North Korea poised to launch large-scale cyberattacks, says new report


by Anna Fifield

February 23, 2018

North Korea is quietly expanding both the scope and sophistication of its cyberweaponry, laying the groundwork for more devastating attacks, according to a report published Tuesday.

Kim Jong Un’s cyberwarriors have been accused of causing huge disruptions in recent years, including a massive hack on Sony Pictures in 2014 and last year’s WannaCry ransomware worm, as well as numerous attacks on South Korean servers.

Now, it appears that North Korea has also been using previously unknown holes in the Internet to carry out cyberespionage — the kind of activity that could easily metamorphose into full-scale attacks, according to a report from FireEye, a California-based cybersecurity company.

Although the North Korean regime bans the Internet for ordinary citizens and is decidedly behind the times with most technology, it has funneled a huge amount of time and money into building a cyber-army capable of outsmarting more technologically advanced countries such as South Korea.

“Our concern is that this could be used for a disruptive attack rather than a classic espionage mission, which we already know that the North Koreans are regularly carrying out,” said John Hultquist, director of intelligence analysis for FireEye.

FireEye said it has “high confidence” that a cyberespionage group it has identified as APT37 is responsible for a number of attacks, not just in South Korea but also in Japan, Vietnam and the Middle East. These include “zero-day vulnerability” attacks in which hackers find and exploit flaws in software before the developers have had an opportunity to create patches to fix them.



Young Brits ‘lack cyber-security awareness’


by BBC News

February 21, 2018

More than 52% of Britons aged 18-25 are using the same password for lots of online services, suggests a survey.

By doing so they make it easy for hackers to hijack accounts, warned the UK government’s Cyber Aware campaign.

The danger was acute because of the sensitive data people typically send via email and other accounts, it found.

About 79% of the 2,261 respondents of all ages said they had sent bank details or copies of passports and driving licences via messaging systems.

“Your email account is really a treasure trove of information that hackers won’t hesitate to exploit,” said Det Insp Mick Dodge, national cyber-protect co-ordinator with the City of London police in a statement.

The danger of identity theft was significant, he said, because many people who sent personal information via email rarely deleted it.

Bank statements, electronic copies of signatures and other important documents could all be sitting in lists of sent emails, said Det Insp Dodge.

“You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information?”

Reusing a password helps cyber-thieves because they try to use login names and password combinations released in data breaches on many different online accounts to see if they get a hit.


Hackers Steal Millions by Ditching Malware to Sidestep Security


by Dell Cameron

February 21, 2018

Employing sophisticated scams involving social engineering, email phishing, and the harvesting of employee passwords, attackers have pilfered millions of dollars from some of the world largest corporations—all while bypassing traditional hacking safeguards by simply avoiding the use malware.

new report from IBM Security sheds light on ongoing campaigns being waged by “cyber con artists” employing a known scam called Business Email Compromise (BEC). These attacks take on many forms, but typically include fraud involving fake invoices, impersonation of high-ranking corporate officers, and the targeting of accounting or human resources staff to gather sensitive financial information, such as tax statements

The threats tracked by IBM’s global threat intelligence service, known as X-Force (insert Marvel Comics joke here), began by harvesting mass amounts of business user credentials, which in studied incidents enabled attackers to impersonate corporate officers authorized to make large fund transfers.

The compromised accounts were gathered largely using traditional phishing techniques.

In one case, an official-looking email sent to hundreds of corporate contacts appeared to contain a link to a business document. The targets were directed to a fake “DocuSign” website where they were first asked to log in using their email credentials. The attack targeted primarily personnel working in the company’s accounts payable department, the report says.

A key defense against this form of credential harvesting is implementing multi-factor authentication.


Petro: criptomoeda criada pelo governo da Venezuela já está em pré-venda



Fevereiro 21, 2018

Já está em pré-venda a primeira criptomoeda lançada pelo governo de um país. Trata-se do Petro, a moeda virtual que vai ser colocada no mercado pela Venezuela para tentar aplacar a altíssima inflação que assola a economia local, que faz um Bolívar valer apenas US$ 0,00004. Criada tendo como base o blockchain do Ethereum, o Petro deve entrar em oferta inicial de moeda em cerca de um mês.

