Podcast: Access Denied


United States

Journalists are supposed to serve as “watchdogs” on the government. But how do they get access to the information they need to do that? In this episode, we talk to BuzzFeed lawyer Nabiha Syed about “freedom of information” laws — which are often the secret to getting government secrets.

Focus Area: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Cybersecurity for the travelling scientist

“It can be tempting to try to hide information or use technological tricks such as ‘duress passwords’ that, if used instead of the genuine one, unlock the device but keep a portion of the data hidden and encrypted. But Jennifer Granick, who studies cybersecurity law at Stanford University in California, warns against such strategies. “You don’t want to lie to a government agent. That can be a crime.” And border guards are not likely to be sympathetic to the argument that a researcher has a legal duty to prevent anyone from seeing confidential data.

“Medical records, trade secrets — there are a lot of data that you have a legal obligation to protect. Border agents are not experts in these areas of law, they’re not going to necessarily care about that,” Granick says. “So you have to think about how you’re going to protect your data.””


United States
Date published: 
August 2, 2017
Focus Area: 
Related Topics: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Senate Crackdown on Online Sex Trafficking Hits Opposition

“For Danielle Citron, a law professor at the University of Maryland, the bill’s language — in particular phrases like “assist, support or facilitate sex trafficking” and “conduct violates federal criminal law” — are too vague in defining what constitutes facilitation and violation. While she supports modest change to the statute, she said she would rather see the courts re-evaluate their interpretation of the law’s specific language.”


United States
Date published: 
August 2, 2017
Focus Area: 

Source: Cyber Law

Source: Privacy Online

Source: Zologic

Hackers Make it Personal

It’s only Tuesday morning and it’s already been an interesting week in cybersecurity. First we learned about an attack on a major security company, targeting their research analysts. The goal of “Operation #leaktheanalyst,” apparently, is to name researchers and, in their own words: “let’s track them on Facebook, Linked-in, Tweeter, etc: let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you owned an analyst, target him and leak his personal and professional data, as a side job of course.”

Yesterday we also learned of another significant breach at a large organization. Based on the documents and details released from the attack we again see hackers targeting specific individuals — in this case a high profile executive. The attackers were able to collect large quantities of personally identifiable information, including usernames and passwords for a myriad of work and personal systems, cell phone details and other personal records.

These two examples from Monday indicate an alarming trend to not only target organizations, but security personnel and key executives specifically. It’s not enough to carry out the attack, harvest corporate IP, etc. Now employees are being personally harmed.

We are recommending to our members that they review and enhance security for these types of employees, including more stringent password protection, credential monitoring (detection of leaked accounts), and training. As we have seen, security personnel and high profile executives are not immune to attacks.

I’m reminded of a recent trip to the bank to open accounts for my children. They had a million questions about how the bank would secure their treasured savings. They even asked the banker how they could be sure he was real bank employee. We had a long chat about security, and also about cybersecurity. My son mentioned how he can earn his Arrow of Light badge with the Cub Scouts by passing a cybersecurity test. I was impressed how much they knew before the age of 10. It’s possible they get more cybersecurity education than many executives. With the new focus on targeting individuals in key roles education is now more important than ever.

Source: Honeypot Tech

WTB: Wallet-snatch hack: ApplePay ‘vulnerable to attack’, claim researchers

The intelligence in this week’s iteration discuss the following threats: Android Trojans, ApplePay, CowerSnail, Lipizzan, Ransomware, UniCredit Breach, Ursnif, Veritaseum, and Windows Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

