News & Updates

Enlarge (credit: Presidential Press and Information Office)

Russia’s intelligence agency the FSB, successor to the KGB, has posted a notice on its website claiming that it now has the ability to collect crypto keys for Internet services that use encryption. This meets a two-week deadline given by Vladimir Putin to the FSB to develop such a capability. However, no details have been provided of how the FSB is able to do this.

The FSB’s announcement follows the passage of Russia’s wide-ranging surveillance law, which calls for metadata and content to be stored for six months, plus access to encrypted services, as Ars reported back in June.

The new capability seems to go even further, since the FSB notice (in Russian) speaks of obtaining the “information necessary for decoding the electronic messaging received, sent, delivered, and (or) processed by users of the ‘Internet’ network.”

Read 5 remaining paragraphs | Comments


Experts from Proofpoint discovered that the Banking trojan Chthonic was distributed via ‘legitimate’ PayPal accounts by abusing the “money request” feature.

The imagination of cyber criminals is a never ending pit, according to the security firm Proofpoint, crooks are abusing PayPal to distribute the Chtonic banking trojan. Chtonic is a strain of the most notorious Zeus Trojan, the researchers spotted a new campaign leveraging on emails sent by genuine PayPal accounts.

The attackers in this way could bypass anti-spam filters and antivirus solutions because the emails come via genuine PayPal accounts.

One sample analyzed by Proofpoint was not detected by Gmail because the message appeared to be legitimate.

“Specifically, we observed emails with the subject “You’ve got a money request” that came from PayPal. The sender does not appear to be faked: instead, the spam is generated by registering with PayPal (or using stolen accounts) and then using the portal to “request money.” We are not sure how much of this process was automated and how much manual, but the email volume was low.” reported a security advisory from Proofpoint.

The attackers abused the “request money” feature that gives PayPal the possibility to include notes when sending money request messages.

Chthonic Banking Trojan PayPal

“PayPal’s money request feature allows adding a note along with the request [and] the attacker crafted a personalised message and included a malicious URL,” continues the advisory. “In a double whammy, the recipient here can fall for the social engineering and lose $100, click on the link and be infected with malware, or both.”

When the victim clicks on the link embedded in the message it will be redirected to a non-PayPal website that downloads an obfuscated JavaScript file called paypalTransactionDetails.jpeg.js. Opening the JavaScript file downloads the Chthonic Trojan. The link included in the message was generated with the Google URL shortener (it is a link).

“If the user does click on the link, they are redirected to katyaflash[.]com/pp.php, which downloads an obfuscated JavaScript file named paypalTransactionDetails.jpeg.js to the user’s system. If the user then opens the JavaScript file, it downloads an executable from wasingo[.]info/2/flash.exe. This executable is Chthonic, a variant of the Zeus banking Trojan. ” added Proofpoint.

It is interesting to note that Chthonic executable also downloads a second-stage payload that is a totally new called AZORult.

The experts noticed that the campaign has still a low volume because the overhead necessary to set up PayPal accounts to send the malicious requests.

The analysis of the URL included in the message, a link, revealed that it has been clicked only 27 times.

Give a look to the ProofPoint analysis, it includes also Indicators of compromise (IOC’s).

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Chthonic, PayPal)

The post PayPal accounts abused to distribute the Chthonic Banking Trojan appeared first on Security Affairs.

Source: Security affairs

Today I present you The PøwerfulGreəkArmy (aka PGA), a hacker collective focused in the fight against the ISIS propaganda online.

Enjoy the Interview.


Tell me more about PGA? Which is your motivation?

So ,we are a new hacking team with 7 skilled hackers. Our motivation is to stop pedophiles and ISIS doing actions.

PGA ‘s members have participated in Anonymous Campaigns such as #OpIcarus , #OpISIS And more.

Which is the technical background of your members? How did you meet them?

I meet them in a hacking forum , we talked and we were having a friendship. Then I asked them if they are interesting for a hacking team.

What was your greatest hacking challenge? What are the most important tools in your arsenal?

Our greatest hacking challenge was that we DDoSed and got down LoL EU Servers for 35 minutes. Also, another great attack we have done, was the Pokemon GO Servers attack. Our most important tools are a simple botnet to DDoS sites e.t.c. Kali Linux PHP shells Nmap

Do you have coding abilities? Are you able to develop a zero-day Exploit?

3 of 7 members have very good experience on coding , they know coding languages such as python , c# , c++, visual basic , java and more. Yes some of the members can exploit an 0-day exploit

Which are best places where to find a zero-day exploit (please provide me the names)? Give me an idea of you potential target?

