Podcasts about cloudhopper

An update on social engineering at Twitter. A quick look at the phishing kit criminal market. The European Union sanctions individuals and organizations in Russia, China, and North Korea for involvement in notorious hacking campaigns. North Korea’s North Star campaign is back and dangling bogus job offers in front of its marks. Deceptikons snoop into European law firms. Zully Ramzan from RSA on Digital Contact Tracing. Our guest is Tom Kellermann from Vmware Carbon Black on top financial CISOs analyzing the 2020 attack landscape. And both NSA and NIST have some advice on shoring up your security. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/148

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla fixes second Firefox zero-day, Trump story. More stories and links here: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla fixes second Firefox zero-day, Trump story. More stories and links here: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

Show notes for Security Endeavors Headlines for Week 5 of 2019Check out our subreddit to discuss this week's headlines!​InfoSec Week 6, 2019 (link to original Malgregator.com posting)The Zurich American Insurance Company says to Mondelez, a maker of consumer packaged goods, that the NotPetya ransomware attack was considered an act of cyber war and therefore not covered by their policy.According to Mondelez, its cyber insurance policy with Zurich specifically covered “all risks of physical loss or damage” and “all risk of physical loss or damage to electronic data, programs or software” due to “the malicious introduction of a machine code or instruction.” One would think that the language in the cyber insurance policy was specifically designed to be broad enough to protect Mondelez in the event of any kind of cyber attack or hack. And NotPetya would seem to fit the definition included in the cyber insurance policy – it was a bit of malicious code that effectively prevented Mondelez from getting its systems back up and running unless it paid out a hefty Bitcoin ransom to hackers.Originally, Zurich indicated that it might pay $10 million, or about 10 percent of the overall claim. But then Zurich stated that it wouldn't pay any of the claim by invoking a special “cyber war” clause. According to Zurich, it is not responsible for any payment of the claim if NotPetya was actually “a hostile or warlike action in time of peace or war.” According to Zurich, the NotPetya cyber attack originated with Russian hackers working directly with the Russian government to destabilize the Ukraine. This is what Zurich believes constitutes "cyber war."https://ridethelightning.senseient.com/2019/01/insurance-company-says-notpetya-is-an-act-of-war-refuses-to-pay.html Reuters reports that hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients. According to investigators at cyber security firm Recorded Future, the attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets. Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141 A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards.Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols.This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year.According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks.The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.Current IMSI-catcher devices target vulnerabilities in this protocol to downgrade AKA to a weaker state that allows the device to intercept mobile phone traffic metadata and track the location of mobile phones. The AKA version designed for the 5G protocol --also known as 5G-AKA-- was specifically designed to thwart IMSI-catchers, featuring a stronger authentication negotiation systemBut the vulnerability discovered last year allows surveillance tech vendors to create new models of IMSI-catchers hardware that, instead of intercepting mobile traffic metadata, will use this new vulnerability to reveal details about a user's mobile activity. This could include the number of sent and received texts and calls, allowing IMSI-catcher operators to create distinct profiles for each smartphone holder. https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/ The Debian Project is recommending the upgrade of golang-1.8 packages after a vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in the “go get” command, which could result in the execution of arbitrary shell commands.https://www.debian.org/security/2019/dsa-4380 It is possible to trick user’s of the Evolution email application into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself. The attack is based on using the deficiency of Evolution UI when handling new identifiers on previously trusted keys to convince the user to trust a phishing attempt. More details about how the flaw works, along with examples are included in the article, which is linked in the show notes. Let’s take a minute to cover a bit of background on Trust Models and how validating identities work in OpenPGP and GnuPG:The commonly used OpenPGP trust models are UID-oriented. That is, they are based on establishing validity of individual UIDs associated with a particular key rather than the key as a whole. For example, in the Web-of-Trust model individuals certify the validity of UIDs they explicitly verified.Any new UID added to the key is appropriately initially untrusted. This is understandable since the key holder is capable of adding arbitrary UIDs to the key, and there is no guarantee that new UID will not actually be an attempt at forging somebody else's identity.OpenPGP signatures do not provide any connection between the signature and the UID of the sender. While technically the signature packet permits specifying UID, it is used only to facilitate finding the key, and is not guaranteed to be meaningful. Instead, only the signing key can be derived from the signature in cryptographically proven way.GnuPG (as of version 2.2.12) does not provide any method of associating the apparent UID against the signature. In other words, from e-mail's From header. Instead, only the signature itself is passed to GnuPG and its apparent trust is extrapolated from validity of different UIDs on the key. Another way to say this is that the signature is considered to be made with a trusted key if at least one of the UIDs has been verified.https://dev.gentoo.org/~mgorny/articles/evolution-uid-trust-extrapolation.html If you’re up for some heavy reading about manipulation and deceit being perpetrated by cyber criminals, it may be worth checking out a piece from buzzfeednews. It tells a woeful and dark tale that does not have a happy ending. A small excerpt reads: “As the tools of online identity curation proliferate and grow more sophisticated, so do the avenues for deception. Everyone’s familiar with the little lies — a touch-up on Instagram or a stolen idea on Twitter. But what about the big ones? Whom could you defraud, trick, ruin, by presenting false information, or information