Tag Archives: cia

WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA).

Named Grasshopper, the latest batch reveals a CLI-based framework developed by the CIA to build “customised malware” payloads for breaking into Microsoft’s Windows operating systems and bypassing

Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models.

The company identified this highest level of vulnerability in its product while analyzing “Vault 7” — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA).

The vulnerability

In the Wake of the CIA WikiLeaks Case, Some Tips on Corporate Cybersecurity

Year Zero, the first delivery from WikiLeaks of the “biggest document leak” the Central Intelligence Agency has ever seen, is made up of over 8,000 files. The revelations they contain are causing quite a stir. If nothing else, they’ve shown that the CIA has at its disposal an enormous cyberespionage arsenal.

The documents detail how cyberweapons were prepared to make use of “zero day” attacks (which target vulnerabilities that haven’t been made public yet, and can therefore be easily exploited). These cyberweapons would be used to compromise the security of devices using iOS, Android, Windows, and macOS operating systems.

Something of considerable note from these leaks is that the CIA would not have to break the encryption protecting apps such as WhatsApp, Signal, or Telegram. By gaining access to the smartphone’s OS using malicious software, they are able to access all the information stored on it.

According to the documents, which have been deemed authentic by several security experts, the CIA even made use of security holes in other smart devices. The US agency worked with their British counterparts to develop a cyberespionage tool called Weeping Angel to use smart TVs as hidden microphones. So, how did the affected companies react? And what can the rest of us learn from this leak?

Google and Apple’s Reaction

Apple reacted to the leak with a lengthy statement, pointing out that the security holes that the CIA used had already been patched in the latest version of iOS. The company also ensured that is would continue working to resolve any vulnerability and encouraged users to download the latest version of its OS.

Google claimed that Android and Chrome’s updates had already solved the problems, while Microsoft and Samsung have said they are investigating the issue. Although WikiLeaks hasn’t released technical aspects of the malware in question, they have announced their intention to share them with manufacturers.

For their part, the CIA is keeping pretty quiet about the whole thing. They’ve limited themselves to a “no comment” about the leaked documents and have stated that the revelations put US citizens in danger. It’s the first major challenge for CIA director Mike Pompeo, recently appointed by President Trump.

Keeping in mind that US intelligence is able to detect vulnerabilities even in the tech giants themselves and even develop cyberweapons to take advantage of them, what can a company learn from these leaks?

One of the first lessons to learn is that the security on our devices leaves much to be desired. Another, to avoid exposing our companies to zero day attacks, a perimeter-based security solution isn’t going to cut it. The only way to combat zero-day attacks: update, update, update, and spring for an advanced cybersecurity solution.

Panda Security’s Adaptive Defense 360, to name but one example, is not too shabby when it comes to top of the line security. It allows continuous monitoring through surveillance and logs of all activity at every workstation and detects advanced threats in real time. It stops untrusted software the moment it attempts to run, responds in a matter of seconds, and recovers instantaneously. It’s nice to know that your as-yet-unknown security holes (and there is always one or two lurking beneath the radar, even at companies like Google and Apple) won’t be much use to potential intruders.

The post In the Wake of the CIA WikiLeaks Case, Some Tips on Corporate Cybersecurity appeared first on Panda Security Mediacenter.

7 Things That Happened After WikiLeaks Dumped The CIA Hacking Files

This week WikiLeaks published “Vault 7” — a roughly 8,761 documents and files claiming to detail surveillance tools and tactics of the Central Intelligence Agency (CIA).

The leak outlined a broad range of flaws in smartphones and other devices that the agency uses to intercept communications and spy on its targets, making even China and Germany worried about the CIA’s ability to hack all

10 Things You Need To Know About 'Wikileaks CIA Leak'

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency’s ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems.

It dubbed the first release as Vault 7.

Vault 7 is just the first part of leak series “Year Zero” that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert

WikiLeaks Exposed CIA's Hacking Tools And Capabilities Details

WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA).

WikiLeaks announced series Year Zero, under which the whistleblower organization will reveal details of the CIA’s global covert hacking program.

As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7, which

US Intelligence Chief Hacked by the Teen Who Hacked CIA Director

Nation’s Top Spy Chief Got Hacked!

The same teenage hacker who broke into the AOL email inbox of CIA Director John Brennan last October has now claimed to have broken into personal email and phone accounts of the US Director of National Intelligence James Clapper.

<!– adsense –>

Clapper was targeted by the teenage hacker, who called himself Cracka and claimed to be a member of the