The breach could potentially be one of the largest in history, behind the hacking of about 3 billion Yahoo accounts.
Marriott International said Friday that the private information of up to 500 million guests may have been accessed as part of a breach of its Starwood guest reservation database, potentially one of the largest breaches of consumer data ever.
The world’s largest hotel chain said it first received an alert in September from an internal security tool of an attempt to access the database.
As part of an investigation, the company discovered there had been unauthorized access since 2014 and that an “unauthorized party” had copied and encrypted information.
Personal information exposed in data breaches can often make its way to the black market
“The Marriott data breach is one of the largest and most alarming we’ve seen,”
Marriott at the time cited Starwood’s guest loyalty program as a “central, strategic rationale” for the deal
Marriott shares were down about 4 percent in pre-market trading on Friday morning.
“It’s time for Congress to pass comprehensive consumer privacy and data security legislation”
Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.
The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.
“unauthorized access” to the Starwood reservation system since 2014
For 327 million people, Marriott says the guests’ exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.
Rachel Greenstadt, professor of computer science at Drexel University, and Aylin Caliskan, professor at George Washington University, have published a groundbreaking study paper in 2017. It made it clear that even the smallest code extracts can be sufficient to distinguish programmers from each other. The reason for this is the peculiarity with which each developer writes their code.
possible to de-anonymize coders via “Code Stylometry”. For this process, the extensive binary code of a programmer is considered. The researchers then translated the binary code back into C++, in which it was written, while preserving the elements of the programmer’s unique style. The details of the procedure can be found here.
1. Distributed denial of service (DDoS) attack: $5 – $25 per hour
2. Online bank heist: $40 and up
3. Rewards points transfer: $10 to $450
4. Infiltrate Instagram: $129
5. Hijack corporate email: $500 and up
6. Break into a cell phone: $21.60/month or more
7. Hack into Facebook with permission, for rewards of up to $40,000
Students with little or no cybersecurity knowledge are being paired with easy-to-use AI software that lets them protect their campus from attack.
TThere aren’t enough cybersecurity workers out there—and things are getting worse. According to one estimate, by 2021 an estimated 3.5 million cybersecurity jobs will be unfilled. And of the candidates who apply, fewer than one in four are even qualified.
Next time you’re chatting with a customer service agent online, be warned that the person on the other side of your conversation might see what you’re typing in real time.
Googling led Scocca to a live chat service that offers a feature it calls “real-time typing view” to allow agents to have their “answers prepared before the customer submits his questions.” Another live chat service, which lists McDonalds, Ikea, and Paypal as its customers, calls the same feature “message sneak peek,”
New York Times:
US officials: China’s cyberespionage against the US, which was pared back in 2015 after US-China pact, picked up again in 2017 and has accelerated since then
Three years ago, President Barack Obama struck a deal with China that few thought was possible: President Xi Jinping agreed to end his nation’s yearslong practice of breaking into the computer systems of American companies, military contractors and government agencies to obtain designs, technology and corporate secrets, usually on behalf of China’s state-owned firms.
The pact was celebrated by the Obama administration as one of the first arms-control agreements for cyberspace — and for 18 months or so, the number of Chinese attacks plummeted. But the victory was fleeting.
Soon after President Trump took office, China’s cyberespionage picked up again and, according to intelligence officials and analysts, accelerated in the last year as trade conflicts and other tensions began to poison relations between the world’s two largest economies.
In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
With its harsh lighting and partitioned desks, the room could be any soulless office. But this is NATO’s “cyber range” and these men and women are running the alliance’s biggest cyber warfare exercise, an electronic defensive drill dubbed Cyber Coalition 2018.
The activity is taking place just 50 kilometres (30 miles) from the border with Russia, seen by the West as the biggest cyber threat after a string of attacks blamed on the Kremlin. Targets have included world sports bodies, the US Democratic Party and the world chemical weapons watchdog in the Netherlands.
The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.
The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.
“Kaspersky failed to adequately allege that Congress enacted a bill of attainder. The court noted the nonpunitive interest at stake: the security of the federal government’s information systems. The law is prophylactic, not punitive,” the appeals court said in its ruling.
CNN:
Canadian activist sues NSO Group, claims its spyware empowered Saudi officials to access WhatsApp messages with Jamal Khashoggi, possibly leading to his killing — London (CNN)In his public writings, Jamal Khashoggi’s criticism of Saudi Arabia and its Crown Prince Mohammed bin Salman was measured.
