how Yahoo! has presented its proposal to not using passwords when we access to our services: the Yahoo Account key. We'll explain it, as well as the SWIFT system which demands to increase their cybersecurity to banks and a sanction to apps which spy what TV programs we look.

A good part of the technical community network works since long time ago, from different fronts, in discovering an alternative to passwords as authentication method in online services. Yahoo! always has been an outstanding student and it already present its solution: when we enter in a Yahoo! service, giving the email to sign it, we receive a notification in our smartphone which we have to approve and, we're in.

Tuesday, March 22, 2016

Unknown effect causes

The French philosopher and writer Voltaire said "Chance is a word void of sense; nothing can exist without a cause", and the present times confirms the past thinker words. For example: FBI and Apple. We'll expand this information, as well other matters of the day like ransomware on Linux, a tool released by Google and the terrorist communications of Paris.
The FBI has decided, less than a day before the programmed court heading against Apple, it's better to stop the struggle. Curiously, the same day they also announces that they actually don't need help from Cupertino, because they have founded the way to crack the iPhone which started this story in the middle of February. Coincidence? Psychological pressure over the technological giant? A theatrical move? It's difficult to know.

Monday, March 21, 2016

A brutal DDoS attack forces to close Swedish journal websites

The online editions of the main Swedish journals have been under a "serious and dangerous" attack this weekend. We'll expand this information, as well as the new dangers for Android and iPhones. To end, we'll talk about the measures adopted by MITRE to improve the vulnerabilities notification: they have only lasted a day.

The attacks against Swedish media forced them to close their online editions for a few hours, between 8 and 11 pm. Just before the attack, it was opened a Twitter account, @_notJ, which first tweet said: "The following days attacks against the Swedish government and media spreading false propaganda will be targeted. A second tweet ensured that "this is what happens when you spread false propaganda".

Sunday, March 20, 2016

Ricardo J. Rodríguez: "I'm in love with assembling"

Ricardo J. Rodríguez. PhD and professor of Computing Language and Systems in the Zaragoza University.

Ricardo J. Rodríguez is a privileged mind from his watchtower in the Zaragoza University, where he's researcher, professor and PhD thanks to his thesis called, watch this: "Performance Analysis and Resource Optimization of Critical Systems Modelled by Petri Nets". He's 30 years old, a girlfriend and two dogs "are his true loves" and he goes to the CONs, giving conferences of inverse engineering. But... it's better if he continues:

"I love cinema, crime or science fiction novels and the mountain. I also love investigation, what makes more than one discussion at home. I'm too perfectionist, language extremist and stubborn as a good "maño" (from Zaragoza). Mathematical and theoretical computing lover, obsessed with the P vs. NP.  I love to spend my free time relaxed. Animal lover and sometimes a little sullen with determined humans. I don't like sleeping more than the necessary (6 or 7 hours is good for me), I like to exploit my time as much as possible".

Friday, March 18, 2016

The Apple case appears in Time´s cover

We have been a few days without talking about the struggle between Apple and the FBI, because the company doesn't want to comply a judicial order to force them to unlock an iPhone. But we don't talk about it doesn't means we didn't follow the case. We'll expand this information as well the  galloping plague of company robberies via phishing. We'll also talk about the Pwn20wn competition, where expert crackers are breaking all the software they have in front.

The struggle Apple-FBI continues since few weeks ago, with opinions in favour and against, lawyers and fiscals, politics and experts. In this incredible war, the new world network against the rules of the old world, Apple employees have positioned in favour of their company and  they prefer to lose their work than revealing the Apple security secrets. Before this position, this is the last news: Tim Cook, Apple´s CEO, appears in the cover of the old world magazine, "Time".

Thursday, March 17, 2016

New holes and exploits put in danger iOS and Android

Today we'll do a special post dedicated to smartphones. It passed a long time since we focused on the security of one of the most important devices of the technological revolution, but today is the day. We are accustomed to see news warning about new smartphone vulnerabilities, so often that many times we ignore them. But today's breaking news is too much: iOS and Android face serious risks.

It's hard to choose the first matter to talk but, for being a great hack, we choose the attack against iOS. It's presented by the Palo Alto people, who baptized it as Acedeceiver: it consists in using Apple DRM mechanism failures to make a Man in the Middle attack when we buy, from our computer with iTunes, in the App Store. The thief intercepts the sell, robs the App authorization code and puts it in another, malicious, which will enter in your computer and, from there, to your smartphone when you download it from the computer.

Wednesday, March 16, 2016

Your Plan B must be analogic

After the big shutdown in Ukrania, caused by a cyberattack, the electricity could be restored in few hours thanks to the existence of an analogical mechanism to do it. It's the daily great lesson, when we'll talk also other news less happy, as the proliferation of ransomware in famous sites and the apparition of the called 'patch fatigue' by the experts. 

At the end of December, two Ukranian power companies suffered a several cyberattack leaving without electricity to thousands clients during hours.  It could be worse if the companies hadn't had an analogical method to restore the electricity. Today, when the attack risk has been multiplied in the critical infrastructures, the experts recommend a Plan B to not depend of the computing systems.

