News & Updates

An international operation conducted by the European police targeted customers of counter antivirus and crypter services: 6 arrested and tens of interviewed

The Germany’s Kriminalinspektion Mayen along with the Europol’s European Cybercrime Centre (EC3) have arrested six individuals and interviewed dozens of suspects as part of an international law enforcement operation targeting the users of two tools designed to help malware evade detection by security software.

“Between 5 and 9 June, 6 suspects were arrested and 36 were interviewed during an internationally coordinated operation in 6 European countries.” states the announcement published by the Europol. “The targets are all suspected customers of a counter anti-virus platform and crypter service – two cybercriminal tools used for testing and clouding of malware samples to prevent security software solutions from recognising them as malicious.”

The authorities seized hundreds of desktop and laptop devices, smartphones, and storage devices.

The first phase of the police operation, codenamed Neuland, took place in April 2016 and targeted the operators of two anti-malware detection services, and their customers based in Germany.

“The first phase of the operation, also supported by Europol, was executed on 5 April 2016 and targeted the suspects behind a counter anti-virus and a crypter service , as well as the German customers of the two tools, through a large-scale coordinated action in all state criminal police offices in Germany.” continues the report.

The police arrested a 22-year-old individual and searched the homes of 170 other from Germany, law enforcement also searched home other countries, including France, the Netherlands, and Canada.

It is interesting to note that the average age of the suspects was 23-

On Wednesday, the Europol announced the second phase of the operation that took place last week when the police targeted the international customers of the two anti-malware detection services.

“The second phase of this operation, from 5 to 9 June 2017, specifically targeted the international customers of the same two services. The following countries participated in this phase: Cyprus, Italy, the Netherlands, Norway, and the United Kingdom. Police officers searched 20 houses and 6 suspects were arrested, while 36 additional suspects have been interviewed so far. A large number of devices have also been seized. ” states the Europol.

A joint operation conducted by police in Cyprus, Norway, the Netherlands, Italy and the UK resulted in the arrest six people, a and questioned 36 other suspects. Police searched 20 houses and also in this case they seized electronics equipment and devices.

This isn’t the first time, police targets operators on anti-malware detection services, in November 2015 the police in the United Kingdom arrested two individuals. arrested.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – anti-malware detection services, Europol)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post European police target anti-malware detection services and their customers appeared first on Security Affairs.

Source: Security affairs

(credit: Verified Voting)

To understand why many computer scientists and voting rights advocates don’t trust the security of many US election systems, consider the experience of Georgia-based researcher Logan Lamb. Last August, after the FBI reported hackers were probing voter registration systems in more than a dozen states, Lamb decided to assess the security of voting systems in his state.

According to a detailed report published Tuesday in Politico, Lamb wrote a simple script that would pull documents off the website of Kennesaw State University’s Center for Election Systems, which under contract with Georgia, tests and programs voting machines for the entire state. By accident, Lamb’s script uncovered a breach whose scope should concern both Republicans and Democrats alike. Reporter Kim Zetter writes:

Within the mother lode Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by poll workers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals.

The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says.

And there was another problem: The site was also using a years-old version of Drupal — content management software — that had a critical software vulnerability long known to security researchers. “Drupageddon,” as researchers dubbed the vulnerability, got a lot of attention when it was first revealed in 2014. It would let attackers easily seize control of any site that used the software. A patch to fix the hole had been available for two years, but the center hadn’t bothered to update the software, even though it was widely known in the security community that hackers had created automated scripts to attack the vulnerability back in 2014.

Lamb was concerned that hackers might already have penetrated the center’s site, a scenario that wasn’t improbable given news reports of intruders probing voter registration systems and election websites; if they had breached the center’s network, they could potentially have planted malware on the server to infect the computers of county election workers who accessed it, thereby giving attackers a backdoor into election offices throughout the state; or they could possibly have altered software files the center distributed to Georgia counties prior to the presidential election, depending on where those files were kept.

Lamb privately reported the breach to University officials, the report notes. But he learned this March that the critical Drupal vulnerability had been fixed only on the HTTPS version of the site. What’s more, the same mother lode of sensitive documents remained as well. The findings meant that the center was operating outside the scope of both the University and the Georgia Secretary of State for years.

