Apollo, a sales engagement startup boasting a database of more than 200 million contact records, has been hacked.
The YC Combinator-backed company, formerly known as ZenProspect, helps salespeople connect with prospective customers. Using its massive prospect database of 200 million contacts at 10 million companies, Apollo matches sellers with potential buyers.
Apollo said that the bulk of the stolen data was from its prospect database.
Apollo’s database contains publicly available data, including names, job titles, employers, social media handles, phone numbers and email addresses.
Apollo may also face action from European authorities under GDPR.
The data breach may not pose an immediate security risk to users
Establishing a global “right to be forgotten” would be a big mistake.
Extending the right to be forgotten globally threatens free speech, burdens private companies, intrudes on sovereignty, and is fraught with looming risks. Not incidentally, it would also do next to nothing to advance its stated goals.
The right is ill-conceived to begin with. Censoring lawful and factual information is dubious on principle and flawed as a method of protecting privacy.
Since 2014, Google has had to adjudicate more than 727,000 delisting requests, spanning some 2.8 million web addresses. Each request must be evaluated by humans
UK members of parliament have once again called for Facebook’s founder, Mark Zuckerberg, to travel to the country to face questions about how his business operates.
in light of the massive data breach it disclosed on Friday — which the company said could affect as many as 90 million users, with 50M confirmed to have been compromised.
Facebook said on Friday that it had fixed the flaws, which were introduced after an update in July, and had been exploited by hackers to swipe access tokens.
The data breach is the first that falls clearly under new EU-wide privacy rules which carry beefed up penalties for violations.
The company does appear to have abided by the requirements of GDPR to report major breaches within 72 hours of discovery.
Sam Schechner / Wall Street Journal:
EU’s privacy watchdog says Facebook notified them about breach on Thursday evening; experts say that seems to comply with GDPR and may limit exposure to fines
The breach was discovered last week following an investigation triggered by a traffic spike observed on September 16. Facebook says it has patched the vulnerability and there is no evidence that the compromised access tokens have been misused.
The incident, the latest in a series of security and privacy scandals involving the social media giant, could have serious repercussions for Facebook. The company’s stock went down, and it faces probes by government authorities, class action lawsuits, and a fine that could exceed $1.6 billion.
Facebook is at the centre of controversy yet again after admitting that up to 50 million accounts were breached by hackers.
Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night.
“We don’t know if any accounts were actually misused,” Zuckerberg said. “We face constant attacks from people who want to take over accounts or steal information around the world.”
Facebook reset the 50 million breached accounts, meaning users will need to sign back in using passwords. It also reset “access tokens” for another 40 million accounts as a precautionary measure.
Here is a roundup of the scandals dogging the social media giant.
Fileless malware attacks, or incidents where the malicious payload doesn’t touch the disk, but is executed directly in memory instead, are on the rise, Microsoft says.
Attacks that leverage fileless techniques are not new, but were recently adopted by a broader range of malware. A couple of years ago, the Kovter Trojan was well known for the use of this infection method, but various threat actors, ransomware, and even crypto-mining malware adopted it since.
Last November, a Barkly report suggested that fileless assaults were ten times more likely to succeed compared to other infection methods.
Now, Microsoft says that the move to fileless techniques was only the next logical step in the evolution of malware, especially with antivirus solutions becoming increasingly efficient at detecting malicious executables.
“Real-time protection gives visibility on each new file that lands on the disk. Furthermore, file activity leaves a trail of evidence that can be retrieved during forensic analysis,” Andrea Lelli of the Windows Defender Research team at Microsoft notes in a blog post.
“Removing the need for files is the next progression of attacker techniques,” Lelli says.
California Governor Jerry Brown last week signed the country’s first Internet of Things (IoT) cybersecurity law, along with a controversial state-level net neutrality law.
The IoT cybersecurity law, SB-327, was introduced in February 2017 by Senator Hannah-Beth Jackson (D-Santa Barbara). SB-327 goes into effect on January 1, 2020, and it requires manufacturers of Internet-connected devices – such as TVs, phones, toys, household appliances and routers – to ensure that their products have “reasonable security features.” These security features should be able to protect sensitive customer information from unauthorized access.
“The lack of basic security features on internet connected devices undermines the privacy and security of California’s consumers, and allows hackers to turn everyday consumer electronics against us,” said Sen. Jackson. “SB 327 ensures that technology serves the people of California, and that security is not an afterthought but rather a key component of the design process.”
A DNSchanger-like attack first spotted in August on D-Link routers in Brazil has expanded to affect more than 70 different devices and more than 100,000 individual piece of kit.
Radware first identified the latest campaign, which started as an attack on Banco de Brasil customers via a DNS redirection that sent people to a cloned Website that stole their credentials.
The attackers were trying to get control of the target machines either by guessing the web admin password, or through a vulnerable DNS configuration CGI script (dnscfg.cgi). If they get control of a device, they change the router’s default DNS server to their own “rogue” machine.
The attack against Barragán isn’t an isolated incident. Earlier this month, Citizen Lab published a report that found traces of Pegasus in over 45 countries, including a number of places where the government is known to aggressively prosecute reporters, such as Turkey and Kazakhstan. The threat this poses to journalists can’t be overstated: A Pegasus operator can quietly transform a cellphone into a surveillance hub, tracking the reporters movements, identify sources, even potentially impersonate that journalist in the digital world. Given the global nature of the threat, this past week, the Committee to Protect Journalists issued a security advisory, its first ever on Pegasus, to alert journalists everywhere that they could be targeted a manner similar to Barragán.
Through five new startup programs, Cyber NYC is the city’s bold plan to dominate cybersecurity this century
New York City has certainly seen its share of empires. Today, the city is a global center of finance, real estate, legal services, technology, and many, many more industries. It hosts the headquarters of roughly 10% of the Fortune 500, and the metro’s GDP is roughly equivalent to that of Canada.
So much wealth and power, and all under constant attack. The value of technology and data has skyrocketed, and so has the value of stealing and disrupting the services that rely upon it. Cyber crime and cyber wars are adding up: according to a report published jointly between McAfee and the Center for Strategic and International Studies, the costs of these operations are in the hundreds of billions of dollars – and New York’s top industries such as financial services bear the brunt of the losses.
Yet, New York City has hardly been a bastion for the cybersecurity industry.
Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company’s graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? If not, don’t worry — you’ll get your turn being failed by Facebook . It’s incapable of keeping its users safe.
