These days Xiaomi, this hyped-up China phone maker, held the first on the net sales with the new Xiaomi Mi3 Smartphone along with the smart MITV, and the two devices had sold outs in merely over 60 seconds or so.

This Free Tool Can Tell If Hacking Team’s Exploits Crawled Into Your System

This week, IT security software firm Rook Security released a free tool that can sniff out malware leaked from Milan's Hacking Team, a clandestine group that sells surveillance and malignant software to governments, law enforcement and other private clients worldwide.

Ironically, the Italian firm that helps governments spy on citizens itself fell victim to a cyberattack earlier this month that spilled 400GB’s worth of data into the wild. 

See also: As Its Enemies Grow, Flash's Days Are Numbered

The attackers, who may have been ex-employees, released torrent files that span internal documents, source code, and emails with detailed customer information. Rook created its Milano tool to specifically sniff out the Hacking Team's exploits, and reign in threat that's now out in the open. 

Why Stockpiling Malware Is A Bad Idea

“This breach has been very unique in nature and challenging for security technology vendors to obtain code samples to create signatures and patches, thereby leaving scores of systems potentially vulnerable to nefarious actors seeking to weaponize Hacking Team’s once proprietary tools,” said J.J. Thompson, CEO of Rook, in a press statement.

Rook has been working with the Federal Bureau of Investigations, specifically its Cyber Task Force in Indianapolis, to zero in on the HackingTeam’s exploits.

The firm's new tool, called “Milano,” digs into target systems, performing either a quick scan in a few seconds or a more comprehensive inspection taking up to an hour. The software hunts for “hashes" (files) connected to the Italian company's attack.

More than Hacking Team’s own confidential information is at stake. Over the course of its work, the company unearthed security holes in technologies ranging from Adobe to Facebook, and many others. Both companies patched the holes to the affected Flash plugin and Oquery tool, respectively.

Hacking Team had discovered or had been working on a variety of exploits for everything from software to online services to drone-based Wi-Fi surveillance tools. It often took advantage of "zero-day” vulnerabilities, which are holes that the vendors don’t even know they have. When zero-day attacks go out, they often do damage before companies even know what hit them. 

What You Can Do About It

The reach of the group’s stash of work could be extensive, affecting developers and other partners, as well as users on a global basis. 

Rook said it moved swiftly to respond to the threat. “After our Intelligence Team quickly deduced how the leaked code could be weaponized and used for harm, we immediately put a team in place to identify, analyze, and detect malicious files located in this data,” said Thompson. 

The Milano download is available for download on this page. More from Rook about the tool, including a technical overview, can be found here

Lead photo courtesy of Shutterstock



from ReadWrite http://ift.tt/1CTJmsv
via