In his public writings, Jamal Khashoggi’s criticism of Saudi Arabia and its Crown Prince Mohammed bin Salman was measured. In private, the Washington Post columnist didn’t hold back.
In more than 400 WhatsApp messages sent to a fellow Saudi exile in the year before he was killed at the Saudi consulate in Istanbul, Khashoggi describes bin Salman — often referred to as MBS — as a “beast,” a “pac-man” who would devour all in his path, even his supporters.
CNN has been granted exclusive access to the correspondence between Khashoggi and Montreal-based activist Omar Abdulaziz.
Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers.
Marriott reported on Friday that one of its security tools detected unauthorized access to its Starwood guest reservation database on September 8. Further investigation revealed that the Starwood network had been breached since as early as 2014.
The database targeted by the attackers stored the names, addresses, dates of birth, phone numbers, email addresses, passport numbers, gender, and reservation details of roughly 327 million guests.
In some cases, the records also included payment card information. While Marriott says the payment information was encrypted using AES-128, it admitted that the encryption key may have been compromised.
The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say.
It is one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.
But the target here — hotels where high-stakes business deals, romantic trysts and espionage are daily currency — makes the data gathered especially sensitive.
Infamous Russia-linked cyber-espionage group Sofacy used BREXIT-themed lure documents in attacks on the same day the United Kingdom Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU).
Also known as Pawn Storm, Sednit, Fancy Bear, APT28, Group 74, Tsar Team, Strontium, and Snakemackerel, the state-sponsored group has been active for over a decade and is believed to have been behind the DNC hack before the US 2016 elections.
In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
With its harsh lighting and partitioned desks, the room could be any soulless office. But this is NATO’s “cyber range” and these men and women are running the alliance’s biggest cyber warfare exercise, an electronic defensive drill dubbed Cyber Coalition 2018.
Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.
A total of 73 gigabytes of data were found during a “regular security audit of publicly available servers with the Shodan search engine,” HackenProof explains. At least three IPs with the identical Elasticsearch clusters misconfigured for public access were discovered.
Teddy bears that connect to the internet. Smart speakers that listen to commands. Great gifts—unless they spy on you. We created this guide to help you buy safe, secure products this holiday season.
When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if they will keep it to themselves for use during intelligence gathering.
Administrators overseeing lab environments would be well advised to double-check their network setups following the disclosure of serious flaws in a line of oscilloscopes.
On Friday, SEC Consult said it had uncovered a set of high-impact vulnerabilities in electronic testing equipment made by Siglent Technologies.
In particular, the bug-hunters examined the Siglent SDS 1202X-E Digital line of Ethernet-enabled oscilloscopes and found the boxes were lacking even basic security protections.
We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.
Prisoners in South Carolina posed convincingly as beautiful women on social media platforms.
A sextortion ring that aimed “catfish” efforts at U.S. military service members has been uncovered. The scam bilked 442 service members from the Army, Navy, Air Force and Marine Corps out of more than $560,000.
Warren P. Strobel / Wall Street Journal:
CIA intercepts show MbS sent at least 11 Whatsapp messages to his closest advisor, who oversaw the killing of Jamal Khashoggi, before and after the murder — Conclusion that Prince Mohammed bin Salman ‘probably ordered’ killing relies in part on 11 messages he sent to adviser who oversaw hit squad around time it killed journalist
Conclusion that Prince Mohammed bin Salman ‘probably ordered’ killing relies in part on 11 messages he sent to adviser who oversaw hit squad around time it killed journalist
WASHINGTON—Saudi Crown Prince Mohammed bin Salman sent at least 11 messages to his closest adviser, who oversaw the team that killed journalist Jamal Khashoggi, in the hours before and after the journalist’s death in October, according to a highly classified CIA
Quora said today that a security breach may have compromised data from about 100 million users. In an email sent to users today and a blog post by CEO Adam D’Angelo, the company said a “malicious third party” gained unauthorized access to Quora’s systems on Friday.
Last Friday, Marriott sent out millions of emails warning of a massive data breach — some 500 million guest reservations had been stolen from its Starwood database.
One problem: the email sender’s domain didn’t look like it came from Marriott at all.
there’s no easy way to check that the domain is real
But what makes matters worse is that the email is easily spoofable.
