FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associated with various local government services such as utilities, building permits, and business licenses.
In October 2017, Superion released a statement confirming suspicious activity had affected a small number of customers. In mid-June 2018, numerous media reports referenced at least seven Click2Gov customers that were possibly affected by this campaign.
On June 15, 2018, Superion released a statement describing their proactive notification to affected customers,
A little-known Windows feature will create a file that stores text extracted from all the emails and plaintext-files found on your PC, which sometimes may reveal passwords or private conversations.
If the security incident had taken place after GDPR came into play, the fine may have been far higher.
Equifax has been issued a £500,000 fine after a catastrophic data breach in 2017 led to the compromise of data belonging to up to 15 million UK citizens.
The credit monitoring service experienced a data breach last year in which 146 million records were stolen. Customers worldwide were affected, with the majority living in the United States.
The information exposed due to lax security practices included names, dates of birth, addresses, phone numbers, driver’s license details, Social Security numbers, and credit card data.
The malicious credit card stealing MageCart script behind the British Airlines and Feedify breaches have struck again, but this time against Newegg, one of the largest online technology retailers.
Two reports released today by RisqIQ and Volexity detail how the MageCart script has been injected into the Newegg site for a little over a month while quietly stealing customer’s payment information.
According to the reports, the attackers created a domain called neweggstats.com on August 13th. This domain was used as a drop site that collected credit card details stolen from Newegg’s site. Veloxity further stated that the attacks then went live on Newegg’s site around August 16th.
As Newegg is one of the largest online retailers of technology components, computers, and hardware, the amount of victims affected by this breach can be quite large.
“With the size of the business evaluated at $2.65 billion in 2016, Newegg is an extremely popular retailer,” security researcher Yonathan Klijnsma stated in RiskIQ blog post about this attack. “Alexa shows that Newegg has the 161st most popular site in the U.S. and Similarweb, which also gathers information on site visits, estimates Newegg receives over 50 million visitors a month.
While the dust is settling on the British Airways compromise, the Magecart actor behind it has not stopped their work, hitting yet another large merchant: Newegg.
That’s it – I’m calling it – extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from “barely there” to “as good as non-existent”. This change has come via a combination of factors including increasing use of mobile devices, removal of the EV visual indicator by browser vendors and as of today, removal from Safari on iOS (it’ll also be gone in Mac OS Mojave when it lands next week)
A report released today about the activity of Pegasus spyware presents evidence of the tool’s use outside the ethical boundaries publicized by its maker.
Pegasus is a known spyware tool developed by Israel-based company NSO Group. It falls into the category of surveillance tools “that are licensed to legitimate government agencies for the sole purpose of investigating crime and terror.”
The spyware has been the topic of many discussions over the years, mainly because it was found targeting journalists, lawyers and human rights activists considered a threat by the government of their country.
The entire Bitcoin infrastructure has been issued with a stern warning: update Bitcoin Core software or risk having the whole thing collapse. Until now, Bitcoin miners could have brought down the entire blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack.
“A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.”
As far as the attack vector in question goes, there’s a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it.
The bug relates to its consensus code.
only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.
China is building a digital dictatorship to exert control over its 1.4 billion citizens. For some, “social credit” will bring privileges — for others, punishment.
A vast network of 200 million CCTV cameras across China ensures there’s no dark corner in which to hide.
Every step she takes, every one of her actions big or small — even what she thinks — can be tracked and judged.
Wat may sound like a dystopian vision of the future is already happening in China. And it’s making and breaking lives.
The Communist Party calls it “social credit” and says it will be fully operational by 2020.
Within years, an official Party outline claims, it will “allow the trustworthy to roam freely under heaven while making it hard for the discredited to take a single step”.
The IRS 1075 publication lays out a framework of compliance regulations to ensure federal tax information, or FTI, is treated with adequate security provisioning to protect its confidentiality. This may sound simple enough but IRS 1075 puts forth a complex set of managerial, operational and technical security controls you must continuously follow in order to maintain ongoing compliance.
Any organization or agency that receives FTI needs to prove that they’re protecting that data properly with IRS 1075 compliance.
Pixabay
Barely one week of parliamentary sitting days after the date for comment ended, the Federal Government’s party room has endorsed the contentious encryption bill and it could be introduced into the House of Representatives as early as Thursday.
“That is to say that once you undermine the fundamental principle of encryption then Australia’s cyber security capabilities will be permanently diminished,” the spokesperson added.
According to the draft, telecommunications and Internet companies and makers of digital devices will face fines of up to $10 million if they do not help law enforcement agencies gain access to data needed for investigating terrorism offences.
Individuals will face fines of up to $50,000.
Companies will be initially requested to co-operate with law enforcement; if they do not, the pressure will be stepped up to force them to help.
First, there will be a “technical assistance request” that allows voluntary help by a company. The staff of the company will be given civil immunity from prosecution.
Botnets mounting credential-stuffing attacks against the financial industry are on the rise, with a more than 20-percent uptick in a two-month period, a new report from Akamai has found.
Bad actors from the United States, Russia and Vietnam are using credential stuffing attacks to try to compromise financial services firms, Akamai says in its latest State of the Internet report.
Catalin Cimpanu / ZDNet:
China-based Huazhu Hotels Group says hacker who was selling 1.415GB data on millions of its guests and tried to blackmail the chain, has been arrested
It seems that Google continues to track where you are even if the location tracking is switched off. Are you thrilled, troubled, or terrified by what the future holds?
Are you worried about erosions to your privacy in this connected age? To be honest, I oscillate back and forth on this issue. I also fear that there’s not much that we can do about it.
The concept of “packing” or “crypting” a malicious program is widely popular among threat actors looking to bypass or defeat analysis by static and dynamic analysis tools. Evasion of classification and detection is an arms race in which new techniques are traded and used in the wild. For example, we observe many crypting services being offered in underground forums by actors who claim to make any malware “FUD” or “Fully Undetectable” by anti-virus technologies, sandboxes and other endpoint solutions. We also see an increased effort to model normal user activity and baseline it as an effective countermeasure to fingerprint malware analysis environments.
