Latest News

18 hours ago
Zach Dorfman, Jenna McLaughlin and Sean D. Naylor / Yahoo News

In ‘Stunning’ Breakthrough, Russia Cracked Encryption Used by FBI’s Mobile Surveillance Teams Used to Track Russian Spies, Led to Obama Seizing Russian Estates, Intelligence Officials

In a “stunning” technical breakthrough in 2011, Russia developed the ability to crack certain types of encryption used by the FBI’s mobile surveillance teams to track the movements of Russian spies on American soil while also compromising the FBI teams’ backup communications systems, according to a Yahoo investigation that involved more than 50 current and former intelligence and national security officials. The discovery of Russia’s new-found capabilities was in part the secret rationale for the Obama administration to expel three dozen Russian diplomats and seize two rural East Coast estates in Maryland and New York owned by the Russian government on December 29, 2016. The discovery of the operation also caused the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, Those facilities were “basically being used as signals intelligence facilities,” with some of the clandestine eavesdropping annexes staffed by the wives of Russian intelligence officers. Counterintelligence officials from the FBI and CIA held limited briefings about the discovering of the eavesdropping for Congressional committee leadership and staff directors.

Related: Slashdot, The Crime Report

Tweets:@Sifill_LDF @nycsouthpaw @dnvolz @colincampbell @weinbergersa @jwarminsky @QW5kcmV3 @stevebellovin @mattblaze

Slashdot: Russia Carried Out a ‘Stunning’ Breach of FBI Communications System, Escalating the Spy Game on US Soil
The Crime Report: Report Reveals ‘Stunning’ Breach of FBI Communications

@Sifill_LDF: A really important story. We cannot forget Mueller’s most forceful takeaway: the attack and infiltration of U.S. systems by Russia is relentless.
@nycsouthpaw: “According to a former senior CIA officer who served in Moscow, the Russians would often try to disguise a human source as a technical penetration. Ultimately, officials were unable to pinpoint exactly how the Russians pulled off the compromise...”
@dnvolz: “Yahoo spoke about these previously unreported technical breaches and the larger government debates surrounding U.S. policies toward Russia with more than 50 current and former intelligence and national security officials”
@colincampbell: Exclusive: Russia carried out a 'stunning' breach of FBI communications system, changing the spy game on U.S. soil, via @zachsdorfman, @JennaMC_Laugh& @SeanDNaylor
@weinbergersa: EXCLUSIVE: Russia carried out a "stunning" breach of an FBI communications system, allowing Russian spies operating in the U.S. to evade detection. By @zachsdorfman @JennaMC_Laugh @SeanDNaylor via @YahooNews.
@jwarminsky: Don't miss this one, this morning:
@QW5kcmV3: Everything is secure until it isn't. Temporary solutions become standard operating procedures. Security is predicated on an understanding of your adversary's capabilities and intentions. Huge article from @zachsdorfman, @JennaMC_Laugh, and @SeanDNaylor
@stevebellovin: For some reason, this article makes me of the attack on encrypted radios by @mattblaze , @sa3nder , @perrymetzger , and others.
@mattblaze: Fascinating. On the two way radio compromises, I wonder if they involved any of the things we discovered (some of which are active attacks). The uncertainty about whether decryption worked in real time suggests not, but it’s unclear given the lack of technical detail.


7 hours ago
Catalin Cimpanu / ZDNet

Password Manager LastPass Releases Update to Fix Dangerous Bug Reported by Google Project Zero’s Ormandy

Password manager LastPass has released an update to fix a dangerous and potentially exploitable security bug that exposes credentials entered on a previously visited site, a flaw that was discovered last month by Tavis Ormandy, a security researcher with Google’s Project Zero. LastPass fixed the reported issue in version 4.33.0, released last week, on September 12 and said the bug only impacts its Chrome and Opera browser extensions. Users that haven’t enabled automatic updates for their browser extensions are advised to perform a manual update as soon as possible because Ormandy has now published details about the flaw he found.

12 hours ago
Lawrence Abrams / Bleeping Computer

Tor Project Has Raised $86,000 For Bug Fund That Pays Developers to Fix Critical Bugs

The Tor Project has raised $86,000 for a Bug Bash Fund that will be used to pay developers to quickly fix critical bugs in the privacy-oriented Tor browser. The types of bugs Tor considers critical are privacy issues such as when the browser may leak an IP address, issues with signing certificates for Tor addons or to evaluate and upgrade the Tor browser to new Firefox ESR releases.  Donors to the Fund can track how that money is being used as they will tag any bug tickets that utilize this money with the “BugSmashFund” tag.

