Israeli soldiers hit by Android malware from cyberespionage
group
… The Israeli
soldiers were lured via Facebook Messenger and other social networks by hackers
who posed as attractive women from various countries like Canada, Germany, and
Switzerland. The victims were tricked
into installing a malicious Android application, which then scanned the phone
and downloaded another malicious app that masqueraded as an update for one of
the already installed applications.
… Once installed
on the phone, this malicious app allows hackers to execute on-demand or
scheduled commands. The commands can be
used to read text messages, access the contacts list, take pictures and
screenshots, eavesdrop at specific times of the day, and record video and
audio.
The Kaspersky researchers concluded that this is likely only
the "opening shot" of the operation and that it is a targeted attack
against the Israel Defense Forces, "aiming to
exfiltrate data on how ground forces are spread, which tactics and equipment
the IDF is using, and real-time intelligence gathering."
(Related). We
called this “Targeting.”
Many Ukrainian Organizations Targeted in Reconnaissance
Operation
CyberX, a company that specializes in ICS security, has
been monitoring a well-organized campaign that has targeted at least 70
entities with ties to Ukraine, including the country’s critical infrastructure.
The campaign, dubbed Operation BugDrop, has been underway
since at least June 2016. It involves
malware delivered via spear phishing emails and malicious macro-enabled Office
documents.
The BugDrop malware is capable of collecting system
information, passwords and other browser data, and audio from the microphone. It can also steal files from local, shared and
USB drives, including documents, spreadsheets, presentations, archives,
databases and text files.
My Computer Security class starts today, so this might
interest my students.
Researchers at Kaspersky Lab have analyzed several Android
applications for connected cars and determined that most of them lack important
security features, making it easier for hackers to unlock the vehicles.
… Kaspersky has analyzed seven of the most popular connected car Android
applications, which have been installed by millions of users.
… All the tested applications can be used to
unlock a vehicle’s door and some of them also allow the user to start the
engine. However, the aforementioned
security features are mostly missing from the apps – only one encrypts the
username and password, and none of them use obfuscation, overlay protection,
root detection or code integrity checks.
The
lack of security mechanisms makes it easier for a piece of malware that has
infected the Android device to take control of the smart car app. And while hijacking the application does not
allow an attacker to drive away with the car, it does allow them to unlock it
and disable its alarm, which can make it easier to steal.
An article the FBI should read.
RSA: Elite cryptographers scoff at idea that law enforcement
can ‘overcome’ encryption
U.S. Attorney General Jeff Sessions’ call for a way to
“overcome” cryptography met with scorn from a panel of elite cryptographers
speaking at this week’s RSA Conference 2017 in San Francisco.
“Any one of my students will be capable of writing good
crypto code,” says Adi Shamir, the ‘S’ in RSA and a professor at the Weizmann
Institute in Israel.
… Shamir noted
that the current, most respected encryption algorithm was devised by Belgians,
and noted that other major crypto advances were made by Japanese, Israelis and
others. “It’s not uniquely American,” he
says. Forcing backdoors in American
crypto products would be shooting U.S. interests in the foot, he says. “Other countries would be happy to step in
with un-backdoored cryptography,” he says.
… Landau notes
that in the Apple v. FBI case last year, the problems of
decrypting a terrorist’s iPhone were overblown
by the FBI, which said it could only get in with Apple’s help. Later, the FBI hired a private firm to do the
work, and a researcher demonstrated how to do it with about $150 worth of
off-the-shelf gear.
Shamir says that the Israeli company that purportedly
helped the FBI was later hacked and its methods publicly disclosed by the
attackers. “You need to be careful about
helping the FBI,” he says with a smile.
Even if the data is factual, it could trigger bias in the
responders. Would responders slow down
if the heard: “The address is the Trump Re-Election headquarters.”
Nathan Munn reports:
Police in Canada’s capital city
of Ottawa are being supported by a so-called “virtual backup” team that
provides front-line officers with unprecedented amounts of information as they
race to service calls.
The unit, known as the Ottawa Police Strategic Operations Centre (OPSOC), has been
active since October 2016. But civil
liberties advocates are raising concerns about the project, pointing out that
it monitors protesters on social media and is developing ‘predictive policing’
capabilities based on crime data that could contain hidden biases.
