Language Selection

English French German Italian Portuguese Spanish

Microsoft

Windows Intruded by CIA

Filed under
Microsoft
Security
  • Athena

    Today, May 19th 2017, WikiLeaks publishes documents from the "Athena" project of the CIA. "Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

    According to the documentation (see Athena Technology Overview), the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US. On their website, Siege Technologies states that the company "... focuses on leveraging offensive cyberwar technologies and methodologies to develop predictive cyber security solutions for insurance, government and other targeted markets.". On November 15th, 2016 Nehemiah Security announced the acquisition of Siege Technologies.

  • WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

    Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

  • Microsoft held back free patch that could have slowed WannaCry

Why Europe’s dependency on Microsoft is a huge security risk

Filed under
Microsoft

On May 12, hackers hit more than a hundred countries, exploiting a stolen N.S.A. tool that targeted vulnerabilities of Microsoft software. The attacks infected only machines running on Windows operative system. Among the victims are public administrative bodies such as NHS hospitals in the UK. Investigate Europe spent months to investigate the dire dependency of European countries on Microsoft – and the security risks this entails

Read more

NHS mulling Ubuntu switch after Windows XP fail?

Filed under
GNU
Linux
Microsoft
Security

Security News, Notably Microsoft/NSA Catastrophe

Filed under
Microsoft
Security
  • Major cyber attack hits companies, hospitals, schools worldwide

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

  • Massive cyberattack hits several hospitals across England
  • Rejection Letter

    We start with a shadowy US government agency, the NSA, systematically analyzing the software of the biggest American computer companies in search of vulnerabilities. So far, so plausible: this is one of the jobs of an intelligence and counter-espionage agency focussed on information technology. However, instead of helping Microsoft fix them, we are supposed to believe that the NSA hoard their knowledge of weaknesses in Microsoft Windows, a vitally important piece of their own nation's infrastructure, in case they'll come in handy againt some hypothetical future enemy. (I'm sorry, but this just won't wash; surely the good guys would prioritize protecting their own corporate infrastructure? But this is just the first of the many logical inconsistencies which riddle the back story and plot of "Zero Day".)

  • Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack
  • Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

    Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

  • Current wave of ransomware not written by ordinary criminals, but by the NSA

    The lesson here is that the NSA’s mission, keeping a country safe, is in direct conflict with its methods of collecting a catalog of vulnerabilities in critical systems and constructing weapons to use against those systems, weapons that will always leak, instead of fixing the discovered weaknesses and vulnerabilities that make us unsafe.

  • Wana Decrypt0r Ransomware Outbreak Temporarily Stopped By "Accidental Hero"

    A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r).

  • DDOS attacks in Q1 2017

    In Q1 2017, the geography of DDoS attacks narrowed to 72 countries, with China accounting for 55.11% (21.9 p.p. less than the previous quarter). South Korea (22.41% vs. 7.04% in Q4 2016) and the US (11.37% vs. 7.30%) were second and third respectively.

    The Top 10 most targeted countries accounted for 95.5% of all attacks. The UK (0.8%) appeared in the ranking, replacing Japan. Vietnam (0.8%, + 0.2 p.p.) moved up from seventh to sixth, while Canada (0.7%) dropped to eighth.

  • Applied Physical Attacks and Hardware Pentesting

    This week, I had the opportunity to take Joe Fitzpatrick’s class “Applied Physical Attacks and Hardware Pentesting”. This was a preview of the course he’s offering at Black Hat this summer, and so it was in a bit of an unpolished state, but I actually enjoyed the fact that it was that way. I’ve taken a class with Joe before, back when he and Stephen Ridley of Xipiter taught “Software Exploitation via Hardware Exploitation”, and I’ve watched a number of his talks at various conferences, so I had high expectations of the course, and he didn’t disappoint.

  • SambaXP 2017: John Hixson’s Reflection

    The next talk was given by Jeremy Allison on the recent symlink CVE. Jeremy explained how it was discovered and the measures that were taken to fix it.

NHS Cautionary Tale About Windows

Filed under
Microsoft
Security

Windows Chaos

Filed under
Microsoft
Security
  • ‘CIA malware plants Gremlins’ on Microsoft machines – WikiLeaks

    WikiLeaks has released the latest instalment in the #Vault7 series, detailing two apparent CIA malware frameworks dubbed ‘AfterMidnight’ and ‘Assassin’ which it says target the Microsoft Windows platform.

  • WannaCry ransomware used in widespread attacks all over the world

    Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.

    Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.

