Week in review: Defeating UEFI’s SecureBoot, Gameover Zeus botnet disrupted, first Android file-encrypting Trojan

Here’s an overview of some of last week’s most interesting news, interviews, podcasts and articles:

International action against Gameover Zeus botnet and CyptoLocker ransomware
On Friday, 30 May 2014, law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces in a coordinated action led by the FBI which ensured the disruption of the Gameover Zeus botnet and the seizure of computer servers crucial to the malicious software known as CryptoLocker.

Mobile ad libraries create major risk for enterprise data
With so many applications requesting access to private or sensitive information, it’s often difficult for users, let alone IT administrators, to fully understand who’s accessing their data, where it’s being sent, and how it will be used.

Improving training programs in cyber security
In this podcast, recorded at Hack In The Box Amsterdam 2014, Lisha Sterling, Developer Coordinator at Geeks Without Bounds, talks about the problems in cybersecurity education.

Whitepaper: 10 network security tools you should use
Whether you are operating a home system, overseeing a small startup, or performing security governance for an enterprise, everyone can benefit from paying attention to security. This paper provides a list of 10 security tools or tests that will help you check out suspicious issues and keep ahead of new risks and threats.

NIST requests comment on proposed SHA-3 cryptographic standard
The draft Federal Information Processing Standard Publication 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, specifies six permutation-based “sponge” functions based on Keccak, the winning algorithm selected from NIST’s SHA-3 Cryptographic Hash Algorithm Competition.

NSA collects photos to feed facial recognition programs
The NSA has been collecting photos of people’s faces at the tune of 55,000 images every day, and has been feeding the images into its facial recognition programs.

Cupid exploits Heartbleed bug on WiFi networks and Android
Luis Grangeia has proved that the same exploit that has been used to exploit Heartbleed can also be used to target any device running an unpatched version of OpenSSL, and he says the attack is successful against wireless and some wired networks. He dubbed the exploit “Cupid.”

More developers looking to keep TrueCrypt alive
The news that the developers of TrueCrypt have abandoned the popular software has hit the security community like a ton of bricks, but there is apparently no lack of people who are eager to take on the responsibility.

DARPA’s Cyber Grand Challenge offers $3.75 million in prizes
DARPA’s Cyber Grand Challenge takes aim at an increasingly serious problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses – typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes.

Researcher automates discovery of Facebook users’ hidden friends
Putting a friend on Facebook on your “private” list does not guarantee you that anyone else won’t be able to spot the relationship, says researcher Shay Priel, managing partner and CTO at CyberInt.

Molerats attacks continue targeting US, EU, Middle East organizations
Not all RAT-wielding attackers come from China, say FireEye researchers. For over a year they have been following the activities of a group of hackers that uses the Poison Ivy and Xtreme RATs and targets financial institutions, government organizations and surveillance targets in the US, UK, Europe and the Middle East.

ESET analyzes first Android file-encrypting, TOR-enabled ransomware
The Trojan, detected by ESET as Android/Simplocker, scans the SD card for certain file types, encrypts them, and demands a ransom in order to decrypt the files. Let’s look at the malware in greater detail.

The disruption of Cryptolocker and GameoverZeus
Part of the difficulty in unraveling ZeuS botnet infrastructure is mapping it out.

Why botnet takedowns can cause more harm than good
The two-week deadline set for users to protect themselves is not the most effective method of tackling the Zeus cyberthreat, as cyber criminals can establish the botnet somewhere else and resume their work with minimum hassle.

Safari to include privacy-protecting search engine
Apple announced the inclusion of DuckDuckGo, the search engine that doesn’t track its users, in the future versions of Safari on iOS and OS X. This makes DuckDuckGo the first private search engine to be added to a major browser.

How do the new features in OS X Yosemite and iOS 8 impact security and privacy?
There are a significant number of privacy and security questions that users should keep in mind should they decide to participate in Apple’s newly announced Public Beta program.

Critical bug in GnuTLS crypto library could allow malicious code execution
Another critical bug in an open source SSL/TLS (and DTLS) cryptographic library has been discovered and patched last week. The affected library is GnuTLS, and is used in a number of Linux-based operating systems as well as several hundreds Linux software packages.

Google unveils source code for Chrome encryption extension
Google has made publicly available the source code for a new Chrome extension that helps users encrypt, decrypt, digitally sign, and verify signed messages within the browser using OpenPGP. The extension, dubbed End-To-End, has not yet been released in the Chrome Web Store.

Why Anonymous threats should not be ignored
International hacktivist group Anonymous is causing fear within the business and technology community once again, after a supposed Anonymous spokesperson warned that World Cup sponsors are next on the hit list.

Comcast will start encrypting email to and from Gmail accounts
Google’s unveiling of a new section to its Transparency Report that, among other things, shows which services support encryption in transit, has quickly lead to another welcome announcement.

OpenSSL releases patches for critical MITM, code execution flaws
OpenSSL users, you need to patch again. The OpenSSL team released a security update that fixes 6 vulnerabilities, two of which could be considered critical.

Set up email encryption in half an hour
As part of the global Reset the Net action, the Free Software Foundation, a non-profit organization that promotes computer user freedom and aims to defend the rights of all free software users, has released Email Self-Defense, a step-by-step guide that can teach even low-tech users how to use email encryption.

UK government proposes life sentences for hackers
Hackers in the UK could be in for a world of problems, as the UK government is looking to hand out life-long prison sentences to those who are found guilty of organizing and executing devastating cyberattacks.

What are the legal obligations to encrypt personal data?
A new report by UK-based law firm FieldFisher details legal obligations for encryption of personal data resulting from both industry compliance regimes, such as PCI DSS, national laws and local regulations.

American Express credit card data exposed
Corporate data breaches have seen a spike in recent months, and unfortunately American Express is the latest to join a long list of companies affected by hackers infiltrating their customer’s credit card information.

Identify stolen credentials to improve security intelligence
Companies that focus only on shielding themselves from obvious intrusions, like malware, will find themselves in a losing battle against sophisticated hackers. Successful IT security teams recognize the potential in leveraging existing security event management and information (SIEM) repositories to identify suspicious user activity that occurs after the point of entry, yet before data is stolen.

Are you prepared to manage a security incident?
Appropriate incident response is critical for minimizing the impact of a breach, yet 77% of organizations do not have an incident response plan at all according to a recent NTT Group report. This raises the question: are you prepared to manage a security incident?

Defeating UEFI’s SecureBoot
Corey Kallenberg, Security Researcher for the MITRE Corporation, and his colleagues Sam Cornwell, Xeno Kovah and John Butterworth have been testing ways to bypass UEFI’s SecureBoot – a new feature that enforces a signature check on the boot loader before the firmware transfers control to it. In this podcast recorded at Hack In The Box Amsterdam 2014, Kallenberg explains how they have been able to circumvent that protection on roughly half of the computers that have it enabled, in order to install a malicious bootkit, and what this means for the future of UEFI.

More about

Don't miss