63 Universities and US Government agencies breached by hacker

A “Russian-speaking and notorious financially-motivated” hacker, Rasputin has reportedly hacked the computer systems of various universities and government agencies of US and sold the stolen data on the dark web.

According to the cyber security research firm,  Recorded Future, the hackers gained access to computer systems of more than 63 universities and federal, state, and local U.S. government agencies. The prominent universities include Cornell and New York University.

The firm claimed that the victims are “intentional targets of choice based on the organization’s perceived investment in security controls and the respective compromised data value. Additionally, these databases are likely to contain significant quantities of users and potentially associated personally identifiable information (PII).”

The list of the Rasputin's targets are quite long and it does extend to the 10 U.K university and one Indian University in Delhi as well. All the hacked agencies and universities have been informed about the hack by the Recorded Future's researchers.

The victims include 16 U.S state government, 6 U.S. cities and four federal agencies, Child Welfare Information Gateway, which is operated by the U.S. Department of Health and Human Services, and   Fermi National Accelerator Laboratory, America’s premier particle physics lab. The severity of the breaches are unclear

The List of U.S University victims: Cornell University, University of the Cumberlands, VirginiaTech, Oregon College of Oriental Medicine, University of Maryland, Baltimore County, Humboldt State University, University of Pittsburgh, The University of North Carolina at Greensboro, New York University, University of Mount Olive, Rice University, Michigan State University, University of California, Los Angeles, Rochester Institute of Technology, Eden Theological Seminary, University of Tennessee, Arizona State University, St. Cloud State University, NC State University, University of Arizona, Purdue University, University at Buffalo, Atlantic Cape Community College, University of Washington.

The list of U.K University Victims: University of Cambridge, Coleg Gwent, University of Oxford, University of the Highlands and Islands, Architectural Association School of Architecture, University of Glasglow, University of Chester, the University of the West of England, University of Leeds, The University of Edinburgh.

And one Indian University: Delhi University. 


(pc-Google Images)
A security researcher has discovered a critical security bug in multiple F5 firewalls and load balancers that causes HTTPS encrypted connections to leak sensitive data.

The security flaw, known as Ticklebleed, was discovered by Cloudflare cryptography engineer Filippo Valsorda.

The bug affects almost 1,000 popular websites and website owners are advised to check for the vulnerability urgently.

The bug resides in a wide range of firewalls and load balancers marketed under the F5 BIG-IP name. By sending specially crafted packets to vulnerable sites, an attacker can obtain small chunks of data residing in the memory of connected Web servers. The risk is that by stringing together enough requests, an attacker could obtain cryptographic keys or other secrets used to secure HTTPS sessions end users have established with the sites.

Valsorda has observed the bug returning other users' session IDs, which by themselves aren't particularly sensitive.

Although he has deliberately not attempted to do so, he said he wouldn't be surprised if the flaw exposed the same types of sensitive information that were exposed by Heartbleed, an extremely high-severity bug in the OpenSSL cryptographic library that came to light in 2014. As a Cloudflare community challenge quickly demonstrated, Heartbleed could be exploited to reveal the secret cryptographic key attackers needed to impersonate a vulnerable website.

Throw away Cayla dolls as they are prone to hacking

A watchdog in Germany has instructed every parent to throw away a talking doll called Cayla as it has some critical flaws in their Bluetooth device which can expose you to the hacking of personal data.

Researchers at the Federal Network Agency (Bundesnetzagentur) says that there is an insecure Bluetooth device installed to listen and talk to the child while playing with it.

However, there is no response from the manufacturer, Genesis Toys, on the German warning.

While the distributor of the Cayla, Vivid Toy group,  has said that  "examples of hacking were isolated and carried out by specialists." And they said that they will take this issue on boards and would recommend to upgrade the app used in the doll.

But according to the experts, the vulnerability has not been fixed. This vulnerability was first reported back in  January 2015.

Even complaints have been filed against the company by US and EU consumer groups.

WhatsApp Two-Step Verification Will Improve Security

(pc-Google Images)
WhatsApp is implementing a new two-step verification process to boost security for users. While it’s an optional security feature, it’ll make it significantly more difficult for a hacker or any other third party to break into your account.

WhatsApp has been testing its two-step verification process since November, and is now beginning its rollout in phases. In order to turn on the feature, you’ll need to log into the app, find your way to the Settings page, then go to Account, where you can enable the security measure.

If activated, users will need to enter a six-digit security code in addition to their phone number and text message or voice call verification. They will also be asked to enter their security code once every seven days. Should users forget their security code, they can register an email address with WhatsApp and use it to turn off two-step verification.

WhatsApp said : “We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you’re not locked out of your account if you forget your passcode.”

