Vaibhav Shukla

IBM has announced that 40 companies around the world have signed up for its IBM Watson for Cyber Security Beta Program.

The companies will test the ability of IBM’s cognitive computing technology  to help in the battle against cyber crime. The trial will include representatives of the banking, healthcare, insurance, education and other key industry sectors.

Watson for Cyber Security uses technologies such as machine learning and natural language processing, which is being trained to understand the language of security.IBM claims the combined technologies will help security analysts make better, faster decisions from vast amounts of data, including unstructured data that has been “dark” to security defenses until now.On other hand some threat intelligence experts have cautioned against the total reliance on cognitive technology could be dangerous

Intel Security is pursuing this hybrid approach and is working with a select group of customers to develop systems to enable human machine teaming to get the best of both worlds in applying cyber threat intelligence

http://www.computerweekly.com/news/450404252/40-firms-to-trial-IBM-Watson-cognitive-computing-for-cyber-security

 

Analysis 3

burpe-suite-ppt_vaibhav—-Presentation

burpe-suite-summary_vaibhav—-Summary

The insecure implementation of the OTA (Over-the-air) update mechanism used by numerous Android phone models exposes nearly 3 million phones to Man-in-the-Middle (MitM) attacks and allows adversaries to execute arbitrary commands with root privileges.

The vulnerable OTA update mechanism is associated with Chinese software company Ragentek Group, which didn’t use an encrypted channel for transactions from the binary to the third-party endpoint. According to security researchers at AnubisNetworks, this bug not only exposes user-specific information to attackers, but also creates a rootkit, allowing an adversary to issue commands that could be executed on affected systems.The code from Ragentek contains a privileged binary for OTA update checks as well as multiple techniques to hide its execution. Located at /system/bin/debugs, the binary runs with root privileges and communicates over unencrypted channels with three hosts. Responses from the remote server include functionalities to execute arbitrary commands as root, install apps, or update configurations.

The issue, tracked as CVE-2016-6564, is that a remote, unauthenticated attacker capable of performing a MitM attack could replace the server responses with their own and execute arbitrary commands as root on the affected devices.

http://www.securityweek.com/over-air-update-mechanism-exposes-millions-android-devices

ImageWare has today launched what it describes as the “first ever multimodal biometric authentication solution for the Microsoft ecosystem Called GoVerifyID Enterprise Suit, the system combines ImageWare’s Biometric Engine and its GoMobile Interactive products to provide true multifactor authentication.

One of GoVerify’s strongest points is the ease and speed with which it can be integrated into any Microsoft installation. It integrates with Active Directory and is essentially a snap-in to the Microsoft Management Console. It is a SaaS cloud service with the biometrics database held in the cloud, and GoMobile operating as the agent on mobile devices

http://www.securityweek.com/imageware-launches-multi-modal-biometric-authentication-enterprises

Researchers at Skycure have discovered a new strain of Android spyware, dubbed Exaspy, that has been used in targeted attacks against high-level executives.Researchers from Skycure discovered an instance of the Exaspy malware that was installed on an Android 6.0.1 device owned by a Vice President at an unnamed company.

Here is how the app installs itself when it runs for the first time:

1. Malware requests access to device admin rights
2. Asks (nicely) for a licence number
3. Hides itself
4. Requests access to root (if the device is rooted and managed through popular rooting apps). Once granted, it installs itself as a system package to make its uninstallation process harder.”

Mitigation efforts should include disabling USB debugging and regularly checking an Android’s Device Administrators list and disable components you don’t trust

http://securityaffairs.co/wordpress/53108/malware/exaspy-spyware.html

Vladimir Putin’s government is threatening to shut down business networking site LinkedIn. The threat stems from a recent law in Russia that requires all companies doing business in the country to store their data locally, something that LinkedIn does not do.The decision is driven by the fear about data privacy in the wake of Edward Snowden’s revelations about NSA snooping.

http://fortune.com/2016/10/26/linkedin-russia/

Scanning Exercise

Video

scanning-ppt

summary-pdf

 

Major websites were inaccessible to people across wide swaths of the United States on Friday after a company that manages crucial parts of the internet’s infrastructure said it was under attack.

Users reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times.

Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m.

http://www.reuters.com/article/us-usa-cyber-idUSKCN12L1ME

https://community.mis.temple.edu/itacs5211fall16/2016/10/21/3717/

A dangerous banking Trojan, named Acecard,  asks android users to send a selfie holding their ID card.This threat tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video.The moment the app is executed by the user, it hides itself from the home launcher and then asks for device administrator privileges, in an attempt to make its removal, difficult and tedious.Once validated, the phishing tactic asks for super-personal information such as the cardholder’s name, date of birth, phone number, credit card expiration date and CCV as well.

 

http://www.dnaindia.com/scitech/report-android-hack-malware-acecard-selfie-id-card-2264336

There are three publicly known attacks against nuclear plants:

• Monju NPP (Japan 2014)
• Korea Hydro and Nuclear Power plant (S.Korea 2014)
• Gundremmingen NPP (Germany 2016).

According to the head of the United Nations nuclear watchdog, the International Atomic Energy Agency (IAEA) Director Yukiya Amano, a nuclear power plant in Germany was hit by a “disruptive” cyber attack two to three years ago.Fortunately, the damages caused by the cyber attack on the German nuclear plant did not force the operators to shut down its processes but urged the adoption of additional precautionary measures

.

http://www.telegraph.co.uk/news/2016/04/27/cyber-attackers-hack-german-nuclear-plant/