Companies should host any information on their own websites and verified social media pages to stop bad actors from hijacking victims for their own gain. But once you start setting up your own dedicated, off-site page with its unique domain, you have to consider the cybersquatters — those who register similar-looking domains that look almost the same.
Equifax, the biggest breach of last year, made headlines not only for its eye-watering hack, but its shockingly bad response.
Marriott has clearly learned nothing from the response.
NCC Group discovers network-saving quirk during worm tests
NCC’s Eternalglue worm, which differs from actual malware in being configurable not to touch defined network ranges or hosts; in the case of NCC’s rather adventurous customer, the firm’s industrial control systems.
When studying how Eternalglue spread through the target network, NCC made a rather surprising discovery: a simple Active Directory setting was enough to stop it in its tracks, even if a domain admin account was used to log into an infected device.
In an attempt to identify someone tricking a company into handing over cash, the FBI created a fake FedEx website, as well as deployed booby-trapped Word documents to reveal fraudsters’ IP addresses.
The spear-phishing attack has been designed to drop a first malicious component likely belonging to the APT28 / Fancy Bear arsenal. An high rate of code reuse and internal analysis confirm it ‘s a SedUploader variant.
In short, NCC Group has engineered a modular computer worm suitable for production networks to enable quantifiable understanding and measurement of such events by internal risk, security and operations functions.
As a result, we enabled our customer to understand not only how it would have affected them, but also if certain design decisions and resulting assumptions around resilience and response were true.
The partnership with our customer has resulted in us being able to talk about this project, albeit anonymously.
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.
New Delhi police have arrested 63 suspects in the last two months working and operating 26 call centers that were engaging in tech support scams, posing as tech support staff at Microsoft, Google, Apple, and other major tech companies.
Earlier this year, Akamai warned that vulnerabilities in Universal Plug’N’Play (UPnP) had been exploited by scumbags to hijack 65,000 home routers. In follow-up research released this week, it revealed little has changed.
Having revisited its April probing, the web cache biz has come to the conclusion that the security nightmare it dubbed “UPnProxy” is still “alive and well.”
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
486 Comments
Tomi Engdahl says:
Marriott says breach of Starwood guest database compromised info of up to 500 million
https://www.nbcnews.com/news/amp/ncna942041
The breach could potentially be one of the largest in history, behind the hacking of about 3 billion Yahoo accounts.
Marriott International said Friday that the private information of up to 500 million guests may have been accessed as part of a breach of its Starwood guest reservation database, potentially one of the largest breaches of consumer data ever.
The world’s largest hotel chain said it first received an alert in September from an internal security tool of an attempt to access the database.
As part of an investigation, the company discovered there had been unauthorized access since 2014 and that an “unauthorized party” had copied and encrypted information.
Personal information exposed in data breaches can often make its way to the black market
“The Marriott data breach is one of the largest and most alarming we’ve seen,”
Marriott at the time cited Starwood’s guest loyalty program as a “central, strategic rationale” for the deal
Marriott shares were down about 4 percent in pre-market trading on Friday morning.
“It’s time for Congress to pass comprehensive consumer privacy and data security legislation”
Tomi Engdahl says:
Marriott reveals data breach of 500 million Starwood guests
https://edition.cnn.com/2018/11/30/tech/marriott-hotels-hacked/index.html
Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.
The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.
“unauthorized access” to the Starwood reservation system since 2014
For 327 million people, Marriott says the guests’ exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.
Tomi Engdahl says:
The End of the Anonymous Hacker?
https://blog.paessler.com/the-end-of-anonymous-hacker?utm_source=facebook&utm_medium=cpc&utm_campaign=Burda-Blog-Global&utm_content=anonymoushacker&hsa_ver=3&hsa_cam=23843255630630129&hsa_grp=23843255630670129&hsa_net=facebook&hsa_acc=2004489912909367&hsa_ad=23843255636990129&hsa_src=fb
Rachel Greenstadt, professor of computer science at Drexel University, and Aylin Caliskan, professor at George Washington University, have published a groundbreaking study paper in 2017. It made it clear that even the smallest code extracts can be sufficient to distinguish programmers from each other. The reason for this is the peculiarity with which each developer writes their code.
possible to de-anonymize coders via “Code Stylometry”. For this process, the extensive binary code of a programmer is considered. The researchers then translated the binary code back into C++, in which it was written, while preserving the elements of the programmer’s unique style. The details of the procedure can be found here.
