MAKE YOUR RESERVATION EARLY!

Tuesday, September 12, 2017 - 6:45 p.m.

 

 

The evening will be full of amazing facts brought to us by Messrs. Bob Wallace and Keith Melton as they discuss their recently released book, "Spy Sites of Washington D. C.".  It will be an evening well spent and one that's sure to open eyes about our Nation's Capital.

Following the talk, Bob and Keith will sign books.  Don't miss this one!

 

 

For additional information, please visit: SPY SITES OF WASHINGTON: SMITHSONIAN EVENT SITE

 source: defenseone.com

The long-standing intelligence sharing pact between the U.S., U.K., Australia, New Zealand and Canada needs to adapt more quickly to meet rapidly evolving, 21st century threats.

To modernize the “Five Eyes” arrangement, the five governments must develop a common strategy for gathering information on today’s threats, which stem from non-state actors like terrorist groups, hackers and transnational criminal syndicates — as well as from nation-state adversaries.  However, to be successful, they must speed the dissemination of information to enable real-time responses, counter disabling cyber threats like the recent “Wanna Cry” ransomware attack and overcome adversaries’ use of encryption.

Furthermore, to maintain public support for robust intelligence collection in democratic political systems, each of the Five Eyes governments must strengthen and clarify the legal frameworks that govern intelligence activities and address growing privacy concerns among the citizenry of all five nations.

Under the Five Eyes arrangement, the five Anglophone countries have shared intelligence and collaborated on intelligence collection and analysis for 70 years. But the partnership — which originally focused on the Soviet Union and the Warsaw Pact — has been slow to adapt to rapidly evolving 21st century threats. Since 2013, Five Eyes ministerials have addressed religious radicalization, cybersecurity, and other common threats.

Last week, senior intelligence, national security, and homeland security officials from the U.S., U.K., Australia, New Zealand and Canada met in Ottawa to improve cooperation on a range of shared security threats.

This Cabinet-level meeting addressed terrorism, cybersecurity, border security, and global migration — threats that did not exist in today’s forms when the Five Eyes agreement was reached in the aftermath of World War II. Most importantly, however, the ministers agreed to improve the state of their collaboration, as well as its scope, to address 21st century obstacles to intelligence collection.

 
 

  source: securityweek.com

Android file-encrypting ransomware SLocker was recently observed using an interface similar to that of the WannaCry malware that hit Windows systems worldwide last month, TrendMicro security researchers reveal.

One of the first Android ransomware families to encrypt files on compromised devices, SLocker had a short lived success before, as the suspect supposedly responsible for it was arrested within five days after the initial detection.

The malware initally infected a small number of users because of limited transmission channels (forums like QQ groups and Bulletin Board Systems), but is back in an attempt to capitalize on the success of the WannaCry outbreak.

According to Trend Micro, the original ransomware sample found earlier this month was named King of Glory Auxiliary and was posing as a cheating tool for the game King of Glory. Once installed, however, the ransomware featured a similar appearance to WannaCry.

To lure users into installing it, the SLocker ransomware also disguises as video players, and other types of programs. After the application is first run, however, it changes the icon and name, along with the wallpaper of the infected device.

It also checks whether it has been run before, and generates a random number and stores it in SharedPreferences if not. Next, the threat locates the device’s external storage directory and starts a new thread that will first go through the directory to find files that meet specific requirements.

“We see that the ransomware avoids encrypting system files, focuses on downloaded files and pictures, and will only encrypt files that have suffixes (text files, pictures, videos). When a file that meets all the requirements is found, the thread will use ExecutorService (a way for Java to run asynchronous tasks) to run a new task,” the security researchers explain.

The malware generates a cipher based on the previously generated random number and feeds the string to construct the final key for AES before using AES to encrypt files. 

SLocker victims are provided three options to pay the ransom, but all three lead to the same QR code requesting victims to pay via popular Chinese mobile payment service QQ. The malware also threatens victims that the ransom amount will increase after three days and that files will be deleted after a week.

The malware analysis also revealed that the decryption key is compared with the value in MainActivity.m, which is the previously generated random number plus 520. Thus, users can decrypt their files for free if they can figure out the method for generating the decrypt key, TrendMicro notes.

  source: wired.com

ON THE LIST of computer security advice standbys, "update your software" ranks just below with "don't use the password 'password.'" But as the cybersecurity research community gets to the bottom of the malware outbreak that exploded out of Ukraine to paralyze thousands of networks around the world last week—shutting down banks, companies, transportation and electric utilities—it's become clear that software updates themselves were the carrier of that pathogen. Cybersecurity analysts warn that it's not the only recent incident when hackers have hijacked software's own immune system to deliver their infections. And it won't be the last.

Over the past week, security researchers at ESET and Cisco's Talos division have both published detailed analyses of how hackers penetrated the network of the small Ukrainian software firm MeDoc, which sells a piece of accounting software that's used by roughly 80-percent of Ukrainian businesses. By injecting a tweaked version of a file into updates of the software, they were able to start spreading backdoored versions of MeDoc software as early as April of this year that were then used in late June to inject the ransomware known Petya (or NotPetya or Nyetya) that spread through victims' networks from that initial MeDoc entrypoint. This disrupted networks from pharma giant Merck to shipping firm Maersk to Ukrainian electric utilities like Kyivenergo and Ukrenergo.

But just as disturbing as that digital plague is the continuing threat it represents: that innocent software updates could be used to silently spread malware. "Now I’m wondering if there are similar software companies that have been compromised that could be the source of similar attacks," says Matt Suiche, the founder of Dubai-based Comae Technologies, who has been analyzing the Petya strain since it first appeared. "The answer is, very likely."

Backdoors Multiplying

In fact, Kaspersky Labs tells WIRED that it's seen at least two other examples in the last year of malware delivered via software updates to carry out sophisticated infections. In one case, says Kaspersky research director Costin Raiu, perpetrators used updates for a popular piece of software to breach a collection of financial institutions. In another, hackers corrupted the update mechanism for a form of ATM software sold by an American company to hack cash machines. Kaspersky pins both of those attacks on a criminal organization known as Cobalt Goblin—an offshoot of the so-called Carbanak hacker group—but wouldn't share any more information as its investigations are still continuing. "My opinion is we’ll see more attacks of this kind," Raiu says. "It’s often much easier to infect the supply chain."