New Zealand’s Security Program With Vodafone Dented malicious Software Attacks


Vodafone New Zealand’s security pilot program for the Government Communications Security Bureau has shown the technology could “significantly” dent malicious software attacks.

The country’s security agency launched the program called “Malware Free Networks” (referring to foreign sourced advanced malicious software), and allowed second-biggest internet service provider to use its cyber threat information and technology to mitigate those attacks for a small group of the ISP’s commercial customers. The GCSB had been keen to test its Cortex technology with an ISP since 2014, however Cabinet wanted the intelligence agency to report back before signing off on such a deal.

The Cortex system became public when former Prime Minister John Key declassified some documents in response to claims by Intercept journalist Glenn Greenwald and former US National Security Agency contractor-turned-whistleblower Edward Snowden that New Zealand’s GCSB embarked on plans to implement mass metadata surveillance, including the tapping of the Southern Cross Cable, in 2012 and 2013, in an initiative called ‘Speargun’.

The Five Eyes

The GCSB was scheduled to report back to Cabinet in the first quarter of this year with options for the future of program, with any extension needing ministerial approval.

“GCSB has provided a report to Cabinet on the Malware-Free Networks pilot indicating its potential to disrupt a significant volume of malicious activity,” a spokesman said.

“We are continuing to work with Vodafone to maintain the Malware-Free Networks capability until a decision has been made about post-pilot options, and will provide a further report back to Cabinet.”

Malware threats accounted for about 17 per cent of the government’s Computer Emergency Response Team direct responses in the pilot’s three months of operation, the second most common category behind phishing.

Any potential extension will now fall to the new government, with Prime Minister-elect Jacinda Ardern indicating she planned to take the intelligence portfolio, and ministers are expected to get their warrants on Thursday.

The GCSB had been keen to test its Cortex technology with an ISP since 2014.

However, Cabinet wanted the intelligence agency to report back before signing off on such a deal.

Project Cortex wasn’t seen as causing material privacy issues, with controls including how data is access, stored, shared and disposed of.

The business plan said there will be no mass surveillance, and that data will be accessed by GCSB only with the consent of owners of relevant networks or systems.

Vodafone though doesn’t bear any of the cost of the pilot, with the GCSB footing the bill

The cyber security strategy report said the next step for protecting New Zealand’s most important information infrastructures was to “complete the full deployment of Cortex capabilities to NCSC (National Cyber Security Centre) customers”.

The Government Communications Security Bureau (GCSB) is a public service department that provides information assurance and cyber security to the New Zealand Government and critical infrastructure organizations, collecting and analyzing intelligence in accordance with the Government’s priorities, and providing cooperation and assistance to other New Zealand government agencies.

Biometric Company Announces Groundbreaking Hand Wave Authentication



Redrock Biometrics! founded in 2015 and headquartered in San Francisco says that it is introducing the first palmprint biometric solution that works with any camera-equipped device including smartphones, tablets, laptops, desktops, smart TVs, and VR and AR headsets.

Named PalmID Capture Module, it uses sophisticated machine vision techniques to convert RGB video of the palm into a template for authentication.

Leonid Kontsevich the chairman of the company who describe themselves as on a crusade to eliminate identification cards, pin numbers, passwords, and voice identification technologies told Techcrunch that the technology will solve the perennial problem of passwords and identity management and will “see broad applications in authenticating payments in virtual worlds, physical security, and cash withdrawals among other transactions.”

Kontsevich a graduate of the Moscow Institute of Physics and Technology worked with the startup Kaching! added that “there is no other commercially available palm biometric which works with RGB camera”.

With a simple wave of the hand, the technology converts a palm image into a unique signature and authenticates the user in 10 – to 100-milliseconds depending on CPU speed. The technology uses machine vision techniques to detect a palm in a video stream, passes its descriptor for enrollment or verification and can run on either a client or a server by matching a verification request against an enrollment template using proprietary algorithms tested on thousands of palms.

It also said that its biometric identification technology is “enrollment portable”, with authentication technologies available for sign-in authentication across Windows, Android, iOS, Mac OS, and Linux as well as stand-alone client-server technologies.

According to a recent report from Risk Based Security, more than 4.2 billion user credentials and passwords were stolen in 2016, with approximately 95 passwords stolen every second.1 Forrester estimates that account takeover causes at least $6.5 – $7 billion in annual losses across a broad range of industries including financial services, insurance, e-commerce, and healthcare.


In a related development, behavioral biometrics and threat detection firm BioCatch which monitors 4 billion transactions per month for a handful of major banks announced it is working with software solutions and IT services company, Samsung SDS America, to combat fraud that occurs after a user has logged in.

Through the partnership, BioCatch says it will integrate a layer of fraud protection that works beyond the login process into Samsung SDS’ Nexsign enterprise biometric authentication software.