A ideia por trás da criação do Petro é que ele sirva como uma segunda moeda oficial da Venezuela, além do Bolívar, com uma quantidade de 82 milhões de unidades da criptomoeda disponível inicialmente, mas intenção de lançar até 100 milhões de petros, que possuem como “lastro” 100 milhões de barris da imensa reserva de petróleo do país.

Fugindo do bloqueio

Outra grande sacada da criptomoeda venezuelana é driblar o bloqueio econômico aplicado pelos Estados Unidos e outros países de economia capitalista contra o país. Usando a moeda virtual, essas barreiras podem ser muito mais facilmente ultrapassadas e a Venezuela receber uma série de investimentos que seriam impossíveis no modelo atual.

Além dos milhões de barris de petróleo que garantem o valor do Petro, acredita-se também que existam reservas de ouro e diamantes que sirvam como lastro da moeda, teria dito o presidente Maduro. A oposição do líder já se declarou contra a medida de criação do Petro e chegou a afirmar que a utilização da criptomoeda seria ilegal e inconstitucional.


UK cyber security agency sticks with China’s Huawei despite US spy fears


by Matthew Field

February 20, 2018

The UK’s top cyber security agency has reaffirmed its commitment to working with Chinese smartphone giant Huawei after US spy chiefs accused the company of presenting a national security risk.

The Government and the National Cyber Security Centre (NCSC) will “continue to benefit” from collaboration with Huawei, according to an NCSC spokesman. It comes despite US government employees potentially being banned from using the Chinese company’s smartphones due to security fears.

In the UK, Huawei operates a cybersecurity centre alongside members of GCHQ. Known as “The Cell”, it is set up to monitor threats and backdoors in the company’s own hardware. It is staffed by Huawei researchers overseen by the NCSC.

Last week, US intelligence chiefs from the Federal Bureau of Intelligence (FBI), Central Intelligence Agency and National Security Agency repeatedly warned against Huawei’s phones and recommended US consumers should avoid them.

“We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” FBI Director Chris Wray said.

The UK’s relationship with Huawei has taken a different path than its ally, however. Rather than blocking the company, UK spies from GCHQ work closely with the Chinese company.

“Huawei is a globally important company whose presence in the UK reflects our reputation as a global hub for technology, innovation and design,” an NCSC spokesman said.

“This government and British telecoms operators work with Huawei at home and abroad to ensure the UK can continue to benefit from new technology while managing cyber security risks.”


SIM Hijacking – T-Mobile customers were victims an info disclosure exploit


by Pierluigi Paganini

February 19, 2018

In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability.

A video tutorial titled ‘T-Mobile Info Disclosure exploit’ showing how to use the flaw was also published on the Internet.

Exploiting the vulnerability it is possible to access certain customers’ data, including email addresses, billing account numbers, and the phone’s IMSI numbers.

Such kind of info could be used by hackers in social engineering attack against T-Mobile’s customer support employees with the intent of stealing the victim’s phone number.

The attackers can use them to impersonate the target customer, crooks call the T-Mobile customer care posing as the victim with the intent to trick the operator to issue a new SIM card for the victim’s number.

The crooks activate the new SIM and take control of your phone number, then they can use is to steal the victim’s identity. This is the beginning of the nightmare for the victims that suddenly lose their service.


A Single-Character Message Can Crash Any Apple iPhone, iPad Or Mac


by Wang Wei

February 15, 2018

Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.

First spotted by Italian Blog Mobile World, a potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even Watch OS devices running the latest versions of their operating software.

Like previous ‘text bomb’ bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Telugu—a native Indian language spoken by about 70 million people in the country.

Once the recipient receives a simple message containing the symbol or typed that symbol into the text editor, the character immediately instigates crashes on iPhones, iPads, Macs, Apple Watches and Apple TVs running Apple’s iOS Springboard.

Apps that receive the text bomb tries to load the character, but fails and refuses to function properly until the character is removed—which usually can be done by deleting the entire conversation.


The easiest way to delete the offending message is by asking someone else to send a message to the app that is crashing due to the text bomb. This would allow you to jump directly into the notification and delete the entire thread containing the character.

The character can disable third-party apps like iMessage, Slack, Facebook Messenger, WhatsApp, Gmail, and Outlook for iOS, as well as Safari and Messages for the macOS versions.

Telegram and Skype users appear to be unaffected by the text bomb bug.