I don’t know I think all the dl’s are probably viruses like RAT’s or something , but I think is legit. Not very sure.

Are you focused on specific industries (banking, government entities, etc)

So , we are targeting ISIS gov sites , pedophile accounts, and Turkish sites.

Which are the most dangerous hacking crews in the wild? Why? 

I think the most dangerous hacking crew is PoodleCorp , they attack Youtubers like crazy.

Did your members participate in Anonymous campaigns? 

Yes , all the members of P.G.A participate in Anonymous Campaigns.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – PGA, Hacking)

The post Hacker Interviews – The PøwerfulGreəkArmy (PGA) appeared first on Security Affairs.

Source: Security affairs

Twitter account of another high-profile CEO has been hacked!

This time, it’s Niantic CEO John Hanke, the developer behind the world’s most popular game Pokémon GO.

And it seems like Hanke is so busy with its newly launched game Pokémon GO that he hasn’t noticed or took any measures against it even after over 12 hours of the hack, as the tweets made by hackers are still displaying on his


WhatsApp doesn’t properly erase your deleted messages, researcher reveals

Are you using WhatsApp? There is an interesting news for you, the popular instant messaging app doesn’t properly erase the user’s deleted messages.

The issue was reported by the popular iOS security researcher Jonathan Zdziarski who is warning about the risks for the users’ privacy.

The flaw could be exploited by attackers to snoop on user’s private conversations, even when they gave been “deleted.”

Zdziarski was analyzing the latest version of the popular app when discovered traces of previously deleted messages. Data are not physically deleted allowing an expert to recover it with certainly data forensic tools.

“Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely.” states the blog post published by Zdziarski.

whatsapp data

The issue represents a serious problem for users that live in an oppressive country, there is the concrete risk that authorities access sensitive conversations by physically accessing the mobile device.

“Just to be clear, WhatsApp is deleting the record (they don’t appear to be trying to intentionally preserve data), however the record itself is not being purged or erased from the database, leaving a forensic artifact that can be recovered and reconstructed back into its original form.” wrote the expert.

The issue is common among applications that uses SQLite, this specific database by default doesn’t delete data on iOS. Every time a record is deleted, it is added to a “free list,” instead its physical deletion. Free records will get overwritten is a second time, for example when the database needs the extra storage.

“If you delete large chunks of messages at once, this causes large chunks of records to end up on this “free list”, and ultimately takes even longer for data to be overwritten by new data. There is no guarantee the data will be overwritten by the next set of messages. In other apps, I’ve often seen artifacts remain in the database for months.” explained the expert.

Among other applications that suffer a similar problem, there is the popular Apple iMessageas explained by Zdziarski.

“Apple’s iMessage has this problem and it’s just as bad, if not worse. Your SMS.db is stored in an iCloud backup, but copies of it also exist on your iPad, your desktop, and anywhere else you receive iMessages. Deleted content also suffers the same fate.” he said.

Other applications like Signal doesn’t leave forensics trace, according to Zdziarski:

“Signal leaves virtually nothing, so there’s nothing to worry about.”

It is curious to note that Zdziarski has included in the analysis the instructions to fix the problem.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Whatsapp, mobile forensic)

The post WhatsApp doesn’t properly physically erase user’s deleted messages appeared first on Security Affairs.

Source: Security affairs

The Italian model with regard to issues of cyber security and intelligence is in the process of evolution through a NATIONAL FRAMEWORK.

The economic and technological systems of Western countries are highly dependent on CyberSpace, they require more and more accurate risk analysis and management of threats relate to a significant increase in cyber attacks and their complexity. The Italian model with regard to issues of cyber security and intelligence is in the process of evolution through a NATIONAL FRAMEWORK. The

The Italian model with regard to issues of cyber security and intelligence is in the process of evolution through a NATIONAL FRAMEWORK. The current Framework presented in February 2016 by On.Minniti and Professor Baldoni actualizes two important facts:

  • Italy has introduced an innovative reference model that represents an accelerator of the National Strategic Plan for Cyber Security at which all companies and government agencies are invited to attend.
  • The reference model draws on the American NIST Framework (National Institute of Standards and Technology) for the improvement of critical infrastructure Cybersecurity, made of 5 main functions:
  1. Identify function is linked to the understanding of the business environment, the assets that support critical business processes and their associated risks. In fact, this understanding allows an organization to define online resources and investment with the risk management strategy and business objectives. The Category within this Function are: Asset Management; business environment; governance; Risk assessment; risk management strategy.
  2. Protect function is associated with the implementation of those measures for the protection of business and enterprise asset processes, regardless of their digital nature. The inside of this Function Category are: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.
  3. Detect function is associated with the definition and implementation of appropriate activities for the timely detection of computer security incidents. The Category within this Function are: Anomalies and Events; Security Continuous Monitoring; Processes and Detection
  4. Respond function is related to the definition and implementation of appropriate activities to intervene when a computer security incident was detected. The goal is to limit the impact caused by an accident potential computer security. The inside of this Function Category are: Planning; Communications; Analysis; mitigation; and Improvements.
  5. Recover function is associated with the definition and implementation of activities for the management of the plans and activities for the restoration of processes and services impacted by an accident. The goal is to ensure the resilience of the systems and infrastructure and, in case of accident, support the timely recovery of business operations. The inside of this Function Category are: Recovery Planning; Improvements; and Communication

NIST models transposing the Standards ISO 27001 Information Security Management System
and  Standards ISO 31000 Risk Management.

cybersecurity NIST Framework CSOC

The Italian model, falls on the American model, in Italian actually providing integration between different types of standards, corporate organizational structures, and their types and manage the associated risks.

Choosing from US Framework it was made considering that the response to cyber threats should provide an alignment internationally as well as at the country level system. This also to allow multinational companies to align their processes for managing cyber security more easily on an international scale.

The current model is however not exhaustive as it does not emphasize preventive measure dynamic attacks with countermeasures in industrial espionage contexts to companies and research centers. To this end, we need a communication and research process with the involvement of the civil and military intelligence structures (DIS, AISI, AISE) both on national scenarios both on transnational scenarios. This involvement needs to reference standards to support specific protocols between public and private organizations and intelligence structures in the event of terrorist attacks or industrial espionage or simply redefining induced in crisis scenarios of new geopolitical boundaries in Italian strategic sectors such as: RESEARCH, DEFENSE, ENERGY, TELECOMMUNICATIONS, AGRIBUSINESS, TOURISM, HIGH FASHION.
It is also necessary to create suitable operating centers for security and intelligence (Cyber Security Operational Center CSOC) dealing with security issues in a strategic, tactical and operational national and transnational, and where they will be analyzed and related to Dynamic Data Mining Techniques millions of data.

About the Author: Prof. Francesco Corona

Francesco CoronaCyber Intelligence expert – Security Affairs Writer.
Teacher and member of the Scientific Committee of the Master in Security and Cybersecurity at LINK CAMPUS UNIVERSITY Rome ( ),for over thirty years working in the security sector and she perfected their knowledge in professional activities and US foreign courses. He stood out in teaching activities for the specialized training to technical and telematic CyberSecurity at SISDE (AISI) participating in numerous tables of discussion and planning of national security plans for critical infrastructure and the protection of Made in Italy. Author of numerous articles in security wrote for the magazine of the Intelligence GNOSIS services.




medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Italian Cybersecurity National Framework, Cyber Security)

The post A close look at the Italian Cybersecurity National Framework appeared first on Security Affairs.

Source: Security affairs

(credit: Philips)

Comparing the potential benefits of one fitness device to another can be difficult when the market is so saturated, and companies work hard to stand out from the competition. For Philips, that means medical devices instead of fitness devices. The new suite of health devices that Philips launched today, including the Philips Health Watch, targets people who have or risk developing chronic conditions such as hypertension. In addition to the watch, Philips has a smart scale, a thermometer, and two blood pressure monitors as part of its family of medical-grade consumer devices.

With its simple black frame and Gorilla Glass-covered display, the Philips Health Watch isn’t trying to be flashy or make a fashion statement. The watchface itself isn’t a touchscreen, but the bezel around it is, so you swipe and tap on the circumference of the watch to change the display. A bunch of quick views shows you stats like steps, calories burned, active time, and so forth, and tapping the top lets you access a detailed menu full of in-depth stats. You can even input what foods you’ve eaten directly into the watch, which means you don’t have to log every meal and snack through your phone.

Inside the $250 watch is a Philips-developed continuous optical heart rate monitor, as well as an accelerometer. In addition to basic metrics like steps, calories, and heart rate, this sensor also tracks resting heart rate, resting respiration rate, active time, sedentary time, and sleep. Even though the Health Watch is not a fitness device, it can automatically track running, walking, and biking so you don’t have to manually start tracking those exercises. The watch’s heart rate monitor is smart enough to know when your heart rate is consistently high, so it will register when you’re doing other kinds of workouts as well.