The integration is intended to fill security gaps that occur when mobile apps don’t require users to login multiple times to validate their identity. To solve this, BioCatch will collect and analyze more than 500 parameters around a user’s activity– continuously monitoring their behavioral patterns within the app to authenticate the user and detect abnormal bot or malware behavior.

Illinois Man Facing 5 Years In Federal Prison For Celebgate



An Illinois man, Emilio Herrera, 32 is facing up to five years in federal prison after signing a plea agreement to a felony violation of the Computer Fraud and Abuse Act, specifically one count of unauthorized access to a protected computer to obtain information, according to the U.S. Attorney’s Office.

From April 27, 2013 till the end of August 2014, Herrera through a phishing scheme sent emails that appeared to be from security accounts of internet service providers and encouraged the recipients to send him their user names and passwords — including more than 550 Apple iCloud and Google Gmail accounts among which belong to female celebrities whom had their nude picture posted via file sharing protocols like BitTorrent around September 2014.

Although he was charged in Los Angeles, the parties have agreed to transfer the case to the Northern District of Illinois for the entry of his guilty plea — he faces up to five years in federal prison — and sentencing.

According to the count documents, after his victims responded, Herrera will then use their user names and passwords to illegally access their iCloud and Gmail accounts. Once inside their accounts, Herrera had access to personal information, including sensitive and private photographs and videos.

The Herrera case is a product of an ongoing FBI investigation into “Celebgate” and its perpetrators.

As early as October, the investigation began zeroing in on an address on the South Side of Chicago, the FBI said in a search warrant affidavit recently unsealed in U.S. District Court in Chicago.

Using phone records and computer identification information called Internet protocol, or IP, data, investigators found that the compromised accounts were accessed by a single computer linked to two email addresses belonging to Emilio Herrera.

In January, another Illinois man was sentenced to 9 months in prison for a related phishing attack targeting more than 300 iCloud and Gmail accounts. Before that, a Pennsylvania man last October was sentenced to 18 month in prison for accessing 50 iCloud accounts and 72 Gmail accounts.




In a related news, hackers have successfully broken into a celebrity London-based plastic surgery clinic, whose clients include Katie Price and even members of royal families.

London Bridge Plastic Surgery (LBPS) has confirmed it fell victim to the cyber attack and said it was ‘horrified’ that highly-sensitive data had been breached – including images of ‘male and female genitalia’.

The hackers are believed to be The Dark Overlord, a group known to international law enforcement agencies, and who have a record of trying to extort its victims – including schools, medical centers and a Netflix production studio.

Speaking about the breach, The Daily Beast claims the group bragged about having pictures of the surgery’s clients, saying: ‘We have TBs (terabytes) of this s***. Databases, names, everything.

In a statement LBPS told the website: ‘We can confirm that the Clinic has been the victim of a cyber attack.

‘We took measures to block the attack immediately in order to protect patient information and we informed the Metropolitan Police who launched an investigation. Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen. We are still working to establish exactly what data has been compromised.

The group behind the attack are highly sophisticated and well known to international law enforcement agencies having targeted large US medical providers and corporations over the past year. We are horrified that they have now targeted our patients. Security and patient confidentiality has always been of the utmost importance to us.

We invest in market-leading technology to keep our data secure and our systems are updated daily. We are deeply saddened that our security has been breached. We are profoundly sorry for any distress this data breach may cause our patients and our team are available around the clock to speak to anyone who has any concerns by calling 0203 858 0664.’

Although the hackers claim to have information about ‘royal families’ they did not confirm if they were referring to the British one.

The Daily Beast claim when the hackers contacted them they some are extremely private, saying: ‘Many are highly graphic and close-up, showing surgery on male and female genitalia.

Met Police’s Organized Crime Command are now investigating, with a Scotland Yard spokesman confirming they have made no arrests.

The United States Critical Infrastructure Breached By State Sponsored Malware Attacks

Department of Homeland Security

The Department of Homeland Security and Federal Bureau of Investigation issued a rare public warning in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies said that hackers actually succeeded in compromising some targeted networks including at least one energy generator, and conducting reconnaissance on their networks. It was accompanied by six technical documents describing malware used in the attacks.

The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.

U.S. authorities have been monitoring the activity for months, which they initially detailed in a confidential June report first reported by Reuters. That document, which was privately distributed to firms at risk of attacks, described a narrower set of activity focusing on the nuclear, energy and critical manufacturing sectors.

Department of Homeland Security spokesman Scott McConnell declined to elaborate on the information in the report or say what prompted the government to go public with the information at this time.

“The technical alert provides recommendations to prevent and mitigate malicious cyber activity targeting multiple sectors and reiterated our commitment to remain vigilant for new threats,” he said.