Wallet-snatch hack: ApplePay ‘vulnerable to attack’, claim researchers (July 28, 2017)
Security Researchers from Positive Technologies have presented at Black Hat USA that two separate attacks can be performed against ApplePay. The first attack requires injecting a jailbroken device with malware, which can intercept traffic to Apple servers. The second more interesting attack requires a device to connect to a public Wi-Fi, or connect to an attacker’s fake Wi-Fi hotspot. Attackers are able to steal the ApplePay cryptogram. Using this token, they are able to make payments, to the same website, as the information is sent in cleartext without integrity checking.
Recommendation: Users using ApplePay should avoid making transactions in public Wi-Fi hotspots, as the traffic is able to be easily sniffed out by attackers. Users should only connect to Wi-Fi networks that they trust.
Tags: ApplePay, SSL

Windows 10 default user profile is potentially writable by everyone (July 27, 2017)
A vulnerability in Windows 10 version 1607 has been discovered where an authenticated attacker is able to add directories and write data to the “C:UsersDEFAULT” folder structure. When a user logs into a computer on the network locally for the first time, this profile is used as a template for the user’s profile. If the attacker modifies files in the “Startup folder”, then any user logging on for the first time would have those potentially malicious files executed.
Recommendation: Microsoft released a “half patch” for CVE-2017-0295. This only addresses the issue relating to the Startup folder. Attackers still have the ability to modify files when a victim runs a malicious file. A fix can be applied by Windows Admins. The fix is to enable the inheritance on all objects and subobjects, of the Default folder, then deleting all the explicitly set permissions. This vulnerability will not affect users who have previously logged on to a machine. Microsoft is planning to release a full fix as part of the March/April 2018 Windows 10 release.
Tags: Windows, Vulnerability

Trojan preinstalled on Android devices infects applications’ processes and downloads malicious modules (July 27, 2017)
Security researchers from Russian anti-virus company “Dr.Web” have discovered Trojans embedded into the firmware of mobile devices running Android. The Trojans are from the “Android.Triada” family, which embeds itself into the Zygote component. From this, the Trojan is able to embed into the running processes of all applications and download and launch malicious modules.
Recommendation: Devices should always be purchased from reputable vendors. Vendors selling devices at cut prices or from low cost wholesalers should be treated with caution. Only trust well known branded devices. If you suspect that your device is infected with a malicious trojan in the firmware, the only way to ensure a safe and secure removal is to just purchase a new device. As malware that infects the firmware or bootloader is not able to be removed by conventional means.
Tags: Trojan, Android, Zygote, Triada

Google Discovers New Lipizzan Android Spyware (July 27, 2017)
A new Android spyware called “Lipizzan” was discovered by Google’s Android Security team. The spyware was discovered on 20 apps available on the Google Play store. In order to bypass Google’s Bouncer security system, it was split into two stages. The first stage was legitimate code that did not flag up as malicious, but when downloaded onto a victim’s device, it would download the second malicious stage component under the guise of a “license verification” step. This component would scan the user’s device and if it met criteria, then it would root the device using exploit kits. The spyware has the ability to record calls, record device’s microphone, record location, take screenshots, take photos, exfiltrate data and user information.
Recommendation: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (don’t rely on single security mechanisms – security measures should be layered, redundant, and failsafe).
Tags: Lipizzan, Android, Spyware

Details of 400,000 loan applicants spilled in UniCredit bank breach (July 26, 2017)
The largest lender in Italy, UniCredit suffered a breach which exposed customer data of 400,000 personal loan applicants. The data accessed related to personal customer data and International Bank Account Numbers (IBANs), but did not include passwords or other information required to make unauthorized transactions. UniCredit claims it will contact all affected customers, through specific channels.
Recommendation: Leaks of this sort leads victims to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed.
Tags: Breach, UniCredit

Spammed JScript Phones Home To Download NemucodAES And Kovter (July 25, 2017)
Recently a new wave of spam has been delivering malicious attachments that download a PHP-based ransomware. The email spam contained a fake UPS delivery notification, that encouraged a user to download the attachment, a ZIP file containing a JS file. If the attachment is unzipped and the JS attachment executed, it downloads a PHP based ransomware that encrypts the user’s files with a random 128 bit AES key for each file. This AES key is encrypted with a public RSA key provided from the JS file. Curiously in the code, there’s a section which downloads the Kovter ransomware, which has been disabled, but the hard coded address functions properly.
Recommendation: Always be cautious while reading email, in particular when it has attachments or comes with an urgent label or poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. If you receive an email with an order number that you did not order, then it’s probably not from the company it claims to be.
Tags: NemucodAES, Kovter, PHP, JavaScript