Tuesday, March 15, 2016

Windows 10 installs itself in your computer without your permission

The Microsoft aggressiveness is starting to worry even to their defenders: Windows 10 is installing itself in computers without the owners permission, hidding behind a security update. We'll expand this information, as well as a video where we see a thief  converting a store card reader in a "skimmer". We'll also talk about a study which reveals the majority of vulnerabilities detected with scanners are false positives and we'll finish with an interesting macro virus.

According to dozen affected on Reddit, Microsoft would be updating automatically computers with Windows 7  to Windows 10 . This update would be happening without the user's permission and even with the automatic updates option disabled. We must remind to whom doesn't like the new system that they have 30 days to go back to the previous version.

Monday, March 14, 2016

Antivirus no longer want to decode ransomware for free

The first known ransomware for Mac OS X has a defect which allows to recover the key used to encrypt the files of 6.500 victims. It was discovered by the Russian company Dr. Web, which will offer the key only to their clients. We'll expand this info, as well as the data robbery to volunteers and the money robbery to the Bangladesh Central Bank. Finally, we'll recommend the read of an exclusive interview with the cybercriminal GhostShell.

The first Mac ransomware, KeRanger, is based in the first Linux ransomware. It has a design failure inherited by KeRanger. It has been discovered by the antivirus companies BitDefender and Mr. Web but, unlike the time when the Linux ransomware or previous cases were discovered, Dr. Web won't offer the decode password freely to everybody, just to clients who pay their licenses.

Sunday, March 13, 2016

Alberto Moro: "You don't know about SQL Injection until you haven't keyed in a ' "

Alberto Moro. Malware Analyst en Panda Security

Mandingo is best know by his nickname than by his real name, Alberto Moro. He got famous in the computing when in 2003 won a hacking tournament called Boinas Negras (Black Berets), being the best of 4.000 participants. It was the first time the tournament was celebrated, organized by two respectable figures of the Spanish hacker community, Juan Carlos García Cuartango and Gonzalo Álvarez Marañon. Mandingo won the first edition. He brought a cheese table, a beret, a book and a on-site security course. 

In those times, hacking tournaments were only a few, but Mandingo controlled all of them: " I had participated in other tournaments before. I remember Izal, with its blue background, its ranks, ranking, forum and its different tests. There I had the opportunity of met virtually Romansoft and others. I also remember playing to some wargame like the S21sec ( I earned some cash) and I had "fought" against Kachakil and others, in the Chema's challenges (elladodelmal)", he explains.

Friday, March 11, 2016

A Metasploit for the Internet of Things is created

Bruce Schneier said it in his recent chat on the RSA Conference: careful with the Internet of Things because we're playing with an insecure thing. It's proved everyday  by the new discoveries in the Shodan vulnerable devices search engine, from cameras to trucks. Now, two researchers have created a vulnerabilities scanner for the Internet of  Things. We'll talk today about an attack to an anti-DDoS company, the Bangladesh bank robbery and a new way to spy Tor users.
The creators of this scanner, the Internet of Thing Nessus have been the pentesters Julien Moinard and Gwénolé Audic, who have just presented it in the NullCon, in India. They have called it Hardsploit and they want it to be the Swiss penknife for security audits in devices with insecure software. By the way these days the NullCon is giving us more news, like a 0day in Huawei, ZTE, Gemtek and Quanta 3G and 4G routers and modems affecting Million devices.

Thursday, March 10, 2016

More than 100 millions stolen to Bangladesh's people

Internet is increasingly seeming to wild west. As a sample, the announcement of the Bangladesh finance Minister: 100 millions have been stolen from the account located in the USA Federal Reserve. We'll explain the information and also a new trojan for Android, considered the most dangerous by now, the CVE vulnerabilities database malfunction and the last "CIBER Elcano" edition.

According to the Bangladesh Central Bank, cybernetic thieves would have stolen Indian funds of the USA Federal Reserve. Experts have follow the money clue to Philippines. The Bangladesh government will denounce the USA government to recover the stolen money. By the way the Federal Reserve deny this robbery has happened. Like in the movies.

Wednesday, March 9, 2016

Trucks can be hacked too

It's real and it has been proved by a veteran hacker from Barcelona. Trucks, vans, buses and in general all the vehicles belonging to floats and with devices to communicate with the central are susceptible of being assaulted via Internet. We'll expand it, as well as the data robberies which are suffering famous USA companies, the intention of China of building a platform to cross their citizenship data and a good new from the Let's Encrypt initiative.

Almost a year ago, North American hackers proved it was possible to manipulate a car remotely and, among other things, make it stop when it is running. Since then, the new "car hacking" discipline has attracted many researchers attention, but nobody had looked the superior category, the truck and bus hacking until José Carlos Norte, from Barcelona, investigated it. Now he shows in his blog what he discovered  and it is really to get goose bumps.

Tuesday, March 8, 2016

Virus creators are working in a new and terrible menace

Until now, a virus affected to Windows or Linux, or iOS or Android devices. There aren't virus acting in different platforms, except some concept test or isolated cases. But this is going to change. We'll talk about this fearsome future, as well as a bank which has been publicly ridiculed, about the cybernetic scuffles between the two Koreas and the CCN-CERT industrial control system menaces report.