Less than 10 percent of the 50 million users attacked in Facebook’s recent breach lived in the European Union, tweeted the Irish Data Protection Commission, which oversees privacy in the region. However, Facebook still could be liable for up to $1.63 billion in fines, or 4 percent of its $40.7 billion in annual global revenue for the prior financial year, if the EU determines it didn’t do enough to protect the security of its users.
New Zealand: Hand over phone password at border or face $3,200 fine
By James Griffiths, CNN
Posted at 0518 GMT (1318 HKT) October 3, 2018
A passenger scans a phone boarding pass. Travelers arriving in New Zealand could now face fines if they refuse to allow their devices to be searched by border officials.
A passenger scans a phone boarding pass. Travelers arriving in New Zealand could now face fines if they refuse to allow their devices to be searched by border officials.
(CNN) — Rights groups have denounced a new law in New Zealand under which travelers can be fined thousands of dollars if they refuse to allow border officials access to their phone.
Under the Customs and Excise Act 2018, which came into force this week, officials will be able to demand travelers unlock any electronic device so it can be searched.
The British government says recent ‘indiscriminate and reckless’ global cyberattacks are the handiwork of the Russian military intelligence.
UK Foreign Secretary Jeremy Hunt says the GRU is responsible for “indiscriminate and reckless” attacks against political institutions, businesses, media, and sports.
Britain’s National Cyber Security Centre has concluded that hackers behind numerous attacks have been identified as GRU personnel.
Over 11,000 websites of political or business value to the US were targeted.
According to US prosecutors, from 2015 — 2018, the 41-year-old went on a defacement spree by illegally accessing over 11,000 US military, government, and business websites.
The UK government has accused Russia’s military intelligence service of being behind four high-profile cyber-attacks.
The National Cyber Security Centre says targets included firms in Russia and Ukraine; the US Democratic Party; and a small TV network in the UK.
World Anti-Doping Agency computers are also said to have been attacked.
The NCSC said it has assessed “with high confidence” that the GRU was “almost certainly responsible” for the cyber attacks.
Foreign Secretary Jeremy Hunt said the GRU had waged a campaign of “indiscriminate and reckless” cyber strikes that served “no legitimate national security interest”.
Cyber security consultant Andrew Tsonchev said individuals can get “caught up” in the attacks.
What is the GRU accused of?
The NCSC says hackers from the GRU, operating under a dozen different names – including Fancy Bear – targeted:
The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes’ data was later published
The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia
Ukraine’s Kyiv metro and Odessa airport, Russia’s central bank, and two privately-owned Russian media outlets – Fontanka.ru and news agency Interfax – in October 2017. They used ransomware to encrypt the contents of a computer and demand payment
An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen
Privacy consultant and former Internet Architecture Board president Christian Huitema has said he reckons hotspot users should be given better privacy protection.
In an informational draft for the Internet Engineering Task Force published yesterday, Huitema explained that DNS Service Discovery (DNS-SD), the protocol that lets users of a public hotspot find (for example) the printer, also exposes them to “serious privacy problems”. His collaborators on the draft were Apple’s zeroconf pioneer Stuart Cheshire and crypto-engineer Chris Wood.
Huitema wrote: “The DNS-SD messages leak identifying information such as the instance name, the host name or service properties.”
Kestää keskimäärin vain yksi tunti ja 58 minuuttia, kun tietoturvan välikohtaus tai riskirajoilla oleva tapaus muuttuu täysimittaiseksi tietomurroksi, kyberturvayhtiö CrowdStriken tutkimuksesta selviää.
It only takes one hour and 58 minutes for a security incident to turn into a full breach of security, says CrowdStrike.
Speaking at a keynote for cybersecurity stories, the company’s technology strategist, Zeki Turedi, said that organisations were too slow to deal with initial security incidents.
“On average, it actually takes 63 hours for an organisation to respond to an incident,” he said. “That’s a pretty long time. Is that 63 hours working 24/7 or is that 63 hours working nine to five? It’s a long time to allow an incident to go completely unresponsive or left to one side.”
To be safe, Facebook is building a tool to enable developers to manually identify any of their users who may have been affected by the massive security breach.
Facebook on Tuesday said it’s found no evidence that the hackers responsible for last week’s massive security breach accessed third-party apps via Facebook Login
The hackers responsible for the breach, which impacted at least 50 million Facebook users, exploited a vulnerability in Facebook’s code to steal access tokens — digital keys that are used to keep users logged in when they enter their username and password.
After the breach, Facebook reset the tokens for 90 million accounts, prompting those users to log back in to Facebook, as well as back into any apps that use Facebook Login.
As hacking and gaming communities continue to intersect, some hackers are selling access to botnets and likely stolen Fortnite, Spotify, and other online accounts on Instagram.
Bloomberg:
Sources: Chinese spies used a tiny chip on server motherboards to infiltrate ~30 US companies like Amazon and Apple by compromising America’s tech supply chain — In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help …
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.
In emailed statements, Amazon, Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. Their statements are published here in full, along with one from a Chinese foreign ministry spokesperson.
Sean Lyngaas / Cyberscoop:
FireEye researchers identify North Korean hacking group APT38, which focuses almost exclusively on financial crimes and has tried to steal $1.1B so far
There is a distinct and aggressive group of hackers bent on financing the North Korean regime and responsible for millions of dollars in bank heists in recent years, according to research from cybersecurity company FireEye.
The group, dubbed APT38, is distinct from other Pyongyang-linked hackers because of its overriding financial motivation — as opposed to pure espionage — and persistent targeting of banks worldwide, FireEye researchers said.
“This is an active … threat against financial institutions all around the world,” Sandra Joyce, FireEye’s vice president of global intelligence, said at a press briefing.
The group was responsible for some of the more high-profile attacks on financial institutions in the last few years, the researchers said, including the $81 million heist of the Bangladesh’s central bank in February 2016, and an attack on a Taiwanese bank in October 2017.
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
GlobalData on tutkinut, mitkä tulevaisuuden tekniikat ovat tärkeimpiä yritysten mielestä. Listan kärkeen nousi kyberturvallisuus. Sen nimesi tärkeimmäksi nousevaksi tekniikaksi 56 prosenttia yrityksistä.
Tutkimuksessa oli mukana peräti 1500 yritystä. Kyberturvallisuus ohitti listalla esimerkiksi pilvipalvelut, tekoälyn ja esineiden internetin eli IoT:n.
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
It looks like Amazon’s move to sell off its physical server business in China last year was because the unit had been compromised by a Chinese government spying program.
That’s according to a report from Bloomberg which details how the Chinese government infiltrated a number of U.S. companies by sneaking tiny chips onto motherboards from Supermicro.
The two tech giants and the Chinese government have refuted the allegations, made in a story that cites current and former intelligence sources.