NSS Labs has thrown a hand grenade into the always fractious but slightly obscure world of security product testing – by suing multiple vendors as well as an industry standards organisation.
Its lawsuit, filed in California this week against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization (AMTSO), has alleged no less than a conspiracy to cover up deficiencies in security tools.
These vendors not only knew of bugs in their code and failed to act, but they were “actively conspiring to prevent independent testing that uncovers those product deficiencies,” NSS Labs claimed. The lawsuit hopes to illuminate bad practices that harm consumers, Vikram Phatak, chief exec of NSS Labs, claimed in a statement.
The United States is taking off the gloves in the growing, shadowy cyber war waged with China, Russia and other rivals, a top White House official said Thursday.
National Security Advisor John Bolton said the country’s “first fully articulated cyber strategy in 15 years” was now in effect.
The new more aggressive posture follows a decision by President Donald Trump to revoke rules established by his predecessor Barack Obama to require high-level authority for any big military cyber operations.
“Our hands are not tied as they were in the Obama administration,” Bolton said.
“For any nation that’s taking cyber activity against the United States, they should expect… we will respond offensively, as well as defensively,” Bolton said.
“Not every response to a cyber attack would be in the cyber world,” he added.
TOKYO (AP) — Hackers have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from a Japanese digital currency exchange, the operators said Thursday.
Tech Bureau Corp. said a server for its Zaif exchange was hacked for two hours last week, and some digital currencies got unlawfully relayed from what’s called a “hot wallet,” or where virtual coins are stored at such exchanges.
Shanghai police have arrested a man in connection with a data leak at NASDAQ-listed Chinese hotelier Huazhu Group after the suspect failed to sell the information online.
The 30-year-old suspect had hacked and stolen user data from hotels under Huazhu Group and tried to sell it on overseas websites, the police said in a statement late Wednesday.
Huazhu, one of China’s biggest hoteliers and the local partner of France-based AccorHotels, had alerted police to reports in August that the company’s internal data was being sold online.
Huazhu Group said in a statement to the New York stock exchange on Monday that “the suspect also attempted to blackmail Huazhu by leveraging public pressure, without success”.
The potentially-leaked data included guest membership information, personal IDs, check-in records, guest names, mobile numbers and emails.
The U.S. Department of Defense this week released its 2018 cyber strategy, which outlines how the organization plans on implementing the country’s national security and defense strategies in cyberspace.
The new cyber strategy, which supersedes the 2015 strategy, focuses on the competition with China and Russia, but it also mentions other actors, such as North Korea and Iran. The DoD says China has been “eroding U.S. military overmatch and the Nation’s economic vitality” by stealing information, while Russia has used cyber operations to influence elections.
Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.
Up until December 1, 2017, when it filed for bankruptcy, NCIX was a privately-held company in Canada in the business of selling computer hardware and software.
Josh Taylor / BuzzFeed:
Australian Minister for Home Affairs Peter Dutton accused of rushing legislation through parliament that tech companies say would weaken encryption
The legislation was introduced into parliament just 10 days after consultation ended, and not all submissions have been made public.
Home affairs minister Peter Dutton has been accused of rushing legislation that tech companies say could have the effect of weakening encryption, privacy and security of all Australians.
The legislation if passed would force tech companies to: remove protections on devices, give law enforcement agencies the design specs of their devices, install software on a device when asked, provide access to devices, and help agencies build their own systems.
The companies that would be most affected by the legislation, including Wickr, Facebook, Google and Amazon had all raised alarms that the requirements for companies to allow law enforcement agencies to exploit weaknesses in encryption to investigate serious crimes could also have the effect in creating vulnerability for law-abiding users, who rely on encryption for security and privacy online.
Apple has been advocating for unbreakable encryption and total user privacy for years, even if that put it at odds with governments around the world. That’s not just because it gave it an edge on the competition, forcing rivals to also somewhat embrace encryption and better privacy features, but also because Apple seems to genuinely believe that user data and privacy should be defended at all costs.
Apple just added a new provision to the iTunes Store & Privacy policy that tells users that their devices will receive individual scores based on the number of phone calls they make and the emails they send
The Port of Barcelona was Thursday morning the target of a cyberattack that affected some of its servers and systems, forcing the organization to launch the contingency plan designed specifically for these incidents.
Details about the incident are scarce
a later update on the matter announced that maritime operations had not affected in any way and all ships were operating within regular parameters
Premonitory tweet or what?
In a twist of irony, Port of Barcelona tweeted just two days before the attack that no one is safe from a cyberattack that puts at risk the activity and security of its stakeholders.
Wall Street Journal:
In letter to Congress, Google confirms it continues to allow third-party apps to scan and share data from Gmail accounts, though Google itself stopped doing so
Zack Whittaker / TechCrunch:
Twitter says it fixed a bug that sent some users’ direct messages from their interactions with business accounts to third-party developers, since May 2017
Twitter said that a “bug” sent user’s private direct messages to third-party developers “who were not authorized to receive them.”
“The issue has persisted since May 2017, but we resolved it immediately upon discovering it,” the message said, which was posted on Twitter by a Mashable reporter. “Our investigation into this issue is ongoing, but presently we have no reason to believe that any data sent to unauthorized developers was misused.”
Catalin Cimpanu / ZDNet:
Latvian hacker sentenced to 14 years in prison for creating and running Scan4You service that allowed malware authors to check the detection rates of their code — Ruslan Bondars run a “VirusTotal-for-crooks” operation from 2009 to 2017. — Ruslan Bondars, a 37-year-old man from Latvia …
Ruslan Bondars, a 37-year-old man from Latvia was sentenced to a whopping 14 years in prison for facilitating cybercrime by creating and running a service named Scan4You that allowed malware authors to check the detection rates of their malicious code.