12 hours ago
Drew Harwell and Tony Romm / Washington Post

Smash Hit Mobile App TikTok Might Be Complying With China’s ‘Great Firewall’ by Censoring Videos Related to Hong Kong Protests, Researcher

TikTok, which has quickly become one of America’s most popular mobile apps, might be bringing Chinese-style censorship to mainstream U.S. audiences because TikTok has a dearth of videos related to the protests in Hong Kong, Yaqiu Wang, a Hong Kong-based researcher for Human Rights Watch, said. TikTok’s parent company, Beijing-based ByteDance, said in a statement that U.S. user data is stored domestically and that the app’s content and moderation policies in the U.S. are led by a U.S.-based team not influenced by the Chinese government. Even though ByteDance is required to comply with China’s “Great Firewall,” which blocks major news sources and censors what the party regards as objectionable facts and ideas, ByteDance says the lack of Hong Kong protest videos on its app reflects its audience’s desire for positive and joyful content.

13 hours ago
Catalin Cimpanu / ZDNet

Misconfigured Database Exposed Personal Records of Most Ecuadorians Including Nearly Seven Million Children

In one of the biggest breaches in the country’s history, the personal records of most of Ecuador’s population, including 6.78 million children, was left exposed online in a misconfigured Elasticsearch server owned by an Ecuadorian analytics service named Novaestrat, Noam Rotem and Ran Locar of vpnMentor discovered and ZDNet confirmed.  The server contained a total of approximately 20.8 million user records, a number larger than the country’s total population count due to duplicate records. The exposed data contained names, information on family members/trees, civil registration data, financial and work information, as well as data on car ownership. The most extensive data appears to be have been collected from the Ecuadorian government’s civil registry. ZDNet and vpnMentor confirmed records for the country’s president, and even Julian Assange, who once received political asylum from the small South American country, and was issued a national ID number (cedula).  Other data appeared to be imported or scraped from BIESS, or the Banco del Instituto Ecuatoriano de Seguridad Social, and contained financial information for some Ecuadorian citizens, such as account status, account balance, credit type, and information about the account owner, including job details. The data also appeared to be imported or scraped from AEADE, or the Asociación de Empresas Automotrices del Ecuador, and contained information on car owners, and their respective cars, including car models and car license plates. The database was eventually secured later last week, but only after vpnMentor reached out to the Ecuador CERT (Computer Emergency Response Team) team.

16 hours ago
Ewen MacAskill / The Guardian

In New Memoir Whistleblower Edward Snowden Says Predicted Harms From His Disclosures Have Not Come to Pass, Warns That Greatest Surveillance Dangers Lie Ahead in Facial and Pattern Recognition

During an interview to mark the publication of his memoirs, Permanent Record, former NSA contractor and whistleblower Edward Snowden said dire warnings that his disclosures would cause harm had not come to pass, and even former critics now conceded “we live in a better, freer and safer world” because of his revelations. In his book, Snowden outlines what led him to leak details of the secret programs being run by the US National Security Agency (NSA) and the UK’s secret communication headquarters, GCHQ. He also warns that the greatest surveillance dangers lie ahead in the form of artificial intelligence capabilities, such as facial and pattern recognition. Snowden further said he’s reconciled to living in exile in Russia for years to come although reports following this interview state that Snowden is calling on France to grant him asylum.

19 hours ago
Colin Packham / Reuters

Australian Signals Directorate Attributed Cyberattacks on Parliament, Political Parties to China but Report Kept Under Wraps to Avoid Disrupting Trade Relations

The Australian Signals Directorate (ASD) concluded in a classified report last March that China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, according to five sources. The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, according to two of the sources. The attack on parliament was revealed last February with authorities at that time saying an unnamed sophisticated attacker was the culprit. The ASD also determined that the attackers accessed the networks of the ruling Liberal party, its coalition partner the rural-based Nationals, and the opposition Labor party, two of the sources said.