According to Kaspersky Lab, the powerful Brazilian virus creators would be working in a new "weapon of mass destruction": a virus which would work on Windows, Linux Mac and even Android, under some conditions. The virus would be distributed via a Java executable. The first samples have been seen, primitives yet, in banking trojan shape and they are moving forward.

Monday, March 7, 2016

Now it's real: Ransomware for Mac OS X

OS X users who had downloaded Transmission torrent client this weekend could have a serious ransomware problem. We'll expand this information and we'll take the opportunity to mention the existence of another of these "critters": a "talking" ransomware. We'll continue looking to a worldwide cybercriminal map and we'll drive to the end talking about drawing passwords.

Approximately a year ago we have been talking about Mac OS X ransomware but or it didn't work well or it was a concept test. What was clear was, as pure software it is, the ransomware could work on Windows and Mac, but cybercrime didn't focus in this operating system yet. Well, now it seems it's the time, with KeRanger, the ransomware hidden in the Transmission bittorent 2.91 version.

Sunday, March 6, 2016

Leonardo Nve: "I can't help but feel envious about the NSA's TAO team"

Leonardo Nve. Hacker.

Leonardo Nve was called "Fuego Fatuo" when he was part of the Spanish 90 hacker elite. Today, 38 years old, married and with two sons, he works doing what he learnt in these times, being Senior pentester for Cisco, after 11 years working in the Spanish consulting S21sec. Leonardo teaches also certificated courses in the Carnegie Mellon University and others, for fun, on international and national hacker community forums. And, he says: "I've been giving informative talks since the first Undercon ;)".

The Undercon was the first public hacker convention in Spain. For those times, Fuego Fatuo was in groups like the Phreaker National Company of Spain o COM30, cards cloner, numbers 900 dealer and network robber. Today, Leonardo enjoys driving airplanes and doing magic. His smile shows us a hearth which, as yesterday, pulses curious and rebel.

Friday, March 4, 2016

An error configurating the GPS led two Israeli soldiers to Palestine

Today we have a couple of very real security stories, in the sense of their effects belong to real world. We're talking about an app which "mislead" Isreali soldiers and took them to Palestinian territory, as well as maritime pirates hacking navy companies to know which are the best ships to attack. We'll talk also about DDoS attacks and the actual congress on Madrid, RootedCON.

Monday night, two Israeli soldiers entered accidentally in a Palestinian refugee camp and were attacked. Quickly their partners rescued them and in the battle two Palestinian were dead. This wouldn't have happened if the soldiers wouldn't went wrong with their GPS app: they asked it the quickest way to their destination, but they forgot to specify not to pass by Palestinian territory. Critical mistake in war times.

Thursday, March 3, 2016

There's something worst than data robbery according to the NSA: Sabotage

The NSA chief gave an informatiive talk in the recent RSA Conference and he ensured we should get prepared for a new nightmare, after data robbery: sabotage itself. We'll expand this information, as well as other interesting news like how bad is treating the USA Treasure Department  department to data robbery victims, a Turkish criminal condemned by a brutal robbery in ATMs and a study about how the digital mafias hire new mercenaries.

Today starts in Madrid the main Spanish cybersecurity community convention: the RootedCon. We hope we'll have interesting news in the next days and meanwhile we already have a lot of news about another convention which has just closed its doors: The 2016 RSA. The NSA chief  talked in this conference to explain how were their main digital world nightmares, being the first one something which will be sonn as usual as the data robbery: Sabotage itself. Attention to this.

Wednesday, March 2, 2016

Facebook follows Apple and refuses to give WhatsApp data

Big news today: The Brazilian law enforcement forces have arrested the Facebook vicepresident because he didn't acceded to their petitions against the privacy of a  Whatsapp user. We'll talk about a serious SSL hole too, the "Hack the Pentagon" initiative and the first confirmation in the USA history of being using cyberweapons against the Islamic State.
Diego Jorge Dzodan, vicepresindet of the most famous social network on Latin America was arrested when he went to work on São Paulo, Brazil. The reason: Facebook has refused to give details of a Whatsapp user investigated for organized crime and drug dealing. Facebook has published a announcement to clarify this information: "WhatsApp can't give information it hasn't". We'll see how it continuous.

Tuesday, March 1, 2016

Facebook and Disney ads infect your computer with malware

Be careful when visiting sites like Facebook, Disney or "The Guardian" journal: Their ads hide the worst actual virus, the fearsome ransomware, which encrypts all your computer files and ask a rescue to decryption. We'll talk about some news generated by the RSA Conferece which started yesterday and will last until Thursday.

The ransomware notification on Facebook, Disney or "The Guardian" ads emerged yesterday thanks to a Cloud Web Security product, which monitors the navigation habits and detects if the users navigate in malicious domains. The researchers detected that many users felt in malicious webs, where they were infected, from domains like  “,” “,” “” y “",  property of Disney,
among others.