In the infosec industry, Scan4You is what security researchers and malware authors refer to as a “counter-anti-virus” or a “no-distribute-scanner.”
Scan4You works similar to Google’s legitimate VirusTotal web service, in the way that it aggregates scan engines from multiple antivirus vendors and allows a user to check files against multiple antivirus programs at the same time. The only difference is that Scan4You does not allow the antivirus engines to report results back to vendors, keeping malware detections only for itself.
Malware authors have been using services like Scan4You for years as a way to test malware before they launch it into real-world campaigns, fine-tuning their code to avoid detections.
Bondars set up Scan4You on this model in 2009, and it quickly became the most popular service on the market.
Bondars, too, was eventually arrested in May 2017
According to court documents, Scan4You was hosted on Amazon Web Services servers, and malware authors had to pay to get full access to the scanner’s features.
Trend Micro says the hacker was also behind many more other criminal activities.
iPhone, iPad, Apple Watch and Apple TV data is used to see how trustworthy you are, similar to a scenario in the dystopian series Black Mirror
said in an update to its privacy policy that the scores would be determined by tracking the calls and emails made on Apple devices.
In an update to its privacy, Apple said the rating system could be used to help fight fraud, though specific examples of how this would work were not given.
Stephen Hiltner / New York Times:
Defcon attendees say corporate demands, widespread professionalization, and bug bounty programs are reshaping hackers’ attitudes toward privacy and anonymity
Credential stuffing is a growing threat. It is not new, but for many companies it is treated as annoying background noise that can be absorbed by bandwidth, handled by access controls, and ignored. New figures suggest that this is a bad approach.
Credential stuffing typically uses bots to test many hundreds of thousands of stolen credential pairs against fresh targets. It doesn’t afford a high return for the attacker, but it is a low cost, low risk attack that occasionally hits the jackpot. The attacker is relying on users’ habit of reusing the same password across multiple accounts.
It isn’t clear exactly where the credentials come from — but there have been dozens of major breaches, hundreds of minor breaches, and an unknown number of unreported breaches over the last few years — and we know that criminals aggregate stolen databases and sell them on. We are usually told that stolen passwords have been hashed; but since credential stuffing can only happen with plaintext passwords, either some of the databases were never hashed, or that hashing is not as secure against cracking as we would like to believe.
Millions of Twitter Users Affected by Information Exposure Flaw
Twitter has patched a bug that may have caused direct messages to be sent to third-party developers other than the ones users interacted with. The problem existed for well over a year and it impacted millions of users.
According to Twitter, the issue is related to the Account Activity API (AAAPI), which allows developers registered on the social network’s developer program to build tools designed to better support businesses and their customer communications on the platform.
A critical vulnerability recently patched in the Cisco Video Surveillance Manager (VSM) could allow an unauthenticated attacker to log in as root.
The security flaw, Cisco revealed on Friday, impacts only the VSM software running on certain Connected Safety and Security Unified Computing System (UCS) platforms. The issue, the company says, resides in the presence of default, static credentials for the root account
The White House last week announced the release of the 2018 National Cyber Strategy, which outlines the government’s plans for ensuring the security of cyberspace.
Described by officials as the “first fully articulated cyber strategy in 15 years,”
Dave Weinstein, VP of Threat Research at Claroty:
“Most government strategy documents tend to be underwhelming and this one is no different. This isn’t a whole lot of new content or ideas, but rather amplification, clarification, and renewal of previous ones.
The paragraph that stands out to me is the one on the Cyber Deterrence Initiative. Until now we haven’t formally adopted an international approach to deterrence, which includes collaborating on incident response and attribution.
On critical infrastructure, it’s encouraging to see it featured so prominently in the Strategy but the substance is a bit lacking
Dubbed Virobot, the threat not only encrypts files on infected machines, but it also ensnares the system into a spam botnet and leverages it to spread itself to other victims.
First discovered on September 17, 2018, Virobot checks compromised machines for the presence of specific registry keys to determine if the system should be encrypted.
Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched in My Cloud NAS devices for over a year.
This vulnerability allowed anyone to bypass authentication and get administrative access to the router. Once an attacker gains access to a router, they can flash it with customer firmware, change DNS to point users to phishing sites, or perform other malicious activities.
How Park Jin Hyok – charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks – inadvertently blew his cover via email accounts.
The threat landscape is changing once again, now that the ocean of cryptocurrency miners has shrunk to a small lake. Over the last couple months, we’ve seen cybercriminals lean back on tried and true methods of financial theft and extortion, with the rise of a familiar Banking Trojan: Emotet.
Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption.
Within the framework and a few of its plugins, there are a couple of known vulnerabilities that we want to make you aware of. Although patches have been issued, not everyone has implemented them.
Most server administrators will recognize the acronym from this type of error message or report:
SASL attacks usually turn out to be brute force attacks, meaning an automated script or a bot is trying over and over to log into an existing email account on your server, trying many combinations of credentials to find a valid username and password pair. Thankfully, there are some countermeasures you can take against these attacks.
If you have the option to make your server listen on a different port, doing so might make you a less likely target for new attacks.
If the SASL message is from the same IP all the time, block that IP in your firewall.
If the attackers keep coming at you from different IPs, there are software solutions that use machine learning to automatically block any new assailant. One caveat to this solution: Be vigilant about false positives so that you don’t shut out legitimate users, such as remote employees.
SASL is a framework for application protocols, such as SMTP or IMAP, that adds authentication support. It checks whether the user has the proper permissions to use the server in the way they request. It also offers a framework for data integrity–checking and encryption.
Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually installers for keyloggers such as Agent Tesla or Remote Access Trojan (RATs).