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-caliskan-islam.pdf
Tomi Engdahl says:
7 things you can hire a hacker to do and how much it will (generally) cost
https://www.businessinsider.com/things-hire-hacker-to-do-how-much-it-costs-2018-11?r=US&IR=T&IR=T
1. Distributed denial of service (DDoS) attack: $5 – $25 per hour
2. Online bank heist: $40 and up
3. Rewards points transfer: $10 to $450
4. Infiltrate Instagram: $129
5. Hijack corporate email: $500 and up
6. Break into a cell phone: $21.60/month or more
7. Hack into Facebook with permission, for rewards of up to $40,000
Tomi Engdahl says:
A cyber-skills shortage means students are being recruited to fight off hackers
https://www.technologyreview.com/s/612309/a-cyber-skills-shortage-means-students-are-being-recruited-to-fight-off-hackers/?utm_campaign=owned_social&utm_source=facebook.com&utm_medium=social&fbclid=IwAR1HiV5lQ674MoMBtD8UdGEwwa2zxKkL20NOvtFgV7863eJx8v7NKftvHcQ
Students with little or no cybersecurity knowledge are being paired with easy-to-use AI software that lets them protect their campus from attack.
TThere aren’t enough cybersecurity workers out there—and things are getting worse. According to one estimate, by 2021 an estimated 3.5 million cybersecurity jobs will be unfilled. And of the candidates who apply, fewer than one in four are even qualified.
Tomi Engdahl says:
Moscow’s new cable car system infected with ransomware two days after launch
https://www.zdnet.com/article/moscows-new-cable-car-system-infected-with-ransomware-two-days-after-launch/
Cable car system is now back up and running after a two-day downtime
Tomi Engdahl says:
Be Warned: Customer Service Agents Can See What You’re Typing in Real Time
https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119?utm_campaign=socialflow_gizmodo_facebook&utm_medium=socialflow&utm_source=gizmodo_facebook
Next time you’re chatting with a customer service agent online, be warned that the person on the other side of your conversation might see what you’re typing in real time.
Googling led Scocca to a live chat service that offers a feature it calls “real-time typing view” to allow agents to have their “answers prepared before the customer submits his questions.” Another live chat service, which lists McDonalds, Ikea, and Paypal as its customers, calls the same feature “message sneak peek,”
Tomi Engdahl says:
Twitter user hacks 50,000 printers to tell people to subscribe to PewDiePie
https://www.zdnet.com/article/twitter-user-hacks-50000-printers-to-tell-people-to-subscribe-to-pewdiepie/#ftag=RSSbaffb68
Hacker lends a helping hand to YouTube star losing his crown.
The only condition was that the printer was connected to the Internet, used old firmware, and had “printing” ports left exposed online
Someone hacked printers worldwide, urging people to subscribe to PewDiePie
Is your printer secure?
https://www.theverge.com/2018/11/30/18119576/pewdiepie-printer-hack-t-series-youtube?fbclid=IwAR3QgWJl73KSUj9PsLqLldWu2qHy2iC8ih6urFyhWZdpck7fiOT_fdRX3NQ
Tomi Engdahl says:
New York Times:
US officials: China’s cyberespionage against the US, which was pared back in 2015 after US-China pact, picked up again in 2017 and has accelerated since then
After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology
https://www.nytimes.com/2018/11/29/us/politics/china-trump-cyberespionage.html
Three years ago, President Barack Obama struck a deal with China that few thought was possible: President Xi Jinping agreed to end his nation’s yearslong practice of breaking into the computer systems of American companies, military contractors and government agencies to obtain designs, technology and corporate secrets, usually on behalf of China’s state-owned firms.
The pact was celebrated by the Obama administration as one of the first arms-control agreements for cyberspace — and for 18 months or so, the number of Chinese attacks plummeted. But the victory was fleeting.
Soon after President Trump took office, China’s cyberespionage picked up again and, according to intelligence officials and analysts, accelerated in the last year as trade conflicts and other tensions began to poison relations between the world’s two largest economies.
Tomi Engdahl says:
NATO Exercises Cyber Defences as Threat Grows
https://www.securityweek.com/nato-exercises-cyber-defences-threat-grows
In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
With its harsh lighting and partitioned desks, the room could be any soulless office. But this is NATO’s “cyber range” and these men and women are running the alliance’s biggest cyber warfare exercise, an electronic defensive drill dubbed Cyber Coalition 2018.