3 days ago
Amanda Connolly, Mercedes Stephenson, Stewart Bell, Sam Cooper and Rachel Browne / Global News

RCMP Arrest One of Their Own Senior Intelligence Officials for Espionage Dating Back to 2015, Amassed Terabytes of Sensitive Information and Now Stands Accused of Passing Information to Foreign Entity

In what could be one of the worst cases of espionage the country has ever experienced, Canada’s national police have arrested a senior intelligence official in the RCMP, Cameron Ortis, who now faces seven counts dating as far back as 2015, including breach of trust, communicating “special operational information,” and obtaining information in order to pass it to a “foreign entity.” The case was uncovered by U.S. authorities as part of a wider operation involving NATO allies and the Five Eyes countries of Canada, Australia, New Zealand, the U.S. and U.K. The charges did not specify which foreign entity or what type of information, but a source said he had amassed “terabytes of information,” including a list of undercover operatives. John MacFarlane, Public Prosecution Service of Canada official, said Ortis was accused of having “obtained, stored, processed sensitive information we believe with the intent to communicate it to people that he shouldn’t be communicating it to.”

3 days ago
Shaun Nichols / The Register

Apple’s Upcoming iOS 13 Has Reappearance of Lock-Screen Bypass That Gives Attackers Access to Contact List

Apple’s upcoming iOS 13, slated for release on September 19, appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware security researcher Jose Rodriguez has demonstrated in a video. The bypass involves receiving a call and opting to respond with a text message and then changing the “to” field of the message, which can be accomplished via voice-over.  The “to” field pulls up the owner’s contacts list, giving an unauthorized miscreant the ability to crawl through the address book without ever needing to actually unlock the phone. Apple refused to give Rodriguez a bug bounty for discovering this flaw because researchers can’t claim bug rewards on beta builds of the operating system the company says.

3 days ago
Lorenzo Franceschi-Bicchierai / Motherboard

T-Mobile Offers an Unpublicized Feature Called NOPORT That Offers Greater Protection Against SIM Swapping Attacks

T-Mobile has a feature NOPORT that gives its customers more protection from hackers trying to steal their phone number but doesn’t advertise it publicly and won’t even talk about it. NOPORT makes it harder for a hacker to hijack phone numbers with a SIM swapping attack by requiring customers to physically come to a store and present a photo ID in order to request their number to be ported out to a different carrier or a new SIM card. NOPORT is not documented on any T-Mobile websites with the carrier preferring to push its Port Validation process that requires creating a special PIN for making changes to their accounts.

3 days ago
Andy Bruce / Reuters

London Police Arrest Man Under Investigation by Manhattan D.A. for Hacking Famous Music Acts to Steal Unreleased Songs

City of London Police arrested a 19-year-old man in Ipswich, a town in rural east England, on suspicion of hacking famous music acts to steal unreleased songs and sell them for cryptocurrency. The police arrested him after receiving a tip from the Manhattan District Attorney’s (D.A.) office which had been investigating the case based on referrals from the management companies of the recording artists. Neither the suspect nor the artists targeted in the scam were identified.

3 days ago
Connie Loizos / TechCrunch

Cloudflare Rose 20% During First Trading Day on Public Market

Shares of security company Cloudflare rose 20% in its first day of trading on the public market, closing up $22 at $18 after it priced its IPO at $15 a share. Combined with its venture backers’ funding and the first trading day haul, Cloudflare has now raised one billion dollars. The dual-class structure under which the company went public gives all employees 10 times the voting rights of the shares sold to the public.

4 days ago
Kate Fazzini, Amanda Macias, Kevin Brueninger / CNBC

Treasury Department Imposes Sanctions on Three North Korean State-Sponsored Hacking Groups

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions targeting three North Korean state-sponsored malicious cyber groups, Lazarus Group and two of Lazarus Group’s sub-groups known as Bluenoroff, and Andariel, which the government said is responsible for North Korea’s malicious cyber activity on critical infrastructure. All three groups are controlled by the U.S.- and United Nations (UN)-designated RGB, which is North Korea’s primary intelligence bureau. Lazarus Group was, among other things, involved in the destructive WannaCry 2.0 ransomware attack which the United States, Australia, Canada, New Zealand, and the United Kingdom publicly attributed to North Korea in December 2017. Bluenoroff has attempted to steal over $1.1 billion dollars from financial institutions and, according to press reports, had successfully carried out such operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam. Andariel has committed a host of financial crimes and was observed by cybersecurity firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market, the Treasury Department stated in its announcement.

