China issues warning to e-commerce platforms over the illegal sale of VPNs

Chinese authorities have issued a warning to the country's top e-commerce platforms, including Alibaba Holding Group Ltd's Taobao.com, over the sale of illegal virtual private networks that allow users to skirt state censorship controls.

Five websites have been asked to carry out immediate "self-examination and correction" to remove vendors that sell illegal virtual private networks (VPNs), according to a notice posted by the Zhejiang provincial branch of the Cyberspace Administration of China (CAC), China's top cyber regulator.

Some of them were ordered to halt new user registrations, suspend services and punish accountable staff.

"The (CAC) has ordered these five sites to immediately carry out a comprehensive clean-up of harmful information, close corresponding illegal accounts ... and submit a rectification report by a deadline," the regulator said on Thursday.

This is the latest in a series of measures taken by China to secure the internet and maintain strict control over content. Surveillance is being further tightened ahead of the 19th National Congress of the Communist Party later this year when global attention will be on news from the world's No.2 economy.

Recently, China said it was investigating its top social media sites, including WeChat and Weibo, for failing to comply with cyber laws. It has already taken down popular celebrity gossip social media accounts and extended restrictions on what news can be produced and distributed by online platforms.

This is in addition to its campaign to remove VPN apps.

Regulators have clamped down on dozens of local VPNs and ordered Apple Inc and other app stores to remove foreign VPN apps that allow users to access foreign websites censored by the government.

China has also passed laws, which will come into effect from early 2018, that require telecommunications providers and tech firms to play a greater role in removing VPNs.

On Chinese online marketplaces, including the country's largest e-commerce site Taobao, vendors sell a range of tools to set up personalised VPNs that are harder to track and block than some other services.

"Taobao forbids the listing or sale of any products that are forbidden by applicable law. We screen and remove product listings from third-party sellers which violate our marketplace rules," an Alibaba spokeswoman said, referring to the products mentioned in the regulator's notice.

Other sites named in the notice include women-focused social shopping network Mogujie and entertainment platforms Xiami and Peiyinxiu. The notice did not specify the date of the deadline by which the sites have to complete the rectifications.

Acer launches Predator Helios 300 with GTX 1060 and 16 GB RAM in India for Rs 1,29,999

Taiwanese electronics giant Acer on Thursday launched the 15.6-inch Full-HD gaming laptop, Predator Helios 300, in India that will be available at a starting price of Rs 1,29,999 on Flipkart from Friday.

Representational Image. Acer

The two variants of the laptop feature overclockable NVIDIA GeForce GTX 1060 and 1050Ti GPU graphic cards combined with 7th Generation Intel Core i7 (7700HQ) and i5 processor (7300HQ), respectively, for high performance.

"Predator Helios 300 combines innovative design and unbeatable features that are sure to delight the gaming enthusiasts," Chandrahas Panigrahi, CMO and Consumer Business Head, Acer India, told the media, adding that Predator will be a brand to beat in the Indian gaming market.

The laptop comes with 16 GB RAM which is upgradable up to 32 GB, 256 GB SATA Solid State Drive (SSD) and 1 TB HDD for storage.

In terms of design, the laptop has matte black chassis, red accents and red backlit keyboard. To keep the device from heating, it is equipped with AeroBlade 3D Fan.

The device is equipped with "PredatorSense" software which provides real-time system information and overclocking enabling gamers to monitor and control the system's vitals from one central interface.

It uses Dolby Audio Premium and Acer TrueHarmony technology to deliver crisp sound.

The Predator Helios 300 provides connectivity options via a USB 3.1 Type-C port, a USB 3.0 port, two USB 2.0 ports, and an HDMI 2.0 port.

Sectoon 27

Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back

On Wednesday, encrypted email provider ProtonMail claimed it had hacked someone who was impersonating its service in phishing emails, and the company then swiftly deleted the tweet. Early Wednesday morning, the security researcher known as x0rz tweeted out a series of screenshots allegedly showing someone sending emails that directed targets to a fake ProtonMail login screen. "You have an overdue invoice," the message read. In response, ProtonMail said it had taken action. "We also hacked the phishing site so the link is down now," ProtonMail tweeted. 
Depending on the context and what exactly the retaliating organization did, hacking back can be illegal. Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation. A recently proposed bill would attempt to legalize the practice. ProtonMail swiftly deleted its tweet, but not before x0rz could grab and subsequently tweet a screenshot. x0rz then deleted his own tweet at the request of ProtonMail.