The news: According to the report in Bloomberg BusinessWeek, spies from China forced Chinese manufacturers to insert tiny microchips into US-designed servers that were used by almost 30 US companies, including Apple and Amazon. The publication claims the tiny chips could be used to siphon off data from, or introduce malware to, the hardware they were installed on.
Security firm ESET discovered the powerful malware, dubbed Lojax, infecting a victim’s PC and suspects the it came from the Kremlin-linked hacking group known as Fancy Bear.
Bloomberg’s spy chip story reveals the murky world of national security reporting
Zack Whittaker
@zackwhittaker / 6 hours ago
Today’s bombshell Bloomberg story has the internet split: either the story is right, and reporters have uncovered one of the largest and jarring breaches of the U.S. tech industry by a foreign adversary… or it’s not, and a lot of people screwed up.
To recap, Chinese spies reportedly infiltrated the supply chain and installed tiny chips the size of a pencil tip on the motherboards built by Supermicro, which are used in data center servers across the U.S. tech industry — from Apple to Amazon. That chip can compromise data on the server, allowing China to spy on some of the world’s most wealthy and powerful countries.
Apple, Amazon and Supermicro — and the Chinese government — strenuously denied the allegations.
Thursday’s explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into data centers operated by dozens of major U.S. companies.
Much of the story can be summed up with this one line from a former U.S. official: “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
It’s a fair point. Supermicro is one of the biggest tech companies you’ve probably never heard of.
AdChoices
Chinese chip spying report shows the supply chain remains the ultimate weakness
Zack Whittaker
@zackwhittaker / 17 hours ago
Latest Technology and Gadgets at Mobile World Congress Shanghai
Thursday’s explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into data centers operated by dozens of major U.S. companies.
We covered the story earlier, including denials by Apple, Amazon and Supermicro — the server maker that was reportedly targeted by the Chinese government. Apple didn’t respond to a request for comment. Amazon said in a blog post that it “employs stringent security standards across our supply chain.” The FBI did not return a request for comment but declined to Bloomberg, and the Office for the Director of National Intelligence declined to comment. This is a complex story that rests on more than a dozen anonymous sources — many of which are sharing classified or highly sensitive information, making on-the-record comments impossible without repercussions. Despite the companies’ denials, Bloomberg is putting its faith in that the reader will trust the reporting.
Much of the story can be summed up with this one line from a former U.S. official: “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
It’s a fair point. Supermicro is one of the biggest tech companies you’ve probably never heard of. It’s a computing supergiant based in San Jose, Calif., with global manufacturing operations across the world — including China, where it builds most of its motherboards. Those motherboards trickle throughout the rest of the world’s tech — and were used in Amazon’s data center servers that power its Amazon Web Services cloud and Apple’s iCloud.
One government official speaking to Bloomberg said China’s goal was “long-term access to high-value corporate secrets and sensitive government networks,” which fits into the playbook of China’s long-running effort to steal intellectual property.
“No consumer data is known to have been stolen,” said Bloomberg.
Infiltrating Supermicro, if true, will have a long-lasting ripple effect on the wider tech industry and how they approach their own supply chains. Make no mistake — introducing any kind of external tech in your data center isn’t taken lightly by any tech company.
These X-ray tomography images reveal, layer by layer, the layout of a commercial printed circuit board.
The institute’s semiautomated system “could have identified this part in a matter of seconds to minutes,” says Tehranipoor, an IEEE Fellow. The system uses optical scans, microscopy, X-ray tomography, and artificial intelligence to compare a printed circuit board and its chips and components with the intended design.
It starts by taking high-resolution images of the front and back side of the circuit board, he explains. Machine learning and AI algorithms go through the images, tracing the interconnects and identifying the components. Then an X-ray tomography imager goes deeper, revealing interconnects and components buried within the circuit board.
Nearly all of the process is automated, and Tehranipoor’s group is working on completely removing the need for a human in the system. In addition, they are working on ways to identify much more subtle attacks.
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count. We will name only a few of them here.
The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers.
Even though phishing attacks can be quite convincing, a give away is when diligent users notice that the login form is unsecured or the SSL certificate is clearly not owned by the company being impersonated. A new Office 365 phishing attack utilizes an interesting method of storing their phishing form hosted on Azure Blob Storage in order to be secured by a Microsoft SSL certificate.
Azure Blob storage is a Microsoft storage solution that can be used to store unstructured data such as images, video, or text. One of the advantages of Azure Blob storage is that it accessible using both HTTP and HTTPS, and when connecting via HTTPS, will display a signed SSL certificate from Microsoft.
See where we are going here? By storing a phishing form in Azure Blob storage, the displayed form will be signed by a SSL certificate from Microsoft. This makes it an ideal method to create phishing forms that target Microsoft services such as Office 365, Azure AD, or other Microsoft logins.
Yesterday we reported on a phishing attack that utilizes the Azure Blob storage solution in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs utilized by the same attacker, BleepingComputer noticed that these same bad actors are also utilizing the Cloudflare IPFS gateway for the same purpose.
Last month Cloudflare released an IPFS gateway that allows users to access content stored on the IPFS distributed file system through a web browser. As part of this implementation, all connections to the IPFS gateway are secured using SSL certificates issued by CloudFlare.
Malware on Apple’s MacBook and iMac lines is more prevalent than some users realize; it can even hide in Apple’s curated Mac App Store. But the relatively strong defenses of macOS make it challenging for malware authors to persist long-term on Apple computers, even if they can get an initial foothold. Additionally, the avenues available for lurking on macOS are so well known at this point that technicians and malware scanners can flag them quickly. That’s why more subtle approaches are significant.
At the Virus Bulletin security conference in Montreal on Wednesday, Mac security researcher Thomas Reed is presenting one such potentially dangerous opening.
Conspirators Included a Russian Intelligence “Close Access” Hacking Team that Traveled Abroad to Compromise Computer Networks Used by Anti-Doping and Sporting Officials and Organizations Investigating Russia’s Use of Chemical Weapons
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
The National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU. These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.
After rolling out an option for G Suite administrators to receive alerts on suspected government-backed attacks on their users’ accounts, Google is now turning those alerts on by default.
Google has been long warning users of attacks that it believed might be the work of state-sponsored adversaries, but only sent those alerts to the impacted users. Starting in August, however, it rolled out a new option in G Suite to also notify admins on suspected attacks on their users.
The United States Department of Homeland Security (DHS) this week issued an alert on ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs).
The activity, DHS says, involves attempts to infiltrate the networks of global MSPs, which provide remote management of customer IT and end-user systems.
