Shazam Keeps Ears Open When Microphone Is ‘Off’
This article talks about the application Shazam, which uses the device microphone to listen to a couple seconds of music and determine the title and author of a song. If you’ve used SoundHound before, then it’s very similar. Patrick Wardle, director of research for the security Synack, recently published an application called OverSight. OverSight was used to alert the macIOS user of malicious attempts to access their camera. People that used OverSight, was also alerted that the system was also accessing the microphone while Shazam was off. Although, review of the Shazam code shows that the recording was not transferred, saved, or exfiltrated, it is still a concern that the app is still recording you even though it is suppose to be off. I wonder how many other applications are still running in the background when you supposedly turn it off.
http://www.databreachtoday.com/shazam-keeps-ears-open-when-microphone-off-a-9528
Phishing Threat Continues To Loom Large
Although medium and large-sized organizations has taken proactive measures to train their employees on how to detect and protect themselves against phishing and spear-phishing scams, the article points out that they are still vulnerable. It reports that 41% of organizations survey have lost sensitive information on employee’s computers, and 24% have lost sensitive data from corporate network. It points out that the best way to mitigate phishing attacks is through employee training. It also provided a really good example of how social media can be used for reconnaissance to craft a sophisticated spear phishing attack against a victim.
The main points of this article is to ensure that your employees are trained and aware of phishing attacks, make yourself a harder target by reducing your digital footprint, or be careful of what you post online.
Article: http://www.darkreading.com/partner-perspectives/malwarebytes/phishing-threat-continues-to-loom-large/a/d-id/1327370?
ProjectSauron
A couple of months ago, Symantec and Kaspersky Labs discovered a malware called ProjectSauron or Strider. It was capable of harvesting passwords of entire networks since 2011. It had separate modules designed to perform specific functions like stealing documents or recording keystrokes. It is also highly selective in its target, currently only infecting 36 computers across 7 organizations in 4 different countries (Belgium, Sweden, Russia, and China). ProjectSauron has been, until recently, undetected by some of the most advanced IDS/IPS systems available.
Symantec and Kaspersky is acknowledging that this may be state-sponsored malware, used for specific targets to gather military intelligence, because of the complexity of the technology used which may have caused millions of dollars to develop.
You can read more here: https://www.rt.com/news/355165-sauron-malware-cyber-espionage/
Nessus Scan – Loi Tran
Create Your Own MD5 Collision
We’ve talked briefly at MD5 collision in the last class, and some people has some questions about it. The two links provided below; the first is explaining what MD5 collision is and the second will let you create your own collision.
Basically, collision occurs when two completely different files have the same digest. When you use a hash algorithm: 1st you take the original message (plaintext), add some padding, run it through the hash algorithm (in this case MD5), and then it returns a message digest (ciphertext). Each file, if not exactly the same, should have a different digest. Nat McHugh has found a way to add prefixes to the plaintext (files: jpg, txt, etc) that would make the hash algorithm return the same hash even if the files were different.
He has created a Amazon Web Service (AWS) image that would allow you to download and run the script for about 7 cents an hour. I’ve tried it and it took about a day to create a collision. So I was able to create a MD5 collision for less than 2 bucks. If you are interested you can try it out:
http://natmchugh.blogspot.com/2015/09/md5-collisions-in-ssh-keys.html
http://natmchugh.blogspot.com/2015/02/create-your-own-md5-collisions.html
Encryption: A Backdoor For One Is A Backdoor For All
This article talks about how important encryption is in today’s internet-driven economy. Any attempt to circumvent encryption measures will eventually leave systems vulnerable to unwarranted attack by malicious actors. Companies, organizations, ethical hackers, and software developers who leaves back doors in their systems or programs are potentially giving the threat agents another vector to attack the system.
Read More on the Article here: http://www.darkreading.com/attacks-breaches/encryption-a-backdoor-for-one-is-a-backdoor-for-all/a/d-id/1327177?
Tech Support Scams Put UK Users at Risk
Tech Support scams is a combination of social engineering and malware. Once the user’s computer is infected with the initial malware that typically alerts the user that computer is infected with a virus. It urges the user to either install a anti-virus software, which of course is another malware, or to contact a tech support hotline – a number that charges by the minute. According the report, Microsoft claimed that victims has lost over $15 Billion to these scammers.
Ways to protect yourself:
- Keep your computer patched up and up-to-date
- Use anti-virus/malware software
- Contact with Tech support should go through official channels
Article : http://www.infosecurity-magazine.com/news/tech-support-scams-put-uk-users-at/
Cybercrime as a Service on the Darknet Has Europol Concerned
Cybercrime as a Service (CaaS) is an emerging concern for the European Police. Although it has not been affected by it yet, it has the potential to disrupt critical IT for European government agencies and law enforcement. CaaS can give militants and activist access to hackers that would provide cyber attacks in exchange for bit coins on the darknet. These attacks can range from malware, ransomware, to DDoS attacks. Bad actors no longer have to rely on their own technical prowess and purchases these services.
Based on the DNS threat index, from CIO Insight, CaaS has grown 7% from Q4 of 2015 to Q1 of 2016. The rise is eminent and the risks to organizations are higher.
More Details Below:
Cybercrime as a Service on the Darknet Has Europol Concerned
https://securityintelligence.com/cybercrime-as-a-service-poses-a-growing-challenge/
Wells Fargo Reconnaissance Analysis
Team Members: Loi Tran and Noah Berson