Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries.
Since March, as part of its “Vault 7” series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence
As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA).
Named Grasshopper, the latest batch reveals a CLI-based framework developed by the CIA to build “customised malware” payloads for breaking into Microsoft’s Windows operating systems and bypassing
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
Dubbed “Marble,” the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer
The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.
As part of its “Vault 7” series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices.
Dubbed “Dark Matter,” the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA
Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models.
The company identified this highest level of vulnerability in its product while analyzing “Vault 7” — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA).
The vulnerability
It’s been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so
Year Zero, the first delivery from WikiLeaks of the “biggest document leak” the Central Intelligence Agency has ever seen, is made up of over 8,000 files. The revelations they contain are causing quite a stir. If nothing else, they’ve shown that the CIA has at its disposal an enormous cyberespionage arsenal.
The documents detail how cyberweapons were prepared to make use of “zero day” attacks (which target vulnerabilities that haven’t been made public yet, and can therefore be easily exploited). These cyberweapons would be used to compromise the security of devices using iOS, Android, Windows, and macOS operating systems.
Something of considerable note from these leaks is that the CIA would not have to break the encryption protecting apps such as WhatsApp, Signal, or Telegram. By gaining access to the smartphone’s OS using malicious software, they are able to access all the information stored on it.
According to the documents, which have been deemed authentic by several security experts, the CIA even made use of security holes in other smart devices. The US agency worked with their British counterparts to develop a cyberespionage tool called Weeping Angel to use smart TVs as hidden microphones. So, how did the affected companies react? And what can the rest of us learn from this leak?
Apple reacted to the leak with a lengthy statement, pointing out that the security holes that the CIA used had already been patched in the latest version of iOS. The company also ensured that is would continue working to resolve any vulnerability and encouraged users to download the latest version of its OS.
Google claimed that Android and Chrome’s updates had already solved the problems, while Microsoft and Samsung have said they are investigating the issue. Although WikiLeaks hasn’t released technical aspects of the malware in question, they have announced their intention to share them with manufacturers.
For their part, the CIA is keeping pretty quiet about the whole thing. They’ve limited themselves to a “no comment” about the leaked documents and have stated that the revelations put US citizens in danger. It’s the first major challenge for CIA director Mike Pompeo, recently appointed by President Trump.
Keeping in mind that US intelligence is able to detect vulnerabilities even in the tech giants themselves and even develop cyberweapons to take advantage of them, what can a company learn from these leaks?
One of the first lessons to learn is that the security on our devices leaves much to be desired. Another, to avoid exposing our companies to zero day attacks, a perimeter-based security solution isn’t going to cut it. The only way to combat zero-day attacks: update, update, update, and spring for an advanced cybersecurity solution.
Panda Security’s Adaptive Defense 360, to name but one example, is not too shabby when it comes to top of the line security. It allows continuous monitoring through surveillance and logs of all activity at every workstation and detects advanced threats in real time. It stops untrusted software the moment it attempts to run, responds in a matter of seconds, and recovers instantaneously. It’s nice to know that your as-yet-unknown security holes (and there is always one or two lurking beneath the radar, even at companies like Google and Apple) won’t be much use to potential intruders.
The post In the Wake of the CIA WikiLeaks Case, Some Tips on Corporate Cybersecurity appeared first on Panda Security Mediacenter.
This week WikiLeaks published “Vault 7” — a roughly 8,761 documents and files claiming to detail surveillance tools and tactics of the Central Intelligence Agency (CIA).
The leak outlined a broad range of flaws in smartphones and other devices that the agency uses to intercept communications and spy on its targets, making even China and Germany worried about the CIA’s ability to hack all
A few days ago WikiLeaks released information clarifying CIA have developed a whole lot of hacking tools that allow them to spy on everyone somehow connected to the internet.
Unfortunately,it’s not news NSA, and CIA are spying on you, this has been a well-known fact for years. According to NSA and CIA, the primary goal of the global internet monitoring is the fight against terrorism. There is no precise statistics of how many terrorist attacks have been prevented thanks to the patriot act and the hard-working guys at NSA and CIA. However, we are sure they’ve been doing a good job so far – with small exceptions there haven’t been any major incidents here on US soil since 9/11.
Even though no one is euphoric CIA and NSA seem to have access to virtually everything digital in the world, regular folks have accepted it.
The problem is that according to Julian Assange, the tools CIA and NSA have developed could also be classified as cyber weapons. Briefly, it’s the equivalent of the discovery of the atomic bomb. If these cyber arms end up in the wrong hands, things can go horribly wrong. Imagine if a 16-year-old stoner from FYROM manages to access your router, and record everything connected to it. Imagine if they can do the same thing to a top government official.
Or if a piece of hardware used in airplanes has a backdoor allowing unauthorized access to the equipment located at captain’s cockpit. This is scary, isn’t it? We live in a digital era where adults in the US spend an average of 5 hours a day staring at their cell phones. We monitor our children with baby monitors, and we pay bills and shop online on a daily basis. There is barely any cash seen in the modern world; all our finances are in digital bank accounts. We no longer work for hard cash, we work for ‘doubloons’ in our bank account. Our life is starting to feel as we are in a video game, and as in many video games, villains want to take advantage of the regular people. Everything we do and that matters to us is somehow visible as a digital print.
The scary part is that CIA and NSA obviously are having issues keeping all this information secure and it is possible those cyber weapons will end up in the wrong hands. How would you feel if you know Iran, Russia or China have this power too? It would be a chilling fact to realize that a foreign government knows more about you than your own.
It will surely give you the chills to understand that a country with completely different beliefs and culture has access to your personal and professional life. Such hacking scandals also cause a stir around the globe as other nations say the USA needs to stop spying on them.
And if we try to somehow forget about governments fighting each other in cyber wars, such weapons could end up in the hands of groups of hackers who are after the regular people. The good news is that cyber criminals do not have nationality or beliefs; most of the times they are not after you; they are after your money. And using the weapons developed by CIA and described at WikiLeaks, gaining access to your bank account seems like a child’s play if you are not protected.
Julian Assange says the information released a few days ago is only 1% of what it is to come. According to WikiLeaks, the Vault 7 series will be the largest intelligence publication in history. We can surely expect extraordinary findings over the course of the next few months!
The post NSA and CIA were spying on you! So what? appeared first on Panda Security Mediacenter.