CISCO ANYCONNECT SECURE MOBILITY CLIENT WEBLAUNCH CROSS SITE SCRIPTING

A vulnerability has been found in Cisco AnyConnect Secure Mobility Client (the affected version is unknown) and classified as critical. This vulnerability affects the function WebLaunch. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-80. As an impact it is known to affect integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.

The weakness was shared 08/16/2017 by Cisco as cisco-sa-20170816-caw as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2017-6788. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 08/17/2017).

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1039190).

CVSSv3

VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C
VulDB Reliability: High

Vendor Base Score (Cisco): 6.1
Vendor Vector (Cisco): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X

CVSSv2

Vector	Complexity	Authentication	Confidentiality	Integrity	Availability
Local	High	Multiple	None	None	None
Adjacent	Medium	Single	Partial	Partial	Partial
Network	Low	None	Complete	Complete	Complete

VulDB Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
VulDB Temp Score: 3.7 (CVSS2#E:ND/RL:OF/RC:C)
VulDB Reliability: High

CPE

• cpe:/a:cisco:anyconnect_secure_mobility_client

Exploiting

Class: Cross site scripting (CWE-80)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation: 

0-Day	$0-$5k	$5k-$25k	$25k-$100k	$100k-$500k
Today	$0-$5k	$5k-$25k	$25k-$100k	$100k-$500k

Countermeasures

Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found

Timeline

08/16/2017   Advisory disclosed
08/17/2017  +1 days VulDB entry created
08/17/2017  +0 days SecurityTracker entry created
08/17/2017  +0 days VulDB last update

Sources

Advisory: cisco-sa-20170816-caw
Researcher: Cisco
Status: Confirmed

CVE: CVE-2017-6788 (mitre.org) (nvd.nist.org) (cvedetails.com)

The FBI has only one witness in the case of Russian hacker attacks

US investigators have at the moment only one witness in a case of alleged attacks by Russia on US Democratic Party servers during last year's presidential election campaign. He wrote the New York Times. The aim of the hacker attack was, according to the FBI, to get information disadvantaging Hillary Clinton in the election campaign against Donald Trumpe. Russian interference now, apart from the FBI, is being investigated by four US Congress committees.

The only known witness that the FBI now has available to him is, a certain Ukrainian hacker. A man who uses the nickname Profexer and whose real name is not known lives in Kiev under police control but is not arrested. He himself said the Ukrainian police officers had signed up.

There is no evidence that Profexer, at least consciously, worked for the Russian secret service. I created malware, malicious software, but obviously Moscow used it. The case, according to investigators, throws a new light on the case of Russian interference and the technique of work of Russian intelligence services in the cyber war with the USA and Europe.

Free hacker community

In Russia, there seems to be no compact team of government employees who write off assault programs during their regular working hours in Moscow or St. Petersburg. It's more about a free community that uses programming skills and hacking tools wherever they come across.

In Ukraine, the allegedly rooted hacker group Fancy Bear, considered to be an ally of the Russian government. According to US intelligence, it is associated with Russian army intelligence. Fancy Bear, along with another group called Cozy Bear, is accused of participating in an attack against US Democrats. Fancy Bear and Cozy Bear work more like organizational and financial centers, specific programming work done by private outsiders, often with a criminal history, states the American Letter.

However, specific evidence is missing. That is why the investigators turn to Ukraine, which Russia has used for years as a laboratory of political and hacker operations. Getting the first witness right there is no surprise.

Mother horrified when she realizes her eight-year-old daughters' bedroom was being livestreamed

A woman has banned her children from using the internet after she discovered that her eight-year-old daughters' bedroom was being livestreamed to the world.

The mother - from Houston, Texas - said she feels like she's 'failed' to protect her children after realizing that people were watching them 'in their home, dressing, sleeping, playing'. 

Her children had been playing a game and, when they were prompted to connect to a server so they could play with friends, accidentally connected to an unprotected one. 

The woman - who gave her name only as Jennifer when speaking she, told by security experts that hackers probably got the family's internet address from one of her daughter's iPads and then gained access to their house webcam system.

She only found out about the intrusion when another mother - 2,000 miles away in Oregon - inadvertently stumbled upon a livestream of Jennifer's daughter after downloading a free app. 

That woman - Shelby Ivie - then made a public Facebook post to try and find out who the little girl was as a way of warning her parents. 

She said: 'I was in tears, thinking of the violation [Jennifer] must feel'.

The stream had been live since July 27 and been seen by hundreds of people at least. 

Jennifer was horrified when she learned of the numbers, explaining: 'They had [571] likes - so I know for a fact 571 people have been staring at my kids, probably more.'

Now her children are forbidden from going online because Jennifer is unwilling to 'chance it again'. 

She warns parents to keep an eye on their children's online activities.