The activity is taking place just 50 kilometres (30 miles) from the border with Russia, seen by the West as the biggest cyber threat after a string of attacks blamed on the Kremlin. Targets have included world sports bodies, the US Democratic Party and the world chemical weapons watchdog in the Netherlands.
Tomi Engdahl says:
Kaspersky’s U.S. Government Ban Upheld by Appeals Court
https://www.securityweek.com/kasperskys-us-government-ban-upheld-appeals-court
The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.
The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.
“Kaspersky failed to adequately allege that Congress enacted a bill of attainder. The court noted the nonpunitive interest at stake: the security of the federal government’s information systems. The law is prophylactic, not punitive,” the appeals court said in its ruling.
https://law.justia.com/cases/federal/appellate-courts/cadc/18-5176/18-5176-2018-11-30.html
Tomi Engdahl says:
CNN:
Canadian activist sues NSO Group, claims its spyware empowered Saudi officials to access WhatsApp messages with Jamal Khashoggi, possibly leading to his killing — London (CNN)In his public writings, Jamal Khashoggi’s criticism of Saudi Arabia and its Crown Prince Mohammed bin Salman was measured.
Jamal Khashoggi’s private WhatsApp messages may offer new clues to killing
https://edition.cnn.com/2018/12/02/middleeast/jamal-khashoggi-whatsapp-messages-intl/
In his public writings, Jamal Khashoggi’s criticism of Saudi Arabia and its Crown Prince Mohammed bin Salman was measured. In private, the Washington Post columnist didn’t hold back.
In more than 400 WhatsApp messages sent to a fellow Saudi exile in the year before he was killed at the Saudi consulate in Istanbul, Khashoggi describes bin Salman — often referred to as MBS — as a “beast,” a “pac-man” who would devour all in his path, even his supporters.
CNN has been granted exclusive access to the correspondence between Khashoggi and Montreal-based activist Omar Abdulaziz.
Tomi Engdahl says:
https://edition.cnn.com/2018/12/02/middleeast/jamal-khashoggi-whatsapp-messages-intl/
Abdulaziz on Sunday launched a lawsuit against an Israeli company that invented the software he believes was used to hack his phone.
“The hacking of my phone played a major role in what happened to Jamal, I am really sorry to say,” Abdelaziz told CNN. “The guilt is killing me.”
Tomi Engdahl says:
Lawsuits Filed Against Marriott Over Massive Data Breach
https://www.securityweek.com/lawsuits-filed-against-marriott-over-massive-data-breach
Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers.
Marriott reported on Friday that one of its security tools detected unauthorized access to its Starwood guest reservation database on September 8. Further investigation revealed that the Starwood network had been breached since as early as 2014.
The database targeted by the attackers stored the names, addresses, dates of birth, phone numbers, email addresses, passport numbers, gender, and reservation details of roughly 327 million guests.
In some cases, the records also included payment card information. While Marriott says the payment information was encrypted using AES-128, it admitted that the encryption key may have been compromised.
Tomi Engdahl says:
Espionage, ID Theft? Myriad Risks From Stolen Marriott Data
https://www.securityweek.com/espionage-id-theft-myriad-risks-stolen-marriott-data
The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say.
It is one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.
But the target here — hotels where high-stakes business deals, romantic trysts and espionage are daily currency — makes the data gathered especially sensitive.
Tomi Engdahl says:
Russian Hackers Use BREXIT Lures in Recent Attacks
https://www.securityweek.com/russian-hackers-use-brexit-lures-recent-attacks
Infamous Russia-linked cyber-espionage group Sofacy used BREXIT-themed lure documents in attacks on the same day the United Kingdom Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU).
Also known as Pawn Storm, Sednit, Fancy Bear, APT28, Group 74, Tsar Team, Strontium, and Snakemackerel, the state-sponsored group has been active for over a decade and is believed to have been behind the DNC hack before the US 2016 elections.
Tomi Engdahl says:
NATO Exercises Cyber Defences as Threat Grows
https://www.securityweek.com/nato-exercises-cyber-defences-threat-grows
In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
With its harsh lighting and partitioned desks, the room could be any soulless office. But this is NATO’s “cyber range” and these men and women are running the alliance’s biggest cyber warfare exercise, an electronic defensive drill dubbed Cyber Coalition 2018.
