ITNEWSMY

As digging deeper and deeper into the huge Hacking Team data dump, security researchers are finding more and more source code, including an advanced Android Hacking Tool.

Yes, this time researchers have found a source code to a new piece of weaponized android malware that had the capability to infect millions of Android devices even when users are running latest versions of the android mobile operating system.

Trend Micro researchers found that the Italian spyware company was selling RCSAndroid (Remote Control System Android), which they says, is one of the "most professionally developed and sophisticated" pieces of Android malware a.k.a Android hacking tool they have ever seen.

RCSAndroid is a sophisticated, real-world surveillance and hacking tool that provides even unskilled hackers to deploy one of the world's more advanced surveillance suites for Google's mobile operating system Android.

List of Creepy Features of Android Hacking Tool

Once installed on targets' devices, RCSAndroid would have helped government and law enforcement agencies around the world to completely compromise and monitor Android devices remotely.

Here are some of the features of RCSAndroid include the ability to:

Capture screenshots using the 'screencap' command and framebuffer direct reading
Collect passwords for Wi-Fi networks and online accounts, including WhatsApp, Facebook, Twitter, Google, Skype, and LinkedIn
Collect SMS, MMS, and Gmail messages
Capture real-time voice calls in any network or application by hooking into the 'mediaserver' system service
Capture photos using the front and back cameras
Monitor clipboard content
Record using the microphone
Record location
Gather device information
Collect contacts and decode messages from IM accounts, including WhatsApp, Telegram, Facebook Messenger, Skype, WeChat, Viber, Line, Hangouts, and BlackBerry Messenger.

RCSAndroid Android hacking tool had been in the wild since 2012 and has been known to Citizen Lab researchers since last year when the security firm detailed a Hacking Team backdoor used against Android users in Saudi Arabia.

How RCSAndroid hacking tool infects a Target?

RCSAndroid uses two different methods to infect targeted Android devices.

1. Hacking Team used text and email messages containing specially crafted URLs that triggered exploits for several vulnerabilities (CVE-2012-2825 and CVE-2012-2871) present in the default browsers of Android 4.0 Ice Cream to 4.3 Jelly Bean, allowing the attacker to gain root privileges, and install the RCSAndroid APK.

2. The company used backdoor apps such as "BeNews" available on the official Google Play Store to take advantage of a local privilege escalation bug to root the device and install the RCSAndroid agent.

RCSAndroid has 4 'critical components':

Penetration solutions – Methods to get into the device, either via SMS or email or a legitimate app
Low-level native code – Advanced exploits and spy tools beyond Android's security framework
High-level Java agent – The application's malicious APK
Command-and-control (C&C) servers – Servers used to remotely send or receive malicious commands

Given that the source code of RCSAndroid is now available to everybody, it will likely put Android users in danger. So, if you own a smartphone running any Android version from 4.0 Ice Cream to 4.3 Jelly Bean, you need to 'Get Rid of it Today.'

"The leaked RCSAndroid code is a commercial weapon now in the wild," security researchers wrote in a blog post. "Mobile users are called on to be on top of this news and be on guard for signs of monitoring. Some indicators may come in the form of peculiar behavior such as unexpected rebooting, finding unfamiliar apps installed, or instant messaging apps suddenly freezing."

Users of Android 5.0 Lollipop may also be in danger of being targeted, as some emails sent among Hacking Team executives indicates that "Hacking Team was in the process of developing exploits for Android 5.0 Lollipop," but so far there is no such indication.

I think you'll agree with me when I say:

It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it?

Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network.

A group of six academics have developed a Tor network alternative for users that allows high-speed anonymous web surfing, reinforcing the privacy of Internet users worldwide.

The network is dubbed:

HORNET: High-speed Onion Routing at the Network Layer

Many anonymising networks, including The Onion Router (or TOR) network, are often slow because the data passing through the networks is encrypted a many numbers of times.

However, the high-speed onion routing network HORNET is capable of handling anonymous traffic at speeds of more than 93 Gbps while maintaining privacy.

The new anonymous network is built by researcher Chen Chen of Carnegie Mellon University, along with Daniele Enrico Asoni, Adrian Perrig and David Barrera of the Zurich's Federal Institute of Technology, and George Danezis of University College London.

