FutureWatch: Mind-Reading Called Brain-Hacking - Food for Thought

The world is in the middle of a new technology arms race, according to best-selling historian Yuval Noah Harari, who warns that the prize being fought over this time is not physical territory, but our brains. 

Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".

"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.

"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more   Previous mind-reading posts.

Security Tip #792: Be Gone Phishing

via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."

"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more

Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.

Information Security and Cryptography Seminar

Information Security and Cryptography —
Fundamentals and Applications
June 8-10, 2020 in Zurich, Switzerland
Lecturers: Prof. David Basin and Prof. Ueli Maurer

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience.

A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2020.html. Early registration is until February 28th.

The seminar takes place in Zurich Switzerland. The lectures and all course material are in English. more

Hacker Physically Plants Keylogger Devices on Company Systems

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time.

It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing.

In February 2017, 45-year old Ankur Agarwal of Montville, New Jersey, trespassed the premises of one of the two tech companies and installed keylogging devices on its computers to capture employee usernames and passwords. He also added his laptop and a hard drive to the company's computer network. more

A Technical Information Security Survey could have prevented this in the first place. ~Kevin

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

Google Accused of Spying with New Tool

Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation. 

The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.  

Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more

Free Ransomware Decryption Tool

Emsisoft Decryptor for STOP Djvu

The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.

Please note: There are limitations on what files can be decrypted. more

Of course, put all the safeguards in place first so you won't need this tool. ~Kevin

Legit-Looking iPhone Cable That Hacks

Soon it may be easier to get your hands on a cable that looks just like a legitimate Apple lightning cable, but which actually lets you remotely take over a computer. The security researcher behind the recently developed tool announced over the weekend that the cable has been successfully made in a factory...
 

MG is the creator of the O.MG Cable. It charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance. more - background

'Complete Control' Hack Allows Audio / Video Spying and More

All Windows users should update immediately as ‘Complete Control’ hack is confirmed.

In case you were underestimating the tool, it can allow a hacker to remoting shutdown or reboot the system, remotely browse files, access and control the Task Manager, Registry Editor, and even the mouse.

Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video.

Since the attacker has full access to the computer, they can also recover passwords and obtain login credentials using a keylogger as well as lock the computer with custom encryption that can act like ransomware. more

Security Director Alert: Check for Unsecured Wi-Fi Printers

A group of hackers linked to Russian spy agencies are using "internet of things" devices like printers and internet-connected phones to break into corporate networks, Microsoft announced on Monday. more

We see this vulnerability at approximately a third of the corporations where we conduct inspections. It is a very common issue. Very dangerous. 

Q. "So, why does this happen so often?"

A. When initially outfitting the office the IT Department usually does a good job of turning on encryption for Wi-Fi Access Points, and the things connecting to them. 

Later, someone decides they need their own printer. It arrives. It is plugged in. Nobody thinks about turning on the encryption.

Often, the Wi-Fi feature of the printer is not even used, but it's on by default. The company network is now subject to compromise.

The only way to know if you have this issue is to look for it. Have your IT Department check periodically, or have us do it, but do it. ~Kevin

Security Director Tips: You Don't Have to be an IT Dude to Protect Your Company Online

The Top 6 things you can do to better than the IT department. (Go ahead. Take back some turf.)

1. Establish a cyber incident response plan.
2. Regularly rehearse the response plan using a range of different scenarios.
3. Monitor and manage the risk posed from the supply chain.
4. Ensure the company understands the terms of their insurance and what is covered.
5. Understand what 'normal' looks like for the business, in terms of application usage, so the company can identify any unfamiliar patterns.
6. Investing in regular training and raising their people's awareness of cyber security. more

Apple Temporarily Disables Walkie Talkie on Apple Watch Over Eavesdropping Concerns

Less than 24 hours after Apple issued a background update to remove a vulnerability in Zoom’s Mac app that installed a surreptitious web server that could activate the video camera without the user’s permission, Apple has disabled another app for a possible security breach. And this time it’s one of its own: Walkie Talkie.