Tomi Engdahl says:
Elasticsearch Instances Expose Data of 82 Million U.S. Users
https://www.securityweek.com/elasticsearch-instances-expose-data-82-million-us-users
Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.
A total of 73 gigabytes of data were found during a “regular security audit of publicly available servers with the Shodan search engine,” HackenProof explains. At least three IPs with the identical Elasticsearch clusters misconfigured for public access were discovered.
Tomi Engdahl says:
Mozilla Testing DNS-over-HTTPS in Firefox
https://www.securityweek.com/mozilla-testing-dns-over-https-firefox
Tomi Engdahl says:
This is how Docker containers can be exploited to mine for cryptocurrency
Containers are becoming a target for cryptojacking in rising numbers.
https://www.zdnet.com/article/this-is-how-docker-can-be-exploited-to-covertly-mine-for-cryptocurrency/
Tomi Engdahl says:
Shop Safe This Holiday Season
https://foundation.mozilla.org/en/privacynotincluded/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=67998689&_hsenc=p2ANqtz-_Cwq0fLoD-jlLVyuXFEZFJdyHPH8n8UIBoGJwEru4t76cDw4t118CIf2rQFfkwcuH-2ve6–jH_nVdu5bzh88E9iE_eaGHrQjfgxQL2a1lSwJhmhs&_hsmi=67998689
Teddy bears that connect to the internet. Smart speakers that listen to commands. Great gifts—unless they spy on you. We created this guide to help you buy safe, secure products this holiday season.
Tomi Engdahl says:
Ethics Need Not Apply: The Dark Side of Law
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ethics-need-not-apply-the-dark-side-of-law
Tomi Engdahl says:
UK’s NCSC Explains How They Handle Discovered Vulnerabilities
https://www.bleepingcomputer.com/news/security/uks-ncsc-explains-how-they-handle-discovered-vulnerabilities/
When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if they will keep it to themselves for use during intelligence gathering.
Tomi Engdahl says:
Warning: Malware, rogue users can spy on some apps’ HTTPS crypto – by whipping them with a CAT o’ nine TLS
Malicious code can spy on OpenSSL, Apple CoreTLS, etc
https://www.theregister.co.uk/2018/12/01/tls_broken_crypto/
Tomi Engdahl says:
It’s nearly 2019, and your network can get pwned through an oscilloscope
Researchers find head-slapping backdoors in lab equipment
https://www.theregister.co.uk/2018/11/30/pwned_via_oscilloscope/
Administrators overseeing lab environments would be well advised to double-check their network setups following the disclosure of serious flaws in a line of oscilloscopes.
On Friday, SEC Consult said it had uncovered a set of high-impact vulnerabilities in electronic testing equipment made by Siglent Technologies.
In particular, the bug-hunters examined the Siglent SDS 1202X-E Digital line of Ethernet-enabled oscilloscopes and found the boxes were lacking even basic security protections.
SEC Consult SA-20181130-0 :: Multiple Vulnerabilities in Siglent Technologies SDS 1202X-E Digital Oscilloscope
https://seclists.org/fulldisclosure/2018/Nov/68
Tomi Engdahl says:
Hack Brief: Printers Were Exploited for PewDiePie Propaganda
https://www.wired.com/story/pewdiepie-printers-propaganda-hack-brief/
Tomi Engdahl says:
Moscow’s New Cable Car System Infected with Ransomware the Day After it Opens
https://www.bleepingcomputer.com/news/security/moscows-new-cable-car-system-infected-with-ransomware-the-day-after-it-opens/
Tomi Engdahl says:
What the Marriott Breach Says About Security
https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.
Tomi Engdahl says:
Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups
https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/
Tomi Engdahl says:
Päivitys tiedotteeseen klo 11:10 Digitan antenni-tv-verkossa oli laaja katkos sunnuntaina 2.12.
https://www.digita.fi/medialle/tiedotteet/paivitys_tiedotteeseen_klo_11_10_digitan_antenni-tv-verkossa_oli_laaja_katkos_sunnuntaina_2.12..5655.news
Tomi Engdahl says:
U.S. Military Members Catfished and Hooked for Thousands of Dollars
https://threatpost.com/u-s-military-members-catfished-and-hooked-for-thousands-of-dollars/139569/
Prisoners in South Carolina posed convincingly as beautiful women on social media platforms.