The security researchers' ultimate goal is "Internet-scale anonymity."

In a paper (PDF) titled HORNET: High-speed Onion Routing at the Network Layer, the team says Hornet is a low-latency onion routing system that enables end-to-end anonymous channels with aquicker and more secure alternative to Tor.

Tor network, which handles over 2 Million user on its network daily, is currently used by journalists, activists, law enforcement and hackers to disguise from where they are browsing the Internet.

However, Tor has its faults. It is often slow and frustrating because its performance is based on the number of systems that make up the network. HORNET aims to resolve this issue.

"[HORNET] is designed to be highly efficient," reads the paper, "instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients."

High Speed with High level of Security

Researchers say that unlike TOR-like systems, HORNET does not keep per-session states or"perform computationally expensive operations for data forwarding," allowing it to scale as required without any limitations.

Moreover, the changes done by the team made HORNET less susceptible to confirmation attacks that have been used to unmask users of Tor by monitoring traffic streams and packet flows.

HORNET raises the security bar since spy agencies or hackers would need to control "a significant percentage of ISPs" across multiple geopolitical areas, while keeping their whole surveillance operation quiet and spying on HORNET's users effectively.

The new Tor-Style networks could be of great help to users who are currently relying on Tor and other onion routing systems. You can download the paper PDF for full technical details on HORNET.

An alleged member of Lizard Squad, who claimed responsibility for knocking Sony's PlayStation Network and Microsoft's Xbox Live offline late last year has been convicted of 50,700 counts of cyber crime.

The infamous computer hacker gang Lizard Squad launched massive Distributed Denial-of-Service (DDoS) attacks against the largest online gaming networks -- PlayStation Network and Xbox Live -- on Dec. 25, 2014. Then offered to sell its own Lizard-branded DDoS-for-hire tool called Lizard Stresser.

Julius "zeekill" Kivimaki, a 17-year-old was given a two-year suspended prison sentence and was "ordered to fight against cybercrime," according to Finnish newspaper Kaleva.

Facing more than 50,000 Counts of Computer Crime

Finnish authorities arrested Kivimaki in late 2014.

Under the alias "Ryan," the teen participated in an interview with U.K. television station Sky News, openly claiming that he is a member of Lizard Squad and that the cyber attacks on Xbox Live and PlayStation Network were conducted to raise awareness of the inadequate security at Microsoft and Sony.

The DDoS attacks on gaming networks were ultimately stopped by MegaUpload founder Kim Dotcom, who offered the group 3,000 vouchers for his content hosting service, amounted to $300,000 in bribe.

Julius Kivimaki Harassed an American for 3 Years

While talking to the Daily Dot, a victim of Kivimaki's repeated harassment Blair Strater, a 20-year-old American, said he was "absolutely disgusted by the ruling" because he felt the sentence was too light.

According to Strater, Kivimaki called in false threats to American law enforcement, which results in SWAT teams arriving at his residence. For almost three years, Kivimaki harassed his family by stealing their identities and ruining their finances and personal lives.

Kivimaki's computer hacking charges include data breaches, telecommunication harassments, payment fraud, and other counts related to fraudulence and violations of company secrets.

The BBC has unveiled the final design of the Micro:bit — a pocket-sized computer board designed to lure U.K. school children to embedded electronics.

The Micro:bit is essentially a codeable computer that lets kids get creative with technology. It measures 5cm by 4cm and will be available in different colors.

The idea behind the Micro:bit is to encourage young children to learn how computers work, and to get kids into programming and engineering at the young age.

What does this tiny little computer contain?

The Micro:bit, made in collaboration with ARM, Barclays, element14, Freescale, Lancaster University, Microsoft, Nordic Semiconductor, Samsung and the Wellcome Trust, contains:

A 32-bit ARM Cortex M0 CPU
Programmable Array of 25 red LEDs
Micro USB port through which it can be powered
Three input-output (I/O) Ring Connectors to hook it up to other kits and sensors
Bluetooth for connectivity
A 3V output connector to power external devices
A 20-pin edge connector
Two on-board buttons that can act as a game controller
A battery connector which connects to a separate AAA battery holder
An accelerometer to make a hi-tech spirit level
In-built Compass

The series of 25 programmable red LEDs lights is designed to help children get instant results, and its input/output (I/O) rings help connect other computing kit, including the Raspberry Pi, Galileo, Arduino, Kano and littleBits, to carry out more complex tasks.

