Cyber Security News Update 11/10/2017

As the week wraps up, there’s plenty of cyber security news to go around.

The Android Eavesdropper vulnerability may affect more then 170+ million users who’ve downloaded compromised applications Appthority reports. At least 700 apps in the Android app store are affected by the vulnerability, and they’ve been downloaded millions of times. The vulnerability originates from the way the affected applications are written, they have developer credentials hard-coded into them. This goes against established best practices because it leads to security risks and increased vulnerability. The Eavesdropper vulnerability gives attackers access to a treasure trove of personal data, historical call records, texts and MMS messages. Unfortunately there’s no recourse for those who’ve had their data exposed by Eavesdropper, users are cautioned to protect themselves by checking whether or not the apps on their phones are among those effected.
Source: Eavesdropper Vulnerability Exposes Hundreds of Mobile Apps

Tens of millions of dollars in Ether remains frozen due to user error, which ended up trapping the funds in the Parity wallet. By modifying the code in the wallet, the user managed to lock away up to $100 million dollars in ether. An emergency update by the developers has temporarily made the cryptocurrency available again, and they’ve issued a new version of the code that hopefully stops this soft of thing from happening. This is not the first bug that Parity has had to overcome, in July ~$30 million of ether was stolen due to another vulnerability in the wallets code.

Another cyber attack tool from Vault 8 has been released. We’ve previously covered the various tools and programs in Vault 7, and there hasn’t been a major release in a while. The program released is Hive, specifically WikiLeaks released the source code for it. Hive is the controller software for the other attack programs and utilities in Vault 7. Vault 7 was the actual programs used by the CIA & NSA to prosecute their cyber attacks, Vault 8 will be about the backbone and support programs that facilitate those released as part of Vault 7. Hive is a multi-function program that sets up an infrastructure that allows several users to work with it at once and helps to prevent attribution. What this means is that Hive works to set up chains of evidence that lead investigators away from the attack being linked to the CIA or NSA. It does this by setting up fake websites, spoofing location data, and other useful tricks. Hive also works to disguise the other programs, by implanting falsified security certificates in infected devices. Attack programs read as coming from Kaspersky Labs, or other trusted cyber security developers. This capability to modify the certificates with trusted ones is a very strong method for covering your tracks, as anti-virus software would have difficulty tracking down the attack program. Worse, if Hive is capable of seeing what sort of programs are on an infected device it may modify the certificates of the attack programs to match those of other programs on the infected device. This would further stump anti-virus software, and make it difficult to clean out an infected device.
Source: Vault 8: WikiLeaks Releases Source Code For Hive – CIA’s Malware Control System