Former cabinet secretary Mark Sedwill says UK used offensive cyber-capability to exploit Moscow’s ‘vulnerabilities’

Britain has carried a series of covert attacks on Russia’s leaders and their allies, the former cabinet secretary has disclosed.

Mark Sedwill said the UK had sought to exploit Moscow’s “vulnerabilities”, including through the deployment of its recently declared offensive cyber-capability.

Continue reading...
  • Sc chevron_right

    NSA Advisory on Chinese Government Hacking / Schneier · 4 days ago - 14:21

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers.

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching.

  • Ar chevron_right

    Fancy Bear imposters are on a hacking extortion spree / ArsTechnica · Saturday, 17 October - 12:00

Fancy Bear imposters are on a hacking extortion spree


Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks reach new popularity highs —and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.

On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The communications threaten that if the target doesn’t send a set number of bitcoin—typically equivalent to tens or even hundreds of thousands of dollars—the group will launch powerful distributed denial of service attacks against the victim, walloping the organization with a fire hose of junk traffic strategically directed to knock it offline.

Read 12 remaining paragraphs | Comments

  • Ar chevron_right

    White-hat hackers who had control of internal Apple network get $288,000 reward / ArsTechnica · Thursday, 8 October - 23:47

Inside a black-and-white Apple logo, a computer screen silhouettes someone typing.

Enlarge (credit: Nick Wright. Used by permission.)

For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday.

Sam Curry , a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.

The 11 critical bugs were:

Read 16 remaining paragraphs | Comments

  • Ar chevron_right

    Custom-made UEFI bootkit found lurking in the wild / ArsTechnica · Monday, 5 October - 14:13

Software security concept. Errors in the program. Bugs in the program. The presence of a backdoor, rootkit.

Enlarge / Software security concept. Errors in the program. Bugs in the program. The presence of a backdoor, rootkit. (credit: sasha85ru | Getty Imates)

For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.

As software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface —is an operating system in its own right. It’s located in a SPI -connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it’s the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.

Those characteristics make the UEFI the perfect place to stash malware, and that’s just what an unknown attack group has done, according to new research presented on Monday by security firm Kaspersky Lab.

Read 28 remaining paragraphs | Comments

  • Ar chevron_right

    Russia’s Fancy Bear hackers likely penetrated a federal agency / ArsTechnica · Saturday, 3 October - 11:17 · 1 minute


Enlarge / SONY DSC (credit: Boris SV | Getty Images)

A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia's military intelligence agency , the GRU.

Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers' methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They appear to be Fancy Bear, a team of hackers working for Russia's GRU. Also known as APT28, the group has been responsible for everything from hack-and-leak operations targeting the 2016 US presidential election to a broad campaign of attempted intrusions targeting political parties, consultancies, and campaigns this year.

Read 11 remaining paragraphs | Comments

  • Sc chevron_right

    Hacking a Coffee Maker / Schneier · Monday, 28 September - 19:18

As expected, IoT devices are filled with vulnerabilities :

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord.


In any event, Hron said the ransom attack is just the beginning of what an attacker could do. With more work, he believes, an attacker could program a coffee maker — ­and possibly other appliances made by Smarter — ­to attack the router, computers, or other devices connected to the same network. And the attacker could probably do it with no overt sign anything was amiss.

New social media platform Polis cuts through noise and trolling to establish consensus – and create new laws

The origin of one world always begins with its feet in another. And so it was in March 2014.

It came to be known as the Sunflower movement , a sudden three-week stand-off in 2014 between the government and Taiwanese protesters occupying parliament over a trade bill purporting to bring their country closer to China.

Continue reading...