Security Alerts & News
by Tymoteusz A. Góral

History
#2184 Latest WikiLeaks dump exposes CIA methods to mask malware
WikiLeaks may have dealt another blow to the CIA’s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.

On Friday, the site dumped the source code to the Marble Framework, a set of anti-forensic tools that WikiLeaks claims the CIA used last year.

The files do appear to show “obfuscation techniques” that can hide CIA-developed malicious coding from detection, said Jake Williams, a security researcher at Rendition InfoSec, who has been examining the files.

Every hacker, from the government-sponsored ones to amateurs, will use their own obfuscation techniques when developing malware, he said.
#2183 Facial recognition on Samsung’s new phone has already been cracked
Samsung’s last flagship phone went up in smoke, literally and figuratively.

So the company went for something a bit cooler with the Galaxy S8, and supposedly more secure – facial recognition.

The theory seem to be that if your phone can reliably recognise you via the front-facing camera as soon as you pick it up, then you don’t need to press or swipe any buttons for it to wake up and unlock.

In other words, you get frictionless convenience and security, rather than convenience at the expense of security.
#2182 An investigation of Chrysaor malware on Android
Google is constantly working to improve our systems that protect users from Potentially Harmful Applications (PHAs). Usually, PHA authors attempt to install their harmful apps on as many devices as possible. However, a few PHA authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices. This is known as a targeted attack.

In this blog post, we describe Chrysaor, a newly discovered family of spyware that was used in a targeted attack on a small number of Android devices, and how investigations like this help Google protect Android users from a variety of threats.
#2181 Skype malvertising campaign pushes fake Flash Player
It appears that for at least one day, Skype has served malicious ads, which in turn pushed a fake Flash Player update onto users.

The malicious ads came to light after Reddit and Twitter users complained about Skype forcing a Flash Player update down their throat.
#2180 New evidence links a 20-year-old hack on the US government to a modern attack group
A UK company's vintage web server kept in storage for over 20 years connects the 'Moonlight Maze' attacks of the 90s to the 2000s hacker group Turla.

In September 1998, the US Department of Defense computer incident response team contacted a human resources company in London to say their web server had been hacked. Not only that—it had been hijacked and was being used to attack more than a thousand US government and military systems and steal massive volumes of data.

The DoD and FBI wanted to turn the server into a honeypot of sorts, and asked David Hedges, then an IT manager consulting for the company, to secretly record all the hacker's activity on the web server.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12