First Amendment Rights and Twitter, Encryption Backdoors

In episode 123 for June 1st 2020: The controversy continues over fact checking and First Amendment rights on Twitter, and why government mandated encryption backdoors are bad for everyone’s security. ** Show notes and links mentioned on the show … Continue reading First Amendment Rights and Twitter, Encryption Backdoors

How GitHub untangled itself from the ‘Octopus’ malware that infected 26 software projects

For GitHub, not all reports about malicious software on its platform are of equal importance. The company behind the popular software repository, where developers often share code rather than building it from scratch, revealed this week that attackers were trying to exploit the open-source nature of the site to distribute malware. A hacking tool was designed to spread through software projects, then leave a “backdoor” that could offer hackers persistent access to the software. By infiltrating open-source software, hackers could have given themselves a foothold in code that was later included in corporate apps or websites. Open-source websites continue to represent valuable targets for hackers hoping that technology companies will adopt compromised tools to build their own software. (GitHub claims the site has tens of millions of users.) In this case, the malicious code — which spread to 26 different GitHub projects — is an example of the potentially insidious nature of open-source supply chain compromises. Dubbed Octopus Scanner, […]

The post How GitHub untangled itself from the ‘Octopus’ malware that infected 26 software projects appeared first on CyberScoop.

Continue reading How GitHub untangled itself from the ‘Octopus’ malware that infected 26 software projects

‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find

A notorious group of suspected Russian hackers have used a revamped tool to spy on governments in Eastern Europe and quietly steal sensitive documents from their networks, researchers said Tuesday. The discovery shines greater light on the operations of Turla, an elite cyber-espionage group that’s been around well over a decade and is widely believed to be working on behalf of Russia’s FSB intelligence agency. It’s the latest example of Turla’s ability to write code designed to lurk on victim computers for years and extract state secrets. Turla is “still actively developing complex and custom pieces of malware in order to achieve long-term persistence in their target’s network,” said Matthieu Faou, a malware researcher at anti-virus firm ESET, who analyzed the code. The attacks started roughly two years ago, and hit two foreign affairs ministries in Eastern Europe and a national parliament in the Caucasus region bordering Russia, according to […]

The post ‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find appeared first on CyberScoop.

Continue reading ‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find

FBI finally unlock shooter’s iPhones, Apple berated for not helping

The FBI’s Apple problem. Continue reading FBI finally unlock shooter’s iPhones, Apple berated for not helping

Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say

Nearly five years ago, researchers unmasked a Chinese hacking group, pinpointing the unit of the People’s Liberation Army that was allegedly sponsoring it. The so-called Naikon group was key to China’s spying efforts in the South China Sea, targeting government agencies from the Philippines to Vietnam, said the report from companies ThreatConnect and Defense Group Inc. Since then, there has been relatively little public documentation of Naikon as other China-linked groups — including one targeted by a U.S. Department of Justice indictment — have taken the limelight. But on Thursday, analysts with Israeli cybersecurity company Check Point said that Naikon has been far from idle in recent months, trying to hack familiar government targets in Australia, Indonesia, the Philippines, Vietnam, and other Southeast Asian countries. The espionage campaign, which has also hit state-owned companies in the region, accelerated in the last half of 2019 and into the first quarter of 2020. Naikon […]

The post Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say appeared first on CyberScoop.

Continue reading Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say

Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according t… Continue reading Another Story of Bad 1970s Encryption

Another Story of Bad 1970s Encryption

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt… Continue reading Another Story of Bad 1970s Encryption

President Signs Two Broadband Bills

On March 24, President Trump signed two bills designed to enhance the availability and security of 5G and other broadband services. The first bill, the “Broadband Deployment Accuracy and Technological Availability Act” or the “Broadband DATA Act” requ… Continue reading President Signs Two Broadband Bills

Signal: We’ll be eaten alive by EARN IT Act’s anti-encryption wolves

The Big Bad Wolves haven’t blown the house down but did come up with a way to “hold the three little pigs responsible for being delicious,” Signal said. Continue reading Signal: We’ll be eaten alive by EARN IT Act’s anti-encryption wolves

Security and Privacy Implications of Zoom

Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for … Continue reading Security and Privacy Implications of Zoom