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
493 Comments
Tomi Engdahl says:
Click It Up: Targeting Local Government Payment Portals
https://www.fireeye.com/blog/threat-research/2018/09/click-it-up-targeting-local-government-payment-portals.html
FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associated with various local government services such as utilities, building permits, and business licenses.
In October 2017, Superion released a statement confirming suspicious activity had affected a small number of customers. In mid-June 2018, numerous media reports referenced at least seven Click2Gov customers that were possibly affected by this campaign.
On June 15, 2018, Superion released a statement describing their proactive notification to affected customers,
Tomi Engdahl says:
This Windows file may be secretly hoarding your passwords and emails
https://www.zdnet.com/article/this-windows-file-may-be-secretly-hoarding-your-passwords-and-emails/
A little-known Windows feature will create a file that stores text extracted from all the emails and plaintext-files found on your PC, which sometimes may reveal passwords or private conversations.
Tomi Engdahl says:
Equifax fined £500,000 over customer data breach
https://www.zdnet.com/article/equifax-fined-500000-over-customer-data-breach/
If the security incident had taken place after GDPR came into play, the fine may have been far higher.
Equifax has been issued a £500,000 fine after a catastrophic data breach in 2017 led to the compromise of data belonging to up to 15 million UK citizens.
The credit monitoring service experienced a data breach last year in which 146 million records were stolen. Customers worldwide were affected, with the majority living in the United States.
The information exposed due to lax security practices included names, dates of birth, addresses, phone numbers, driver’s license details, Social Security numbers, and credit card data.
Tomi Engdahl says:
Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
https://www.bleepingcomputer.com/news/security/newegg-credit-card-info-stolen-for-a-month-by-injected-magecart-script/
The malicious credit card stealing MageCart script behind the British Airlines and Feedify breaches have struck again, but this time against Newegg, one of the largest online technology retailers.
Two reports released today by RisqIQ and Volexity detail how the MageCart script has been injected into the Newegg site for a little over a month while quietly stealing customer’s payment information.
According to the reports, the attackers created a domain called neweggstats.com on August 13th. This domain was used as a drop site that collected credit card details stolen from Newegg’s site. Veloxity further stated that the attacks then went live on Newegg’s site around August 16th.
As Newegg is one of the largest online retailers of technology components, computers, and hardware, the amount of victims affected by this breach can be quite large.
“With the size of the business evaluated at $2.65 billion in 2016, Newegg is an extremely popular retailer,” security researcher Yonathan Klijnsma stated in RiskIQ blog post about this attack. “Alexa shows that Newegg has the 161st most popular site in the U.S. and Similarweb, which also gathers information on site visits, estimates Newegg receives over 50 million visitors a month.
Another Victim of the Magecart Assault Emerges: Newegg
https://www.riskiq.com/blog/labs/magecart-newegg/
While the dust is settling on the British Airways compromise, the Magecart actor behind it has not stopped their work, hitting yet another large merchant: Newegg.
Tomi Engdahl says:
This Toy Can Open Any Garage
https://www.youtube.com/watch?v=CNodxp9Jy4A
Or almost any garage – it’s particularly good with fixed code gates and garages. Samy proposes other weaknesses with rolling codes.
“Opens the door to other issues..”
Tomi Engdahl says:
They’re Drinking Your Milkshake: CTA’s Joint Analysis on Illicit Cryptocurrency Mining
https://www.cyberthreatalliance.org/joint-analysis-on-illicit-cryptocurrency-mining/
Tomi Engdahl says:
Extended Validation Certificates are Dead
https://www.troyhunt.com/extended-validation-certificates-are-dead/
That’s it – I’m calling it – extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would just love to sell them to you!), but their usefulness has now descended from “barely there” to “as good as non-existent”. This change has come via a combination of factors including increasing use of mobile devices, removal of the EV visual indicator by browser vendors and as of today, removal from Safari on iOS (it’ll also be gone in Mac OS Mojave when it lands next week)
Tomi Engdahl says:
NSO Group Rejects Citizen Lab’s Findings on Pegasus Operations
https://www.bleepingcomputer.com/news/security/nso-group-rejects-citizen-labs-findings-on-pegasus-operations/
A report released today about the activity of Pegasus spyware presents evidence of the tool’s use outside the ethical boundaries publicized by its maker.
Pegasus is a known spyware tool developed by Israel-based company NSO Group. It falls into the category of surveillance tools “that are licensed to legitimate government agencies for the sole purpose of investigating crime and terror.”
The spyware has been the topic of many discussions over the years, mainly because it was found targeting journalists, lawyers and human rights activists considered a threat by the government of their country.
Tomi Engdahl says:
Cybersecurity firm: More Iran hacks as US sanctions loomed
https://apnews.com/88ab2debee36432d8d0498991e9f5768
Tomi Engdahl says:
Crippling DDoS vulnerability put the entire Bitcoin market at risk
This could have been waaaaay worse
https://thenextweb.com/hardfork/2018/09/20/bitcoin-core-vulnerability-blockchain-ddos/
The entire Bitcoin infrastructure has been issued with a stern warning: update Bitcoin Core software or risk having the whole thing collapse. Until now, Bitcoin miners could have brought down the entire blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack.
“A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.”
As far as the attack vector in question goes, there’s a catch: anyone ballsy enough to try to bring down Bitcoin would have to sacrifice almost $80,000 worth of Bitcoin in order do it.
The bug relates to its consensus code.
only those willing to disregard block reward of 12.5BTC ($80,000) could actually do any real damage.
Tomi Engdahl says:
I’m not exaggerating when I say this scares me. It’s like the “Nosedive” episode of Dark Mirror
Leave no dark corner
http://mobile.abc.net.au/news/2018-09-18/china-social-credit-a-model-citizen-in-a-digital-dictatorship/10200278?pfmredir=sm
China is building a digital dictatorship to exert control over its 1.4 billion citizens. For some, “social credit” will bring privileges — for others, punishment.
