Cyberattack Leaves Millions Without Mobile Phone Service in Venezuela

A massive cyberattack that took down government websites in Venezuela earlier this week also has left seven million mobile phone users without service, the government said Thursday.

A group that calls itself The Binary Guardians claimed responsibility for attacks that targeted the websites of the government, the supreme court and the National Assembly.

read more

Source

Wikileaks – CIA CouchPotato remote tool can stealthy collect RTSP/H.264 video streams

WikiLeaks has published another Vault 7 leak, revealing the CIA tool CouchPotato that allows operators to remotely spy on video streams in real-time. “Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the […]

The post Wikileaks – CIA CouchPotato remote tool can stealthy collect RTSP/H.264 video streams appeared first on Security Affairs.

WikiLeaks has published another Vault 7 leak, revealing the CIA tool CouchPotato that allows operators to remotely spy on video streams in real-time.

“Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.” states Wikipedia.

The document leaked from the CIA details how the tool could be used by cyber spies to remotely capture RTSP/H.264 video streams.

The Real Time Streaming Protocol ( RTSP), is a network control protocol designed for controlling streaming media servers.

“CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. CouchPotato utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity.” reads the user guide. “In order to minimize size of the DLL binary, many of the audio and video codecs along with other unnecessary features have been removed from the version of ffmpeg that CouchPotato is built with. pHash, an image hashing algorithm, has been incorporated into ffmpeg’s image2 demuxer to provide image change detection capabilities. CouchPotato relies on being launched in an ICE v3 Fire and Collectcompatible loader.” 

CouchPotato

The CouchPotato tool utilizes FFmpeg for video and image encoding and decoding and Real Time Streaming Protocol connectivity.

The CouchPotato tool is hard to detect, it supports the file-less ICE v3 “Fire and Collect” loader, which is an in-memory code execution (ICE) technique.

The documents don’t include details on how the CIA operators compromise the target systems. It is likely the CouchPotato tool needs to be used in conjunction with other hacking tools to penetrate the targeted systems.

Below the list of release published by Wikileaks since March:

Pierluigi Paganini

(Security Affairs –  Wikileaks, CouchPotato tool)

The post Wikileaks – CIA CouchPotato remote tool can stealthy collect RTSP/H.264 video streams appeared first on Security Affairs.

Source

Open Source Threat Intel: GOSINT

It’s our pleasure to announce the public availability of GOSINT – the open source intelligence gathering and processing framework. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you are applying research […]

Source

WannaCry-killer Marcus Hutchins released on bail after Feds accused him of crafting malware

He admitted writing software nasty code, prosecutors claim

Marcus Hutchins, the WannaCry killer and now suspected malware seller, has had his initial court hearing and won’t be getting out of jail free, after a Las Vegas court set his bail at $30,000. Handing $3,000 to a bail bondsman will see him able to leave jail.…

Source

Roughly 175,000 Chinese Internet Connected security cameras can be easily hacked

An estimated 175,000 Internet of Things (IoT) connected security cameras manufactured by Shenzhen Neo Electronics are vulnerable to cyber attacks. According to a new report from security provider Bitdefender, roughly 175,000 connected security cameras are vulnerable to cyber attacks. The vulnerable cameras are manufactured by the Chinese company Shenzhen Neo Electronics that offers surveillance and security solutions, […]

The post Roughly 175,000 Chinese Internet Connected security cameras can be easily hacked appeared first on Security Affairs.

An estimated 175,000 Internet of Things (IoT) connected security cameras manufactured by Shenzhen Neo Electronics are vulnerable to cyber attacks.

According to a new report from security provider Bitdefender, roughly 175,000 connected security cameras are vulnerable to cyber attacks.

The vulnerable cameras are manufactured by the Chinese company Shenzhen Neo Electronics that offers surveillance and security solutions, including IP cameras, sensors and alarms.

The experts discovered several buffer overflow vulnerabilities in two models of cameras manufactured by the company, the iDoorbell and the NIP-22 models.

iDoorbell security cameras

The researchers believe that other models commercialized by the Chinese company are vulnerable because they use the same firmware.

“Several buffer overflow vulnerabilities (some before authentication) are present in the two cameras studied, the iDoorbell model and NIP-22 model, but we suspect that all cameras sold by the company use the same software and are thus vulnerable.” reads the report published by BitDefender. “These vulnerabilities could allow, under certain conditions, remote code execution on the device. This type of
vulnerabilities is also present on the gateway which controls the sensors and alarms.”

The security cameras use UPnP (Universal Plug and Play) to automatically open ports in the router’s firewall to allow the access from the Internet. Querying the Shodan search engine for vulnerable devices the researchers discovered between 100,000 and 140,000 vulnerable devices worldwide.

Internet. We found between 100,000 and 140,000 devices when searching for the HTTP web server, and a similar number when searching for the RTSP server (both vulnerable). These are not necessarily the same devices, as some have only one service forwarded. We estimate that the real number of unique devices is around 175,000.” continues the report.

The experts noticed that both security camera models are vulnerable to two different cyber attacks, one that affects the web server service running on cameras and another that affects the RSTP (Real Time Streaming Protocol) server.

Researchers demomstrated that was quite easy to exploit the flaws in the security cameras, anyone can hack access the livestream by simply logging in with default credentials (i.e. “user,” “user,” and “guest,” “guest”).

The researchers also discovered a buffer overflow vulnerability that could be exploited to take control of the cameras remotely.

Shenzhen Neo did not comment the discovery.

Pierluigi Paganini

(Security Affairs – security cameras, IoT)

The post Roughly 175,000 Chinese Internet Connected security cameras can be easily hacked appeared first on Security Affairs.

Source