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Posters above water fountains warn against drinking the water at Flint Northwestern High School in Flint, Michigan. (credit: Getty | JIM WATSON)

Michigan Attorney General Bill Schuette charged five public officials with involuntary manslaughter on Wednesday in connection to the ongoing Flint water crisis. Those charged include the state’s director of Health and Human Services, Nick Lyon.

This latest batch of charges is the fourth linked to the water disaster, which exposed thousands of Flint children to lead-laced water and is linked to an outbreak of Legionnaires’ disease that contributed to at least 12 deaths.

As the water catastrophe stretches into its third year, Lyon is the highest-ranking member of Republican Governor Rick Snyder’s administration to get ensnarled in the ongoing criminal investigation.

Read 13 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(video link)

Before E3 even got started yesterday, we felt like we had already been through an entire show in and of itself. Press conferences and livestreams from the console makers at Microsoft, Sony, and Nintendo set the agenda for what we’ll see on the Xbox One, PlayStation 4, and Switch in the coming year. Splashy events from publishers like EA, Bethesda, Ubisoft, and Devolver Digital highlighted countless games that were previously unknown.

Before diving in for actual hands-on time on the show floor, Ars Culture Editor Sam Machkovech and I had a quick chat about what stood out to us in these marketing-focused, hype-soaked, bombastic press conferences. Watch the video above for our full thoughts, but here’s some quick bullet points:

Read on Ars Technica | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Andrew Cunningham

Apple seems committed to the Mac Pro and iMac Pro for now, but the company says that its most popular desktops with pro users remains the 27-inch iMac.

Unlike phones and tablets, which can still post big performance gains from year to year, desktops age more slowly and gracefully. A typical replacement cycle in many businesses and schools is three or four years, and, as long as they don’t break, you can easily keep using them for years after that.

Read 20 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / SpaceX launches a satellite for the National Reconnaissance Office on May 1. (credit: SpaceX)

About six weeks ago, SpaceX launched a spy satellite into low Earth orbit from Launch Complex 39A at NASA’s Kennedy Space Center. As is normal for National Reconnaissance Office launches, not much information was divulged about the satellite’s final orbit or its specific purpose in space. However, a dedicated group of ground-based observers continued to track the satellite after it reached outer space.

Then something curious happened. In early June, the satellite made an extremely close pass to the International Space Station. One of the amateur satellite watchers, Ted Molczan, estimated the pass on June 3 to be 4.4km directly above the station. Another, Marco Langbroek, pegged the distance at 6.4km. “I am inclined to believe that the close conjunctions between USA 276 and ISS are intentional, but this remains unproven and far from certain,” Molczan later wrote.

In recent days, Ars has run these observations by several officials and informed sources. They are credible, these officials say, and curious indeed. “This is strange,” said one astronaut who has commanded the International Space Station. “I don’t really believe in coincidences. But I can’t really think of anything that would be worth highlighting a close approach.”

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Video game designer Hideo Kojima (left) speaks at the Tribeca Games Festival during Tribeca Film Festival at Spring Studios on April 29, 2017 in New York City. (credit: Ben Gabbe / Getty Images News)

According to a Wednesday report in the Nikkei Asian Review newspaper, Konami is apparently blacklisting former employees in the Japanese video game industry. The company is particularly targeting those who work for Kojima Productions, which was founded in 2016 by Hideo Kojima, who used to be a top designer at Konami.

The video game giant behind the Metal Gear Solid series, among others, has been in something of a shift over the last two years, as it has transitioned from a console-focused company to a mobile-focused one.

The Japanese newspaper wrote that two months ago, an unnamed Kojima Productions executive applied for Kojima to join ITS Kenpo, a health insurance company that focuses on the gaming industry. That application was denied, apparently because the chair of that company’s board, Kimihiko Higashio, is also a board member at Konami.

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / Democrats vs. Republicans. (credit: Getty Images | Linda Braucht)

US Senate Democrats today asked the Federal Communications Commission to protect consumers from ringless voicemails, which let robocallers leave voicemails without ringing your phone.

The Republican National Committee (RNC), which is already using ringless voicemails, recently asked the FCC to approve a petition filed by a marketing company that sells direct-to-voicemail services. Approving the petition would exempt ringless voicemails from the Telephone Consumer Protection Act (TCPA) and allow marketers and others to use the technology without complying with anti-robocall rules.