  • NHS left reeling by cyber-attack: ‘We are literally unable to do any x-rays’

    Thousands of patients across England and Scotland have been in limbo after an international cyber-attack hit the NHS, with many having operations cancelled at the last minute.

    Senior medics sought to reassure patients that they could be seen in the normal way in emergencies, but others were asked to stay away if possible.

    According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. “However much they pretend patient safety is unaffected, it’s not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” the doctor told the Guardian.

  • "Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

    Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries.

Microsoft Windows and Ransom

Filed under
Microsoft
Security
  • Massive ransomware attack hits UK hospitals, Spanish banks [Ed: Microsoft shows its real cost]

    A large number of hospitals, GPs, and walk-in clinics across England have been locked down by a ransomware attack, reports suggest. There are also some reports of a ransomware attack hitting institutions in Portugal and Spain, with telecoms provider Telefonica apparently hit hard. Further attacks have been reported in Russia, Ukraine, and Taiwan. Batten down the hatches: we might be in the middle of a global ransomware attack.

    Multiple sources point to this ransomware attack being based on the EternalBlue vulnerability, which was discovered by the NSA but was leaked by a group calling itself Shadow Brokers last month.

    NHS Digital has confirmed the attack and issued a brief statement, stating that there's no evidence that patient data had been accessed and that the attack was not specifically targeted at the NHS. At this point it isn't clear whether a central NHS network has been knocked offline by the ransomware or whether individual computers connected to the network are being locked out. In any case, a number of hospitals and clinics are reporting that their computer systems are inaccessible, and some telephone services are down too.

  • New ransomware Jaff demands $3,700 payments
  • Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

    This is a Wordfence public service security announcement for all users of computers running any version of Windows.

    We have confirmed that a serious virulent ransomware threat known as WannaCrypt0r/WannaCry has affected Windows computers on shared networks in at least 74 countries worldwide, with 57,000 reported individual cases being affected. And according to the analysis team at Kaspersky Lab, that number is growing fast.

CIA Uses "AfterMidnight" and "Assassin" Against Windows

Filed under
Microsoft

Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks for the Microsoft Windows platform.

"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine. The main controller disguises as a self-persisting Windows Service DLL and provides secure execution of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus". Once installed on a target machine AM will call back to a configured LP on a configurable schedule, checking to see if there is a new plan for it to execute. If there is, it downloads and stores all needed components before loading all new gremlins in memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert the functionality of targeted software, survey the target (including data exfiltration) or provide internal services for other gremlins. The special payload "AlphaGremlin" even has a custom script language which allows operators to schedule custom tasks to be executed on the target machine.

"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system. Once the tool is installed on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight") will then periodically beacon to its configured listening post(s) to request tasking and deliver results. Communication occurs over one or more transport protocols as configured before or during deployment. The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively as" The Gibson" and allow operators to perform specific tasks on an infected target.

Read more

Embrace and Extend: Microsoft Wants to Control the Competition

Filed under
GNU
Linux
Microsoft

“They’ll get sort of addicted, and then we’ll somehow figure out how to collect sometime in the next decade.”

--Bill Gates

Microsoft Spin

Filed under
Microsoft
Syndicate content

More in Tux Machines

Open source-based business lessons from a seasoned CEO

The default now is to build from open and in the open. So that's a positive. The downside is that by open source being the default, we may be getting a little lazy. If you remember back 5-10 years, open sourcing was a big deal, and it forced a level of rigor that may have led, in some cases, to founders and early investors taking better approaches to building their company—for example, shifting towards SaaS wherever possible, in part because of the ability to demonstrate clear value versus their own open source. Read more

Keeping up with advances in open source database administration

The world of open source databases is rapidly evolving. It seems like every day brings a new release of an open source technology that might make a database administrator's life easier, if only he or she knew about it. Fortunately, there are many ways to stay on top of what's going on with open source database technology. One such way is the Percona Live Open Source Database Conference, taking place next week in Dublin, Ireland. We've covered Percona Live before, and invite you to take a look back at some of our previous stories. From IoT to big data to working with the cloud, there's plenty to keep up with. Here are a look at a couple of the sessions you might enjoy, as described by the speakers. Read more

