Call 01865 845 700
Google+ account Linkedin account Twitter account YouTube account


JUN 15th 2018
The register



US-CERT warns of more North Korean malware

'Typeframe' springs from the same den as 'Hidden Cobra'

The United States Department of Homeland Security's Computer Emergency Response Team (US-CERT) has warned against another malware campaign it says originates from North Korea.

In its advisory, US-CERT said the “Typeframe” malware “includes malware descriptions related to HIDDEN COBRA”, the tag applied to a North Korean hacking team which in June 2017 was pinged as attacking “media, aerospace, financial, and critical infrastructure”.

The advisory doesn't say how many machines may have been infected by Typeframe, nor where infections occurred.

Hidden Cobra has been busy recently: at the end of May, it was the subject of another US-CERT technical alert regarding the Joanap and Brambul malware strains, and last week we reported that the hacking group's tools were spotted in an attack on Banco de Chile.

JUN 15th 2018



Gloucester Police Fined For Disclosing Victim Details In Bulk Email

An officer failed to activate the 'BCC' function in a bulk email, landing the force a £80,000 penalty

The Information Commissioner’s Office (ICO) has fined Gloucester Police £80,000 after it inadvertently identified child abuse victims in a bulk email.

The case is one of the few that are still being dealt with under the provisions of the 1998 Data Protection Act, rather than the General Data Protection Regulation (GDPR), which came into force last month, and which allows for much higher fines than older legislation.

That’s because of the date of the incident, which took place on 19 December 2016.

At that time an officer involved in an investigation of alleged historical abuse sent an update on the case to 56 recipients by email, but entered the addresses into the ‘To’ field and did not activate the ‘BCC’ function that would have hidden the details from other recipients.

JUN 15th 2018
SC Magazine



Reset 2018: How cyber-immune systems compare to biological immune systems

In the opening presentation of Reset 2018, Mary Haigh, product director BAE Systems dissected the analogy of cyber-immune systems and biological immune systems, concluding there were indeed parallels - but its not an exact fit.

In the opening presentation of Reset 2018 yesterday Mary Haigh, product director BAE Systems dissected the analogy of cyber-immune systems and biological immune systems, concluding there were indeed parallels - but that it was not an exact fit.

The idea that a cyber-immune system - adaptive defence - is a self healing system that adapts to mutations and environmental threats is an attractive one, but it suggests that it will cope by itself - that the analytics will learn without feedback. In reality these systems always need feedback on what is good and bad says Haigh.

However,she notes that it is also true that a human immune system also needs a lot of help to remain healthy - eg for the flu virus - we research how it mutates and what vaccinations we need - which is going on in the background. Then there are the things we choose to do ourselves. If we go to exotic locations like a jungle, we would get jabs before we go. So there are environmental choices we make ourselves, and background factors.

JUN 15th 2018



Apple Disables iPhone Encryption Workaround Used By Cops

Apple said the move was not specifically aimed at frustrating law enforcement's efforts to convict criminals

Apple has confirmed it is planning to change the software in iOS-based devices such as iPhones to make them more difficult to unlock, but said the move was not specifically aimed at deterring access by law-enforcement agencies.

Apple announced the new feature, which is set to debut in iOS 12 later this year, at its WWDC developer conference earlier this month.

It disables iOS devices’ data ports after the device has been locked for an hour. After that, the port can still be usde for charging, but the device must be unlocked for data transfers to take place.

In order to unlock mobile devices such as iPhones, law enforcement agencies often use unlocking tools that link to the device’s data port.

JUN 10th 2018
BBC News



Tomorrow's Cities: Dubai and China roll out urban robots

It is a terrifying vision of the future - a robot police officer with dark eyes and no discernible mouth that can identify criminals and collect evidence.

The robocop, complete with police hat to give it that eerie uncanny valley feel, was shown off outside the world's tallest tower, Burj Khalifa, in Dubai, last June.

But since then what has it done? And is Dubai's love affair with robotics any more than just PR for a country desperate to be at the cutting edge of technology?

PAL Robotics, the company behind the robot, threw some light on its duties, which seemed more tourist guide than police officer.

"This robot joined the Dubai police to help citizens in an innovative and engaging way, and it is located by now in tourist attractions and shopping malls," the company told the BBC.

JUN 8th 2018



Atlanta Loses ‘Years’ Of Police Video Evidence In Ransomware Attack

The incident paralysed city services for weeks, and police have only now mostly recovered

Atlanta’s police department has permanently lost “years” of video evidence, following a devastating ransomware attack in March.

Police chief Erika Shields said in an interview with local media that the footage, mostly dashcam videos, could not be recovered.

The loss could compromise some cases if an officer’s testimony isn’t sufficient, according to Shields.

But she said that while dashcam footage is “a useful tool” for police, it “doesn’t make the cases for us”.