The messaging service also notes, “If you receive an email to disable two-step verification, but did not request this, do not click on the link. Someone could be attempting to verify your phone number on WhatsApp.”

The roll out of the improved security comes weeks after the revelation of a vulnerability in the implementation of WhatsApp’s encryption protocols.

Russian hackers of US election created a new Apple Malware

A Russian hacking group who allegedly hacked the emails of the  US Democratic National Committee are now believed to have  now created a malware to hit Apple's Macintosh computers and operating system.

The hacking group, APT28, who are backed by the Russian government, are also known by different names like Fancy Bear, Sofacy, among other labels. They are active since the mid-2000s.

According to Romanian security software company Bitdefender, APT28 have released a new Xagent malware that helps the hackers in creating backdoors in Macs, and through which they can easily steal browser passwords, grab screenshots and nab iPhone backups stored on the computer.

"Currently we don't know what are the targeted organizations, but the links to the APT28 cybercrime group are obvious: The use of the same dropper/ downloader and similar command and control center URLs, as well as sine artifacts hardcoded in the binary files," Bitdefender said in a press release.

APT28 has carried out attacks around the world, but their main victims are  US, Western Europe, Brazil, Canada, China, Georgia, Iran, Japan, Malaysia and South Korea.

Hackers ahead of security teams

It’s a strange fact that hackers are keeping ahead of the security teams and CISOs inside organizations.

Hackers always win in some way or the other as they have less to lose, have more angles to attack, can use more methods/tools/vectors and have no limits on how far they can go to get what they want.
Meanwhile, comfortable illusions about how security is working are crippling the ability of government and industry to fight the threat, a former member of the FBI’s netsec team has told the BSides San Francisco 2017 security conference.

Government and business don't get on, Artificial Intelligence is bunk and politics rules.
Society is still disillusioned about the working of government and corporation in maintain computer security but the fact is that we are having false belief in the power of technology to save us. Five years ago everyone assumed that big finance houses knew what they were doing to lock down bank accounts. Now they are playing catch up. 

“The government is very reactive,” said Jason Truppi, director of endpoint detection and response at security firm Tanium and a former FBI investigator. “Over time we’ve learned it wasn’t working - just being reactive, not proactive.”

The government and the commercial sector isn’t working productively and we need to accept this fact to solve online threats.

On threat intelligence sharing, for example, the government encourages business to share news of vulnerabilities. But the subsequent investigations can be wide-ranging and lead to business' people being charged for unrelated matters. A result companies are increasingly unwilling to share data if it exposes them to wider risks.

Organisations, government and individuals only actually work on threats when they prove themselves to be tangible which is why selling security services in unreglated industries is so difficult.
Companies don’t get their own infosec problems and don’t care that much. Commercial sector is still trying to hire good network security people, but bog them down in useless false alerts and management panics.

A single false alert can take up days of time, but upper management - who don’t understand the issues - can tie up days of team time dealing with an alert that isn’t a serious issue, said Truppi. Banks are better in this case because many companies have the view that if they have a disaster recovery plan in place, then they’re sorted which is not true.

The traditional view is that hackers will try to fake stock trades but this is an old method because it can be checked before the payout. The new way is to use insider trading to extract money.
Truppi warned that recent future will experience major internet outrages because of botnets
of things taking down sections of the internet. It will be interesting how the governments and commercial sectors will deal with it.

India says International law not ready to deal with cyber attacks

India criticised the current international law and said it was not well positioned to support responses to cyber attacks even as the interconnected world faces threats on a scale never seen before.

Citing the 26/11 Mumbai terror attacks, India said that financial hubs like Mumbai, New York and London are largely targeted by terrorists to impact a country's economy and so it called for a collaborative preventive approach to address terrorist cyber attacks against critical infrastructures.

The investigations into the heinous terrorist attacks on Mumbai in 2008 revealed the impact its perpetrators wanted to have on the psyche and economy of the whole of India.

"Current international law is not well positioned to support responses to cyber attacks," said, India's Permanent Representative to the UN Syed Akbaruddin, adding that protection of critical infrastructure is primarily a national responsibility.

"These attacks, including on a hospital, railway station and hotels were carefully planned and crafted from beyond our borders to have crippling effects not only on daily life in a bustling metropolis but targeted a country of a billion people," said Akbaruddin on Monday (February 13) in the Security Council.

Speaking at a Council debate on protecting critical infrastructure from terrorist attacks, Akbaruddin said that attacks on “international stock exchange, a major dam, a nuclear power plant, possible sabotaging of oil/gas pipelines, air safety systems of airports, or potential blocking of an international canal or straits have much wider implications and pursuant complications far beyond national frontiers."

