Adam D’Angelo / The Quora Blog:
Quora says it discovered a data breach on Nov. 30 affecting about 100M users, exposing names, email addresses, hashed passwords, and other non-public content — We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party. https://blog.quora.com/Quora-Security-Update
Six former Facebook employees who left the company within the last two years told CNBC they’ve experienced a rise in contact from current company employees to inquire about opportunities or ask for job references.
The shift in behavior comes as Facebook deals with scandal after scandal while seeing a nearly 40 percent drop in its stock price from a peak in July.
Sen. Charles Schumer says Marriott hotel officials should pay for new passports for customers whose passport numbers were hacked as part of a massive data breach.
The New York Democrat said Sunday that Marriott should immediately notify customers who are at greatest risk of identity theft and pay the $110 cost of a new U.S. passport if the customers request it.
Marriott disclosed Friday that hackers had stolen data on as many as 500 million guests of former Starwood chain properties, including credit card and passport numbers.
Security Teams Need to Maintain Packet-level Visibility Into All Traffic Flowing Across Their Networks
The most destructive disaster is the one you do not see coming. Before modern meteorology, settlers along the Atlantic coast had no warning when a hurricane was upon them. There was no way to escape from the titanic forces of wind and rain. Now, scientific instruments such as radar, barometers and satellites can see trouble brewing halfway across the ocean, giving residents time to evacuate and save lives.
While there is no evacuating cyberspace to avoid a storm of hackers, prior warning gives security teams a chance to stop cybercriminals before they can wreak havoc and make off with sensitive customer data or company secrets. There is an all too common adage that it is not a question of if a company will be hacked, but when they will find the hack. The realities of the cyberspace make it too difficult to reliably keep hackers out of corporate networks. That is not to say security teams should give up, but rather that they need to shift their goals.
Australia’s two main parties struck a deal Tuesday to pass sweeping cyber laws requiring tech giants to help government agencies get around encrypted communications used by suspected criminals and terrorists.
The laws are urgently needed to investigate serious crimes like terrorism and child sex offences, the conservative government said, citing a recent case involving three men accused of plotting attacks who used encrypted messaging applications.
But critics including Google and Facebook as well as privacy advocates warn the laws would weaken cybersecurity and be among the most far-reaching in a Western democracy.
The bill is expected to pass parliament by Thursday, which is the end of the sitting week
The vulnerability, discovered by Rancher Labs Co-founder and Chief Architect Darren Shepherd, is tracked as CVE-2018-1002105 and it has been assigned a CVSS score of 9.8. It can allow an attacker to escalate privileges by sending specially crafted requests to the targeted server.
Thousands of emails were stolen from aides to the National Republican Congressional Committee during the 2018 midterm campaign, a major breach exposing vulnerabilities that have kept cybersecurity experts on edge since the 2016 presidential race.
The email accounts were compromised during a series of intrusions that had been spread over several months and discovered in April, a person familiar with the matter told The Associated Press.
Not Enough Evidence That Russians Are Behind Recent Spear-Phishing Attack, Microsoft Says
There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United States Department of State to Russian hackers, Microsoft says.
The attack, which started on November 14, was previously said to have been the work of Cozy Bear, a Russian threat actor involved in hacking incidents during the 2016 U.S. presidential election. Microsoft, which tracks the adversary as YTTRIUM, begs to differ.
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan.
The security firm has analyzed two popular M2M protocols: Message Queuing Telemetry Transport (MQTT), which facilitates communications between a broker and multiple clients, and the Constrained Application Protocol (CoAP), a UDP-based server-client protocol that allows HTTP-like communications between nodes.
In the case of MQTT, Trend Micro researchers discovered vulnerabilities in both the protocol itself and its implementations. The flaws can allow malicious actors to execute arbitrary code or cause a denial-of-service (DoS) condition, which, as experts have often warned, can pose a serious risk to industrial systems. The flaws have been reported to the developers of the affected software and patches have been released.
A prime example is London Blue, a network of cybercriminals exposed by new research from email-security firm Agari. The group has laid the groundwork for large-scale business email compromise (BEC) attacks by compiling a list of more than 50,000 corporate officials, including dozens of executives from the world’s biggest banks, according to Agari. Over half of the 50,000 targets were in in the United States.
“The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location,” Agari researchers wrote.
Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.
Having seen an uptick in unique UNIX infrastructures that are integrated into customers’ existing Active Directory forests, the question becomes, “Does this present any concerns that may not be well understood?” This quickly became “What if an adversary could get into a UNIX box and then breach your domain?”
