The CIA’s alleged ability to trojan an Apple OS disk image has been exposed in ‘Imperial,’ the latest release from WikiLeaks Vault 7 series. This new batch is made of three hacking exploits, ‘Achilles,’ ‘SeaPea’ and ‘Aeris.’
‘Achilles’ is detailed by WikiLeaks in a statement as producing one or more operators to access an OS X disk image, and execute operations one time. The OS X disk image contains the contents and structure of the device’s storage. Intel Core 2 Processor and OS X are required on the target's computer for ‘Achilles’ to operate. ‘Imperial’ is part of a series by the whistleblowers named ‘Vault 7’ which began in March and has seen releases from WikiLeaks on an almost weekly basis.
Read moreA mysterious piece of malware has been infecting hundreds of Mac computers for years—and no one noticed until a few months ago.
Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes.
Read moreAs part of its ongoing Vault 7 leaks, the whistleblower organisation WikiLeaks today revealed about a CIA contractor responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals.
According to the documents leaked by WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency contractor, submitted nearly five such reports to CIA as part of UMBRAGE Component Library (UCL) project between November 2014 and September 2015. These reports contain brief analysis about proof-of-concept ideas and malware attack vectors.
Read moreIf you haven’t deleted your decade-plus old Myspace account yet, now may be the time to do it. As it turns out, it’s been embarrassingly easy for someone to break into and steal any account on the site.
Security researcher Leigh-Anne Galloway posted details of the flaw on her blog this morning after months of trying to get Myspace to fix it — and hearing nothing back from the company. Only today, after the issue became widely publicized, did Myspace finally remove the flaw. The flaw came from Myspace’s now-defunct account recovery page, which was meant to let people regain access to an account they’ve lost the password to.
Read moreThe FBI warned parents of privacy and safety risks from children's toys connected to the internet. In an advisory posted on its website, the Federal Bureau of Investigation said that such toys may contain parts or capabilities such as microphones, cameras, GPS, data storage and speech recognition that may disclose personal information.
Normal conversation with a toy or in the surrounding environment may disclose a child's name, school, likes and dislikes and activities, the FBI said. "I think this is the first time the FBI has issued such warning," Tod Beardsley, director of research at cyber security firm Rapid7, said in a telephone interview.
Read moreWikileaks published another set of documents Thursday. The latest release of files purportedly from the U.S. Central Intelligence Agency (CIA) details a piece of malicious software for Android devices.
The malware, referred to as Highrise, can redirect or intercept text messages sent to a target’s phone, allowing a CIA agent to access it before it lands in the inbox of the person it was intended for. HighRise acts as a proxy server for text messages, bouncing the messages to internet “listening posts” that allow an agent to intercept them. While the malicious software provides the CIA with a powerful snooping tool, there is a major limitation to Highrise.
Read moreTelecommunications giants don’t seem to have any interest in shaking their legacy of complicity with government requests for user data.
The EFF’s latest Who Has Your Back report singles out AT&T, Verizon, T-Mobile and Comcast as its lowest performers, saying that the providers’ policies prioritize government requests for user data over privacy. The report evaluated 26 technology and telecommunications providers in five areas, including three new categories this year: public-facing policies that stand up to National Security Letter gag orders, promises not to exchange data with the government that extend outside its law enforcement guidelines.
Read moreWikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.
Read moreWikiLeaks has just published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems.
Dubbed OutlawCountry, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data. The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user.
Read moreHere’s a surprise announcement from Google: It will stop scanning the inboxes of Gmail’s free users for ad personalization at some point later this year. Google already doesn’t do this for business users who subscribe to its G Suite services, but until now, it routinely scanned the inboxes of its free users to better target ads for them.
It then combined that information with everything else it knows about its users to build its advertising profiles for them. Diane Greene, Google’s senior VP for Google Cloud, says the company made this decision because it “brings Gmail ads in line with how we personalize ads for other Google products.”
Read moreAxarhöfði 14,
110 Reykjavik, Iceland