IT Security News Blast 8-24-2017

How M&A Activity Can Open the Door to Cyber Threats

Failure to secure sensitive information during transitions opens the door to bad actors looking to profit by exploiting financial markets and proprietary intellectual property (IP). Understanding the risks present during the M&A process is the first step toward mitigation. While each deal will have its own nuances, all tend to follow five general stages. Along each stage, new risks emerge — and advanced attackers, well-versed in corporate espionage techniques, stand to profit.

 Cybersecurity is no longer an option for supply chains

Recognizing that cyber security is a necessary investment is a non-negotiable reality. For companies hesitant to spend the money to enlist expert support, the realization that insufficient protection could ultimately cost even more may serve as motivation. During the Wannacry attack, for example, French carmaker Renault lost four days of production due to the event. Four days is a long time within a supply chain — can the cost of protection possibly have equaled the time lost and the business disrupted?

 New Cyber Threat That Can Change The Content Of Emails At Any Time Post Delivery

Earlier today researchers uncovered a new type of cyber threat that enables cyber criminals to remotely change the content of emails anytime post-delivery. Dubbed ROPEMAKER, the hackers can use this attack to avoid the target organisation’s security controls to deliver malicious emails. For example, a hacker could swap a harmless, non-dangerous URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox. Brian Robison, Senior Director of Security Technology at Cylance commented below.

 Cybersecurity Firm root9B’s Assets Up for Sale

Root8B Holdings is continuing to work with creditors and other potential investors to raise the capital needed to pay off the debt. But there is no assurance that the company will be able to raise the money in time, said Joseph Grano, root9B Holdings’ non-executive chairman of board, former CEO and an individual investor in the secured debt. “We are disappointed with the foreclosure notice,” said Grano, who was chairman of the Homeland Security Advisory Council between 2002 and 2005.

 French firm offered spyware to ‘find out if your son is gay’

Listing a series of “clues”, the company, Fireworld, suggested that “hacking his Facebook account” and seeing if he had visited gay websites could confirm a parent’s suspicions. […] They include “taking good care of himself”, being more interested in reading and theatre than in football, being shy as a young boy, having certain piercings and liking female singers and divas.

 Sonos says users must accept new privacy policy or devices may “cease to function”

A spokesperson for the home sound system maker told ZDNet that, “if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease.” “The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function,” the spokesperson said.

 Should the LAPD test drones? Police ask the public to weigh in

Drones have been hailed by law enforcement across the country as a valuable technology that could help find missing hikers or monitor armed suspects without jeopardizing the safety of officers. But efforts to deploy the unmanned aircraft have frequently drawn fierce criticism from privacy advocates and police critics for whom the devices stir Orwellian visions of inappropriate — or illegal — surveillance and fears of military-grade, weaponized drones patrolling the skies.

 OSINT With Datasploit

Datasploit is “an #OSINT Framework to perform various recon techniques, aggregate all the raw data, and give data in multiple formats.” More specifically, as stated on Datasploit documentation page under Why Datasploit, it utilizes various Open Source Intelligence (OSINT) tools and techniques found to be effective and brings them together to correlate the raw data captured, providing the user relevant information about domains, email address, phone numbers, personal data, etc. Datasploit is useful to collect relevant information about a target in order to expand your attack and defense surface very quickly.

 Pro-Russian Bots Take Up the Right-Wing Cause After Charlottesville

The Russian influence networks we track are definitely amplifying the broader alt-right chatter about Charlottesville,” one of the researchers, J.M. Berger, said. […] The latest Soros accusation, which PolitiFact found to be baseless, shows another aspect of how messages snowball as they pass between the American right-wing and Russian propagandists, according to Nimmo. A U.S. right-winger asserts a “fact,” a Russian news agency fuses it with a Kremlin narrative, and then American right-wing websites parrot the Russian news agency’s assertion.

 Fake news a growing worry for Kiwis

Fake news resulting from the United States presidential election has New Zealanders more worried than ever about reading inaccurate or misleading information online. A survey of about 700 internet users conducted by UMR Research for InternetNZ, suggests the concern has almost doubled in the past year. InternetNZ​ deputy chief executive Andrew Cushen said fake news was one of the most significant threats to the internet’s main benefit, access to information. Almost half of the respondents said they were concerned the internet would ruin their ability to think independently.