Read 4 remaining paragraphs | Comments


This trailer is completely fine, but the series is so much more charming.

Warning: This post contains minor spoilers for Stranger Things‘ first season.

Almost immediately, Netflix’s Stranger Things transports viewers to a time, place, and feeling. There are vinyl records and cassette tapes, single-speed bikes providing endless freedom, and AV Club devotees with ham radios and walkie-talkies. The first episode even uses an epic, demogorgon-loaded Dungeons & Dragons campaign as both a delightful cultural reference point and a subtle roadmap for what’s to come.

The four kids initially battling that demogorgon represent well-established roles: there’s the quiet one (Will), the cynic (Lucas), the optimist (Mike), and the realist (Dustin). They have awkward, older siblings at opposite ends of the popularity spectrum, and they interact with adults we already kind of know at first blush—a flawed but capable sheriff, a stressed but determined single mom, a sage-like science teacher. Add allusions to Stephen King, Steven Spielberg, and a bevy of other era-appropriate pop culture entities, and you’d be forgiven for thinking you know how this “set in 1983” series will play out.

One of many, many videos you can find citing and explaining the pop culture allusions in Stranger Things.

After all, this is a story that could happen (and has happened) in any era. A kid has gone missing, some dark forces seem to be at play, and it’ll take a village (or at least a team of adults, our D&D nerds, and their siblings) to figure everything out. But what makes Stranger Things stand out after its eight-episode first season is that the show only uses the familiar as a backdrop; it doesn’t wallow in it or simply retread known stories. This isn’t Ready Player One, a new Ghostbusters, or any of the upcoming Star Wars onslaught. Instead, Netflix’s lovely homage to 1980s genre fiction deploys nostalgia only to speed up and deepen world-building. Its story, by contrast, feels fresh by including enough twists and turns to keep even the most capable pop-culture detectives guessing and entertained.

Read 11 remaining paragraphs | Comments


The group of hackers known as China 1937CN Team compromised the announcement screen systems at many major airports in Vietnam.

According to the 2015 version of the ‘Transportation Systems Sector-Specific Plan’ the transportation industry is increasingly exposed to cyber threats.

The sector is becoming a privileged target of hackers worldwide, the last incident in order of time occurred in Vietnam where a group of Chinese hackers has attacked the digital signage system causing serious problems with the infrastructure.

The news was confirmed by the country’s Deputy Minister of Transport, Nguyen Nhat. The flight information screens at both Noi Bai International Airport in Hanoi and Tan Son Nhat International Airport in Ho Chi Minh City have been compromised by hackers that displayed offensive messages toward Vietnam and the Philippines, along with “distorted information about the East Vietnam Sea.”

China 1937CN Team defaced Airport screen

At the Tan Son Nhat International Airport, the attacker abused of the loudspeaker system to spread offensive messages in English.

Another airport, the Da Nang International Airport experienced repeated glitches at its computer system. The authorities reported other problems in the country, for example, airlines at 21 airports across Vietnam have had to switch to manual processes to complete check-in procedures for passengers. Many flights had significant delays because the shutdown of check-in counters.

Some airlines shut down some check-in counters completely—leading to flight delays.

“A team of self-proclaimed Chinese hacker has compromised the announcement screen systems at many major airports in Vietnam, and hacked the website of the country’s national flag carrier, the Ministry of Transport confirmed on Friday.” reported the Tuoi Tre News.

“All Internet systems have been switched off so we had to do everything by hands,”

Some local security experts also posted on their Facebook pages some photos showing that the VIP passenger section on the website of Vietnam Airlines had also been hacked and defaced.

The screenshot posted online shows that that the hacker group, calling itself China 1937CN Team, sent “a warning message” for Vietnam and the Philippines.

A source told the news outlet that personal data of some 411,000 passengers had been exposed.

This isn’t the first time that the China 1937CN Team hit the Vietnam, in May 2015 the same group hacked roughly 1,000 Vietnamese websites, including 15 government portals and 50 education sites. In the same period, around 200 websites in the Philippines were attacked by the China 1937CN Team hackers.

Many Vietnamese security agencies and private firms have joined hands to support the Vietnam Airlines and protect their assets from the attacks of groups of hackers like the China 1937CN Team.

“Vietnam Airlines said it has deployed back-up plans to ensure safety and operations at airports.” continues the post.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – China 1937CN Team, Vietnam)

The post China 1937CN Team hackers attack airports in Vietnam appeared first on Security Affairs.

Source: Security affairs