CowerSnail, from the creators of SambaCry (July 25, 2017)
Apparently created by the group responsible for SambaCry, a new malware for Windows, dubbed “CowerSnail”, has been detected by Kaspersky researchers. CowerSnail is a backdoor that is able to receive commands from a Command and Control (C2) server via the Internet Relay Chat (IRC) protocol. CowerSnail provides a set of backdoor functions such as command execution, system information collection, updating and uninstalling itself. The link to the SambaCry creators comes from the mutual use of the same C2 server.
Recommendation: Malware authors are always innovating new methods of communicating back to the control servers. Always practice Defense in Depth (don’t rely on single security mechanisms – security measures should be layered, redundant, and failsafe).
Tags: CowerSnail, Windows, RAT

Malware found lurking behind every app at alternative Android store (July 25, 2017)
A Turkish alternative to the Google Android app store, called CepKutusu.com, has been serving malware to users instead of the desired application. When downloading an application, the user was sent a banking malware instead. In order to reduce detection chances, after the malware is served to the user, it would serve clean applications for the next seven days before serving another malware APK. The malware was capable of intercepting text messages, downloading other applications and receiving remote commands.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. Use the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores. In addition, it is important to review the permission the application will request and comments from others who have downloaded the application. Furthermore, it is paramount that mobile devices be kept up-to-date with the latest security patches and employ trusted antivirus software.
Tags: Android/Spy.Banker.IE, Android, Malware

Ursnif Variant Found Using Mouse Movement For Decryption And Evasion (July 25, 2017)
In July 2017, researchers at Forcepoint discovered emails with an attachment that delivers a new variant of the Ursnif banking Trojan. The attachment was an encrypted Word document, which had the decryption password pasted in plaintext into the body of the email. Once encrypted it shows three OLE icons made to look like Word documents, when in fact they are the same VBS script. When the script is run, it downloads the Ursnif malware. It performs checks on the mouse to see if it is in a sandbox environment. The malware checks the delta between the current and last mouse positions, which is used in the last 5 bits of a decryption key to decrypt the .bss section of the DLL. If ran in a sandbox environment the mouse will usually not move resulting in a delta of 0, and therefore will not decode the .bss section. This means the rest of the code will not run; aiding in evasion.
Recommendation: Educate your employees on the risks of opening attachments from unknown senders. Additionally, maintain policies regarding what kind of requests and information your employees can expect to receive from colleagues and management. Anti-spam and antivirus applications provided from trusted vendors should also be employed.
Tags: Ursnif, Evasion, Trojan

Spiderman pleads guilty to knocking 900,000 German broadband routers offline (July 25, 2017)
A 29-year-old Briton has pleaded guilty to hacking into the routers of Deutsche Telekom customers, using a custom made version of the Mirai malware, which resulted in 900,000 customers (1.25 million customers in other sources) not being able to access their internet. The man in question was arrested in Luton airport in February and was extradited to Germany. It was reported in local media that he pleaded guilty to the attack which cost Deutsche Telekom more than 2 million Euros.
Recommendation: Never use the default password that comes with the router; always change it. The malware used in this story was a custom version of the Mirai malware. The Mirai botnet takes advantage of internet connected devices which have been lazily configured, leaving the door wide open to the world. Any device that connects to the internet must be treated as a security liability, and default usernames/passwords must be disabled. Organizations and defenders should be aware of all their internet facing assets and have them under strict monitoring.
Tags: BotNet, Deutsche Telekom

