US cyber warfare threat against Russia

This article discusses the current state of US-Russian relations. To say the relationship between the two superpowers is not good would be an understatement. The US has repeatedly accused Russia of hacking an revealing DNC secrets. Russia and Putin of course deny any involvement but that has not stopped the US from taking the approach that, if the Russians continue their intrusions during the election, they will launch a counter attack against the rival. The response against Russia will come after the election, according to the article. The article sites an NBC report that states the US will strike Russian electric grids, telecommunications networks, and the Kremlin’s command system. Targeting DNC emails is certain unlawful but hitting major targets such as the ones reported in Russia would have a much more devastating affect, it would seem.

http://gizmodo.com/obama-may-unleash-cyberwar-on-russia-after-election-re-1788654382

This article talks about how the NSA allegedly snooped on VPN traffic by exploiting a vulnerability in the CISCO PIX VPN> The versions that are vulnerable are 5.3(9) through 6.3(4) and were supported by CISCO from 2002 to 2009. The attack code was dubbed BenignCertain and exploits a vulnerability in Cisco’s implementation of the Internet Key Exchange, a protocol that uses digital certificates to establish a secure connection between two parties. The packets cause the vulnerable device to return a chunk of memory. A parser tool included in the exploit is then able to extract the VPN’s pre-shared key and other configuration data out of the response. According to one of the researchers who helped confirm the exploit, it works remotely on the outside PIX interface. This means that anyone on the Internet can use it. No pre-requirements are necessary to make the exploit work. The exploit helps explain documents leaked by NSA contractor Edward Snowden and cited in a 2014 article that appeared in Der Spiegel. The article reported that the NSA had the ability to decrypt more than 1,000 VPN connections per hour. The revelation is also concerning because data returned by the Shodan search engine indicate more than 15,000 networks around the world still use PIX, with the Russian Federation, the US, and Australia being the top three countries affected. The following is a screen shot of BenignCertain extracting a shared key from a Cisco PIX firewall.

View article here.

I found this to be very interesting.  A very good interactive tutorial on how SQL injection works.

Click Here

Researchers at Skycure have discovered a new strain of Android spyware, dubbed Exaspy, that has been used in targeted attacks against high-level executives.Researchers from Skycure discovered an instance of the Exaspy malware that was installed on an Android 6.0.1 device owned by a Vice President at an unnamed company.

Here is how the app installs itself when it runs for the first time:

1. Malware requests access to device admin rights
2. Asks (nicely) for a licence number
3. Hides itself
4. Requests access to root (if the device is rooted and managed through popular rooting apps). Once granted, it installs itself as a system package to make its uninstallation process harder.”

Mitigation efforts should include disabling USB debugging and regularly checking an Android’s Device Administrators list and disable components you don’t trust

http://securityaffairs.co/wordpress/53108/malware/exaspy-spyware.html

Although medium and large-sized organizations has taken proactive measures to train their employees on how to detect and protect themselves against phishing and spear-phishing scams, the article points out that they are still vulnerable.  It reports that 41% of organizations survey have lost sensitive information on employee’s computers, and 24% have lost sensitive data from corporate network.  It points out that the best way to mitigate phishing attacks is through employee training.  It also provided a really good example of how social media can be used for reconnaissance to craft a sophisticated spear phishing attack against a victim.

The main points of this article is to ensure that your employees are trained and aware of phishing attacks, make yourself a harder target by reducing your digital footprint, or be careful of what you post online.

Article: http://www.darkreading.com/partner-perspectives/malwarebytes/phishing-threat-continues-to-loom-large/a/d-id/1327370?