falsely gained? An infinite number of individual claims to truth presents itself. How can you ever know, really know, that any piece of information you see on a screen is true? Some will find this disorienting, terrifying, paralyzing. Others will feel at home in it. Islam and Woody existed purely in this new world of lies and manufactured reality, where nothing is as it seems.”https://www.buzzfeednews.com/article/josephbernstein/tomi-masters-down-the-rabbit-hole-i-go Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them. Following a serious vulnerability disclosure affecting casinos globally, an executive of one casino technology vendor Atrient has allegedly assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. The article covers the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ Article 13, the new European Union copyright law is back and it got worse, not better. In the Franco-German deal, Article 13 would apply to all for-profit platforms. Upload filters must be installed by everyone except those services which fit all three of the following extremely narrow criteria:Available to the public for less than 3 yearsAnnual turnover below €10 millionFewer than 5 million unique monthly visitorsCountless apps and sites that do not meet all these criteria would need to install upload filters, burdening their users and operators, even when copyright infringement is not at all currently a problem for them.https://juliareda.eu/2019/02/article-13-worse/ Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique.Among the most exciting security features introduced with ARMv8.3-A is Pointer Authentication, a feature where the upper bits of a pointer are used to store a Pointer Authentication Code (PAC), which is essentially a cryptographic signature on the pointer value and some additional context. Special instructions have been introduced to add an authentication code to a pointer and to verify an authenticated pointer's PAC and restore the original pointer value. This gives the system a way to make cryptographically strong guarantees about the likelihood that certain pointers have been tampered with by attackers, which offers the possibility of greatly improving application security.There’s a Qualcomm white paper which explains how ARMv8.3 Pointer Authentication was designed to provide some protection even against attackers with arbitrary memory read or arbitrary memory write capabilities. It's important to understand the limitations of the design under the attack model the author describes: a kernel attacker who already has read/write and is looking to execute arbitrary code by forging PACs on kernel pointers.Looking at the specification, the author identifies three potential weaknesses in the design when protecting against kernel attackers with read/write access: reading the PAC keys from memory, signing kernel pointers in userspace, and signing A-key pointers using the B-key (or vice versa). The full article discusses each in turn.https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software. While in the past there have been well documented instances where opening a document would result in the executing of malicious code in paid office suites. This time LibreOffice and Apache’s OpenOffice are the susceptible suites. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event.To exploit this vulnerability, the researcher created an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victims into executing a locally available python file on their system when placing their mouse anywhere on the invisible hyperlink.According to the researcher, the python file, named "pydoc.py," that comes included with the LibreOffice's own Python interpreter accepts arbitrary commands in one of its parameters and execute them through the system's command line or console.https://thehackernews.com/2019/02/hacking-libreoffice-openoffice.html Nadim Kobeissi is discontinuing his secure online chat Cryptocat. The service began in 2011 as an experiment in making secure messaging more accessible. In the eight ensuing years, Cryptocat served hundreds of thousands of users and developed a great story to tell. The former maintainer explains on the project’s website that other life events have come up and there’s no longer available time to maintain things. The coder says that Cryptocat users deserve a maintained secure messenger, recommends Wire.The Cryptocat source code is still published on GitHub under the GPL version 3 license and has put the crypto.cat domain name up for sale, and thanks the users for the support during Cryptocat's lifetime.https://twitter.com/i/web/status/1092712064634753024 Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare. Presented by James Patrick, a retired police officer, intelligence analyst, and writer, Malware For Humans covers the Brexit and Trump votes, the Cambridge Analytica scandal, Russian hybrid warfare, and disinformation or fake news campaigns.Malware For Humans explains a complex assault on democracies in plain language, from hacking computers to hacking the human mind, and highlights the hypocrisy of the structure of intelligence agencies, warfare contractors, and the media in doing so. Based on two years of extensive research on and offline, Malware For Humans brings the world of electoral interference into the light and shows that we are going to be vulnerable for the long term in a borderless, online frontier. A complete audio companion is available as a separate podcast, which can be found on iTunes and Spotify as part of The Fall series and is available for free, without advertisements.https://www.byline.com/column/67/article/2412 Security Endeavors Headlines is produced by SciaticNerd & Security Endeavors with the hope that it provides value to the wider security community. Some sources adapted for on-air readability.Special thanks to our friends at malgregator dot com, who allow us to use their compiled headlines to contribute to show’s content. Visit them at Malgregator.com. Additional supporting sources are also be included in our show notesWhy not start a conversation about the stories from this week on our Subreddit at reddit.com/r/SEHLMore information about the podcast is available at SecurityEndeavors.com/SEHL Thanks for listening and we'll see you next week!

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind turns out not to be as blind as its users thought. Reputation jacking comes to business email compromise. Alexa complies with GDPR, but goes a little overboard. And no, a hitman has not been hired to get you, no matter what that email says. Joe Carrigan from JHU ISI on hackers bypassing GMail two-factor authentication. Guest is Brian McCullough, host of the TechMeme Ride Home podcast and author of the book How the Internet Happened. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_21.html Support our show

I dagens avsnitt pratar panelen jinglar, Shadowbrokers, Cloudhopper, vettig IoT och mycket mer!