The FBI declined to comment on the report, which security researchers said described an escalation in targeting of infrastructure in Europe and the United States that had been described in a September report from private firms, including Symantec Corp. that warned advanced hackers had penetrated the systems controlling operations of some U.S. and European energy companies.

Symantec researcher Vikram Thakur said in an email that much of the contents of Friday’s report were previously known within the security community.

Robert Lee chief executive of cyber-security firm Dragos who decribed the attacks as “very aggressive activities” said the report appears to describe hackers working in the interests of the Russian government, though he declined to elaborate. Dragos is also monitoring other groups targeting infrastructure that appear to be aligned with China, Iran, North Korea.

Homeland Security “has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign,” the report said.

First published by Reuters

Philippines Largest Online Stock Brokerage Firm Hacked

Philippine Stocks Exchange

Philippines Largest Online Stock Brokerage Firm Hacked

Philippines government’s privacy watchdog said on Sunday that it was closely monitoring the “possible personal data breach” on the country’s largest online stock brokerage firm, which has almost a quarter of a million clients trading shares its internet-based trading platform.

The agency said it had been informed by the stock brokerage – one of the most active trading participants on the Philippine Stock Exchange by volume – that it was “hiring a third party group to perform an independent security and vulnerability check of the system.”

In press statement, National Privacy Commission (NPC) chief Raymund Enriquez Liboro ordered COL Financial five days to submit a comprehensive report on the potential hacking of its client database to aid in the agency’s probe as well as to help it decide on its next course of action.

Liboro said his agency as informed at 3:30 p.m. of Friday about the potential data breach to its system which was initially detected in the afternoon of Oct. 17, 2017.

Read more: Inquirer Business

Northern Ireland Infrastructure Is Under Attack By State Actors, Says Top UK Cyber Agency

Ciaran Martin

According to Ciaran Martin, the top dog at UK’s cyber security agency, significant” online attacks are being launched against Northern Ireland infrastructure by a state actors.

He made the revelation on a two-day visit to Belfast during which he briefed the permanent secretaries of Stormont departments and delivered a speech at Queen’s University.

The NCSC was set up by the UK Government last year and so far have managed 590 significant cyber incidents across the UK while preventing tens of millions of attacks through active cyber defense measures.

While Mr Martin said that the UK had not yet been the subject of a ‘category one’ very serious national level emergency, such as an attack on power grids or a State broadcaster, he added that his organization expected a “significant scale attack” in the next few years.

He said: “The risk is there, I don’t want to over-hype the risk, but in a digital economy like NI there are critical systems – the NHS, there will be power grids and so forth – so part of our job is to help the owners of those networks and make sure that if there is a large-scale very serious attack that it can only do a certain amount of damage and it can’t paralyze the system. Part of the NCSC’s job is, over time, to build in that resilience into the system so that large-scale damage is less likely.

“So a very serious attack is possible. I wouldn’t say it’s statistically more probable or less probable that it would happen in Northern Ireland than England or the Republic or somewhere else. What I would say with high confidence is that there is an everyday risk to the economy here from that sort of low sophistication, but highly prolific, set of attacks. There is always the potential for a very serious attack, and certainly at a UK-wide level I think we expect a ‘significant scale attack’ in the next few years.”

The agency chief revealed that much organized cyber crime originated in eastern Europe, particularly Russia.

He continued: “Mostly you’re just talking about low-level prolific tech where someone wants to steal a few hundred pounds, someone wants to hold a business to ransom, someone wants to steal a data set. It’s just that corrosive, low-level damage where each individual attack is of no particular strategic significance, you add them all up and you’ve got a big problem and that’s what we’re trying to fix.

“The main source of cyber attacks are hostile foreign states and international criminal groups, they’re not terrorist groups or paramilitary groups whether here in Northern Ireland or elsewhere. Paramilitary and terrorist groups across the world tend not to have very sophisticated cyber attack capabilities. It’s mostly an organized criminal network, it may be under the sponsorship of the state, but it’s a bunch of people sitting in cubicles looking at screens trying to do a large-scale attack.”

He advised that everyone take “sensible precautionary measures” against online threats.

“The main types that you’re likely to encounter are theft of credentials in order to enable identity fraud, and as we’ve all seen, ransomware, where businesses are held to ransom – their data stolen and all their files are encrypted and they are asked to pay. Both of those are very large-scale problems,” he said.

A New Botnet Is On The Loose And Ravaging IOT Devices

Reaper Malware

On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point said that a massive botnet is forming to create a cyber-storm that could take down the internet and that at this point, millions of organizations have already been infected.

The new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.

IoT Botnets are Internet connected smart devices which have been infected by the same malware and are controlled by a threat actor from a remote location. They have been behind some of the most damaging cyberattacks against organizations worldwide, including hospitals, national transport links, communication companies and political movements.