A vast network of 200 million CCTV cameras across China ensures there’s no dark corner in which to hide.
Every step she takes, every one of her actions big or small — even what she thinks — can be tracked and judged.
Wat may sound like a dystopian vision of the future is already happening in China. And it’s making and breaking lives.
The Communist Party calls it “social credit” and says it will be fully operational by 2020.
Within years, an official Party outline claims, it will “allow the trustworthy to roam freely under heaven while making it hard for the discredited to take a single step”.
Tomi Engdahl says:
Computer System Security Requirements for IRS 1075: What You Need to Know
https://www.tripwire.com/state-of-security/regulatory-compliance/computer-system-security-requirements-for-irs-1075-what-you-need-to-know/
The IRS 1075 publication lays out a framework of compliance regulations to ensure federal tax information, or FTI, is treated with adequate security provisioning to protect its confidentiality. This may sound simple enough but IRS 1075 puts forth a complex set of managerial, operational and technical security controls you must continuously follow in order to maintain ongoing compliance.
Any organization or agency that receives FTI needs to prove that they’re protecting that data properly with IRS 1075 compliance.
Tomi Engdahl says:
Office of the Director of National Intelligence Common Cyber Threat Framework
September 2, 2018
https://publicintelligence.net/odni-cyber-threat-framework/
A Common Cyber Threat Framework: A Foundation for Communication
Tomi Engdahl says:
Encryption bill endorsed by govt party room
https://itwire.com/government-tech-policy/84562-encryption-bill-endorsed-by-govt-party-room.html
Pixabay
Barely one week of parliamentary sitting days after the date for comment ended, the Federal Government’s party room has endorsed the contentious encryption bill and it could be introduced into the House of Representatives as early as Thursday.
“That is to say that once you undermine the fundamental principle of encryption then Australia’s cyber security capabilities will be permanently diminished,” the spokesperson added.
According to the draft, telecommunications and Internet companies and makers of digital devices will face fines of up to $10 million if they do not help law enforcement agencies gain access to data needed for investigating terrorism offences.
Individuals will face fines of up to $50,000.
Companies will be initially requested to co-operate with law enforcement; if they do not, the pressure will be stepped up to force them to help.
First, there will be a “technical assistance request” that allows voluntary help by a company. The staff of the company will be given civil immunity from prosecution.
Tomi Engdahl says:
Report: Financial industry in crosshairs of credential-stuffing botnets
https://securityledger.com/2018/09/report-financial-industry-in-crosshairs-of-credential-stuffing-botnets/
Botnets mounting credential-stuffing attacks against the financial industry are on the rise, with a more than 20-percent uptick in a two-month period, a new report from Akamai has found.
Bad actors from the United States, Russia and Vietnam are using credential stuffing attacks to try to compromise financial services firms, Akamai says in its latest State of the Internet report.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/helvetti-paasee-valloilleen-petteri-jarvinen-uudessa-kirjassaan-yksinkertaiset-iskut-sahkoverkkoon-voisi-lamauttaa-suomen-taysin-6741789
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
China-based Huazhu Hotels Group says hacker who was selling 1.415GB data on millions of its guests and tried to blackmail the chain, has been arrested
Chinese police arrest hacker who sold data of millions of hotel guests on the dark web
https://www.zdnet.com/article/chinese-police-arrest-hacker-who-sold-data-of-millions-of-hotel-guests-on-the-dark-web/
Hacker was selling 141.5GB of data from Huazhu Hotels Group. He also attempted to blackmail the hotel chain to pay for its own data.
Tomi Engdahl says:
Worried About Privacy? 5 Alternatives to Google Maps
https://www.eeweb.com/profile/max-maxfield/articles/if-youre-worried-about-privacy-here-are-five-alternatives-to-google-maps
It seems that Google continues to track where you are even if the location tracking is switched off. Are you thrilled, troubled, or terrified by what the future holds?
Are you worried about erosions to your privacy in this connected age? To be honest, I oscillate back and forth on this issue. I also fear that there’s not much that we can do about it.
Tomi Engdahl says:
Increased Use of a Delphi Packer to Evade Malware Classification
https://www.fireeye.com/blog/threat-research/2018/09/increased-use-of-delphi-packer-to-evade-malware-classification.html
The concept of “packing” or “crypting” a malicious program is widely popular among threat actors looking to bypass or defeat analysis by static and dynamic analysis tools. Evasion of classification and detection is an arms race in which new techniques are traded and used in the wild. For example, we observe many crypting services being offered in underground forums by actors who claim to make any malware “FUD” or “Fully Undetectable” by anti-virus technologies, sandboxes and other endpoint solutions. We also see an increased effort to model normal user activity and baseline it as an effective countermeasure to fingerprint malware analysis environments.
Tomi Engdahl says:
NSS Labs sues antivirus toolmakers, claims they quietly conspire to evade performance tests
Alleges CrowdStrike, Symantec, ESET, Anti-Malware Testing Standards Org collusion
https://www.theregister.co.uk/2018/09/20/security_testing_contratemps/
NSS Labs has thrown a hand grenade into the always fractious but slightly obscure world of security product testing – by suing multiple vendors as well as an industry standards organisation.
Its lawsuit, filed in California this week against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization (AMTSO), has alleged no less than a conspiracy to cover up deficiencies in security tools.
These vendors not only knew of bugs in their code and failed to act, but they were “actively conspiring to prevent independent testing that uncovers those product deficiencies,” NSS Labs claimed. The lawsuit hopes to illuminate bad practices that harm consumers, Vikram Phatak, chief exec of NSS Labs, claimed in a statement.