Realistically, the threat models associated with each part of the implementation should be quite familiar to anyone securing a heterogeneous Windows network. Having worked with a variety of customers, it becomes apparent that the typical UNIX administrator who does not have a strong background in Windows and Active Directory will be ill-equipped to handle this threat.
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour.
What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin.
Instead, the attackers are asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China’s most popular messaging app.
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.
Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries.
Britain should think long and hard if it’s comfortable with the Chinese building its 5G network.
The head of MI6 has warned the UK over the role of Chinese firms in building the country’s 5G infrastructure.
In a rare speech, the UK Secret Intelligence Service boss said the UK should think long and hard before working with Huawei, or any other Chinese company, following past concerns.
Alex Younger said Britain needs to think if it’s comfortable “with Chinese ownership of these technologies”.
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers
Reader Mike submitted a malicious Word document. The document (MD5 6c975352821d2532d8387f19457b584e) contains obfuscated VBA code that launches a shell command. That shell command is hidden somewhere in the document (not in the VBA code).
A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim’s bill.
Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it’s “the only company that specializes in decrypting files”, urging users: “Call – we will help!”
The group’s skimmer has added some capabilities that steals credentials from admins.
A growing threat group within the Magecart family of criminals has evolved to skim data not only from website visitors – but also from site administrators as well. This new capability could allow Magecart bad actors to escalate attacks and infiltrate organizations, researchers said.
In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept. The team, from Singapore, Australia and Romania, worked out a better approach to a decades-old testing technique called fuzzing.
The Czech Republic says that Russian government hackers were intercepting and snooping on communications for one of its agencies for more than a year.
An annual report from the Czech Security Information Service (BIS) covering the 2017 calendar year disclosed how, in the early months of the year, it uncovered a massive network breach at the office of the Ministry of Foreign Affairs (MFA).
Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows.
After one hacker bombarded printers with a message urging people to subscribe to PewDiePie, someone is now claiming to offer a mass-printing service across the internet.
Reality Winner received the longest sentence ever imposed in federal court for an unauthorized release of government information to the media, prosecutors said.
She pleaded guilty in June 2018 to one felony count of unauthorized transmission of national defense information, for giving a classified report about Russian interference in the 2016 election to a news outlet.
It’s like a greatest hits album of terrible security policies
In its current form, the attack bundles exploit code for the Flash zero-day (a use-after-free() bug) with an ActiveX call that is embedded within an Office document. The attacker delivers the document via a spear-phishing email.
While the U.S. government is working to tighten its grip over citizens’ personal privacy, Europe’s new policy regulations are hoping to do the opposite.
Last month, the French National Assembly announced that they would no longer use Google. Instead, all French government devices will soon adopt the privacy-focused Qwant as their default search engine.
Botnet is still up and running but law enforcement has been notified.
Crooks controlling a network of over 20,000 already-infected WordPress installations are using these sites to launch attacks on other WordPress sites, ZDNet has learned from WordPress security firm Defiant.
The company, which manages and publishes the Wordfence plugin, a firewall system for WordPress sites, says it detected over five million login attempts in the last month from already-infected sites against other, clean WordPress portals.
The attacks are what security experts call “dictionary attacks.”
Defiant says that the people behind this botnet made “some mistakes in their implementation of the brute force scripts” that allowed researchers to expose the botnet’s entire backend infrastructure.
Defiant researchers say they were able to bypass the botnet control panel login system and take a peek inside the crooks’ operation.
(Reuters) – Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation
Over the summer, Microsoft President Brad Smith called for governments to take a closer look at how facial detection technology is being implemented across the globe. This week, he returned with a similar message — only this time the executive is calling out fellow technology purveyors to help address myriad issues around the technology before it becomes too pervasive.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
486 Comments
Tomi Engdahl says:
Adam D’Angelo / The Quora Blog:
Quora says it discovered a data breach on Nov. 30 affecting about 100M users, exposing names, email addresses, hashed passwords, and other non-public content — We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.
https://blog.quora.com/Quora-Security-Update
Tomi Engdahl says:
Facebook employees are calling former colleagues to look for jobs outside the company and asking about the best way to leave
https://www.cnbc.com/2018/12/02/facebook-employees-calling-former-colleagues-to-look-for-jobs-outside.html
Six former Facebook employees who left the company within the last two years told CNBC they’ve experienced a rise in contact from current company employees to inquire about opportunities or ask for job references.