A sextortion ring that aimed “catfish” efforts at U.S. military service members has been uncovered. The scam bilked 442 service members from the Army, Navy, Air Force and Marine Corps out of more than $560,000.
Tomi Engdahl says:
Warren P. Strobel / Wall Street Journal:
CIA intercepts show MbS sent at least 11 Whatsapp messages to his closest advisor, who oversaw the killing of Jamal Khashoggi, before and after the murder — Conclusion that Prince Mohammed bin Salman ‘probably ordered’ killing relies in part on 11 messages he sent to adviser who oversaw hit squad around time it killed journalist
CIA Intercepts Underpin Assessment Saudi Crown Prince Targeted Khashoggi
https://www.wsj.com/articles/cia-intercepts-underpin-assessment-saudi-crown-prince-targeted-khashoggi-1543640460
Conclusion that Prince Mohammed bin Salman ‘probably ordered’ killing relies in part on 11 messages he sent to adviser who oversaw hit squad around time it killed journalist
WASHINGTON—Saudi Crown Prince Mohammed bin Salman sent at least 11 messages to his closest adviser, who oversaw the team that killed journalist Jamal Khashoggi, in the hours before and after the journalist’s death in October, according to a highly classified CIA
Tomi Engdahl says:
Quora says 100 million users may have been affected by data breach
https://techcrunch.com/2018/12/03/quora-says-100-million-users-may-have-been-affected-by-data-breach/?sr_share=facebook&utm_source=tcfbpage
Quora said today that a security breach may have compromised data from about 100 million users. In an email sent to users today and a blog post by CEO Adam D’Angelo, the company said a “malicious third party” gained unauthorized access to Quora’s systems on Friday.
https://blog.quora.com/Quora-Security-Update
Tomi Engdahl says:
Marriott’s breach response is so bad, security experts are filling in the gaps — at their own expense
https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/?utm_source=tcfbpage&sr_share=facebook
Last Friday, Marriott sent out millions of emails warning of a massive data breach — some 500 million guest reservations had been stolen from its Starwood database.
One problem: the email sender’s domain didn’t look like it came from Marriott at all.
there’s no easy way to check that the domain is real
But what makes matters worse is that the email is easily spoofable.
Companies should host any information on their own websites and verified social media pages to stop bad actors from hijacking victims for their own gain. But once you start setting up your own dedicated, off-site page with its unique domain, you have to consider the cybersquatters — those who register similar-looking domains that look almost the same.
Equifax, the biggest breach of last year, made headlines not only for its eye-watering hack, but its shockingly bad response.
Marriott has clearly learned nothing from the response.
Tomi Engdahl says:
Wanna save yourself against NotPetya? Try this one little Windows tweak
https://www.theregister.co.uk/2018/12/03/notpetya_ncc_eternalglue_production_network/
NCC Group discovers network-saving quirk during worm tests
NCC’s Eternalglue worm, which differs from actual malware in being configurable not to touch defined network ranges or hosts; in the case of NCC’s rather adventurous customer, the firm’s industrial control systems.
When studying how Eternalglue spread through the target network, NCC made a rather surprising discovery: a simple Active Directory setting was enough to stop it in its tracks, even if a domain admin account was used to log into an infected device.
Tomi Engdahl says:
The FBI Created a Fake FedEx Website to Unmask a Cybercriminal
https://motherboard.vice.com/en_us/article/d3b3xk/the-fbi-created-a-fake-fedex-website-to-unmask-a-cybercriminal
In an attempt to identify someone tricking a company into handing over cash, the FBI created a fake FedEx website, as well as deployed booby-trapped Word documents to reveal fraudsters’ IP addresses.
Tomi Engdahl says:
Container code cluster-fact: There’s a hole in Kubernetes
Critical bug brings bevy of patches
https://www.theregister.co.uk/2018/12/03/container_code_clusterfact_theres_a_hole_in_kubernetes/
The keepers of Kubernetes, the rather popular software container orchestration system, have pushed out three new releases that patch a critical flaw.
Kubernetes verversion v1.10.11, v1.11.5, and v1.12.3 have been made available to fix CVE-2018-1002105, a privilege escalation vulnerability.