In today's podcast we hear about Operation TradeSecret, which joins Operation Cloudhopper: both appear to be facets of a Chinese cyberespionage campaign. 20,000 loan applications are exposed by a third-party IT vendor. North Korea's Lazarus Group still has banks in its crosshairs. A study shows that mobile users are in a complicated relationship with their apps. US Congressional hearings into Russian influence operations and allegations of US surveillance continue. IBM’s Wendi Whitmore joins us from the 2017 Women in Cybersecurity Conference. Palo Alto Networks’ Rick Howard describes the cloud paradigm shift. And tomorrow is OpIsrael; Israeli enterprises say they're prepared.

In today's podcast, we hear about how Operation Cloudhopper gets to its espionage targets via their cloud and managed service providers. Details are out on the Android version of the Pegasus spyware. Microsoft will upgrade Office security. Notes on the annual SeaAirSpace expo, including an excursus on cyber Marines. Cisco’s Chief Privacy Officer Michelle Dennedy joins us from the Women in Cybersecurity Conference. Dale Drew from Level 3 describes the security ecosystem disruption. And what is going on in Bedford County, Pennsylvania, a place where the laws of physics may not apply?

Gastheer Maarten Hendrikx, @maartenhendrikx op Twitter. Panel Stefaan Lesage, @stefaanlesage op Twitter, of via de Devia website. Marco Frissen, @marcofrissen op Twitter, of via zijn website Cindy De Smet, @drsmetty op Twitter, of via haar website. Jan Seurinck, @janseurinck op Twitter, of via zijn website. Gast Luc Van Braekel, @lvb op Twitter, of via zijn website. Onderwerpen Facebook neemt het internet over? De start 'het Facebook-tijdperk'? Zullen we dit 'liken'? (The Age Of Facebook, Today Facebook, Tomorrow The World, Facebook: What They Announced At F8) De kogel is door de kerk: HP neemt Palm over. (HP to Acquire Palm voor $1.2 Billion) Nog HP-nieuws: Hewlett-Packard stopt met het Windows 7 tablet project. (Hewlett-Packard To Kill Windows 7 Tablet Project) Microsoft annuleert verdere ontwikkeling Courier tablet. (Microsoft Cancels Innovative Courier Tablet Project) Twitter neemt Cloudhopper over. Uitbreiding van de Twitter SMS-dienst ook naar België en Nederland? (Twitter buys Cloudhopper to help SMS tweets go around the world) Steve Jobs - CEO van Apple - reageert persoonlijk op de hele heisa rond geen Flash op de iPhone en iPad. (Toughts on Flash, Decoding Steve Jobss Dressing Down Of Flash, Adobe CEO Responds to Steve Jobs' 'Thoughts on Flash') Tweets citeren en embedden op je blog kan vanaf 4 mei zonder dat je daarvoor schermafdrukken moeten maken. Gewoon een stukje HTML kopiëren en plakken. (Blackbird Pie, Fresh-baked tweets for your posts) Tips Onze gast Luc kiest als eerste tip een CRM-plugin voor Gmail: Rapportive. Deze plugin vervangt de reclame aan de rechterkant in je Gmail door allerhande informatie over de persoon met wie je emailt (Twitterprofiel, Facebookprofiel, beroep, …). Zijn tweede tip is HTML5 for web designers, een boek van de mensen achter A List Apart. Cindy heeft eindelijk een nieuwe GSM: een HTC Desire. Marco heeft 2 tips: Apple Benelux zit nu ook Twitter (@Apple_Webcare). Tip nummer 2 van Marco is een verzameling van alle emails die Steve Jobs de laatste tijd naar 'gewone stervelingen' heeft gestuurd. Stefaan stelt ons inklet voor. Een stylus gecombineerd met een stukje software waarmee je van je MacBook- trackpad een tekenoppervlak maakt. Jan is net zoals velen erg onder de indruk van Shazam, nu ook beschikbaar voor Android en iPad. Je iPhone of je Android-telefoon even bij een luidspreker houden en Shazam vertelt je welk nummer er speelt. Maarten heeft het eerst over Feest.je, een Nederlandstalige Gowalla / Foursquare-kloon. Zijn tweede tip is Syphir een flinke uitbreiding voor de standaard filters van Gmail. Feedback Het Tech45-team apprecieert alle feedback die ingestuurd wordt. Heb je dus opmerkingen, reacties of suggesties, dan zijn deze altijd welkom op reactie@tech45.eu. Ook audio-reacties in .mp3-formaat zijn altijd welkom. Items voor de volgende aflevering kunnen gemarkeerd worden in Delicious met de tag 'tech45-017'. Vergeet ook niet dat je 'live' kan komen meepraten via live.tech45.eu op dinsdag 18 mei vanaf 20u30. Deze aflevering van de podcast kan je downloaden via deze link, rechtstreeks beluisteren via de onderstaande player, of gewoon gratis abonneren via iTunes.