The use of MSP increases an organization’s virtual enterprise infrastructure footprint, but also creates a large attack surface for cyber criminals and nation-state actors, DHS’ United States Computer Emergency Readiness Team (US-CERT) points out.
The newly released alert, TA18-276B, is related to activity that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) warned about in April 2017.
The same activity was associated by security firms with a Chinese actor referred to as APT10, but which is also known as menuPass and Stone Panda. The group is believed to be state-sponsored.
Canada said Thursday it too was targeted by Russian cyber attacks, citing breaches at its center for ethics in sports and at the Montreal-based World Anti-Doping Agency, after allies blamed Moscow for some of the biggest hacking plots of recent years.
“The government of Canada assesses with high confidence that the Russian military’s intelligence arm, the GRU, was responsible” for these cyber attacks, the foreign ministry said in a statement.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
495 Comments
Tomi Engdahl says:
Sales engagement startup Apollo says its massive contacts database was stolen in a data breach
https://techcrunch.com/2018/10/01/apollo-contacts-data-breach/?sr_share=facebook&utm_source=tcfbpage
Apollo, a sales engagement startup boasting a database of more than 200 million contact records, has been hacked.
The YC Combinator-backed company, formerly known as ZenProspect, helps salespeople connect with prospective customers. Using its massive prospect database of 200 million contacts at 10 million companies, Apollo matches sellers with potential buyers.
Apollo said that the bulk of the stolen data was from its prospect database.
Apollo’s database contains publicly available data, including names, job titles, employers, social media handles, phone numbers and email addresses.
Apollo may also face action from European authorities under GDPR.
The data breach may not pose an immediate security risk to users
Tomi Engdahl says:
This European Ruling Could Break the Internet
https://www.bloomberg.com/view/articles/2018-10-01/this-european-ruling-could-break-the-internet
Establishing a global “right to be forgotten” would be a big mistake.
Extending the right to be forgotten globally threatens free speech, burdens private companies, intrudes on sovereignty, and is fraught with looming risks. Not incidentally, it would also do next to nothing to advance its stated goals.
The right is ill-conceived to begin with. Censoring lawful and factual information is dubious on principle and flawed as a method of protecting privacy.
Since 2014, Google has had to adjudicate more than 727,000 delisting requests, spanning some 2.8 million web addresses. Each request must be evaluated by humans
Tomi Engdahl says:
Zuckerberg must face public scrutiny over latest data breach, say UK MPs
https://techcrunch.com/2018/10/01/zuckerberg-must-face-public-scrutiny-over-latest-data-breach-say-uk-mps/?utm_source=tcfbpage&sr_share=facebook
UK members of parliament have once again called for Facebook’s founder, Mark Zuckerberg, to travel to the country to face questions about how his business operates.
in light of the massive data breach it disclosed on Friday — which the company said could affect as many as 90 million users, with 50M confirmed to have been compromised.
Facebook said on Friday that it had fixed the flaws, which were introduced after an update in July, and had been exploited by hackers to swipe access tokens.
The data breach is the first that falls clearly under new EU-wide privacy rules which carry beefed up penalties for violations.
The company does appear to have abided by the requirements of GDPR to report major breaches within 72 hours of discovery.
Tomi Engdahl says:
Sam Schechner / Wall Street Journal:
EU’s privacy watchdog says Facebook notified them about breach on Thursday evening; experts say that seems to comply with GDPR and may limit exposure to fines
Facebook Faces Potential $1.63 Billion Fine in Europe Over Data Breach
Privacy watchdog looks into whether social network violated European’s Union new privacy law
https://www.wsj.com/articles/facebook-faces-potential-1-63-billion-fine-in-europe-over-data-breach-1538330906
Tomi Engdahl says:
Industry Reactions to Facebook Hack
https://www.securityweek.com/industry-reactions-facebook-hack
The breach was discovered last week following an investigation triggered by a traffic spike observed on September 16. Facebook says it has patched the vulnerability and there is no evidence that the compromised access tokens have been misused.
The incident, the latest in a series of security and privacy scandals involving the social media giant, could have serious repercussions for Facebook. The company’s stock went down, and it faces probes by government authorities, class action lawsuits, and a fine that could exceed $1.6 billion.
The Scandals Bedevilling Facebook
https://www.securityweek.com/scandals-bedevilling-facebook
Facebook is at the centre of controversy yet again after admitting that up to 50 million accounts were breached by hackers.
Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night.
“We don’t know if any accounts were actually misused,” Zuckerberg said. “We face constant attacks from people who want to take over accounts or steal information around the world.”
Facebook reset the 50 million breached accounts, meaning users will need to sign back in using passwords. It also reset “access tokens” for another 40 million accounts as a precautionary measure.
Here is a roundup of the scandals dogging the social media giant.
Tomi Engdahl says:
Fileless Malware Attacks on the Rise, Microsoft Says
https://www.securityweek.com/fileless-malware-attacks-rise-microsoft-says
Fileless malware attacks, or incidents where the malicious payload doesn’t touch the disk, but is executed directly in memory instead, are on the rise, Microsoft says.
Attacks that leverage fileless techniques are not new, but were recently adopted by a broader range of malware. A couple of years ago, the Kovter Trojan was well known for the use of this infection method, but various threat actors, ransomware, and even crypto-mining malware adopted it since.
Last November, a Barkly report suggested that fileless assaults were ten times more likely to succeed compared to other infection methods.
Now, Microsoft says that the move to fileless techniques was only the next logical step in the evolution of malware, especially with antivirus solutions becoming increasingly efficient at detecting malicious executables.
“Real-time protection gives visibility on each new file that lands on the disk. Furthermore, file activity leaves a trail of evidence that can be retrieved during forensic analysis,” Andrea Lelli of the Windows Defender Research team at Microsoft notes in a blog post.
“Removing the need for files is the next progression of attacker techniques,” Lelli says.
Tomi Engdahl says:
California IoT Cybersecurity Bill Signed into Law
https://www.securityweek.com/california-iot-cybersecurity-bill-signed-law
California Governor Jerry Brown last week signed the country’s first Internet of Things (IoT) cybersecurity law, along with a controversial state-level net neutrality law.
The IoT cybersecurity law, SB-327, was introduced in February 2017 by Senator Hannah-Beth Jackson (D-Santa Barbara). SB-327 goes into effect on January 1, 2020, and it requires manufacturers of Internet-connected devices – such as TVs, phones, toys, household appliances and routers – to ensure that their products have “reasonable security features.” These security features should be able to protect sensitive customer information from unauthorized access.