Veritaseum Hacked (July 24, 2017)
A hacker managed to steal VERI tokens from the Initial Coin Offering (ICO) from the Veritaseum platform. The hacker then managed to sell the tokens for $8.4 million worth of Ethereum. The CEO of Veritaseum, Reggie Middleton, claimed that “The hack seemed to be very sophisticated, but there is at least one corporate partner that may have dropped the ball and be liable.” No exact details of how the hack took place have taken place and the Middleton refuses to give comment.
Recommendation: Since the tokens were stolen off Veritaseum, no customers were affected. The VERI tokens were hacked because of an undisclosed vulnerability. It is advisable that users with cryptocurrencies store their coins/tokens offline. One of the best ways to secure your cryptocurrencies against theft is by using hardware wallets. Hardware wallets are a type of cryptocurrency wallet that stores the owner’s private keys on a hardware device that is secure from hacking attempts. Cold storage wallets could also be used to assist in cryptocurrency security. Cold wallets are placed on clean air-gapped computers and therefore protect all private keys from online threats. It is more tedious to use but increases the security.
Tags: Cryptocurrency, ICO, Veritaseum

Source: Honeypot Tech


Many of us have created basic forts in our childhood bedrooms using pillows, sheets, and stuffed toys. Pete Dearing’s sons, meanwhile, get to play and sleep in an incredible spaceship bunk bed.

A spaceship bunk bed with functional lights, levers, buttons, and knobs.

I’m not jealous at all.

Not. At. All.

spaceship bunk bed Raspberry Pi

All the best beds have LEDs.

Building a spaceship bunk bed

Pete purchased plans for a spacecraft-shaped bunk bed online, and set out to build its MDF frame. Now, I don’t know about you, but for young me, having a bunk bed shaped like a spaceship would have been enough – tiny humans have such incredible imagination. But it wasn’t enough for Pete. He had witnessed his children’s obsession with elevator buttons, mobile phones, and the small control panel he’d made for them using switches and an old tool box. He knew he had to go big or go home.

spaceship bunk bed Raspberry Pi

While he was cutting out pieces for the bed frame, Pete asked the boys some creative input, and then adjusted the bed’s plans to include a functional cockpit and extra storage (for moon boots, spacesuits, and flags for staking claims, no doubt).

Wiring a spaceship bunk bed

After realising he hadn’t made enough allowance for the space taken up by the cockpit’s dials, levers, and switches, Pete struggled a little to fit everything in place inside the bunk bed.

spaceship bunk bed Raspberry Pi

“Ground Control to Major Sleepy…”

But it all worked out, and the results were lights, buttons, and fun aplenty. Finally, as icing on the build’s proverbial cake, Pete added sound effects, powered by a Raspberry Pi, and headsets fitted with microphones.

spaceship bunk bed Raspberry Pi

“Red Leader standing by…”

The electronics of the build run on a 12V power supply. To ensure his boys’ safety, and so that they will actually be able to sleep, Pete integrated a timer for the bed’s ‘entertainment system’.

Find more information about the spaceship bunk bed and photos of the project here.

So where do I get mine?

If you want to apply to be adopted by Pete, you can head to www.alex-is-first-in-line.com/seriously_me_first. Alternatively, you could build your own fantastic Pi-powered bed, and add lights and sounds of your choosing. How about a Yellow Submarine bed with a dashboard of Beatles songs? Or an X-Wing bed with flight and weapon controls? Oh, oh, how about a bed shaped like one of the cars from Jurassic Park, or like a Top Gun jet?

Yup…I definitely need a new bed.

While I go take measurements and get the power tools out, why not share your own ideas with us in the comments? Have you pimped your kid’s room with a Raspberry Pi (maybe like this)? Or do you have plans to incorporate lights and noise into something wonderful you’re making for a friend or relation? We want to know.

And I want a spaceship bunk bed!

The post 5…4…3…2…1…SPACESHIP BUNK BED! appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic