ICYMI: Facebook hijack, Rowhammer bug and Star Trek CISOs
ICYMI: Facebook hijack, Rowhammer bug and Star Trek CISOs

Facebook Login hijacking tool offered to black hat hackers

Penetration testing company Sakurity has openly named and blamed Facebook over a security vulnerability that it says exists on websites with a Facebook login option.

In a direct call to black hat hackers, Sakurity has created RECONNECT as a ready to use tool to hijack accounts on websites including Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many others.

“Feel free to copy and modify [the RECONNECT] source code,” says Sakurity founder Egor Homakov. “Facebook refused to fix this issue one year ago, unfortunately it's time to take it to the next level and give black hats this simple tool.”

Facebook has since responded to SC, saying that no fix is needed.

'Rowhammer' hijack via hardware flaw hits half of laptops tested

A DRAM hardware 'reliability issue' turns out to be a vulnerability issue for half of all laptops as Google researchers demonstrate Rowhammer hijack.

A little-known hardware flaw, dubbed ‘rowhammer' - which allows hackers to take complete control of computers – is so potent that over half the laptops tested by Google researchers were vulnerable to the attack.

Rowhammer is unusual in being a hardware vulnerability, similar to the software bugs that hackers usually exploit. And Google has hit out at hardware manufacturers for failing to disclose whether their products are susceptible to the bug.

The future CISO: The next Captain Kirk?

That was the verdict of ‘The Future of the CISO' keynote session at SC Congress, which took place at the ILEC conference centre in London on 3 March.

Speaking in front of almost 300 delegates, experts - including CISOs to high-profile lecturers, consultants and security advisers - debated the challenges facing the information security industry in regards to the role of the CISO, the range of skills and personnel needed, including the cyber-security skills shortage and the need to efficiently articulate risks to the board. One expert believes that future CISOs will need to be like...Captain Kirk.

Russia adopts quantum computing to counter foreign spyware

Russian government agencies have detected foreign-controlled spyware networks in the country, and a host of compromised devices, leading to moves to adopt quantum computing solutions.

The Russian Federal Security Service and the Ministry of Internal Affairs are reported to have jointly detected and closed down three major foreign agent networks operating in the country using spyware systems run from abroad.

Although the full details of the investigation have not been disclosed, the attacks are reported to have focused on the websites of large Russian corporations and state agencies as well as stealing of personal data. Russian law-enforcement agencies are currently continuing their investigation to identify those responsible for the attacks.

An official spokesperson of the Federal Security Service told SCMagazineUK.com that as a result of several months monitoring and investigation, the Russian security service was able to close down the operation and prevent further activity by the networks. This was claimed to have helped prevent exfiltration of some two million pages of private information.

TorrentLocker copycat CryptoFortress leads new wave of ransomware

Ransomware continues to rise in several new and old guises, including a copycat TorrentLocker, BandarChor and a spam campaign encompassing the infamous CryptoWall.

French malware researcher ‘Kafeine' recently confirmed the existence of a new version of TorrentLocker, called CryptoFortress, which was being used in in-the-wild attacks against computer users in order to encrypt their files, forcing them to pay a ransom to get them back.

Kafeine later explained how he initially thought the malware was a rebadged version of TorrentLocker, only to later reveal that it was in fact a new strain of ransomware, CryptoFortress, which would encrypt files and ask for 1.43 Bitcoins (approximately £264) or up to £600, if paid up to 72 hours later.

Some users reported that files were encrypted using the suspicious ‘.frtrss' extension, while experts have noted the ransomware's use of AES-256 encryption in ECB (Electronic Code Book) mode and Tor to communicate back to the command and control (C&C) server.