This is a horrible idea, Democrats said.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / The developers of a new wireless charging tech are thinking big—automobile battery big. (credit: Oak Ridge National Lab)

Anyone who has ever left the house without remembering to charge their cellphone can appreciate the concept of wireless power transfer. All you would have to do is remember to drop your phone on your desk, and a wireless charging mat would ensure that it has a full battery by the time you pick it up again.

But current wireless charger systems require specialized hardware on both the sending and receiving ends, and power only flows efficiently when the two are a specific (and short) distance apart. It’s possible to expand that distance a bit by carefully adjusting the frequency used to induce current at a distance, but this adds to the complexity and energy overhead of the system. And even the best current systems have losses that mean wasted electricity at a time when energy efficiency is critical.

Now, researchers at Stanford have found a different way to handle wireless charging. Taking advantage of a quantum principle that also applies to the everyday world, they’ve created a system in which power is transferred over a wider distance with roughly 100-percent efficiency. Better still, the system adjusts itself to the distance, so careful frequency tuning becomes unnecessary. The big downside, however, is that the supporting electronics aren’t especially efficient.

Read 12 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Reporters for the online service “Bleeping Computer” have uncovered a new threat to Apple being offered on the dark web, it is the MACSPY RAT.

Reporters for the online service “Bleeping Computer” have uncovered a new threat to Apple being offered on the dark web. Thru their efforts the researchers for AlienVault were able to obtain a copy of the new “MacSpy” program, described as the most sophisticated malware for Mac OS-x operating system to date.

The hackers offering MacSpy on the dark net are not selling it but in fact – giving it away at no cost. The software combines with a provided TOR portal to enable users to hack into and obtain surveillance information from targeted MAC computers.

The authors of the malware claim that they created it because Apple products have grown so popular. It is this popularity of Apple products that appears to have driven their desire to create the remote access Trojan (RAT) program. The free version of the MacSpy malware is designed to monitor Apple users, record data on the Mac system and then covertly spin it back to the controller who launched the attacks. MacSpy is can capture screen image and has an embedded keylogger. In addition, MacSpy can also capture ICloud synced data such as photos, provide voice recording surveillance, extract clipboard contents and download browser information.

Much like contemporary software providers; the MacSpy developers offers a “paid” version with enhanced features for customers. The paid version of MacSpy has many similar features seen inside programs developed by the CIA as shown in the Wikileaks Vault 7 releases. The remote controller can update the Trojan silently, extract any file, encrypt whole user directories, deliver scheduled dumps of an entire infected system, and extract social media and email data for surveillance.

macspy mostly-spam

According to the AlienVault, the MacSpy program is currently “completely undetected by various AV companies and products”. The program also includes a feature to disable the ability of users to analyze, debug and understand its operation. The anti-analysis designs include a series of hardware checks against the CPU chips to ensure the program is not being executed in a virtual mode or on a minimal “sand-box” system to be examined. It also calls the Apple “ptrace” function with the proper options to prevent debuggers from attaching to the process itself.

Once the system has passed the anti-analysis features it installs itself, deletes the installation files for stealth and links up to a TOR proxy in order to begin the process of data surveillance. MacSpy does attach itself to start up files so the system will re-establish a link to the TOR proxy at the beginning of each reboot.

MacSpy transmits the data it collects by sending a POST request through the TOR proxy, and then repeatedly sends POST commands for the selected data that the malware has stolen from the infected target system. Once it has completed its download the malware deletes the temporary files containing the data it sent.

There are some bright sides to the MacSpy story. The developers appear to have copied much of their code from the Stack Overflow website for programmers. In addition, the MacSpy payload is not digitally signed and may trigger an alert on properly configured Mac OS systems.

However, according to AlienVault, the MacSpy malware is a sign that there is a dark future for Apple users.

“People generally assume when they are using Macs they are relatively safe from malware,” notes AlienVault in its dissection of the MacSpy Trojan.

“This has been a generally true statement, but this belief is becoming less and less true by the day, as evidenced by the increasing diversity in mac malware along with this name family.”

About the author: Charles R. Smith is CEO of Softwar Inc. a US based information warfare company and a former national security journalist.

 

 

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – MacSpy Trojan, malware)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post MACSPY – Remote Access Trojan as a service on Dark web appeared first on Security Affairs.

Source: Security affairs