The Micro:bit is programmed through a modified version of Microsoft's TouchDevelop Web-based coding environment. Microsoft also provided two coding languages – The text-based Microsoft TouchDevelop and a graphical coding language Microsoft Blocks.

The BBC Micro:bit is almost 18 times faster and about 600 times lighter than the original BBC Micro, which celebrated its 33rd birthday recently.

When would you get Micro:bit?

BBC is planning to distribute over 1 Million Micro:bit devices for Free to every Year 7 (11 or 12 year-old) child or equivalent at the school across the UK in October this year.

By the end of this year, the general public will also be able to purchase Micro:bit. Although the cost has not been announced yet, Micro:bit will be cheap.

The corporate data leaked in the recent cyber attack on the infamous surveillance software firm Hacking Team has revealed that the Adobe Flash zero-day (CVE-2015-5119) exploit has already been added to several exploit kits.

Security researchers at Trend Micro have discovered evidences of the Adobe Flash zero-day (CVE-2015-5119) exploit being used in a number of exploit kits before the vulnerability was publicly revealed in this week's data breach on the spyware company.

The successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing an attacker to take full control of the affected system.

Adobe Flash Zero-Day Targeted Japan and Korea

According to the researchers, the zero-day exploit, about which the rest of the world got access on Monday, was apparently used in limited cyber attacks on South Korea and Japan.

"In late June, [Trend Micro] learned that a user in Korea was the attempted target of various exploits, including a Flash vulnerability (CVE-2014-0497) discovered last year," Weimin Wu, threat analyst at Trend Micro wrote.

"Traffic logs indicate the user may have received spear-phishing emails with attached documents…contained a URL for the user to visit. This URL led to a site hosted in the United States, which [included] a Flash exploit, detected as SWF_EXPLOYT.YYKI. This particular exploit targets the zero-day Adobe vulnerability that was disclosed during the Hacking Team leak."

The zero-day exploit downloads a Trojan on the target victim's computer, which further downloads several other malicious payloads on the infected system.

Researchers say the zero-day exploit code they came across was very similar to the exploit code revealed as part of the Hacking Team data breach. This simply means the attack was conducted by someone with the access to the tools and services offered by Hacking Team.

However, Adobe has released a patch to address this Adobe Flash zero-day (CVE-2015-5119) vulnerability, thereby advising users to install the update as soon as possible.

The mysterious security vulnerability in the widely used OpenSSL code library is neither HeartBleed nor FREAK, but it’s critical enough to be patched by sysadmins without any delay.

OpenSSL Foundation released the promised patch against a high severity vulnerability in OpenSSL versions 1.0.1n and 1.0.2b, resolving a certificate forgery issue in the implementations of the crypto protocol.

The critical vulnerability could allow man-in-the-middle attackers to impersonate cryptographically protected websites, virtual private networks, or e-mail servers, and snoop on encrypted Internet traffic.

The vulnerability, (CVE-2015-1793), is due to a problem lies in the certificate verification process. An error in its implementation skipped some security checks on new, untrusted certificates.

By exploiting this vulnerability, an attacker could circumvent certificate warnings that enable them to force applications into treating an invalid certificate as a legitimate Certificate Authority.

"An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed," an advisory by OpenSSL explains, "such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate."

This problem impacts any end-user application that verifies certificates including Transport Layer Security (TLS) or Secure Sockets Layer (SSL) or DTLS clients and SSL/TLS/DTLS servers using client authentication.

This security issue was discovered by Adam Langley and David Benjamin of Google BoringSSL, Google's own version of the OpenSSL toolkit. The developers reported the flaw to OpenSSL on 24 June and then submitted a fix to address the issue.

The security flaw affects OpenSSL versions 1.0.1n, 1.0.2b, 1.0.2c, and 1.0.1o. So we recommend users of OpenSSL version 1.0.2b/1.0.2c to upgrade their system to version 1.0.2d and users of OpenSSL version 1.0.1n/1.0.1o to upgrade to version 1.0.1p.