All posts in “Cybersecurity”

Blacklisted cybersecurity firm Kapersky decamps for Switzerland

We hear neutral territory like Zurich is lovely this time of year.
We hear neutral territory like Zurich is lovely this time of year.

Image: UIG via Getty Images

Cybersecurity company Kapersky Lab found itself blacklisted by U.S. federal agencies after accusations of enabling Russian spies to steal NSA files. Unloved and perhaps unwanted, the company — which has denied any wrongdoing — is moving a number of its international data servers to neutral territory: Zurich. Read more at PC Mag…

A major new vulnerability could expose your encrypted emails

Image: Ulrich Baumgarten via Getty Images

Nobody wants snoops peeking at their emails. Unfortunately, the newly discovered “Efail” vulnerability could make that a possibility. 

On Monday morning, the Electronic Frontier Foundation (EFF) reported that Efail is able to expose HTML emails encrypted with PGP and S/MIME encryption programs — even those that were sent years ago. These tools are commonly employed by journalists, politicians, and other users who require secure communication. 

“In a nutshell, Efail abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs,” the researchers write. 

“The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.”

In other words, once hackers gain access to your emails, they can use the HTML tags in your emails to prompt mail clients to erroneously decrypt those emails in a way that hackers can access.  

So, what should you do? 

EFF’s recommendation: If you use PGP or S/MIME, disable them, and uninstall the tools that decrypt them. 

The security community, however, has claimed these measures aren’t necessary. 

ProtonMail, for example, claims that many data encryption and decryption services are already patched against Efail. ProtonMail itself has verified that it is not vulnerable to Efail. 

Dan Guido, CEO of security company Trail of Bits, claims that Efail should be very easy for clients and savvy users to detect. 

But if you’re still worried, you can always opt for plain-text over HTML emails — or just use Signal like everyone else. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f85091%2fa32d7063 b4aa 45e5 8762 30703ada18bd

UK and U.S. authorities warn of Russian attacks on routers

Russia is being accused of a massive campaign to undermine the security of firewalls and routers in a bid to support espionage and future attacks.

It comes from UK and U.S. authorities who have issued a joint cybersecurity alert for the first time ever to warn people of the threat.

“The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government,” FBI deputy assistant director Howard Marshall said in a statement online.

“As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian government.” he said. “We do not make this attribution lightly and will hold steadfast with our partners.”

The warning states that since 2015, authorities have received information about “cyber actors” exploiting large numbers of enterprise-scale and residential routers and switches around the world.

These “cyber actors” are identifying vulnerable devices to break into, where they can extract device configurations, harvest login details, and control the traffic that goes through the router.

“Russia is our most capable hostile adversary in cyberspace.” 

“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our U.S. allies,” Ciaran Martin, CEO of the National Cyber Security Centre, said in a statement.

“This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.”

The alert details some of the things owners and manufacturers can keep an eye on. For owners, they’re asked to ensure network devices are up-to-date, change default passwords, and ensure the firmware on the device is from a trusted source.

Manufacturers and ISPs are asked to not support out-of-date, unencrypted, or unauthenticated protocols and services.

“Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats,” Martin added.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2018%2f4%2f6fab45cd 0860 18ad%2fthumb%2f00001

Equifax exec who sold nearly $1 million in shares charged with insider trading

Equifax’s former chief information officer has been indicted for insider trading, making him the first executive to face criminal charges following the company’s massive data breach that exposed the personal data of more than 145 million Americans.

Jun Ying, who was the company’s CIO at the time the company was hacked last summer, will be arraigned in federal court this week on charges of insider trading, according to the Department of Justice.

For a CIO at a financial company, Ying didn’t exactly do a great job at covering his tracks. 

According to a DOJ statement, following a meeting on a Friday, he texted a coworker that “Sounds bad. We may be the one breached.” The next Monday morning, he searched the web to see how a data breach had affected the stock price of competitor Experian. Later that same morning, he exercised all the stock options available to him. 

He then sold the shares — a move nabbed him $950,000 before Equifax’s data breach was made public. Had he sold after the breach, he would have lost $117,000, according to a statement from the SEC.

Stunningly, Ying is not the only executive who faced scrutiny for selling shares ahead of the Equifax’s public disclosure of the breach. Three other top executives, including its chief financial officer, president of workforce solutions, and president of U.S. information solutions, also dumped hundreds of thousands of dollars in shares just days before alerting the public to the breach.

Neither the SEC or the DOJ has commented on those cases.

[embedded content]

Cryptocurrency exchange puts $250,000 bounty on hackers

The hunter has become the hunted and so on.
The hunter has become the hunted and so on.

Image: SHUTTERSTOCK / PHANURAK RUBPOL

Binance is done playing nice. 

The cryptocurrency exchange was the target of an attempted hack last week, and although the company claims that the attackers were largely unsuccessful in their efforts, they nevertheless still made someone at the exchange mad. So mad, in fact, that on Sunday, Binance announced the equivalent of a $250,000 bounty on the hackers. 

“To ensure a safe crypto community, we can’t simply play defense,” read the statement. “We need to actively prevent any instances of hacking before they occur, as well as follow through after-the-fact.”

That follow through just so happens to come in the form of a fat cryptocurrency reward, and is all but guaranteed to kick off a mad digital vigilante rush. 

“The first person to supply substantial information and evidence that leads to the legal arrest of the hackers, in any jurisdiction, will receive the equivalent of $250,000 USD in BNB [Binance Coin],” continued the modern day version of a wanted poster. 

Binance appears to relish being on the offensive — a fact emphasized by the company’s CEO, Changpeng Zhao.

“As in a football match, you can’t just play defense,” he tweeted

Regardless of how this particular case gets resolved, it doesn’t look like the idea of exchanges putting bounties on hackers is going away any time soon. In fact, it’s probably going to pick up steam. 

“Binance has currently allocated the equivalent of $10,000,000 USD in crypto reserves for future bounty awards against any illegal hacking attempts on Binance,” noted the same announcement. “We have also invited other exchanges and crypto businesses to join our initiative.”

So all you would-be cryptocurrency exchange hackers out there, consider yourselves warned.

[embedded content]