Akbaruddin added that the world body was not ready to act on an anti-terrorism treaty dealing with cyber terrorism and even the Security Council's decisions that impose binding duties on member countries to combat terrorism do not mention cyber attacks.

"The possibility of terrorist cyber attacks has not catalysed negotiations even after 20 years," he said.

Challenging the international community, the Indian representative asked: "Since we can discern the threat and there is an understandable global angst, can we look at options for strengthening the international law against terrorist cyber attacks?" Adding that if it cannot happen, we can at least start by clarification of the applicability of certain anti-terrorism treaties.

HP launches Sure Click to destroy malware

HP computers and Bromium have co-produced HP SureClick which is the first laptop with Bromium’s virtualization-based security built-in that is uber-secure, built-in and hands-off for end users. But only Chromium and Internet Explorer are supported in this product which acts as a defence against malware.

Sure-Click means that each tab launched in either Chrome or Internet Explorer will launch as its own, fully contained micro-VM. This micro-VM doesn’t carry with it a lot of overhead, relying upon the existing filesystem and memory instead of having to create new, individual virtual machines. Instead, it creates an isolation bubble around the code that is executing, presenting to it a full instance of Windows without actually giving it access to anything that can cause harm. If a malicious site is visited, all users have to do is close the tab, destroying the virtual machine forever and the malware along with it. The technology is designed to prevent the malware escaping a micro-VM.

The idea is that Sure-Click will trigger without the user’s intervention. Every time a user visits a website, Sure-Click will engage, providing a small virtualization layer between the browser and the rest of the system which in turn will protect the Elite 360 and its user data.

The hardware-based, isolated browsing session will initially be available on HP’s EliteBook x360 1030 G2 on general availability in Spring where it will make its debut as a web download. Other Elite PCs will add support for Sure-Click during the second half of the year. The tech was launched at RSA Conference.

More and more browsers, such as Google Chrome, are implementing sandboxing to prevent any malware from escaping the browser.

The most important element of this is that Bromium’s micro visor-based security model is continuing its move towards mainstream adoption.

HP partnered with Bromium, a maker of “virtual hardware,” to create Sure-Click. Bromium has said that it believes virtualization can be an answer to securing the PC but that creating an actual virtual machine can be too unwieldy.

UK’s national security on risk by Russian and Chinese hackers

Britain’s new cybersecurity chief of Government Communications Headquarters, Ciaran Martin, said in an interview with The Sunday Times that the UK was struck by 188 cyber attacks over the last three months by Russia and China-sponsored hackers threatening national security by stealing defence and foreign policy secrets and intervene in the democratic process.

National Cyber Security Centre (NSC) said that there has been a “step change in Russian aggression in cyberspace" over the past couple of years. Each month around 60 significant cyber-attacks knock down Britain, said Martin. NSC is investigating the attacks by Russian and Chinese state-sponsored hackers.

The info-stealing raids are designed to “extract information on UK government policy on anything from energy to diplomacy to information on a particular sector," said, Martin.

The Cold War may be over, but the cyberwar between Russia and the West is hotting up.

Martin also warned that the UK had experienced hacking attempts similar to those that infiltrated the Democratic National Committee and led to the leaking of sensitive emails which some claim helped Donald Trump to win the race to the White House.

"Part of that step change has been a series of attacks on political institutions, political parties, parliamentary organisations and that's all very well evidenced by our international partners and widely accepted,” said, Martin.

 His comments came as the chancellor, Philip Hammond, told the Sunday Telegraph the centre had blocked 34,550 “potential attacks” on government departments and members of the public in the past six months – about 200 cases a day.

Concern has been growing about the amount of so-called fake news coming from Russian media outlets which are seen as being a concerted disinformation campaign by the Kremlin to disrupt world politics, including in the UK.

An attempt to disrupt the 2015 general election was thwarted by GCHQ in a cyber attack the security service said was the first of its kind.

Two members of the hackers group "Humpty Dumpty" pleaded guilty

Two members of the hacker group "Humpty Dumpty" has been pleaded guilty for illegally using the computer information in the Moscow City Court,   reported RT (Russia Today).

Constantine Teplyakov and journalist Valdimir Anikeev were the two convicts, and they confessed their crime.

On 9 February, the Moscow City Court rejected the complaint against the extension of an arrest of one of the suspect, Alexander Filinov. As court considered the extension as the lawful.

According to the previous reports by IA REGNUM, the Lefortovo court of Moscow has withheld the arrest of accused journalist, Anikeev, until March 8. He is a prime suspect of illegally obtaining the important data by interception of correspondence of high-level Russian official, and then selling and publishing it.