NSS Labs vs. CrowdStrike, Symantec, ESET and the Anti-Malware Testing Standards Organization
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Advancing Transparency and Accountability in the Cybersecurity Industry
Tomi Engdahl says:
https://www.poliisi.fi/helsinki/tiedotteet/1/0/poliisi_varoittaa_tietokoneelle_ilmestyva_kiristysviesti_ei_ole_viranomaisilta_maksa_200_euroa_tai_saat_syytteen_pornon_levittamisesta_74348
Tomi Engdahl says:
U.S. Takes Off the Gloves in Global Cyber Wars: Top Oficials
https://www.securityweek.com/us-takes-gloves-global-cyber-wars-top-oficials
The United States is taking off the gloves in the growing, shadowy cyber war waged with China, Russia and other rivals, a top White House official said Thursday.
National Security Advisor John Bolton said the country’s “first fully articulated cyber strategy in 15 years” was now in effect.
The new more aggressive posture follows a decision by President Donald Trump to revoke rules established by his predecessor Barack Obama to require high-level authority for any big military cyber operations.
“Our hands are not tied as they were in the Obama administration,” Bolton said.
“For any nation that’s taking cyber activity against the United States, they should expect… we will respond offensively, as well as defensively,” Bolton said.
“Not every response to a cyber attack would be in the cyber world,” he added.
Tomi Engdahl says:
Japan Digital Currency Exchange Hacked, Losing $60 Million
https://www.securityweek.com/japan-digital-currency-exchange-hacked-losing-60-million
TOKYO (AP) — Hackers have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from a Japanese digital currency exchange, the operators said Thursday.
Tech Bureau Corp. said a server for its Zaif exchange was hacked for two hours last week, and some digital currencies got unlawfully relayed from what’s called a “hot wallet,” or where virtual coins are stored at such exchanges.
Tomi Engdahl says:
China Arrests Suspect for Customer Data Leak at Accor Partner
https://www.securityweek.com/china-arrests-suspect-customer-data-leak-accor-partner
Shanghai police have arrested a man in connection with a data leak at NASDAQ-listed Chinese hotelier Huazhu Group after the suspect failed to sell the information online.
The 30-year-old suspect had hacked and stolen user data from hotels under Huazhu Group and tried to sell it on overseas websites, the police said in a statement late Wednesday.
Huazhu, one of China’s biggest hoteliers and the local partner of France-based AccorHotels, had alerted police to reports in August that the company’s internal data was being sold online.
Huazhu Group said in a statement to the New York stock exchange on Monday that “the suspect also attempted to blackmail Huazhu by leveraging public pressure, without success”.
The potentially-leaked data included guest membership information, personal IDs, check-in records, guest names, mobile numbers and emails.
Tomi Engdahl says:
Department of Defense Releases New Cyber Strategy
https://www.securityweek.com/department-defense-releases-new-cyber-strategy
The U.S. Department of Defense this week released its 2018 cyber strategy, which outlines how the organization plans on implementing the country’s national security and defense strategies in cyberspace.
The new cyber strategy, which supersedes the 2015 strategy, focuses on the competition with China and Russia, but it also mentions other actors, such as North Korea and Iran. The DoD says China has been “eroding U.S. military overmatch and the Nation’s economic vitality” by stealing information, while Russia has used cyber operations to influence elections.
Tomi Engdahl says:
Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist
https://www.bleepingcomputer.com/news/security/unwiped-drives-and-servers-from-ncix-retailer-for-sale-on-craigslist/
Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.
Up until December 1, 2017, when it filed for bankruptcy, NCIX was a privately-held company in Canada in the business of selling computer hardware and software.
Tomi Engdahl says:
COI for SingHealth cyberattack: IT gaps, staff missteps contributed to incident, says Solicitor-General
Read more at https://www.channelnewsasia.com/news/singapore/singhealth-cyberattack-committee-inquiry-staff-hack-10744182
Tomi Engdahl says:
Scottish brewery recovers from ransomware attack
Trouble ferments after hackers lock system and Arran with it
https://www.theregister.co.uk/2018/09/21/arran_brewery_ransomware/
Tomi Engdahl says:
Josh Taylor / BuzzFeed:
Australian Minister for Home Affairs Peter Dutton accused of rushing legislation through parliament that tech companies say would weaken encryption
While Everyone Was Distracted By Strawberries, Peter Dutton Introduced Laws To Snoop On Your Private Chats
https://www.buzzfeed.com/joshtaylor/while-everyone-was-distracted-by-strawberries-peter-dutton
The legislation was introduced into parliament just 10 days after consultation ended, and not all submissions have been made public.
Home affairs minister Peter Dutton has been accused of rushing legislation that tech companies say could have the effect of weakening encryption, privacy and security of all Australians.
The legislation if passed would force tech companies to: remove protections on devices, give law enforcement agencies the design specs of their devices, install software on a device when asked, provide access to devices, and help agencies build their own systems.
The companies that would be most affected by the legislation, including Wickr, Facebook, Google and Amazon had all raised alarms that the requirements for companies to allow law enforcement agencies to exploit weaknesses in encryption to investigate serious crimes could also have the effect in creating vulnerability for law-abiding users, who rely on encryption for security and privacy online.
Tomi Engdahl says:
Apple says it’s tracking your calls and emails to ‘prevent fraud’
https://nypost.com/2018/09/20/apple-says-its-tracking-your-calls-and-emails-to-prevent-fraud/
Apple has been advocating for unbreakable encryption and total user privacy for years, even if that put it at odds with governments around the world. That’s not just because it gave it an edge on the competition, forcing rivals to also somewhat embrace encryption and better privacy features, but also because Apple seems to genuinely believe that user data and privacy should be defended at all costs.
Apple just added a new provision to the iTunes Store & Privacy policy that tells users that their devices will receive individual scores based on the number of phone calls they make and the emails they send
Tomi Engdahl says:
Port of Barcelona Suffers Cyberattack
https://www.bleepingcomputer.com/news/security/port-of-barcelona-suffers-cyberattack/
The Port of Barcelona was Thursday morning the target of a cyberattack that affected some of its servers and systems, forcing the organization to launch the contingency plan designed specifically for these incidents.