The shift in behavior comes as Facebook deals with scandal after scandal while seeing a nearly 40 percent drop in its stock price from a peak in July.
Tomi Engdahl says:
Israeli Firm Rejects Alleged Connection to Khashoggi Killing
https://www.securityweek.com/israeli-firm-rejects-alleged-connection-khashoggi-killing
Tomi Engdahl says:
Phishing Campaign Delivers FlawedAmmyy, RMS RATs
https://www.securityweek.com/phishing-campaign-delivers-flawedammyy-rms-rats
Tomi Engdahl says:
Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements
https://www.securityweek.com/flaws-siglent-oscilloscope-allow-hackers-tamper-measurements
Tomi Engdahl says:
Espionage, ID Theft? Myriad Risks From Stolen Marriott Data
https://www.securityweek.com/espionage-id-theft-myriad-risks-stolen-marriott-data
Tomi Engdahl says:
Schumer Says Marriott Should Pay to Replace Hacked Passports
https://www.securityweek.com/schumer-says-marriott-should-pay-replace-hacked-passports
Sen. Charles Schumer says Marriott hotel officials should pay for new passports for customers whose passport numbers were hacked as part of a massive data breach.
The New York Democrat said Sunday that Marriott should immediately notify customers who are at greatest risk of identity theft and pay the $110 cost of a new U.S. passport if the customers request it.
Marriott disclosed Friday that hackers had stolen data on as many as 500 million guests of former Starwood chain properties, including credit card and passport numbers.
Tomi Engdahl says:
Lenovo Pays $7.3 Million to Settle Superfish Adware Lawsuit
https://www.securityweek.com/lenovo-pays-73-million-settle-superfish-adware-lawsuit
Tomi Engdahl says:
Kubernetes’ first major security hole discovered
https://www.zdnet.com/article/kubernetes-first-major-security-hole-discovered/
There’s now an invisible way to hack into the popular cloud container orchestration system Kubernetes
Tomi Engdahl says:
Intro to NFC Payment Relay Attacks
https://salmg.net/2018/12/01/intro-to-nfc-payment-relay-attacks/
Tomi Engdahl says:
Fake iOS Fitness Apps Steal Money
https://www.securityweek.com/fake-ios-fitness-apps-steal-money
Tomi Engdahl says:
Cybersecurity Storms: Visibility is Key to Cyber Protections
https://www.securityweek.com/cybersecurity-storms-visibility-key-cyber-protections
Security Teams Need to Maintain Packet-level Visibility Into All Traffic Flowing Across Their Networks
The most destructive disaster is the one you do not see coming. Before modern meteorology, settlers along the Atlantic coast had no warning when a hurricane was upon them. There was no way to escape from the titanic forces of wind and rain. Now, scientific instruments such as radar, barometers and satellites can see trouble brewing halfway across the ocean, giving residents time to evacuate and save lives.
While there is no evacuating cyberspace to avoid a storm of hackers, prior warning gives security teams a chance to stop cybercriminals before they can wreak havoc and make off with sensitive customer data or company secrets. There is an all too common adage that it is not a question of if a company will be hacked, but when they will find the hack. The realities of the cyberspace make it too difficult to reliably keep hackers out of corporate networks. That is not to say security teams should give up, but rather that they need to shift their goals.
Tomi Engdahl says:
Australia Set to Pass Sweeping Cyber Laws Despite Tech Giant Fears
https://www.securityweek.com/australia-set-pass-sweeping-cyber-laws-despite-tech-giant-fears
Australia’s two main parties struck a deal Tuesday to pass sweeping cyber laws requiring tech giants to help government agencies get around encrypted communications used by suspected criminals and terrorists.
The laws are urgently needed to investigate serious crimes like terrorism and child sex offences, the conservative government said, citing a recent case involving three men accused of plotting attacks who used encrypted messaging applications.
But critics including Google and Facebook as well as privacy advocates warn the laws would weaken cybersecurity and be among the most far-reaching in a Western democracy.
The bill is expected to pass parliament by Thursday, which is the end of the sitting week
Tomi Engdahl says:
Critical Privilege Escalation Flaw Patched in Kubernetes
https://www.securityweek.com/critical-privilege-escalation-flaw-patched-kubernetes
The vulnerability, discovered by Rancher Labs Co-founder and Chief Architect Darren Shepherd, is tracked as CVE-2018-1002105 and it has been assigned a CVSS score of 9.8. It can allow an attacker to escalate privileges by sending specially crafted requests to the targeted server.