IOT Botnet

“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”

The Reaper malware has pulled together a grab-bag of IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by companies like Vacron, GoAhead, and AVTech. While many of those devices have patches available, most consumers aren’t in the habit of patching their home network router, not to mention their surveillance camera systems.

‘With this version it’s much easier to recruit into this army of devices.’

Check Point has found that fully 60 percent of the networks it tracks have been infected with the Reaper malware. And while Qihoo 360’s researchers write that some 10,000 devices in the botnet communicate daily with the command-and-control server the hackers control, they’ve found that millions of devices are “queued” in the hackers’ code, waiting for a piece of automatic “loader” software to add them to the botnet.

Check Point’s Horowitz suggests anyone who fears that their device might be compromised should check the company’s list of affected gadgets. An analysis of the IP traffic from those devices should reveal if they’re communicating with the command-and-control server helmed by the unknown hacker that’s administering the botnet, Horowitz says. But most consumers don’t have the means to do that network analysis. She suggests that if your device is on Check Point’s list, you should update it regardless, or even perform a factory reset on its firmware, which she says will wipe the malware.

Read more at: Check Point Research

With A Band Of Fanatical Cyber-Warriors, North Korea Is Winning The Virtual War


It is obvious that World War III will start from an escalated cyber-war. A war that over the past 8 years has been fought silently but now, about to engulf the world in flames.

Just ask the Sout Koreans who are at this very present moment, waging a losing war with thier cousin in the North.

In this article from New York Times, the trio of David E. Sanger, Nicole Perlroth and DAvid D. Kirkpatrick explores the ever-growing strength and reach of Bureau 121.

When North Korean hackers tried to steal $1 billion from the New York Federal Reserve last year, only a spelling error stopped them. They were digitally looting an account of the Bangladesh Central Bank, when bankers grew suspicious about a withdrawal request that had misspelled “foundation” as “fandation.”

Even so, Kim Jong-un’s minions still got away with $81 million in that heist.

Then only sheer luck enabled a 22-year-old British hacker to defuse the biggest North Korean cyberattack to date, a ransomware attack last May that failed to generate much cash but brought down hundreds of thousands of computers across dozens of countries — and briefly crippled Britain’s National Health Service.

Their track record is mixed, but North Korea’s army of more than 6,000 hackers is undeniably persistent, and undeniably improving, according to American and British security officials who have traced these attacks and others back to the North.

Amid all the attention on Pyongyang’s progress in developing a nuclear weapon capable of striking the continental United States, the North Koreans have also quietly developed a cyberprogram that is stealing hundreds of millions of dollars and proving capable of unleashing global havoc.

Unlike its weapons tests, which have led to international sanctions, the North’s cyberstrikes have faced almost no pushback or punishment, even as the regime is already using its hacking capabilities for actual attacks against its adversaries in the West.

And just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose.

The world is slowly rolling down the path to the abyss and the final push may be delivered by a line of a code. Read the full article at: The New York Times

Altcoin Exchange Rebrands to


Cryptocurrencies are everywhere, growing fast and its adoption as a sole means of exchange withn the next 10 years, is all but inevitable. which is aiming to create a safe, trustless platform that enables users to make fast trades without worrying if they’re exposing themselves to risk is changing its name to

According to them, “this marks the beginning of a new era of altcoin trading that promises the cryptocurrency community complete security of their coins and a safer way to trade”.

Andrew Gazdecki, CEO and founder of, says that the centralized exchange model is broken and as altcoins continue their meteoric rise in popularity, it’s more important than ever to establish a secure and trustless exchange but with the trading community involved.

Altcoin 2

By eschewing the centralized model, lets traders retain full control of their coins so they can exchange with confidence. There’s no single point of failure, no central repository for hackers to exploit, and full transparency in every transaction.

There A Core Protocol-level Flaw In WPA2 Wi-Fi And It Looks Really Bad


The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks were designed as a response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

Now, the US CERT has issued an advisory that talked about several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.

According to them, the impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, otehrs and that as protocol-level issues, most or all correct implementations of the standard will be affected.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and security experts says that ehe research into tis vulnerabilities has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8 a.m. Monday.

Part of the potential flaw in WPA could be that, the researchers have previously suggested in a 2016 paper, the random number generation used to create ‘group keys’ — the pre-shared encryption key shared on non-enterprise WPA/WPA2 wireless networks — isn’t random enough, and can be predicted.

With that prediction of not-so-random numbers in place, the researchers have demonstrated the ability to flood a network with authentication handshakes and determine a 128-bit WPA2 key through sheer volume of random number collection. Though it’s not yet clear, the re-use of a non-random key could allow an attacker to piggyback their way into a wireless network and then snoop on the data being transmitted within.