THE NATIONAL SECURITY Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.
You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended.
“If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”
“There’s really no downside.”
FORMER NSA HACKER DAVE AITEL
Similar reverse-engineering products exist on the market, including a popular disassembler and debugger called IDA. But Joyce emphasized that the NSA has been developing Ghidra for years, with its own real-world priorities and needs in mind, which makes it a powerful and particularly usable tool. Products like IDA also cost money, whereas making Ghidra open source marks the first time that a tool of its caliber will be available for free—a major contribution in training the next generation of cybersecurity defenders. (Like other open source code, though, expect it to have some bugs.) Joyce also noted that the NSA views the release of Ghidra as a sort of recruiting strategy, making it easier for new hires to enter the NSA at a higher level or for cleared contractors to lend their expertise without needing to first come up to speed on the tool.
The NSA announced Joyce’s RSA talk, and Ghidra’s imminent release, in early January. But knowledge of the tool was already public thanks to WikiLeaks’ March 2017 “Vault 7” disclosure, which discussed a number of hacking tools used by the CIA and repeatedly referenced Ghidra as a reverse-engineering tool created by the NSA. The actual code hadn’t seen the light of day, though, until Tuesday—all 1.2 million lines of it. Ghidra runs on Windows, MacOS, and Linux and has all the components security researchers would expect. But Joyce emphasized the tool’s customizability. It is also designed to facilitate collaborative work among multiple people on the same reversing project—a concept that isn’t as much of a priority in other platforms.
Ghidra also has user-interface touches and features meant to make reversing as easy as possible, given how tedious and generally challenging it can be. Joyce’s personal favorite? An undo/redo mechanism that allows users to try out theories about how the code they are analyzing may work, with an easy way to go back a few steps if the idea doesn’t pan out.
The NSA has made other code open source over the years, like its Security-Enhanced Linux and Security-Enhanced Android initiatives. But Ghidra seems to speak more directly to the discourse and tension at the heart of cybersecurity right now. By being free and readily available, it will likely proliferate and could inform both defense and offense in unforeseen ways. If it seems like releasing the tool could give malicious hackers an advantage in figuring out how to evade the NSA, though Dave Aitel, a former NSA researcher who is now chief security technology officer at the secure infrastructure firm Cyxtera, said that that isn’t a concern.
“Malware authors already know how to make it annoying to reverse their code,” Aitel said. “There’s really no downside” to releasing Ghidra.
No matter what comes next for the NSA’s powerful reversing tool, Joyce emphasized on Tuesday that it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. “There’s no backdoor in Ghidra,” he said. “Come on, no backdoor. On the record. Scout’s honor.”
Google spinoff Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
RSA CONFERENCE 2019 – San Francisco – Chronicle, the division that spun out of Alphabet’s X, rocked the cybersecurity industry today with a new security data platform that ultimately could whittle down the number of security tools organizations run today to monitor and manage incidents.
The new Backstory cloud-based service works with Chronicle’s VirusTotal malware intelligence platform, and lets organizations view previous security data over time and more quickly spot and pinpoint details on malicious activity. “It gives security teams insight into what’s happening in the enterprise right now, with the same level of visibility into what happened yesterday, a month ago, even a year ago,” for example, Stephen Gillett, Chronicle CEO and co-founder said today in a media event for the rollout.
What makes Backstory unique from other security offerings, not surprisingly, is its Google-esque approach to drilling down into activity on the network and devices and its ability to store, index, and search mass amounts of data. Most enterprises are constrained by the amount of data they can store and manage over a long period of time.
Backstory, however, could prompt some housecleaning for security teams and security operations centers that for years have been amassing multiple, and sometimes redundant security tools and threat intelligence feeds. The platform is Chronicle’s first commercially developed product.
Rick Caccia, chief marketing officer at Chronicle, told Dark Reading that among the tools that Backstory ultimately could replace or streamline are network monitoring, network traffic analysis, log monitoring, security information event management (SIEM) tools, and even threat intelligence feeds. Tool overload has become a chronic problem for organizations: the average company runs dozens of security tools and often doesn’t have the people power to properly employ or even stay on top of the tools and the data they generate.