“The lack of basic security features on internet connected devices undermines the privacy and security of California’s consumers, and allows hackers to turn everyday consumer electronics against us,” said Sen. Jackson. “SB 327 ensures that technology serves the people of California, and that security is not an afterthought but rather a key component of the design process.”
Tomi Engdahl says:
Security
100,000 home routers recruited to spread Brazilian hacking scam
GhostDNS in the machine
https://www.theregister.co.uk/2018/10/02/ghostdns_router_hacking/
A DNSchanger-like attack first spotted in August on D-Link routers in Brazil has expanded to affect more than 70 different devices and more than 100,000 individual piece of kit.
Radware first identified the latest campaign, which started as an attack on Banco de Brasil customers via a DNS redirection that sent people to a cloned Website that stole their credentials.
The attackers were trying to get control of the target machines either by guessing the web admin password, or through a vulnerable DNS configuration CGI script (dnscfg.cgi). If they get control of a device, they change the router’s default DNS server to their own “rogue” machine.
Tomi Engdahl says:
Spyware hijacks smartphones, threatens journalists around the world
https://www.cjr.org/watchdog/pegasus-israeli-spyware.php
The attack against Barragán isn’t an isolated incident. Earlier this month, Citizen Lab published a report that found traces of Pegasus in over 45 countries, including a number of places where the government is known to aggressively prosecute reporters, such as Turkey and Kazakhstan. The threat this poses to journalists can’t be overstated: A Pegasus operator can quietly transform a cellphone into a surveillance hub, tracking the reporters movements, identify sources, even potentially impersonate that journalist in the digital world. Given the global nature of the threat, this past week, the Committee to Protect Journalists issued a security advisory, its first ever on Pegasus, to alert journalists everywhere that they could be targeted a manner similar to Barragán.
Tomi Engdahl says:
NYC wants to build a cyber army
https://techcrunch.com/2018/10/02/nyc-wants-to-build-a-cyber-army/?utm_source=tcfbpage&sr_share=facebook
Through five new startup programs, Cyber NYC is the city’s bold plan to dominate cybersecurity this century
New York City has certainly seen its share of empires. Today, the city is a global center of finance, real estate, legal services, technology, and many, many more industries. It hosts the headquarters of roughly 10% of the Fortune 500, and the metro’s GDP is roughly equivalent to that of Canada.
So much wealth and power, and all under constant attack. The value of technology and data has skyrocketed, and so has the value of stealing and disrupting the services that rely upon it. Cyber crime and cyber wars are adding up: according to a report published jointly between McAfee and the Center for Strategic and International Studies, the costs of these operations are in the hundreds of billions of dollars – and New York’s top industries such as financial services bear the brunt of the losses.
Yet, New York City has hardly been a bastion for the cybersecurity industry.
Tomi Engdahl says:
Facebook can’t keep you safe
https://techcrunch.com/2018/10/01/facebook-cant-keep-you-safe/?sr_share=facebook&utm_source=tcfbpage
Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company’s graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? If not, don’t worry — you’ll get your turn being failed by Facebook . It’s incapable of keeping its users safe.
Tomi Engdahl says:
Facebook breach hit up to 5M EU users, and it faces up to $1.63B in fines
https://techcrunch.com/2018/10/01/facebook-breach-europe/?utm_source=tcfbpage&sr_share=facebook
Less than 10 percent of the 50 million users attacked in Facebook’s recent breach lived in the European Union, tweeted the Irish Data Protection Commission, which oversees privacy in the region. However, Facebook still could be liable for up to $1.63 billion in fines, or 4 percent of its $40.7 billion in annual global revenue for the prior financial year, if the EU determines it didn’t do enough to protect the security of its users.
Tomi Engdahl says:
Hacky hack on whack ‘Hacky Hack Hack’ Mac chaps hack attack rap cut some slack
https://www.theregister.co.uk/2018/09/28/hackers_avoid_jail/
Translation: No jail time for Oz Apple file teen thief
Tomi Engdahl says:
New Zealand: Hand over phone password at border or face $3,200 fine
https://edition-m.cnn.com/2018/10/03/asia/new-zealand-customs-passwords-intl/?r=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dnew%2Bzealand%2Bpasswords%26ie%3Dutf-8%26oe%3Dutf-8%26client%3Dfirefox-b
New Zealand: Hand over phone password at border or face $3,200 fine
By James Griffiths, CNN
Posted at 0518 GMT (1318 HKT) October 3, 2018
A passenger scans a phone boarding pass. Travelers arriving in New Zealand could now face fines if they refuse to allow their devices to be searched by border officials.
A passenger scans a phone boarding pass. Travelers arriving in New Zealand could now face fines if they refuse to allow their devices to be searched by border officials.
(CNN) — Rights groups have denounced a new law in New Zealand under which travelers can be fined thousands of dollars if they refuse to allow border officials access to their phone.
Under the Customs and Excise Act 2018, which came into force this week, officials will be able to demand travelers unlock any electronic device so it can be searched.
Tomi Engdahl says:
UK and Australia blame Russian GRU for quartet of cyber attacks
https://www.zdnet.com/article/uk-and-australia-blame-russian-gru-for-quartet-of-cyber-attacks/
The British government says recent ‘indiscriminate and reckless’ global cyberattacks are the handiwork of the Russian military intelligence.
UK Foreign Secretary Jeremy Hunt says the GRU is responsible for “indiscriminate and reckless” attacks against political institutions, businesses, media, and sports.
Britain’s National Cyber Security Centre has concluded that hackers behind numerous attacks have been identified as GRU personnel.
Tomi Engdahl says:
Hacker faces jail time after defacing US military academy, NYC sites
https://www.zdnet.com/article/hacker-faces-jail-time-after-defacing-us-military-academy-nyc-sites/
Over 11,000 websites of political or business value to the US were targeted.
According to US prosecutors, from 2015 — 2018, the 41-year-old went on a defacement spree by illegally accessing over 11,000 US military, government, and business websites.
Tomi Engdahl says:
Russia GRU claims: UK points finger at Kremlin’s military intelligence
https://www.bbc.com/news/uk-45741520
The UK government has accused Russia’s military intelligence service of being behind four high-profile cyber-attacks.
The National Cyber Security Centre says targets included firms in Russia and Ukraine; the US Democratic Party; and a small TV network in the UK.
World Anti-Doping Agency computers are also said to have been attacked.
The NCSC said it has assessed “with high confidence” that the GRU was “almost certainly responsible” for the cyber attacks.
Foreign Secretary Jeremy Hunt said the GRU had waged a campaign of “indiscriminate and reckless” cyber strikes that served “no legitimate national security interest”.