4 days ago
Jessica Huseman / ProPublica

Election Officials and Security Experts Blast What Many Say Is a Quick-Buck, Error-Filled Election Security Report by Little-Known Cybersecurity Firm NormShield

Little-known Virginia-based cybersecurity company NormShield marketed to election officials across the country what it called “Rapid Cyber Risk Scorecards” that promised assessments of vulnerabilities in their internet-facing election systems, assessments that many officials say were riddled with errors and unhelpful for assessing actual election security. The putatively error-filed scorecards prompted multiple states to confront NormShield about the reports and federal government agencies to privately call NormShield irresponsible, while nonprofit groups panned NormShield’s failure to appropriately notify the states of vulnerabilities before threatening to report them publicly. Earlier this week NormShield published its work and garnered high-profile press attention from leading publications in articles that were likewise error-filled. The publication of NormShield’s work sparked an outcry from state election officials and election security experts that NormShield is looking to make a quick buck off a hot topic with little accuracy behind their so-called research.

4 days ago
Joe Uchill / Axios

North Korea’s Kimsuky Group Expands Campaign to Spy on Experts Researching Nuclear Deterrence, North Korea’s Nuclear Sub Program and North Korean Economic Sanctions

North Korea-linked hackers known as the “Kimsuky” group have expanded their campaign dubbed “Autumn Aperture” to spy on experts researching nuclear deterrence, North Korea’s nuclear submarine program, and North Korean economic sanctions researchers from Prevalion say. The group has been previously tied to campaigns targeting South Korean entities and the academic sector. The attackers use trojanized documents sent via spearphishing emails that the victims were likely expecting to spread the spying malware.

4 days ago
Shaun Nichols / The Register

Fraud Ring That Made Bulk Purchases of Tickets Offered on Groupon Left Database of Thousands of Fake Accounts Exposed Online

A fraud ticket ring that likely used an army of as many as 20,000 fake accounts and stolen credit card numbers to make bulk purchases of tickets being offered at a discount on Groupon left a database exposed online that contained details on scores of accounts on ticket purchasing sites, according to researchers at VPNMentor. Groupon had been tracking a similar fraud ring since 2016 but the company is unsure if the two sets of scammers are the same. Groupon said the exposed databases consisted of nothing more than marketing emails and that no more than 673 purchases had been made by the crooks.

4 days ago
Zack Whittaker / TechCrunch

Shape Security Raises $51 Million in Series F Round Topping $1 Billion Valuation as Company Heads for IPO

Automation and imitation attack protection company Shape Security raised $51 million in a Series F round led by C5 Capital, with several other new and returning investors, including Kleiner Perkins, HPE Growth and Norwest Ventures Partners, also participating in the round. Following the round, Shape’s valuation topped $1 billion and the company is now preparing for an initial public offering (IPO).

4 days ago
Davey Winder / Forbes

Uber Pays Bug Bounty to Security Researcher Who Found Flaw That Could Allow Attackers to Compromise and Control Any User Account

A security vulnerability that could allow attackers to compromise and control any Uber account and track a user’s location and take rides from their account was discovered by security researcher Anand Prakash, founder of AppSecure. The flaw, which also affected Uber driver accounts and Uber Eats accounts, involved first acquiring the user universally unique identifier (UUID) of any user by sending an API request that included either their telephone number or email address. Once attackers gained access to the UUID,  they could also gain access to private information like access token (mobile apps), location and address. With the tokens, hackers could gain access to accounts, requesting rides, getting payment information and more. Uber fixed the flaw and paid Prakash a bounty of $6500.

4 days ago
Anna Spoerre / Des Moines Register

Two Cybersecurity Pentesters Hired to Gain Unauthorized Access to Court Records in Dallas County Iowa Arrested for Trying to Break Into Courthouse

Two men who worked for cybersecurity firm Coalfire, Justin Wynn and Gary Demercurio, were arrested for breaking into the Dallas County, Iowa Courthouse but told law enforcement they were hired to do so as pentesters by the judicial branch under contract with Coalfire. Dallas County officials initially said they had no knowledge of the contract but later admitted they did hire the men to attempt “unauthorized access” to court records “through various means” in order to check for potential security vulnerabilities of Iowa’s electronic court records. The state court administration said, however, they “did not intend, or anticipate, those efforts to include the forced entry into a building.” The two men have been charged with third-degree burglary and possession of burglary tool and their bond has been set at $50,000 each.

5 days ago
Zak Doffman / Forbes

Instagram Had Security Flaw That Could Have Allowed Attackers to Access Account Details, Phone Numbers

Instagram’s parent company Facebook has confirmed and fixed a newly discovered security vulnerability that may have put data at risk, leaving users open to attack by threat actors. The vulnerability, which was discovered by an Israeli hacker who goes by the handle of @ZHacker13 on Twitter, allowed an attacker to access account details and phone numbers by using a simple algorithm to brute force Instagram’s login form, checking one phone number at a time for those linked to a live Instagram account. A single instance of the algorithm enabled the harvest of more than 1,000 genuine Instagram numbers each day. Facebook confirmed that the vulnerability was genuine, that the exploit would enable a “bad actor” to connect phone numbers and user details, and that it has prompted changes to be made. The company did not, however, award him a bug bounty because it claims its internal team already knew about it despite the fact that the flaw wasn’t fixed when Forbes initially contacted the company for comment.