Several companies already are using Backstory, including manufacturing firm Paccar, Quanta Services, and Oscar Health, and several security vendors today announced partnerships to integrate with Backstory — Carbon Black, Avast, CriticalSTART, and others.
Chuck Markarian, CISO at Paccar, which builds trucks, said his company expects Backstory to replace anywhere from three- to six of its existing security tools in the next year.
“In general, managing our costs is huge, [and] managing our spend in security, and figuring out how we can use less feeds,” he said during a customer panel during the media event. Managing multiple security tools is challenging, he said, so whittling down the number of tools is key.
“I can’t find the people to manage it and I keep going back to our board and saying ‘I need another tool, I need another tool,'” Markarian said. “I want to get that number [of tools] dramatically down.”
Backstory initially provides a tool for threat hunting and security investigations, said Jon Oltsik, senior principle analyst for Enterprise Security Group. “In its current iteration, I think Chronicle [Backstory] assumes a role for threat hunting and security investigations. Its pricing, data capacity, and query speed are built for this,” he said.
Oltsik also predicts Backstory will streamline and also eliminate the need for some point security tools.
“In the future, I could see Chronicle becoming an aggregation hub for other security analytics tools [such as endpoint detection & response, network traffic analysis, and threat intelligence, for example] and then subsuming some of these standalone technologies over time,” depending on Chronicle’s roadmap for the platform, he told Dark Reading.
Many large companies already have multiple security products for the same function, Chronicle’s Caccia said. “They have three network monitoring tools and multiple SIEMs,” for example, he said. Chronicle is pricing Backstory by customer, he said, hoping to target the pricing below its potential competitors. Some companies already spend a half-million dollars per year on tools, including subscribing to cloud-based capacity for storage and computing power for cloud services like that of Amazon, he said
Operation Aurora’ Roots
Backstory grew out of the Google’s firsthand experience in 2009 when the company was hacked by Chinese nation-state actors, during the so-called Operation Aurora. Former Google security engineers who used big data analytics to build internal security tools for the search engine giant in the wake of the attacks. That work influenced Chronicle’s development of Backstory, led by former Google engineers and Chronicle co-founders Gillett and Mike Wiaceck, CSO at Chronicle.
During a demonstration of Backstory at the media event today, Wiaceck said the more data you add to Backstory, the more detailed a picture and story it provides of a threat or attack. “Attackers can’t hide” in Backstory, he said.
Meanwhile, ICS/SCADA vendor Siemens, plans to offer Backstory as part of its managed security service for ICS customers, according to Leo Simonovich, global head of industrial cyber and digital security at Siemens, which partnered with Chronicle on Backstory.
“For us, it’s providing our customers the understanding of what’s happening in their enviornment,” Simonovich said in an interview. “We’re hoping one day it [Backstory] will become the backgone of [our] managed security service.”
Source: Dark Reading
Lukas Stefanko, an IT security researcher at ESET has discovered 9 Android apps on Google Play Store spamming users with unwanted ads. One of the apps called “Remote control for TV and home electronics” has been installed by more than 5 million users while in total all 9 apps have been installed by 8 million users around the world. This is the second time in one week that adware apps have been found on Google Play Store.
According to Stefanko, none of the apps actually work and their sole purpose is to bombard users with ads to generate revenue for app developers. It is noteworthy that these apps have been developed by Tools4TV, an Android developer that has been active since 2015.
9 fake apps containing #Adware functionality found on Google Play with over 8 Million installs.
Unwanted code is hidden in “not working” apps that once launched, hide itself from user’s view and display ads.
All these apps are fake without any promised functionality.
In his tweet dated
The unwanted code is hidden in “not working” apps that once launched, hide itself from user’s view and display ads. All these apps are fake without any promised functionality,
The current list of well known malicious apps on Google play store is as follow:
– Remote control
– TV remote controller
– TV remote controlling
– Remote for Air conditioner
– Remote for television for free
– Air conditioner remote control
– Universal TV remote controller
– Remote control for the car (prank)
– Remote control for TV and home electronics
This is the second time in a week that researchers have reported the presence of adware apps on the Play Store. Last week, the IT security researchers at Trend Micro revealed that there were 85 adware infected apps on the marketplace bombarding around 9 million Android users with full-screen unwanted ads.