Cyber security consultant Andrew Tsonchev said individuals can get “caught up” in the attacks.
What is the GRU accused of?
The NCSC says hackers from the GRU, operating under a dozen different names – including Fancy Bear – targeted:
The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes’ data was later published
The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia
Ukraine’s Kyiv metro and Odessa airport, Russia’s central bank, and two privately-owned Russian media outlets – Fontanka.ru and news agency Interfax – in October 2017. They used ransomware to encrypt the contents of a computer and demand payment
An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen
Tomi Engdahl says:
Ever used an airport lounge printer? You probably don’t know how blabby they can be
Internet architecture stalwart wants DNS Service Discovery rewritten to protect privacy
https://www.theregister.co.uk/2018/10/02/dns_service_discovery_privacy_draft/
Privacy consultant and former Internet Architecture Board president Christian Huitema has said he reckons hotspot users should be given better privacy protection.
In an informational draft for the Internet Engineering Task Force published yesterday, Huitema explained that DNS Service Discovery (DNS-SD), the protocol that lets users of a public hotspot find (for example) the printer, also exposes them to “serious privacy problems”. His collaborators on the draft were Apple’s zeroconf pioneer Stuart Cheshire and crypto-engineer Chris Wood.
Huitema wrote: “The DNS-SD messages leak identifying information such as the instance name, the host name or service properties.”
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/verkkohyokkaajat-eivat-iske-summamutikassa-elisan-kyberturvatarjonta-vahvistuu-f-securen-havainnointipalvelulla-6743624
Tomi Engdahl says:
https://www.tivi.fi/CIO/nyt-se-on-tutkittu-turvatapaus-muuttuu-tietomurroksi-alle-kahdessa-tunnissa-6743638
Kestää keskimäärin vain yksi tunti ja 58 minuuttia, kun tietoturvan välikohtaus tai riskirajoilla oleva tapaus muuttuu täysimittaiseksi tietomurroksi, kyberturvayhtiö CrowdStriken tutkimuksesta selviää.
IP Expo: Stop the security incident to prevent the breach
http://www.itpro.co.uk/security/32052/ip-expo-stop-the-security-incident-to-prevent-the-breach
It only takes one hour and 58 minutes for a security incident to turn into a full breach of security, says CrowdStrike.
Speaking at a keynote for cybersecurity stories, the company’s technology strategist, Zeki Turedi, said that organisations were too slow to deal with initial security incidents.
“On average, it actually takes 63 hours for an organisation to respond to an incident,” he said. “That’s a pretty long time. Is that 63 hours working 24/7 or is that 63 hours working nine to five? It’s a long time to allow an incident to go completely unresponsive or left to one side.”
Tomi Engdahl says:
Facebook: No evidence attackers accessed third-party apps
https://www.zdnet.com/article/facebook-no-evidence-attackers-accessed-third-party-apps/
To be safe, Facebook is building a tool to enable developers to manually identify any of their users who may have been affected by the massive security breach.
Facebook on Tuesday said it’s found no evidence that the hackers responsible for last week’s massive security breach accessed third-party apps via Facebook Login
The hackers responsible for the breach, which impacted at least 50 million Facebook users, exploited a vulnerability in Facebook’s code to steal access tokens — digital keys that are used to keep users logged in when they enter their username and password.
After the breach, Facebook reset the tokens for 90 million accounts, prompting those users to log back in to Facebook, as well as back into any apps that use Facebook Login.
Tomi Engdahl says:
French police officer caught selling confidential police data on the dark web
https://www.zdnet.com/article/french-police-officer-caught-selling-confidential-police-data-on-the-dark-web/
Police officer also advertised a system to track the location of buyers’ gang rivals or spouses based on the telephone numbers.
Tomi Engdahl says:
Hackers Are Selling Botnets and Stolen ‘Fortnite’ Accounts Over Instagram
https://motherboard.vice.com/en_us/article/43843w/hackers-are-selling-botnets-and-stolen-fortnite-accounts-over-instagram
As hacking and gaming communities continue to intersect, some hackers are selling access to botnets and likely stolen Fortnite, Spotify, and other online accounts on Instagram.
Tomi Engdahl says:
Google’s cyber unit Jigsaw introduces Intra, a new security app dedicated to busting censorship
https://techcrunch.com/2018/10/03/googles-cyber-unit-jigsaw-introduces-intra-a-security-app-dedicated-to-busting-censorship/?sr_share=facebook&utm_source=tcfbpage
Tomi Engdahl says:
Bloomberg:
Sources: Chinese spies used a tiny chip on server motherboards to infiltrate ~30 US companies like Amazon and Apple by compromising America’s tech supply chain — In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help …
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
the expensive servers that customers installed in their networks to handle the video compression. These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small. In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.
Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.
The Big Hack: Statements From Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
In emailed statements, Amazon, Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. Their statements are published here in full, along with one from a Chinese foreign ministry spokesperson.
Tomi Engdahl says:
Sean Lyngaas / Cyberscoop:
FireEye researchers identify North Korean hacking group APT38, which focuses almost exclusively on financial crimes and has tried to steal $1.1B so far
FireEye unmasks a new North Korean threat group
https://www.cyberscoop.com/apt38-north-korea-fire-eye/
There is a distinct and aggressive group of hackers bent on financing the North Korean regime and responsible for millions of dollars in bank heists in recent years, according to research from cybersecurity company FireEye.
The group, dubbed APT38, is distinct from other Pyongyang-linked hackers because of its overriding financial motivation — as opposed to pure espionage — and persistent targeting of banks worldwide, FireEye researchers said.
“This is an active … threat against financial institutions all around the world,” Sandra Joyce, FireEye’s vice president of global intelligence, said at a press briefing.
The group was responsible for some of the more high-profile attacks on financial institutions in the last few years, the researchers said, including the $81 million heist of the Bangladesh’s central bank in February 2016, and an attack on a Taiwanese bank in October 2017.
Tomi Engdahl says:
Adobe Releases Security Updates for Acrobat that Fix 86 Vulnerabilities
https://www.bleepingcomputer.com/news/security/adobe-releases-security-updates-for-acrobat-that-fix-86-vulnerabilities/
Tomi Engdahl says:
Alert (TA18-275A)
HIDDEN COBRA – FASTCash Campaign
https://www.us-cert.gov/ncas/alerts/TA18-275A
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
Tomi Engdahl says:
APT38: Details on New North Korean Regime-Backed Threat Group
https://www.fireeye.com/blog/threat-research/2018/10/apt38-details-on-new-north-korean-regime-backed-threat-group.html
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8516-verkkohyokkayksia-ei-voi-estaa
http://www.etn.fi/index.php/13-news/8514-yritysverkkoon-on-jarkyttavan-helppo-murtautua
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8509-kyberturvallisuus-on-tarkein
GlobalData on tutkinut, mitkä tulevaisuuden tekniikat ovat tärkeimpiä yritysten mielestä. Listan kärkeen nousi kyberturvallisuus. Sen nimesi tärkeimmäksi nousevaksi tekniikaksi 56 prosenttia yrityksistä.