TUXEDO InfinityBook Pro 13 Review: a Powerful Ultrabook Running TUXEDO Xubuntu

There is no doubt that the TUXEDO InfinityBook Pro 13 is not a powerful ultrabook, providing good value for the money. And having it shipped with a Linux OS pre-installed makes your Linux journey a breeze if you're just getting started with exploring the wonderful world of Open Source software and GNU/Linux technologies. There are a few issues that caught our attention during our testing, and you should be aware of them before buying this laptop. For example, the LCD screen leaks light, which is most visible on a dark background and when watching movies. Also, the display is only be tilted back to about 120 degrees, which might be inconvenient for the owner. The laptop doesn't heat up that much, and we find the backlit keyboard with the Tux logo on the Super key a plus when buying a TUXEDO InfinityBook Pro 13. Of course, if you don't need all this power, you can always buy any other laptop out there and install your favorite Linux OS on it, but it's not guaranteed that everything will work out of the box like on TUXEDO InfinityBook Pro 13. Read more

today's leftovers

  • Sonic Mania ‘Plays Perfectly’ on Linux via WINE
    The Windows version of Sonic Mania is playable on Linux using WINE — and that’s not just me saying that, that’s a bunch of Linux gamers over on Reddit (where else?).
  • Icculus has ported The End is Nigh to on-demand service 'Jump', Linux may come soon plus some thoughts
    Ever heard of the on-demand subscription gaming service Jump? It's an on-demand game streaming service and Icculus just ported The End is Nigh to it. Recently, I wrote about how The End is Nigh might be coming to Linux. Sadly, that's not actually the case just yet. Announcing it on his Patreon, Icculus noted about his work to port it to the on-demand service Jump. They actually reached out to him to do it, as it turns out.
  • liveslak 1.1.9 and new ISO images
    The ‘liveslak‘ scripts used to create the ISO images for Slackware Live Edition have been stamped with a new version, 1.1.9. The updates are significant enough to warrant an ‘official’ update and new ISO images. The latest set of Slackware Live Edition ISOs are based on liveslak 1.1.9 and Slackware-current dated “Tue Sep 19 20:49:07 UTC 2017“. Just in time (I was already creating ISOS based on -current “Mon Sep 18 19:15:03 UTC 2017“) I noticed that Patrick downgraded the freetype package in Slackware, and I re-generated all of the ISO images to incorporate the latest freetype package – because that one is working and the previous one had serious issues. If you already use a Slackware Live USB stick that you do not want to re-format, you should use the “-r” parameter to the “iso2usb.sh” script. The “-r” or refresh parameter allows you to refresh the liveslak files on your USB stick without touching your custom content.
  • The best of Tizen deals from Samsung’s ‘Smart Utsav’ festive offers in India
  • Chrome 62 Beta: Network Quality Estimator API, OpenType variable fonts, and media capture from DOM elements
    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, Mac, and Windows.
  • Chrome 62 Beta Released With OpenType Font Variations, DOM Media Capture
    Google has rolled out their public beta of the upcoming Chrome/Chromium 62 web-browser update.
  • Turning Off Wi-Fi and Bluetooth in iOS 11's Control Center Doesn’t Actually Turn Off Wi-Fi or Bluetooth [Ed: Proprietary software means you cannot trust it and anything you think it does it likely won't]
    Turning off Bluetooth and Wi-Fi when you're not using them on your smartphone has long been standard, common sense, advice. Unfortunately, with the iPhone's new operating system iOS 11, turning them off is not as easy as it used to be. Now, when you toggle Bluetooth and Wi-Fi off from the iPhone's Control Center—the somewhat confusing menu that appears when you swipe up from the bottom of the phone—it actually doesn't completely turn them off. While that might sound like a bug, that's actually what Apple intended in the new operating system. But security researchers warn that users might not realize this and, as a consequence, could leave Bluetooth and Wi-Fi on without noticing.
  • HP Brings Back Obnoxious DRM That Cripples Competing Printer Cartridges
    Around a year ago, HP was roundly and justly ridiculed for launching a DRM time bomb -- or a software update designed specifically to disable competing printer cartridges starting on a set date. As a result, HP Printer owners using third-party cartridges woke up one day to warnings about a "cartridge problem," or errors stating, "one or more cartridges are missing or damaged," or that the user was using an "older generation cartridge." The EFF was quick to lambast the practice in a letter to HP, noting that HP abused its security update mechanism to trick its customers and actively erode product functionality. HP only made matters worse for itself by claiming at the time that it was only looking out for the safety and security of its customers, while patting itself on the back for being pro-active about addressing a problem it caused -- only after a massive consumer backlash occurred.
  • EFF quits W3C over decision to accept EME as Web standard
     

    The Electronic Frontier Foundation has resigned from the World Wide Web Consortium after the latter announced it was accepting the published Encrypted Media Extensions as a Web standard.