Tomi Engdahl says:
House GOP Campaign Arm Targeted by ‘Unknown Entity’ in 2018
https://www.securityweek.com/house-gop-campaign-arm-targeted-unknown-entity-2018
Thousands of emails were stolen from aides to the National Republican Congressional Committee during the 2018 midterm campaign, a major breach exposing vulnerabilities that have kept cybersecurity experts on edge since the 2016 presidential race.
The email accounts were compromised during a series of intrusions that had been spread over several months and discovered in April, a person familiar with the matter told The Associated Press.
Tomi Engdahl says:
No Smoking Gun Tying Russia to Spear-Phishing Attack, Microsoft Says
https://www.securityweek.com/no-smoking-gun-tying-russia-spear-phishing-attack-microsoft-says
Not Enough Evidence That Russians Are Behind Recent Spear-Phishing Attack, Microsoft Says
There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United States Department of State to Russian hackers, Microsoft says.
The attack, which started on November 14, was previously said to have been the work of Cozy Bear, a Russian threat actor involved in hacking incidents during the 2016 U.S. presidential election. Microsoft, which tracks the adversary as YTTRIUM, begs to differ.
Tomi Engdahl says:
M2M Protocols Expose Industrial Systems to Attacks
https://www.securityweek.com/m2m-protocols-expose-industrial-systems-attacks
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan.
The security firm has analyzed two popular M2M protocols: Message Queuing Telemetry Transport (MQTT), which facilitates communications between a broker and multiple clients, and the Constrained Application Protocol (CoAP), a UDP-based server-client protocol that allows HTTP-like communications between nodes.
In the case of MQTT, Trend Micro researchers discovered vulnerabilities in both the protocol itself and its implementations. The flaws can allow malicious actors to execute arbitrary code or cause a denial-of-service (DoS) condition, which, as experts have often warned, can pose a serious risk to industrial systems. The flaws have been reported to the developers of the affected software and patches have been released.
Tomi Engdahl says:
financial
‘London Blue’ cybercriminals turn to large-scale email scam
https://www.cyberscoop.com/london-blue-business-email-compromise-agari/
A prime example is London Blue, a network of cybercriminals exposed by new research from email-security firm Agari. The group has laid the groundwork for large-scale business email compromise (BEC) attacks by compiling a list of more than 50,000 corporate officials, including dozens of executives from the world’s biggest banks, according to Agari. Over half of the 50,000 targets were in in the United States.
“The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location,” Agari researchers wrote.
Tomi Engdahl says:
Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability
https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injection-vulns.html
Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.
Tomi Engdahl says:
An introduction to offensive capabilities of Active Directory on UNIX
https://blog.talosintelligence.com/2018/12/PortcullisActiveDirectory.html
Having seen an uptick in unique UNIX infrastructures that are integrated into customers’ existing Active Directory forests, the question becomes, “Does this present any concerns that may not be well understood?” This quickly became “What if an adversary could get into a UNIX box and then breach your domain?”
Realistically, the threat models associated with each part of the implementation should be quite familiar to anyone securing a heterogeneous Windows network. Having worked with a variety of customers, it becomes apparent that the typical UNIX administrator who does not have a strong background in Windows and Active Directory will be ill-equipped to handle this threat.
Tomi Engdahl says:
Google Patches 11 Critical RCE Android Vulnerabilities
https://threatpost.com/google-patches-11-critical-rce-android-vulnerabilities/139612/
Google’s December Android Security Bulletin tackles 53 unique flaws.
Remote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin.
Tomi Engdahl says:
New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs
https://thehackernews.com/2018/12/china-ransomware-wechat.html
A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour.
What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin.
Instead, the attackers are asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China’s most popular messaging app.
Tomi Engdahl says:
Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.
Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries.
Tomi Engdahl says:
MI6 head warns on Huawei UK 5G
https://www.itproportal.com/news/mi6-head-warns-on-huawei-uk-5g/
Britain should think long and hard if it’s comfortable with the Chinese building its 5G network.
The head of MI6 has warned the UK over the role of Chinese firms in building the country’s 5G infrastructure.
In a rare speech, the UK Secret Intelligence Service boss said the UK should think long and hard before working with Huawei, or any other Chinese company, following past concerns.
Alex Younger said Britain needs to think if it’s comfortable “with Chinese ownership of these technologies”.