Tutkimuksessa oli mukana peräti 1500 yritystä. Kyberturvallisuus ohitti listalla esimerkiksi pilvipalvelut, tekoälyn ja esineiden internetin eli IoT:n.
Tomi Engdahl says:
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
Tomi Engdahl says:
Amazon reportedly offloaded its Chinese server business because it was compromised
https://techcrunch.com/2018/10/04/amazon-aws-china-server-business/?utm_source=tcfbpage&sr_share=facebook
It looks like Amazon’s move to sell off its physical server business in China last year was because the unit had been compromised by a Chinese government spying program.
That’s according to a report from Bloomberg which details how the Chinese government infiltrated a number of U.S. companies by sneaking tiny chips onto motherboards from Supermicro.
Tomi Engdahl says:
China stands accused of hacking servers used by Apple, Amazon, and others
https://www.technologyreview.com/the-download/612242/china-stands-accused-of-hacking-servers-used-by-apple-amazon-and-others/?utm_campaign=owned_social&utm_source=facebook.com&utm_medium=social
The two tech giants and the Chinese government have refuted the allegations, made in a story that cites current and former intelligence sources.
The news: According to the report in Bloomberg BusinessWeek, spies from China forced Chinese manufacturers to insert tiny microchips into US-designed servers that were used by almost 30 US companies, including Apple and Amazon. The publication claims the tiny chips could be used to siphon off data from, or introduce malware to, the hardware they were installed on.
Tomi Engdahl says:
Russian Hackers Use Malware That Can Survive OS Reinstalls
https://uk.pcmag.com/news/117647/russian-hackers-use-malware-that-can-survive-os-reinstalls
Security firm ESET discovered the powerful malware, dubbed Lojax, infecting a victim’s PC and suspects the it came from the Kremlin-linked hacking group known as Fancy Bear.
Tomi Engdahl says:
1 big thing: Foiling North Korea’s bank-robbing hackers
https://www.axios.com/newsletters/axios-codebook-63ac7f85-a482-4b80-a397-1df5283a5c9c.html?chunk=0&utm_term=fbsocialshare#story0
Tomi Engdahl says:
Bloomberg’s spy chip story reveals the murky world of national security reporting
https://techcrunch.com/2018/10/04/bloomberg-spy-chip-murky-world-national-security-reporting/?utm_source=tcfbpage&sr_share=facebook
AdChoices
Bloomberg’s spy chip story reveals the murky world of national security reporting
Zack Whittaker
@zackwhittaker / 6 hours ago
Today’s bombshell Bloomberg story has the internet split: either the story is right, and reporters have uncovered one of the largest and jarring breaches of the U.S. tech industry by a foreign adversary… or it’s not, and a lot of people screwed up.
To recap, Chinese spies reportedly infiltrated the supply chain and installed tiny chips the size of a pencil tip on the motherboards built by Supermicro, which are used in data center servers across the U.S. tech industry — from Apple to Amazon. That chip can compromise data on the server, allowing China to spy on some of the world’s most wealthy and powerful countries.
Apple, Amazon and Supermicro — and the Chinese government — strenuously denied the allegations.
Even with this story, my gut is mixed.
Tomi Engdahl says:
Chinese chip spying report shows the supply chain remains the ultimate weakness
https://techcrunch.com/2018/10/04/china-spy-hack-chip-bloomberg-supply-chain/
Thursday’s explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into data centers operated by dozens of major U.S. companies.
Much of the story can be summed up with this one line from a former U.S. official: “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
It’s a fair point. Supermicro is one of the biggest tech companies you’ve probably never heard of.
AdChoices
Chinese chip spying report shows the supply chain remains the ultimate weakness
Zack Whittaker
@zackwhittaker / 17 hours ago
Latest Technology and Gadgets at Mobile World Congress Shanghai
Thursday’s explosive story by Bloomberg reveals detailed allegations that the Chinese military embedded tiny chips into servers, which made their way into data centers operated by dozens of major U.S. companies.
We covered the story earlier, including denials by Apple, Amazon and Supermicro — the server maker that was reportedly targeted by the Chinese government. Apple didn’t respond to a request for comment. Amazon said in a blog post that it “employs stringent security standards across our supply chain.” The FBI did not return a request for comment but declined to Bloomberg, and the Office for the Director of National Intelligence declined to comment. This is a complex story that rests on more than a dozen anonymous sources — many of which are sharing classified or highly sensitive information, making on-the-record comments impossible without repercussions. Despite the companies’ denials, Bloomberg is putting its faith in that the reader will trust the reporting.
Much of the story can be summed up with this one line from a former U.S. official: “Attacking Supermicro motherboards is like attacking Windows. It’s like attacking the whole world.”
It’s a fair point. Supermicro is one of the biggest tech companies you’ve probably never heard of. It’s a computing supergiant based in San Jose, Calif., with global manufacturing operations across the world — including China, where it builds most of its motherboards. Those motherboards trickle throughout the rest of the world’s tech — and were used in Amazon’s data center servers that power its Amazon Web Services cloud and Apple’s iCloud.
One government official speaking to Bloomberg said China’s goal was “long-term access to high-value corporate secrets and sensitive government networks,” which fits into the playbook of China’s long-running effort to steal intellectual property.
“No consumer data is known to have been stolen,” said Bloomberg.
Infiltrating Supermicro, if true, will have a long-lasting ripple effect on the wider tech industry and how they approach their own supply chains. Make no mistake — introducing any kind of external tech in your data center isn’t taken lightly by any tech company.
Tomi Engdahl says:
This Tech Would Have Spotted the Secret Chinese Chip in Seconds
https://spectrum.ieee.org/riskfactor/computing/hardware/this-tech-would-have-spotted-the-secret-chinese-chip-in-seconds
These X-ray tomography images reveal, layer by layer, the layout of a commercial printed circuit board.
The institute’s semiautomated system “could have identified this part in a matter of seconds to minutes,” says Tehranipoor, an IEEE Fellow. The system uses optical scans, microscopy, X-ray tomography, and artificial intelligence to compare a printed circuit board and its chips and components with the intended design.