Details about the incident are scarce
a later update on the matter announced that maritime operations had not affected in any way and all ships were operating within regular parameters
Premonitory tweet or what?
In a twist of irony, Port of Barcelona tweeted just two days before the attack that no one is safe from a cyberattack that puts at risk the activity and security of its stakeholders.
Tomi Engdahl says:
Wall Street Journal:
In letter to Congress, Google confirms it continues to allow third-party apps to scan and share data from Gmail accounts, though Google itself stopped doing so
Google Says It Continues to Allow Apps to Scan Data From Gmail Accounts
Lawmakers had asked company to explain policy in wake of WSJ report
https://www.wsj.com/articles/google-says-it-continues-to-allow-apps-to-scan-data-from-gmail-accounts-1537459989?redirect=amp#click=https://t.co/0KcLZqrgOK
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Twitter says it fixed a bug that sent some users’ direct messages from their interactions with business accounts to third-party developers, since May 2017
Twitter says bug may have exposed some direct messages to third-party developers
https://techcrunch.com/2018/09/21/twitter-bug-sent-user-direct-messages-to-developers-for-over-a-year/
Twitter said that a “bug” sent user’s private direct messages to third-party developers “who were not authorized to receive them.”
“The issue has persisted since May 2017, but we resolved it immediately upon discovering it,” the message said, which was posted on Twitter by a Mashable reporter. “Our investigation into this issue is ongoing, but presently we have no reason to believe that any data sent to unauthorized developers was misused.”
https://twitter.com/karissabe/status/1043204939026071552
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Latvian hacker sentenced to 14 years in prison for creating and running Scan4You service that allowed malware authors to check the detection rates of their code — Ruslan Bondars run a “VirusTotal-for-crooks” operation from 2009 to 2017. — Ruslan Bondars, a 37-year-old man from Latvia …
Hacker gets a whopping 14 years in prison for running Scan4You service
Ruslan Bondars run a “VirusTotal-for-crooks” operation from 2009 to 2017
https://www.zdnet.com/article/hacker-gets-a-whopping-14-years-in-prison-for-running-scan4you-service/
Ruslan Bondars, a 37-year-old man from Latvia was sentenced to a whopping 14 years in prison for facilitating cybercrime by creating and running a service named Scan4You that allowed malware authors to check the detection rates of their malicious code.
In the infosec industry, Scan4You is what security researchers and malware authors refer to as a “counter-anti-virus” or a “no-distribute-scanner.”
Scan4You works similar to Google’s legitimate VirusTotal web service, in the way that it aggregates scan engines from multiple antivirus vendors and allows a user to check files against multiple antivirus programs at the same time. The only difference is that Scan4You does not allow the antivirus engines to report results back to vendors, keeping malware detections only for itself.
Malware authors have been using services like Scan4You for years as a way to test malware before they launch it into real-world campaigns, fine-tuning their code to avoid detections.
Bondars set up Scan4You on this model in 2009, and it quickly became the most popular service on the market.
Bondars, too, was eventually arrested in May 2017
According to court documents, Scan4You was hosted on Amazon Web Services servers, and malware authors had to pay to get full access to the scanner’s features.
Trend Micro says the hacker was also behind many more other criminal activities.
Tomi Engdahl says:
Specops Software:
Office 365 is a prime target for login attacks — Global survey reveals low adoption of O365 multi-factor authentication (MFA), even though it prevents phishing, and some of the reasons why.
https://specopssoft.com/our-resources/office-365-survey-report/?utm_source=Sponsored%20post%20-%20O365%20report&utm_campaign=Techmeme
Tomi Engdahl says:
APPLE IS QUIETLY GIVING PEOPLE ‘TRUST SCORES’ BASED ON THEIR IPHONE DATA
https://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-trust-score-iphone-data-black-mirror-email-phone-fraud-a8546051.html
iPhone, iPad, Apple Watch and Apple TV data is used to see how trustworthy you are, similar to a scenario in the dystopian series Black Mirror
said in an update to its privacy policy that the scores would be determined by tracking the calls and emails made on Apple devices.
In an update to its privacy, Apple said the rating system could be used to help fight fraud, though specific examples of how this would work were not given.
Tomi Engdahl says:
Stephen Hiltner / New York Times:
Defcon attendees say corporate demands, widespread professionalization, and bug bounty programs are reshaping hackers’ attitudes toward privacy and anonymity
For Hackers, Anonymity Was Once Critical. That’s Changing.
https://www.nytimes.com/2018/09/22/technology/defcon-hackers-privacy-anonymity.html
At Defcon, one of the world’s largest hacking conferences, new pressures are reshaping the community’s attitudes toward privacy and anonymity.
https://www.nytimes.com/2018/09/22/technology/defcon-hackers-privacy-anonymity.html
Tomi Engdahl says:
eevBLAB #53 – Beware of Trademark Scams
https://www.youtube.com/watch?v=qp-JyM3wCLg
Beware of Trademark listing scams that look like official invoices to renew or protect your trademark.
https://www.ipaustralia.gov.au/trade-marks/managing-your-trade-mark/unsolicited-invoices
Tomi Engdahl says:
Credential Stuffing Attacks Are Reaching DDoS Proportions
https://www.securityweek.com/credential-stuffing-attacks-are-reaching-ddos-proportions
Credential stuffing is a growing threat. It is not new, but for many companies it is treated as annoying background noise that can be absorbed by bandwidth, handled by access controls, and ignored. New figures suggest that this is a bad approach.
Credential stuffing typically uses bots to test many hundreds of thousands of stolen credential pairs against fresh targets. It doesn’t afford a high return for the attacker, but it is a low cost, low risk attack that occasionally hits the jackpot. The attacker is relying on users’ habit of reusing the same password across multiple accounts.