Read more on Motherboard.
Privacy in the future?
What will cause this system to deny you entry?
Joe Cadillic writes:
A retail store in St.Louis called
Motomart
is demanding customers submit to having their faces scanned before they’re
allowed entry !
Think about what that means,
police are identifying every single customer using DHS’s REAL ID’s.
According to a Fox2Now article,
once it gets dark,
employees put up signs that say: “Facial Recognition Software in Use – Please
Look at Above Camera for Entry.”
Read more on MassPrivateI.
For my Data management students.
How Chief Data Officers Can Get Their Companies to Collect
Clean Data
In analytics, nothing matters more than data quality. The practical way to control data quality is
to do it at the point where the data is created. Cleaning up data downstream is expensive and
not scalable, because data is a byproduct of business processes and operations
like marketing, sales, plant operations, and so on. But controlling data quality at the point of
creation requires a change in the behaviors of those creating the data and
the IT tools they use.
Don’t worry, Watson can explain it all.
The moral dilemmas of the Fourth Industrial Revolution
by
on
World Economic Forum: “Should your driverless car value
your life over a pedestrian’s? Should
your Fitbit activity be used against you in a court case? Should we allow drones to become the new
paparazzi? Can one patent a human gene? Scientists are already struggling with such
dilemmas. As we enter the new machine
age, we need a new set of codified morals to become the global norm. We should put as much emphasis on ethics as we
put on fashionable terms like disruption. This is starting to happen . Last year, America’s
Carnegie Mellon University announced a new centre studying the Ethics of Artificial Intelligence;
under President Obama, the White House published a paper on the same topic; and tech
giants including Facebook and Google have announced a partnership to draw up an
ethical framework for AI. Both the risks
and the opportunities are vast: Stephen Hawking, Elon Musk and other experts signed an open letter calling for efforts to ensure
AI is beneficial to society…”
The most important thing our Congressional Representatives
could possibly do?
Gardner, Polis, Tipton, Introduce KOMBUCHA Act
Today Sen. Cory Gardner (R-Colo.), Rep.
Jared Polis (D-Colo.), and Rep. Scott Tipton (R-Colo.) introduced bipartisan,
bicameral legislation that would eliminate federal alcohol taxes on kombucha
and update regulations for kombucha companies in Colorado and nationwide.
… Kombucha is a
fermented tea that has been consumed for over 2,000 years. Trace amounts of up to 1 percent alcohol can
occur naturally in the production process, which currently triggers the type of
federal excise taxes usually reserved for alcoholic beverages. The KOMBUCHA Act eliminates those unintended
tax and regulatory burdens by increasing the applicable alcohol-by-volume limit
for kombucha from 0.5 percent to 1.25 percent.
… The kombucha
industry is one of the fastest growing beverage categories with a current
economic impact of $600 million and expected growth to $1.8 billion by 2020. Colorado's kombucha industry is estimated at
$20 million in annual sales and provides hundreds
jobs across the state.
Perhaps he is considering running for President.
Facebook’s Mark Zuckerberg pens letter warning against
threats to globalism
Facebook Inc Chief Executive Mark Zuckerberg laid out a
vision on Thursday of his company serving as a bulwark against rising
isolationism, writing in a letter to users that the company’s platform could be
the “social infrastructure” for the globe.
In a 5,700-word manifesto, Zuckerberg, founder of the
world’s largest social network, quoted Abraham Lincoln, the U.S. president
during the country’s 19th century Civil War known for his eloquence, and
offered a philosophical sweep that was unusual for a business magnate.
… Quoting from a
letter Lincoln wrote to Congress in the depths of the Civil War, he wrote to
Facebook’s 1.9 billion users: “The dogmas of the quiet past, are inadequate to
the stormy present.”
… Zuckerberg’s
letter was “a bit more ambitious and a bit more of the 30,000-foot view than I
see from most tech company CEOs,” Peter Micek, global policy and legal counsel
at Access Now, an international digital rights group, said in a phone
interview.
But Zuckerberg stayed away from certain subjects on which
Facebook could be vulnerable to criticism, mentioning the word “privacy” only
once, Micek said.
No comments:
Post a Comment