Tomi Engdahl says:
Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs
https://securingtomorrow.mcafee.com/mcafee-labs/pay-per-install-company-deceptively-floods-market-with-unwanted-programs/
For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers
Tomi Engdahl says:
Word maldoc: yet another place to hide a command
https://isc.sans.edu/diary/rss/24370
Reader Mike submitted a malicious Word document. The document (MD5 6c975352821d2532d8387f19457b584e) contains obfuscated VBA code that launches a shell command. That shell command is hidden somewhere in the document (not in the VBA code).
Tomi Engdahl says:
Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit
No reason to panic, apparently: Redoing login details to become a regular thing
https://www.theregister.co.uk/2018/12/04/password_change_for_sharefile/
Tomi Engdahl says:
Container code cluster-fact: There’s a hole in Kubernetes that lets miscreants cause havoc
Critical bug brings bevy of patches
https://www.theregister.co.uk/2018/12/03/kubernetes_flaw_cve_2018_1002105/
Tomi Engdahl says:
He’s not cracked RSA-1024 encryption, he’s a very naughty Belarusian ransomware middleman
Dr Shifro pays ransom, gets discount and adds its own margin, says Check Point
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim’s bill.
Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it’s “the only company that specializes in decrypting files”, urging users: “Call – we will help!”
Tomi Engdahl says:
Magecart Group Ups Ante: Now Goes After Admin Credentials
https://threatpost.com/magecart-group-ups-ante-now-goes-after-admin-credentials/139580/
The group’s skimmer has added some capabilities that steals credentials from admins.
A growing threat group within the Magecart family of criminals has evolved to skim data not only from website visitors – but also from site administrators as well. This new capability could allow Magecart bad actors to escalate attacks and infiltrate organizations, researchers said.
Tomi Engdahl says:
NATO Exercises Cyber Defences as Threat Grows
https://www.securityweek.com/nato-exercises-cyber-defences-threat-grows
In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.
Tomi Engdahl says:
Faster fuzzing ferrets out 42 fresh zero-day flaws
https://nakedsecurity.sophos.com/2018/12/03/faster-fuzzing-ferrets-out-42-fresh-zero-day-flaws/
A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept. The team, from Singapore, Australia and Romania, worked out a better approach to a decades-old testing technique called fuzzing.
Tomi Engdahl says:
Czech yourself, Russia! Prague says its foreign ministry was hacked for more than a year
Report claims that from 2016-2017 the FSB was reading agency’s emails
https://www.theregister.co.uk/2018/12/03/czech_russia_hacking/
The Czech Republic says that Russian government hackers were intercepting and snooping on communications for one of its agencies for more than a year.
An annual report from the Czech Security Information Service (BIS) covering the 2017 calendar year disclosed how, in the early months of the year, it uncovered a massive network breach at the office of the Ministry of Foreign Affairs (MFA).
Tomi Engdahl says:
Cyber security: Hackers step out of the shadows with bigger, bolder attacks
https://www.zdnet.com/article/cyber-security-hackers-step-out-of-the-shadows-with-bigger-bolder-attacks/#ftag=RSSbaffb68
Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows.
Tomi Engdahl says:
Someone Is Claiming to Sell a Mass Printer Hijacking Service
https://motherboard.vice.com/en_us/article/zmdy7y/someone-is-selling-mass-print-hijacking-hacking-service
After one hacker bombarded printers with a message urging people to subscribe to PewDiePie, someone is now claiming to offer a mass-printing service across the internet.
Tomi Engdahl says:
Buckle Up: A Closer Look at Airline Security Breaches
Cyberattacks on airports and airlines are often unrelated to passenger safety – but that’s no reason to dismiss them, experts say
https://www.darkreading.com/threat-intelligence/buckle-up-a-closer-look-at-airline-security-breaches/d/d-id/1333336
Tomi Engdahl says:
ElasticSearch server exposed the personal data of over 57 million US citizens
https://www.zdnet.com/article/elasticsearch-server-exposed-the-personal-data-of-over-57-million-us-citizens/
Leaky database taken offline, but not after leaking user details for nearly two weeks.
Tomi Engdahl says:
Industry collaboration leads to takedown of the “3ve” ad fraud operation
https://security.googleblog.com/2018/11/industry-collaboration-leads-to.html
Tomi Engdahl says:
This phishing scam group built a list of 50,000 execs to target
https://www.zdnet.com/article/this-phishing-scam-group-built-a-list-of-50000-execs-to-target/
CEO fraud group has a big list of potential victims; just hope you aren’t on it.
