News
06 Oct 2017

The Friday Tech Takeaway - 06.10.17

The​ ​Emergence​ ​of​ ​Browser​ ​Hijack​ ​CryptoCurrency​ ​Mining: This is a case of a user's processor power is being hijacked to roll the dice with a vanishingly small chance of success. But if a sufficient number of rolls occur, any machine might get lucky. The annoyance is that the user whose machine just got lucky doesn't get any reward for the use of their processor's power... the hijackers win the prize. https://www.techdirt.com/articles/20170928/11262538304/showtime-wont-explain-why-website -was-hijacking-user-browsers-to-covertly-mine-cryptocurrency.shtml

​FBI​ ​Doesn't​ ​Have​ ​to​ ​Reveal​ ​How​ ​It​ ​Unlocked​ ​iPhone​ ​Used​ ​by​ ​San​ ​Bernardino Terrorist: The FBI reportedly paid over a million dollars to an unnamed vendor to unlock the shooter's iPhone. Remember that last year, James Comey the former FBI Director, indirectly disclosed that the agency reportedly paid around $1.3 Million for the hacking tool that helped the agency break into Farook's iPhone 5C. https://thehackernews.com/2017/10/apple-fbi-iphone-unlock.html

The​ ​Equifax​ ​Hack​ ​Has​ ​the​ ​Hallmarks​ ​of​ ​State-Sponsored​ ​Pros: The average American had no reason to notice Apache's post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation. https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks%20-of-state-sponsored-pros

Google​ ​Will​ ​Retool​ ​User​ ​Security​ ​in​ ​Wake​ ​of​ ​Political​ ​Hack: The implications of Russian involvement in US Presidential election has been generating news. Facebook and Twitter have been examining the extent of their unwitting involvement. And now Google is getting ready to bump up the security of their Gmail offering. https://www.bloomberg.com/news/articles/2017-09-29/google-is-said-to-retool-user-security-in -wake-of-political-hack

Apple file system flaw, macOS shows encrypted drive’s password in the hint box: Apple yesterday released a security patch for macOS High Sierra 10.13, to fix vulnerabilities in the Apple file system (APFS) volumes and Keychain software. The vulnerability in the Apple file system was first reported by Matheus Mariano, a developer at Leet Tech,  and later confirmed also by the programmer Felix Schwartz. http://securityaffairs.co/wordpress/63896/hacking/apple-file-system-flaw.html

Russian firm provides North Korea with second Internet route: North Korea gets a second Internet connection thanks to the support of a state-owned Russian firm. From the perspective of security analysts, this second connection will significantly improve the cyber capabilities of North Korea in undermining the US efforts to isolate the state.

The availability of a second line allows Pyongyang to improve significantly the resilience against attacks on their infrastructure.

The Russian firm TransTeleCom is the company that activated the second connection, the first one was provided by China Unicom starting at least since 2010. http://securityaffairs.co/wordpress/63864/security/north-korea-internet-route.html

Hackers Hijack Ongoing Email Conversations to Insert Malicious Documents: A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread. This type of attack relies on hackers compromising one of the two or more persons involved in an email exchange. https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/

Every Single Yahoo account was breached in 2013 to the tune of $3bn - the largest known hack of user data in the history just got tripled in size. Yahoo, the internet company that was acquired by Verizon this year, now believes the total number of accounts compromised in the August 2013 data breach, which was disclosed in December last year, was not 1 billion—it's $3bn. https://thehackernews.com/2017/10/yahoo-email-hacked.html

Imperva Report Q2 2017- Over 75% of DDoS targets were hit multiple times: According to Imperva, over 75% of targets were hit multiple times in Q2 2017, while the percentage was only 43.2% in the same period of 2016.

“We also saw an increase in the frequency of repeat application layer attacks. In total, 75.8 percent of target websites were hit by repeat assaults, the largest percentage we have on record. This was especially true for US based websites, 80.3 percent of which suffered multiple assaults. Moreover, of the 45 targets that suffered 50 or more attacks, 34 were hosted in the US.” states the report. https://www.incapsula.com/ddos-report/ddos-report-q2-2017.html

UK National Lottery knocked offline by a DDoS attack on Saturday: The National Lottery confirmed that the outage was caused by a major distributed denial-of-service (DDoS) attack, it hasn’t provided further details about the incident. It is still unclear who is behind the attack and if the attackers attempted to blackmail the National Lottery. http://securityaffairs.co/wordpress/63734/hacking/uk-national-lottery-ddos.html