Other security experts questioned the FTI team's forensic chops, wondering on Twitter and in blog posts why it was unable to decrypt the software that would have delivered the malware payload along with the video file. Alex Stamos of Stanford University tweeted: "The funny thing is that it looks like FTI potentially has the murder weapon sitting right there, they just haven't figured out how to test it. " FTI's Ferrante did not response to emails and text messages seeking comment. The company said in a statement that all FTI's work for clients is confidential and that FTI does not "comment on, confirm or deny client engagements. " Facebook said the outfit did not reach out to WhatsApp to request assistance with its probe. COULD HACKERS HAVE ERASED ALL EVIDENCE OF INTRUSION? Absolutely, said Strafach. Elite hackers plant malware that erases itself after surreptitiously sending sensitive data to command servers. "It scoops up everything they want and removes itself so there's no trace, no evidence, " he said.
The privacy mechanism implemented by Apple's Safari browser to prevent user tracking across websites is not efficient at protecting users' privacy, Google security researchers have discovered. Called Intelligent Tracking Prevention (ITP), the system is meant to prevent websites commonly loaded in a third-party context from receiving identifiable information about the user. It works by creating a list of prevalent domains and applying privacy restrictions to cross-site requests for these domains. In a recently published report ( PDF), Google security researchers Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis explain that multiple security and privacy issues affecting ITP make the protection mechanism ineffective. Safari's protection works by increasing an internal counter for the domain from which the resource is loaded. Once the counter reaches a specific value, the site is added to the list of prevalent domains. Moving forth, when cross-site requests are made to prevalent domains, user-identifiable information is removed so that the user can't be tracked.
A targeted phishing campaign against government entities in Persian Gulf and Middle East countries was detected earlier this month. The campaign was using the heightened tension in the region following the killing of Iranian general Qasem Suleimani at a Baghdad airport, and used emails purporting to come from the Ministry of Foreign Affairs of the Kingdom of Bahrain, Saudi Arabia, and the United Arab Emirates. The campaign was detected and reported by researchers at Blue Hexagon, a firm that uses artificial intelligence (AI) techniques developed to detect malware hidden in images to detect malware hiding in traffic. The campaign was delivered via a legitimate email marketing provider. The malware payloads were stored on Google Drive, and command and control communication was delivered from Twitter. The use of legitimate public services in malware attacks is a growing trend among attackers. It helps the attack fly under the radar of standard detection, helps to disguise the attackers (there is no domain C&C infrastructure that could overlap with other known attacks), and is easily dismantled and reassembled elsewhere in the event of discovery.
Citrix has released a new set of patches for the recently disclosed CVE-2019-19781 vulnerability and partnered with FireEye for a tool that tells users if their systems have been compromised via the security flaw. The vulnerability, disclosed in December 2019, impacts Citrix Application Delivery Controller (ADC) and Gateway (previously known as NetScaler ADC and NetScaler Gateway), and two older versions of SD-WAN WANOP. Following the public release of PoC exploits earlier this month, attackers started targeting vulnerable deployments — there are tens of thousands of vulnerable systems out there. Initially, Citrix only published a set of mitigation steps for customers to stay protected. On January 19, however, the company released the first set of patches for the flaw, addressing it in ADC and Gateway versions 11. 1 and 12. 0. Now, a second wave of permanent fixes is rolling out to affected customers, for ADC and Gateway versions 12. 1 and 13. 0. The updated versions are 12. 1. 55. 18 and 13.
ARE THE FORENSIC FINDINGS CONCLUSIVE? Not at all. Outside security researchers highlighted several issues with the forensics report by FTI Consulting, run by former Obama administration National Security Council cybersecurity official Anthony Ferrante. For instance, the FTI report, dated November and obtained Wednesday by the Vice News site Motherboard, said researchers didn't find any malware on the phone, nor any evidence that Bezos' phone had surreptitiously communicated with known spyware command servers. Further, an examination of the crucial root file system — where top-flight hackers often hide their malware — was still pending when the report was written. IPhone security expert Will Strafach, CEO of Guardian Firewall, said that if the FTI investigators didn't look at the root file system, they didn't do a thorough forensic exam. "I think the U. intentions are good but the details really matter here and the public reporting falls short of any real firm smoking gun, " said Strafach.
Time warner classics, 2024 | Sitemap