Tomi Engdahl says:
APT28 / Fancy Bear still targeting military institutions
https://www.emanueledelucia.net/apt28-targeting-military-institutions/
The spear-phishing attack has been designed to drop a first malicious component likely belonging to the APT28 / Fancy Bear arsenal. An high rate of code reuse and internal analysis confirm it ‘s a SedUploader variant.
Tomi Engdahl says:
EternalGlue part three: releasing a worm into an enterprise network of a 100 billion dollar company
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/december/eternalglue-part-three-releasing-a-worm-into-an-enterprise-network-of-a-100-billion-dollar-company/
In short, NCC Group has engineered a modular computer worm suitable for production networks to enable quantifiable understanding and measurement of such events by internal risk, security and operations functions.
As a result, we enabled our customer to understand not only how it would have affected them, but also if certain design decisions and resulting assumptions around resilience and response were true.
The partnership with our customer has resulted in us being able to talk about this project, albeit anonymously.
Tomi Engdahl says:
Alert (AA18-337A)
SamSam Ransomware
https://www.us-cert.gov/ncas/alerts/AA18-337A
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.
Tomi Engdahl says:
Marriott sued hours after announcing data breach
One class-action lawsuit is seeking $12.5 billion in damages.
https://www.zdnet.com/article/marriott-sued-hours-after-announcing-data-breach/#ftag=RSSbaffb68
Tomi Engdahl says:
Quora discloses mega breach impacting 100 million users
Account info, passwords, emails, private messages, and user votes were exposed.
https://www.zdnet.com/article/quora-discloses-mega-breach-impacting-100-million-users/
Tomi Engdahl says:
After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers
Indian police raid 26 call centers, make 63 arrests.
https://www.zdnet.com/article/after-microsoft-complaints-indian-police-arrest-tech-support-scammers-at-26-call-centers/
New Delhi police have arrested 63 suspects in the last two months working and operating 26 call centers that were engaging in tech support scams, posing as tech support staff at Microsoft, Google, Apple, and other major tech companies.
Tomi Engdahl says:
Researchers discover SplitSpectre, a new Spectre-like CPU attack
Spectre-like variations continue to be discovered, just as academics predicted at the start of 2018.
https://www.zdnet.com/article/researchers-discover-splitspectre-a-new-spectre-like-cpu-attack/
Tomi Engdahl says:
New industrial espionage campaign leverages AutoCAD-based malware
https://www.zdnet.com/article/new-industrial-espionage-campaign-leverages-autocad-based-malware/#ftag=RSSbaffb68
Researchers warn about industrial espionage group targeting companies in the energy sector with AutoCAD-based malware.
Tomi Engdahl says:
AutoCAD Malware – Computer Aided Theft
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
Tomi Engdahl says:
New KingMiner Threat Shows Cryptominer Evolution
https://www.bleepingcomputer.com/news/security/new-kingminer-threat-shows-cryptominer-evolution/
CoinMiners searching for hosts
https://isc.sans.edu/diary/rss/24364
Tomi Engdahl says:
Here are another 45,000 reasons to patch Windows systems against old NSA exploits
It’s 2018 and UPnP is still opening up networks – this time to leaked SMB cyber-weapons
https://www.theregister.co.uk/2018/11/30/akamai_routerwreckers_active/
Earlier this year, Akamai warned that vulnerabilities in Universal Plug’N’Play (UPnP) had been exploited by scumbags to hijack 65,000 home routers. In follow-up research released this week, it revealed little has changed.
Having revisited its April probing, the web cache biz has come to the conclusion that the security nightmare it dubbed “UPnProxy” is still “alive and well.”
Tomi Engdahl says:
Modular Encryptor Provides Security Across Domains
This COTS cybersecurity guard enables secure flow of data between unclassified networks.
https://www.mwrf.com/defense/modular-encryptor-provides-security-across-domains?Issue=MWRF-001_20181203_MWRF-001_631&sfvc4enews=42&cl=article_2_b&utm_rid=CPG05000002750211&utm_campaign=21830&utm_medium=email&elq2=1f4b5f6af69245b28eb4985b9ef95b9c
Tomi Engdahl says:
Wanna save yourself against NotPetya? Try this one little Windows tweak
NCC Group discovers network-saving quirk during worm tests
https://www.theregister.co.uk/2018/12/03/notpetya_ncc_eternalglue_production_network/