It starts by taking high-resolution images of the front and back side of the circuit board, he explains. Machine learning and AI algorithms go through the images, tracing the interconnects and identifying the components. Then an X-ray tomography imager goes deeper, revealing interconnects and components buried within the circuit board.
Nearly all of the process is automated, and Tehranipoor’s group is working on completely removing the need for a human in the system. In addition, they are working on ways to identify much more subtle attacks.
Tomi Engdahl says:
AWS Security Blog
Setting the Record Straight on Bloomberg BusinessWeek’s Erroneous Article
https://aws.amazon.com/blogs/security/setting-the-record-straight-on-bloomberg-businessweeks-erroneous-article/
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count. We will name only a few of them here.
The article also claims that after learning of hardware modifications and malicious chips in Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered the malicious chips in a Beijing data center. This claim is similarly untrue. The first and most obvious reason is that we never found modified hardware or malicious chips in Elemental servers.
Tomi Engdahl says:
Phishing Attack Uses Azure Blob Storage to Impersonate Microsoft
https://www.bleepingcomputer.com/news/security/phishing-attack-uses-azure-blob-storage-to-impersonate-microsoft/
Even though phishing attacks can be quite convincing, a give away is when diligent users notice that the login form is unsecured or the SSL certificate is clearly not owned by the company being impersonated. A new Office 365 phishing attack utilizes an interesting method of storing their phishing form hosted on Azure Blob Storage in order to be secured by a Microsoft SSL certificate.
Azure Blob storage is a Microsoft storage solution that can be used to store unstructured data such as images, video, or text. One of the advantages of Azure Blob storage is that it accessible using both HTTP and HTTPS, and when connecting via HTTPS, will display a signed SSL certificate from Microsoft.
See where we are going here? By storing a phishing form in Azure Blob storage, the displayed form will be signed by a SSL certificate from Microsoft. This makes it an ideal method to create phishing forms that target Microsoft services such as Office 365, Azure AD, or other Microsoft logins.
Tomi Engdahl says:
Phishing Attacks Distributed Through CloudFlare’s IPFS Gateway
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
Yesterday we reported on a phishing attack that utilizes the Azure Blob storage solution in order to have login forms secured by a Microsoft issued SSL certificate. After reviewing the URLs utilized by the same attacker, BleepingComputer noticed that these same bad actors are also utilizing the Cloudflare IPFS gateway for the same purpose.
Last month Cloudflare released an IPFS gateway that allows users to access content stored on the IPFS distributed file system through a web browser. As part of this implementation, all connections to the IPFS gateway are secured using SSL certificates issued by CloudFlare.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/tieto18-harjoitus-valmensi-suomea-kyberhairion-varalta-ja-avautui-ensi-kerran-julkisuuteen-6743659
Harjoitukset on aikaisemmin järjestänyt Puolustusvoimat, mutta tämänvuotisen Tieto18-harjoituksen järjesti Huoltovarmuusorganisaation Digipooli. Kolmipäiväinen harjoitus päättyy torstaina.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/reaktor-voitti-3-5-miljoonan-diilin-paasee-kehittamaan-tarkeaa-varoitusjarjestelmaa-6743681
Viestintäviraston Kyberturvallisuuskeskus uusii vakavien tietoturvaloukkausten havainnointi- ja varoitusjärjelmänsä. Havaro 2.0 -projektin kehitystyöhön osallistuvaa asiantuntijatiimiä koskevan kilpailutuksen voitti Reaktor.
Sopimuksen arvo on 3,5 miljoonaa euroa.
Tomi Engdahl says:
Malware Has a New Way to Hide on Your Mac
https://www.wired.com/story/mac-malware-hide-code-signing/
Malware on Apple’s MacBook and iMac lines is more prevalent than some users realize; it can even hide in Apple’s curated Mac App Store. But the relatively strong defenses of macOS make it challenging for malware authors to persist long-term on Apple computers, even if they can get an initial foothold. Additionally, the avenues available for lurking on macOS are so well known at this point that technicians and malware scanners can flag them quickly. That’s why more subtle approaches are significant.
At the Virus Bulletin security conference in Montreal on Wednesday, Mac security researcher Thomas Reed is presenting one such potentially dangerous opening.
Tomi Engdahl says:
U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations
https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and
Conspirators Included a Russian Intelligence “Close Access” Hacking Team that Traveled Abroad to Compromise Computer Networks Used by Anti-Doping and Sporting Officials and Organizations Investigating Russia’s Use of Chemical Weapons
Tomi Engdahl says:
Reckless campaign of cyber attacks by Russian military intelligence service exposed
https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
The National Cyber Security Centre (NCSC) has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU. These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
Cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.
Tomi Engdahl says:
Google Turns on G Suite Alerts for State-Sponsored Attacks
https://www.securityweek.com/google-turns-g-suite-alerts-state-sponsored-attacks
After rolling out an option for G Suite administrators to receive alerts on suspected government-backed attacks on their users’ accounts, Google is now turning those alerts on by default.
Google has been long warning users of attacks that it believed might be the work of state-sponsored adversaries, but only sent those alerts to the impacted users. Starting in August, however, it rolled out a new option in G Suite to also notify admins on suspected attacks on their users.
Tomi Engdahl says:
DHS Warns of Attacks on Managed Service Providers
https://www.securityweek.com/dhs-warns-attacks-managed-service-providers
The United States Department of Homeland Security (DHS) this week issued an alert on ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs).
The activity, DHS says, involves attempts to infiltrate the networks of global MSPs, which provide remote management of customer IT and end-user systems.
The use of MSP increases an organization’s virtual enterprise infrastructure footprint, but also creates a large attack surface for cyber criminals and nation-state actors, DHS’ United States Computer Emergency Readiness Team (US-CERT) points out.
The newly released alert, TA18-276B, is related to activity that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) warned about in April 2017.
The same activity was associated by security firms with a Chinese actor referred to as APT10, but which is also known as menuPass and Stone Panda. The group is believed to be state-sponsored.
Tomi Engdahl says:
Canada Says it Was Targeted by Russian Cyber Attacks
https://www.securityweek.com/canada-says-it-was-targeted-russian-cyber-attacks
Canada said Thursday it too was targeted by Russian cyber attacks, citing breaches at its center for ethics in sports and at the Montreal-based World Anti-Doping Agency, after allies blamed Moscow for some of the biggest hacking plots of recent years.
“The government of Canada assesses with high confidence that the Russian military’s intelligence arm, the GRU, was responsible” for these cyber attacks, the foreign ministry said in a statement.