All 85 apps (developed by two different Android developers “Alger games and Kodev”) were then removed by Google however it is unclear whether there is a connection between apps reported by Trend Micro and Lukas Stefanko.
At the time of publishing this article, Google has booted out Tools4TV along with their apps from the Play Store. To protect yourself from malware and adware apps avoid installing unnecessary apps from Google Play Store or from a third-party marketplace.
We suggest sticking to trusted developers and brands and only download an app after going through its review section. Moreover, installing a reliable antivirus would also be helpful in thwarting impending attacks. Here is a list of 10 powerful antiviruses for Android, iPhone, Mac, and PC
Source: Hack Read
A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system.
So it’s time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on January 14, 2020—that’s precisely one year from today.
After that date, the tech giant will no longer release free security updates, bug fixes and new functionalities for the operating system that’s still widely used by people, which could eventually leave a significant number of users more susceptible to malware attacks.
However, the end of free support doesn’t end Windows 7 support for big business and enterprise customers. As always, Microsoft does make exceptions for certain companies that are willing to pay a lot of money to continue their support.
According to a ‘Death of Windows 7’ report from content delivery firm Kollective, as many as 43% of enterprises are still running the nine-year-old operating system, of which 17% didn’t know when Microsoft’s end of support deadline hit.
Millions of Users Are Still Using Windows 7
Want to know how popular Windows 7 is among users? Even after aggressively pushing Windows 10 installations since its release in 2015, its market share finally managed to overtake the user-favorite Windows 7 just by the end of last year.
Windows 7 was released in 2009 and, according to December 2018 stats from Netmarketshare, is currently running on about 37 percent of the world’s PC fleet, which is far ahead of its radically redesigned successor Windows 8 and 8.1 combined.
Microsoft stopped the mainstream support for Windows 7 in January 2015, but Windows users have continued to receive security updates and patches for known security issues as part of the company’s extended support, which runs for at least five years.
In March 2017, Microsoft also started blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others.
“For Windows 7 to run on any modern silicon, device drivers and firmware need to emulate Windows 7’s expectations for interrupt processing, bus support, and power states- which is challenging for WiFi, graphics, security, and more,” the company said.
“The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.”
Besides ending support for Windows 7 next year, Microsoft will also end support for MS Office 2010, Windows Server 2008/2008 R2, SQL Server 2008/2008 R2, Exchange 2010 and Windows Embedded 7 in 2020.
As for Windows 8, the operating system’s extended support is set to end on January 10, 2023.
What Should Affected Windows 7 Users Do?
If you and/or your business are still running Windows 7, you still have one year left to shift to the latest operating system.
Government agencies and big enterprises can still pay for expensive extended support to continue receiving security updates and patches from the company if they need more than a year to migrate to the newer version.
However, regular users should upgrade their operating system immediately to Windows 10 or a Linux distribution, rather than running an unpatched and increasingly vulnerable version of Windows operating system.
Source: The Hacker News
Google is acting on its promise to kick deceptive websites to the curb.
The newly released Chrome 71 now blocks ads on “abusive” sites that consistently trick users with fake system warnings, non-functional “close” buttons and other bogus content that steers you to ads and landing pages. The sites themselves won’t lose access the moment Google marks them abusive, but they’ll have 30 days to clean up their acts.
The browser has more safeguards, too. Chrome will warn you when a site appears to be hiding the real costs and terms for a transaction. If a site is trying to rope you into a subscription without telling you that you’ll be charged, you might get an alert that could save you a lot of money. Google will try to get in touch with affected sites to have them modify their sites, but they’ll have to appeal the decision to have a chance at lifting the warning.
Chrome 71 is available now for Linux, Mac and Windows, and it’s rolling out to Android and iOS users over the course of the weeks ahead. Google hasn’t detailed everything that’s new, but the efforts to thwart malicious sites are clearly the highlights. The company has moved from blocking obvious threats like malware to the sneakier tactics that may not compromise your computer, but could prove annoying at best and costly at worst.