It isn’t clear exactly where the credentials come from — but there have been dozens of major breaches, hundreds of minor breaches, and an unknown number of unreported breaches over the last few years — and we know that criminals aggregate stolen databases and sell them on. We are usually told that stolen passwords have been hashed; but since credential stuffing can only happen with plaintext passwords, either some of the databases were never hashed, or that hashing is not as secure against cracking as we would like to believe.
Tomi Engdahl says:
Bug Exposed Direct Messages of Millions of Twitter Users
https://www.securityweek.com/millions-twitter-users-affected-information-exposure-flaw
Millions of Twitter Users Affected by Information Exposure Flaw
Twitter has patched a bug that may have caused direct messages to be sent to third-party developers other than the ones users interacted with. The problem existed for well over a year and it impacted millions of users.
According to Twitter, the issue is related to the Account Activity API (AAAPI), which allows developers registered on the social network’s developer program to build tools designed to better support businesses and their customer communications on the platform.
Tomi Engdahl says:
Cisco Removes Default Password From Video Surveillance Manager
https://www.securityweek.com/cisco-removes-default-password-video-surveillance-manager
A critical vulnerability recently patched in the Cisco Video Surveillance Manager (VSM) could allow an unauthenticated attacker to log in as root.
The security flaw, Cisco revealed on Friday, impacts only the VSM software running on certain Connected Safety and Security Unified Computing System (UCS) platforms. The issue, the company says, resides in the presence of default, static credentials for the root account
Tomi Engdahl says:
Industry Reactions to New National Cyber Strategy
https://www.securityweek.com/industry-reactions-new-national-cyber-strategy
The White House last week announced the release of the 2018 National Cyber Strategy, which outlines the government’s plans for ensuring the security of cyberspace.
Described by officials as the “first fully articulated cyber strategy in 15 years,”
Dave Weinstein, VP of Threat Research at Claroty:
“Most government strategy documents tend to be underwhelming and this one is no different. This isn’t a whole lot of new content or ideas, but rather amplification, clarification, and renewal of previous ones.
The paragraph that stands out to me is the one on the Cyber Deterrence Initiative. Until now we haven’t formally adopted an international approach to deterrence, which includes collaborating on incident response and attribution.
On critical infrastructure, it’s encouraging to see it featured so prominently in the Strategy but the substance is a bit lacking
Tomi Engdahl says:
New Virobot Ransomware and Botnet Emerge
https://www.securityweek.com/new-virobot-ransomware-and-botnet-emerges
Dubbed Virobot, the threat not only encrypts files on infected machines, but it also ensnares the system into a spam botnet and leverages it to spread itself to other victims.
First discovered on September 17, 2018, Virobot checks compromised machines for the presence of specific registry keys to determine if the system should be encrypted.
Tomi Engdahl says:
Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability
https://www.bleepingcomputer.com/news/security/western-digital-releases-hotfix-for-my-cloud-auth-bypass-vulnerability/
Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched in My Cloud NAS devices for over a year.
This vulnerability allowed anyone to bypass authentication and get administrative access to the router. Once an attacker gains access to a router, they can flash it with customer firmware, change DNS to point users to phishing sites, or perform other malicious activities.
Tomi Engdahl says:
The ‘Opsec Fail’ That Helped Unmask a North Korean State Hacker
https://www.darkreading.com/threat-intelligence/the-opsec-fail-that-helped-unmask-a-north-korean-state-hacker-/d/d-id/1332870
How Park Jin Hyok – charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks – inadvertently blew his cover via email accounts.
Tomi Engdahl says:
Emotet on the rise with heavy spam campaign
https://blog.malwarebytes.com/cybercrime/2018/09/emotet-rise-heavy-spam-campaign/
The threat landscape is changing once again, now that the ocean of cryptocurrency miners has shrunk to a small lake. Over the last couple months, we’ve seen cybercriminals lean back on tried and true methods of financial theft and extortion, with the rise of a familiar Banking Trojan: Emotet.
Tomi Engdahl says:
Simple Authentication and Security Layer (SASL) vulnerabilities
https://blog.malwarebytes.com/cybercrime/2018/09/simple-authentication-and-security-layer-sasl-vulnerabilities/
Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption.
Within the framework and a few of its plugins, there are a couple of known vulnerabilities that we want to make you aware of. Although patches have been issued, not everyone has implemented them.
Most server administrators will recognize the acronym from this type of error message or report:
“SASL LOGIN authentication failed: authentication failure”
SASL attacks usually turn out to be brute force attacks, meaning an automated script or a bot is trying over and over to log into an existing email account on your server, trying many combinations of credentials to find a valid username and password pair. Thankfully, there are some countermeasures you can take against these attacks.
If you have the option to make your server listen on a different port, doing so might make you a less likely target for new attacks.
If the SASL message is from the same IP all the time, block that IP in your firewall.
If the attackers keep coming at you from different IPs, there are software solutions that use machine learning to automatically block any new assailant. One caveat to this solution: Be vigilant about false positives so that you don’t shut out legitimate users, such as remote employees.
SASL is a framework for application protocols, such as SMTP or IMAP, that adds authentication support. It checks whether the user has the proper permissions to use the server in the way they request. It also offers a framework for data integrity–checking and encryption.
Tomi Engdahl says:
Operator of ‘VirusTotal for criminals’ gets 14-year prison sentence
https://www.cyberscoop.com/scan4you-ruslan-bondars-latvian-hacker-sentenced/
Tomi Engdahl says:
Twitter notifies users about API bug that shared DMs with wrong devs
https://www.zdnet.com/article/twitter-notifies-developers-about-api-bug-that-shared-dms-with-wrong-devs/#ftag=RSSbaffb68
Twitter said the API bug was active between May 2017 and early September 2018, for nearly 16 months.
Tomi Engdahl says:
Malware Disguised as Job Offers Distributed on Freelance Sites
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually installers for keyloggers such as Agent Tesla or Remote Access Trojan (RATs).