Archive for the ‘backdoors’ Category

News in brief: Oz law ‘trumps maths’; CBP can’t search phones for cloud data; police launch drone unit

July 14th, 2017
Your daily round-up of some of the other stories in the news

Posted in #nobackdoors, australia, backdoors, cbp, cryptography, customs and border protection, drones, facebook, Law & order, news in brief, Security threats | Comments (0)

NSA backdoor detected on >55,000 Windows boxes can now be remotely removed

April 25th, 2017

Enlarge (credit: Countercept)

After Microsoft officials dismissed evidence that more than 10,000 Windows machines on the Internet were infected by a highly advanced National Security Agency backdoor, private researchers are stepping in to fill the void. The latest example of this open source self-help came on Tuesday with the release of a tool that can remotely uninstall the DoublePulsar implant.

On late Friday afternoon, Microsoft officials issued a one-sentence statement saying that they doubted the accuracy of multiple Internet-wide scans that found anywhere from 30,000 to slightly more than 100,000 infected machines. The statement didn't provide any factual basis for the doubt, and officials have yet to respond on the record to requests on Tuesday for an update. Over the weekend, Below0day released the results of a scan that detected 56,586 infected Windows boxes, an 85-percent jump in the 30,626 infections the security firm found three days earlier.

Both numbers are in the conservative end of widely ranging results from scans independently carried out by other researchers over the past week. On Monday, Rendition Infosec published a blog post saying DoublePulsar infections were on the rise and that company researchers are confident the scan results accurately reflect real-world conditions. Rendition founder Jake Williams told Ars that the number of infected machines is "well over 120k, but that number is a floor."

Read 5 remaining paragraphs | Comments

Posted in backdoors, DoublePulsar, exploits, Law & Disorder, Microsoft, National Security Agency, NSA, Risk Assessment, Technology Lab, vulnerabilities, Windows | Comments (0)

Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA

April 10th, 2017

Malware that WikiLeaks purports belongs to the Central Intelligence Agency has been definitively tied to an advanced hacking operation that has been penetrating governments and private industries around the world for years, researchers from security firm Symantec say.

Longhorn, as Symantec dubs the group, has infected governments and companies in the financial, telecommunications, energy, and aerospace industries since at least 2011 and possibly as early as 2007. The group has compromised 40 targets in at least 16 countries across the Middle East, Europe, Asia, Africa, and on one occasion, in the US, although that was probably a mistake.

Uncanny resemblance

Malware used by Longhorn bears an uncanny resemblance to tools and methods described in the Vault7 documents. Near-identical matches are found in cryptographic protocols, source-code compiler changes, and techniques for concealing malicious traffic flowing out of infected networks. Symantec, which has been tracking Longhorn since 2014, didn't positively link the group to the CIA, but it has concluded that the malware Longhorn used over a span of years is included in the Vault7 cache of secret hacking manuals that WikiLeaks says belonged to the CIA. Virtually no one is disputing WikiLeaks' contention that the documents belong to the US agency.

Read 7 remaining paragraphs | Comments

Posted in backdoors, Central Intelligence Agency, CIA, exploits, hacking tools, Law & Disorder, Risk Assessment, Technology Lab, Vault7, vulnerabilities, WikiLeaks | Comments (0)

Here’s why what the government wants with WhatsApp won’t work

March 28th, 2017
After last week's attack in London, the home secretary called on television for cryptographic regression - but that won't deliver what she wants

Posted in amber rudd, backdoors, cryptography, government security, No Backdoors, privacy, terrorism, Westminster attack, WhatsApp | Comments (0)

APT29 Used Domain Fronting, Tor to Execute Backdoor

March 27th, 2017
APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running.

Posted in APT29, backdoor, backdoors, Cozy Bear, FireEye, malware, mandiant, Tor, Tor Hidden Service | Comments (0)

Backdoors ‘punish the wrong people’, EU security body warns

December 16th, 2016
EU security body comes out strongly against governments compromising encryption, warning of decreased trust and innovation

Posted in backdoors, data encryption, data privacy, Law & order, privacy | Comments (0)

Threatpost News Wrap, December 8, 2016

December 9th, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google's new open source fuzzer.

Posted in backdoors, cryptography, DDoS, fuzzer, fuzzing, google, IoT, mirai, Open Source, OSS-Fuzz, Podcasts, Sony, Sony cameras, TURKEY, Turkish Hackers, vulnerabilities, Web Security | Comments (0)

If you’ve got a Sony IP camera, update its firmware now

December 8th, 2016
Sony closes backdoors in IPELA security cameras - but why were they open in the first place?

Posted in backdoors, Botnet, IoT, Organisations, Security threats, Sony, Vulnerability | Comments (0)

Powerful backdoor/rootkit found preinstalled on 3 million Android phones

November 18th, 2016

Enlarge

Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.

Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.

Since BitSight and its subsidiary company Anubis Networks took possession of the two preconfigured domains, more than 2.8 million devices have attempted to connect in search of software that can be executed with unfettered "root" privileges, the researchers said. Had malicious parties obtained the addresses before BitSight did, the actors could have installed keyloggers, bugging software, and other malware that completely bypassed security protections built into the Android operating system. The almost three million devices remain vulnerable to so-called man-in-the-middle attacks because the firmware—which was developed by a Chinese company called Ragentek Group—doesn't encrypt the communications sent and received to phones and doesn't rely on code-signing to authenticate legitimate apps. Based on the IP addresses of the connecting devices, vulnerable phones hail from locations all over the world, with the US being the No. 1 affected country.

Read 9 remaining paragraphs | Comments

Posted in android, backdoors, firmware, Gear & Gadgets, privacy, Risk Assessment, security, Technology Lab | Comments (0)

Threatpost News Wrap, November 18, 2016

November 18th, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including this week's House hearing on the Internet of Things, Samy Kamkar's PoisonTap tool, and Windows 10's ransomware protections.

Posted in backdoors, Bruce Schneier, cookies, Government, Hacking, hacks, Internet of things, IoT, malware, Microsoft, Podcasts, PoisonTap, ransomware, Samy Kamkar, Windows 10 | Comments (0)