NSO Group President Defends Controversial Tactics

Threatpost

Cryptography Facebook Privacy Amnesty International end-to-end encrypted messaging messaging NSO Group NSO Group Technologies WhatsAppFirm defends controversial business offerings, claims it should be considered a force of good.

IT 69

WhatsApp Encryption Security Flaws Could Allow Snoops to Slide Into Group Chats

WIRED Threat Level

German researchers say that a flaw in the app's group-chat feature undermines its end-to-end encryption promises. Security

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files.

Attackers Are Messing with Encryption Traffic to Evade Detection

Dark Reading

Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4

Croatia’s largest petrol station chain INA group hit by ransomware attack

Security Affairs

S ome operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain were disrupted by a cyber attack. A ransomware attack has disrupted operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain.

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Spotlight Podcast: Two Decades On, Trusted Computing Group tackles IoT Insecurity

The Security Ledger

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about TCG's 20th anniversary and how the group is tooling up to confront the challenge of securing billions of Internet of Things devices.

NEW TECH: Breakthrough ‘homomorphic-like’ encryption protects data in-use, without penalties

The Last Watchdog

Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, aka homomorphic encryption, would be to keep data encrypted while it is being actively used by an application to run computations.

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Why is Encryption a Feasible Option against Digital Threats? Popular email providers, although, offer end-to-end encryption.

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. which according to google translate would be: “PIK Group of Companies order details”. SecurityAffairs – PIK Group, hacking).

Magecart group 7 use new e-skimmer to steal payment data

Security Affairs

RiskIQ tracks different Magecart groups, based on the was the e-skimmer is used by threat actors the experts attribute this campaign to the Magecart Group 7. This exfiltration method was observed in past attacks associated with the Magecart Group 7.

Winnti APT Group targeted Hong Kong Universities

Security Affairs

Winnti Group has compromised computer systems at two Hong Kong universities during the Hong Kong protests that started in March 2019. “In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities.

WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies

Security Affairs

WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users.

GreyEnergy cyberespionage group targets Poland and Ukraine

Security Affairs

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Experts from ESET speculate the BlackEnergy threat actor evolved into two separate APT groups, namely TeleBots and GreyEnergy.

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. ZNFJ-A) – encrypted backdoor.

China-linked APT41 group targets US-Based Research University

Security Affairs

Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based The arsenal of the group includes backdoors , credential stealers, keyloggers, and rootkits.

OilRig APT group: the evolution of attack techniques over time

Security Affairs

Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. I would define this group of references as reports. Those reports have been divided into 4 timing groups in order to simplify the evaluation process.

Earth Empusa targets minority group with Android ActionSpy spyware

Security Affairs

The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. The traffic between C&C and ActionSpy is encrypted by RSA and transferred via HTTP.

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement.

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Experts discovered that since December 2016, the APT15 group has been using the previously undocumented backdoor dubbed Okrum.

Catch Hospitality Group discloses PoS malware infection at its restaurants

Security Affairs

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.

Sales 89

WhatsApp Downplays Damage of a Group Invite Bug

Threatpost

WhatsApp said that claims that infiltrators can add themselves to an encrypted group chat without being noticed is incorrect. Cryptography Government Hacks Privacy Apple iPhone Encryption End to end encryption Facebook FBI Moxie Marlinspike Open Whisper Systems Ruhr University Bochum Signal WhatsApp

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.”

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. This allows the InvisiMole group to devise creative ways to operate under the radar.”

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide.

Interesting finds: Liberalism, machine learning, encryption and learning

Adam Shostack

The general counsel of the NSA and former general counsel of the FBI have editorials on encryption. We Cannot Afford to Lose the Digital Revolution, and Rethinking Encryption. Liberating Structures is a catalog of structures that engage groups in dialogue and discussion The Economist Reflects on Liberalism is the sort of in-depth writing and thinking that makes the magazine so great: “ Reinventing Liberalism for the 21st century.”

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. According to the experts, the campaign is carried out, with “moderate confidence,” by APT groups linked to the Iranian Government.

Whitefly espionage group was linked to SingHealth Singapore Healthcare Breach

Security Affairs

Security experts at Symantec linked the massive Singapore Healthcare breach suffered by SingHealth to the ‘Whitefly’ cyberespionage group. In 2018, the largest healthcare group in Singapore, SingHealth, has suffered a massive data breach that exposed personal information of 1.5

TA505 group updates tactics and expands the list of targets

Security Affairs

Recent campaigns show t hreat actors behind the Dridex and Locky malware families , the TA505 group, have updated tactics and expanded its target list. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors.

Group-IB helps to detain fraudsters that used cloned SIM cards to steal money from banks’ VIP customers

Security Affairs

Russian police have detained the organizers of a criminal group that focused on reissuing SIM cards and stealing money from Russian banking customers. One threat group targeted Russian banks’ VIP customers. To store confidential data, the fraudsters used encrypted USB drives.

National Academy of Sciences Encryption Study

Data Matters

After supporters and opponents of mandated government access to encrypted communications publicly feuded for much of 2016, reprising arguments they’ve had since at least the days of the “Clipper Chip,” these “encryption debates” seemed to quiet down for much of last year. Wray further argued that, while the FBI “supports information security measures, including strong encryption[,]. Few would describe 2017 as a quiet year.

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

The researchers believe that the threat actor behind Attor a state-sponsored group involved in highly targeted attacks on selected targets. The Attor malware makes sophisticated use of encryption to hide its components.

A WhatsApp bug could have allowed crashing of all group members

Security Affairs

WhatsApp fixed a severe bug that could have allowed a malicious group member to crash the messaging app for all members of the same group. “By sending this message WhatsApp application will crash in every phone that is a member of this group.

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , leverages a steganography-based loader to deliver backdoors on compromised systems. “ Threat actors used a custom steganography algorithm to hide the encrypted payload within PNG images to to avoid detection.

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

Kaspersky researchers have found a new advanced backdoor used by the Platinum advanced persistent threat (APT) group in attacks in the wild. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast.

The Risk of Weak Online Banking Passwords

Krebs on Security

“The way it works today, you the aggregator or app stores the credentials encrypted and presents them to the bank. Latest Warnings The Coming Storm 2FA Aite Group alex holden Alissa Knight Brian Costello Financial Data Exchange Hold Security Mint Paypal Plaid YNAB Yodlee Zelle

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

Recently researchers from FireEye uncovered and blocked a campaign powered by the Chinese APT10 cyber espionage group aimed at Japanese media sector. Experts noticed the group since around mid-2016 when it was using PlugX, ChChes, Quasar and RedLeaves malware in targeted attacks.

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor. The group that has been active since late 2015 targeted businesses worldwide to steal payment card information.

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

Kaspersky researchers revealed that since earlier this year, Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks. Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019. In the past months, security experts reported the APT group has been updating its arsenal.

Facebook Will Shift to Emphasize Encrypted Ephemeral Messages, Zuckerberg Says: eDiscovery Trends

eDiscovery Daily

In a post to Facebook last week, founder Mark Zuckerberg outlined a vision of the future that includes end-to-end encryption and an ephemeral lifespan for private messages and photos.