JUN 8th 2018
SC Magazine



Hackers using Excel IQY files to dodge antivirus and download malware

Security researchers have discovered a new spam email campaign using a novel approach to infect victims. Users tricked into downloading and executing malicious script via Excel.

According to a blog post by Barkly, instead of using Word documents or other commonly abused attachment types, these new spam email campaigns are using .iqy files - these are simple text files that open by default in Excel and are used to download data from the Internet.

This approach can bypass antivirus software and be used to install remote access trojans called FlawedAmmyy and built on the leaked source code for the remote desktop software Ammyy Admin. This RAT gives attackers complete access over infected machines.

Barkly said among the botnets distributing the FlawedAmmyy RAT via .iqy files is Necurs. Researchers said that this was initially identified by @dvk01uk, with the first wave of spam emails utilising .iqy files was sent out on 25 May, this year. A subsequent, smaller wave was detected on 5 June. A third Necurs campaign was spotted on 7 June.

JUN 7TH 2018
The Register



WannaCry reverse-engineer Marcus Hutchins hit with fresh charges

Accused of creating UPAS Kit and lying to FBI

WannaCry ransomware killswitch hero* Marcus Hutchins faces fresh charges in relation to separate malware the security researcher is alleged to have created.

Hutchins, a British citizen, has been held in the US since August last year, after visiting the Black Hat and DEF CON security conferences in Las Vegas. He was collared at the airport on his way home, and has since been charged with multiple felony counts related to the 2014 development of the Kronos banking trojan. He denies any wrongdoing.

According to a new filing, submitted to the US district court in eastern Wisconsin, Hutchins is now also accused of creating a second piece of malware, known as UPAS Kit, and distributing it with the help of another individual.

JUN 2nd 2018
The Register



Is Microsoft about to git-merge with GitHub? Rumors suggest: Maybe

And the internet says... Redmond, keep your forking hands off our favorite website

Poll Microsoft has held talks with GitHub with a mind to potentially buy the popular source-code warehouse, folks closely familiar with the discussions have claimed.

There have been recurring rumors going back to at least 2016 that the Windows giant is considering gobbling the San Francisco-based upstart, which hosts developers' software blueprints and allows them to share and manage their projects online.

The website is free to use, although you have to pay a monthly or yearly fee for extra features - such as private repositories - or stump up for an enterprise account. It also has a marketplace of third-party apps that plug into its service. It says it has built up an annual run rate of more than $200m in subscriptions.

Jun 2nd 2018
BBC News



Google 'to end' Pentagon Artificial Intelligence project

Google will not renew a contract to do artificial intelligence work for the US Pentagon, company sources say.

The decision follows strong opposition in the technology giant's workforce.

A number of Google employees resigned and thousands of others signed a protest petition against taking part in the Pentagon project, known as Maven.

They feared it was the first step towards using artificial intelligence for lethal purposes. There has been no official statement from Google.

According to company sources, top executive Diane Greene told staff on Friday there would be no follow-up after the current contract expired next March.

JUN 1st 2018
SC Magazine



Three-quarters of Redis servers are infected with malware

Research finds that unsecured servers should not have been connected to the internet. Three-quarters of open Redis servers are infected with malware, according to new research.

In a recent blog post by security researchers at Imperva, a Redis server was set up as a honeypot in order to understand the magnitude of the problem. Within less than 24 hours, the servers started to register attacks.

Researchers said that attackers set a key/ value pair in the memory and then saves it to a file in the disk in a location that will force the file to run (e.g /etc/crontabs, /var/spool/cron/crontab etc.). Attackers usually set values that include commands to download external remote resource and run it. Another popular type of command is adding SSH keys, so the attacker can remotely access the machine and take it over, according to researchers.

Imperva then took the attacks keys and scanned 72k publicly available Redis servers to see if they were hosting any of the attacks registered by the honeypots.

JUN 1st 2018
SC Magazine



Blockchain platform EOS found containing critical security vulnerabilities

Security researchers have uncovered several security vulnerabilities in blockchain platform EOS, some of which can be exploited by hackers to remotely execute arbitrary code on EOS nodes and thereby manipulate the entire EOS blockchain system!

EOS presently ranks fifth in cryptocurrency valuation globally and is considered as the third generation of BlockChain platform. The advantage of EOS over traditional blockchain platforms such as Bitcoin is that while Bitcoin manages around 3-4 transactions per second, EOS can perform millions of transactions per second thanks to the use of a distributed proof-of-stake consensus mechanism.

Researchers at 360 Security Center recently observed that the EOS blockchain system contained several vulnerabilities that could be exploited not only to run arbitrary code on EOS nodes remotely, but also to directly manipulate the whole blockchain system. To make this possible, all a hacker needed to do was to release smart contract containing malicious code which would, in turn, be executed by the EOS block producer.

  © Quadsys 2014  -  Site Map  |  Privacy Policy  |  Terms of Use  |  Cookies Information  
Cookies in Use