 Proposed legislation discourages Russia-U.S. cyber pact, while prioritizing election security

Passed in the Senate Intelligence Committee by a 14-1 margin this past July and made public just days ago, the Intelligence Authorization Act for Fiscal year 2018 explicitly forbids the U.S. government from using federal resources to form a cyber partnership with Russia, unless the U.S. Director of National Intelligence (DNI) first submits a report that congressional intelligence committee members can review 30 days in advance of such an agreement. This key clause is a blatant rebuke of President Donald Trump, who fleetingly announced a U.S.-Russian cyber unit in July before backing off the idea amidst backlash.

 Analysis: Substantial Russian & Chinese Weapons Threats to US

China is on the verge of fielding an operational anti-satellite weapon. Meanwhile, both great powers are working on developing directed energy weapons to counter American satellites. “Ten years after China intercepted one of its own satellites in low-Earth orbit, its ground-launched ASAT missiles might be nearing operational service within the PLA [People’s Liberation Army],” Coats stated. “Both countries are advancing directed energy weapons technologies for the purpose of fielding ASAT systems that could blind or damage sensitive space-based optical sensors. Russia is developing an airborne laser weapon for use against US satellites.”

 Only tanker was detected before collision with US destroyer

Naval experts say the VTIS had likely detected the tanker through the latter’s AIS. But the AIS in the warship might have been switched off. Still, other vessels in the vicinity should have been able to detect or see the destroyer on their radar systems or by sight. Even as a probe is under way, experts have also suggested other possible causes for the collision – including a potential cyber breach that may have disabled the destroyer’s computer system. […] Military experts say it is not uncommon for naval vessels to switch off their AIS systems for security purposes. Dr Sam Bateman, a former commodore of the Royal Australian Navy and adviser to the Maritime Security Programme at the S. Rajaratnam School of International Studies, said: “Warships often don’t have their AIS switched on because of security… That is a real problem.”

 ATT(H)ack- Anti-Cyber Crime Law in Saudi Arabia

The Agreement imposes Penalties on those in violation of the Agreement terms and conditions. The proposed amendment to Article 6 of the Law that could allow offenders to be publicly named and shamed. The additional powers granted to the judiciary under the amended provision will allow the publication of a summary of the decision one or more local newspapers or any other medium deemed suitable by the court in the connection of the type of the crime, its severity, and its impact. The publication release only happens once the verdict gains the status of the final ruling and the offender may also incur the costs of publication.

 Pirate Bay Founders Ordered to Pay Music Labels $477,000

Two founders of The Pirate Bay have been ordered by a court in Finland to pay record labels more than $477,000 in compensation. Fredrik Neij and Gottfrid Svartholm were found liable for ongoing copyright breaches on the site. Neither appeared to mount a defense so both were found guilty in their absence. […] Meanwhile, The Pirate Bay sails on, seemingly oblivious to the news.

 Twenty people from Youngstown indicted laundering $16 million obtained through computer hacking and other fraud

The defendants are accused of working as conspirators in an international fraud organization with conspirators operating from Canada, Africa and other parts of the United States. These 20 defendants were recruited and managed by a mid-level operator identified in court documents as Z.H. He operated in and around Youngstown, Columbus and Atlanta. Working at Z.H.’s direction, the defendants established shell companies and business bank accounts used to receive and launder at least $16 million obtained through various fraud schemes, according to the indictment.

 Wanted: Weaponized exploits that hack phones. Will pay top dollar

Zerodium, the Washington, DC-based broker that launched in 2015, said on Wednesday that it would pay $500,000 for fully functional attacks that work against Signal, WhatsApp, iMessage, Viber, WeChat, and Telegram. The broker said it would start paying the same rate for exploits against default mobile e-mail apps. Those are among the highest prices Zerodium offers.

 Beware; dangerous new malware ‘Joao’ hits gamers worldwide

IT security researchers at ESET have discovered a new malware targeting gamers around the world. Dubbed “Joao” by researchers; the malware exists in third party websites offering malicious setups for Aeria games. The malware works in such a way that once executed it can install other malicious codes on a targeted device. Furthermore, Joao takes advantage of “Massively multiplayer online role-playing games (MMORPGs),” a platform for role-playing video games and massively multiplayer online games where a large number of gamers get together to interact.

 Researchers find more malware-infested apps on Google Play

Security researchers have discovered several apps on the Google Play store harbouring the Bankbot app. According to blog posts by SfyLabs and Zscaler, the apps are called ‘Earn Real Money Gift cards’  (package name: and ‘Bubble Shooter Wild Life’ (package name: com.bubblesooter.wildlife). Both are by the same author. Both companies said they have told Google about the apps. At the time of writing, both apps were still available to download. Researchers said that the first app contained Bankbot while the second contains a dropper, malware used to install other malware when instructed.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.