5 days ago
Catalin Cimpanu / ZDNet

Surveillance Vendor Has Been Using Complex and Sophisticated SMS-Based Attack Method ‘Simjacker’ for Two Years to Track and Monitor Individuals, Report

A major SMS-based attack method dubbed Simjacker has been exploited for the last two years by an unnamed surveillance vendor in multiple countries to track and monitor individuals, researchers at Adaptive Mobile say.  In what the researchers say is a leap in complexity and sophistication over other mobile attack models, Simjacker sends an SMS message to a victim’s phone number which contain hidden SIM Toolkit (STK) instructions that are supported by a device’s S@T Browser, an application that resides on the SIM card, rather than the phone. Simjacker then instructs a victim’s phones to hand over location data and IMEI codes, which the SIM card would later send via an SMS message to a third-party device, where an attacker would log the victim’s location. Victims don’t see these messages inside their inboxes our outboxes which allows attackers to silent track their locations throughout the day.

Podcasts

17 hours ago
Today in Focus / The Guardian

Edward Snowden: life after leaking

Former US intelligence contractor Edward Snowden’s life was upended by his decision to expose his government’s programme of mass surveillance. Ewen MacAskill helped break the story for the Guardian back in 2013 and now visits him in his adopted home of Moscow. Image By Michael F. Mehnert – Own work, CC BY-SA 3.0, Link

17 hours ago
ISC StormCast

#RigEK -> VBScript; Pentesters Arrested; iOS 13 Unlock Trick

Johannes Ullrich talks about Rig Exploit Kit Delivering VBScript, Pentesters Arrested During Physical Access Pentest, iOS Lock Screen Unlock Vulnerability.

18 hours ago
Brakeing Down Security

Part 2 of the Kubernetes security audit discussion (Jay Beale & Aaron Small)

Jay Beale and Aaron Small discuss a Kubernetes security audit, CIS benchmarks, why sane secure defaults can cause more issues, and an @infoseccampout report!

18 hours ago
The Shared Security Podcast

End-to-End Encryption with Max Krohn from Keybase.io

Tom Eston interviews Max Krohn co-founder of Keybase.io to discuss the current state of encryption and why end-to-end encryption is so important.

18 hours ago
Cyber Security Interviews

#074 – BILL CONNER: YOU CANNOT HAVE PRIVACY WITHOUT SECURITY

Bill Conner, the President and CEO of SonicWall, talks about starting in encryption, security for the SMB market, advanced malware, threat intel, cloud security, breaking SSL in the enterprise, network basics for IoT, governments backdooring encryption, and so much more.

3 days ago
Threatpost

News Wrap: IoT Radio Telnet Backdoor And ‘SimJacker’ Active Exploit

Threatpost editors Tara Seals and Lindsey O’Donnell talk about the top news stories of the week from leaky databases to SIM card attacks.

Spotlight











Cybersecurity Events

Sept. 16ElbsidesHamburgGermany
Sept. 20BSides St. John'sSt. John'sCanada
Sept. 20BSides Idaho FallsIdaho Falls, IDUSA
Sept. 21BSides St. LouisSt. Louis, MOUSA
Sept. 25-28c0c0nKochiIndia
Sept. 26BSides MinneapolisMinneapolis, MNUSA
Oct. 1CyberCityKitchener, OntarioUSA
Oct. 2-4Virus Bulletin LondonLondonUK
Oct. 5BSides AugustaAugusta, GAUSA
Oct. 5BSides CyprusCyprusGreece
Oct. 6-11Hacker HaltedAtlanta, GAUSA
Oct. 10-12Texas Cyber SummitSan Antonio, TXUSA
Oct. 11BSides DelhiDelhiIndia
Oct. 15-17HITB Cyber WeekAbu DhabiUAE
Oct. 18BSides RDURaleigh-Durham, NCUSA


Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!


Support Us!

If you enjoy Metacurity, let us know by becoming a patron. For less than the price of a cup of coffee per day, you can ensure that we continue to deliver you the best of information security news from across the web. We need help in support our growing hosting charges and have great plans for delivering even more dynamic and useful information.Become a Patron!