Walkie Talkie was introduced with watchOS 5 as a quicker way to communicate between Apple Watches. Apple promotes it as “a new, easy way to have a one-on-one conversation with anyone who has a compatible Apple Watch.” However, it might not be as private as you think. Apple announced late Wednesday that it was temporarily disabling the Walkie Talkie on the Apple Watch due to eavesdropping concerns. more

FREE - Security Message Screen Savers

Security Message Screen Savers

• Reminders work.
• Put your idle computer screens to work.
• Three backgrounds to choose from, or commission custom screens.
  

Kieffer Ramirez Shares His Favorite Niche Investigations Resources (most are free)

SpyDialer

Cost: Free
Search people via their phone number, name, address, and/or e-mail address by using SpyDialer which contains billions of phone numbers obtained using social media and user-contributed address books.

Concerned about your information showing up on SpyDialer?!?! Check and see. If you appear there, you have the option of deleting your information... anonymously.

The 17 other resources appear here.

Security Message Screen Savers for Business Computers and Laptops (FREE)

Three stock Security Message Screen Savers to choose from. Five rotating screens with the top five information security best practices employees can implement themselves.

• Reminders work.
• Put your idle computer screens to work as your security helpers.
• Three backgrounds to choose from, or commission custom screens.

Click link to see these information security screensavers in action.

FREE to use as-is with "Logo goes here" removed, or can be customized with your business logo.
Need to customize? Contact us for details and cost.

If You're a Slack'er, Patch the Hacker

A security researcher has uncovered a flaw in Slack that could've been exploited to steal files over the business messaging app and potentially spread malware.

The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination—whether it be on your PC or to an online storage server...

"Using this attack vector, an insider could exploit this vulnerability for corporate espionage, manipulation, or to gain access to documents outside of their purview," David Wells, a researcher at the security firm Tenable said...

Slack has patched the flaw in version 3.4.0 of the Windows desktop app. more

From Those Wonderful Folks Who Brought You APT - Manditory Free Pen-Testing

New provisions made to China's Cybersecurity Law gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems...

These new provisions, named "Regulations on Internet Security Supervision and Inspection by Public Security Organs" give the MSP the following new powers:

• Conduct in-person or remote inspections of the network security defenses taken by companies operating in China.
• Check for "prohibited content" banned inside China's border.
• Log security response plans during on-site inspections.
• Copy any user information found on inspected systems during on-site or remote inspections.
• Perform penetration tests to check for vulnerabilities.
• Perform remote inspections without informing companies.
• Share any collected data with other state agencies.
• The right to have two members of the People's Armed Police (PAP) present during on-site inspection to enforce procedures. more

How to Tell if Someone Snoops on Your Computer

Think about all of the personal information stored on your computer -- it's essentially an extension of your whole identity in digital form. You may have all your photos, videos, resumes, contacts, documents and other sensitive information saved on your PC or Mac.

Can you imagine someone snooping around and getting their hands on all that?

But how can you tell if someone was accessing your files and applications without your knowledge? Is someone using your computer behind your back? Thankfully, there are various ways to find out.

Read on and learn these tricks you can use to see if someone is snooping on your PC or Mac... more

Mar-a-Lago Intruder Caught with USB Stick Loaded with Malware

A Chinese woman carrying a thumb drive loaded with malware was detained at Mar-a-Lago Saturday after trying to gain access to events advertised on Chinese-language social media by Li “Cindy” Yang, the South Florida massage parlor entrepreneur who also ran a business selling access to President Donald Trump and his family.

The woman, Yujing Zhang, has been charged with two federal crimes: making false statements to a federal officer and entering restricted property.

She was carrying four cellphones, one laptop, one external hard drive and a thumb drive, according to court records. In a charging document, a Secret Service agent said a preliminary forensic examination of the thumb drive showed it contained “malicious malware.” The court filing did not provide further details about the nature of the malware. more

See our report on dangerous USB sticks, and what to do about them.
Worried about a person like this entering your premises? Call us.

Information Security and Cryptography Seminar - June 17-19, 2019

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

Lecturers:
Prof. David Basin and Prof. Ueli Maurer
Advanced Technology Group GmbH
Grundgasse 13
9500 Wil
Switzerland
F: +41 (0)44 632 1172

Seminar Location: 
Marriott Courtyard Zurich North
Max-Bill-Platz 19
CH-8050 Zurich
Switzerland
more