Tomi Engdahl says:
Hackers can exploit this bug in surveillance cameras to tamper with footage
https://www.zdnet.com/article/hackers-can-exploit-these-bugs-in-surveillance-cameras-to-tamper-with-footage/
Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.
Tomi Engdahl says:
These Satellites Will Hunt Pirates, and Maybe Terrorists
https://www.bloomberg.com/news/articles/2018-11-30/spacex-to-loft-satellites-to-hunt-pirates-and-maybe-terrorists
SpaceX is set to launch three toaster oven-size vehicles this weekend that will scan the globe for telltale radio signals of dark ships.
Tomi Engdahl says:
A cyber-skills shortage means students are being recruited to fight off hackers
https://www.technologyreview.com/s/612309/a-cyber-skills-shortage-means-students-are-being-recruited-to-fight-off-hackers/?utm_campaign=owned_social&utm_source=facebook.com&utm_medium=social&fbclid=IwAR1HiV5lQ674MoMBtD8UdGEwwa2zxKkL20NOvtFgV7863eJx8v7NKftvHcQ
Students with little or no cybersecurity knowledge are being paired with easy-to-use AI software that lets them protect their campus from attack.
Tomi Engdahl says:
Australia rushes its ‘dangerous’ anti-encryption bill into parliament, despite massive opposition
https://techcrunch.com/2018/12/05/australia-rushes-its-dangerous-anti-encryption-bill-into-parliament/?utm_source=tcfbpage&sr_share=facebook
Tomi Engdahl says:
Head of Russian spy agency accused of U.S. election hack, U.K. spy poisoning dies
https://www.nbcnews.com/news/world/head-russian-spy-agency-accused-u-s-election-hack-u-n939261
Igor Korobov, 62, who ran the spy agency since 2016, died on Wednesday after “a serious and long illness,” the Russian defense ministry said.
Tomi Engdahl says:
Reality Winner, Former N.S.A. Translator, Gets More Than 5 Years in Leak of Russian Hacking Report
https://www.nytimes.com/2018/08/23/us/reality-winner-nsa-sentence.html
Reality Winner received the longest sentence ever imposed in federal court for an unauthorized release of government information to the media, prosecutors said.
She pleaded guilty in June 2018 to one felony count of unauthorized transmission of national defense information, for giving a classified report about Russian interference in the 2016 election to a news outlet.
Tomi Engdahl says:
Security
Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!
https://www.theregister.co.uk/2018/12/05/flash_zeroday_adobe/
It’s like a greatest hits album of terrible security policies
In its current form, the attack bundles exploit code for the Flash zero-day (a use-after-free() bug) with an ActiveX call that is embedded within an Office document. The attacker delivers the document via a spear-phishing email.
Tomi Engdahl says:
France is bidding adieu to Google in favor of a more private search engine
https://www.expressvpn.com/blog/google-france-qwant-privacy/
While the U.S. government is working to tighten its grip over citizens’ personal privacy, Europe’s new policy regulations are hoping to do the opposite.
Last month, the French National Assembly announced that they would no longer use Google. Instead, all French government devices will soon adopt the privacy-focused Qwant as their default search engine.
Tomi Engdahl says:
A botnet of over 20,000 WordPress sites is attacking other WordPress sites
https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-attacking-other-wordpress-sites/
Botnet is still up and running but law enforcement has been notified.
Crooks controlling a network of over 20,000 already-infected WordPress installations are using these sites to launch attacks on other WordPress sites, ZDNet has learned from WordPress security firm Defiant.
The company, which manages and publishes the Wordfence plugin, a firewall system for WordPress sites, says it detected over five million login attempts in the last month from already-infected sites against other, clean WordPress portals.
The attacks are what security experts call “dictionary attacks.”
Defiant says that the people behind this botnet made “some mistakes in their implementation of the brute force scripts” that allowed researchers to expose the botnet’s entire backend infrastructure.
Defiant researchers say they were able to bypass the botnet control panel login system and take a peek inside the crooks’ operation.
Tomi Engdahl says:
Exclusive: Clues in Marriott hack implicate China – sources
https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D
(Reuters) – Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation
Tomi Engdahl says:
Microsoft calls on companies to adopt a facial recognition code of conduct
https://techcrunch.com/2018/12/06/microsoft-calls-on-companies-to-adopt-a-facial-recognition-code-of-conduct/?utm_source=tcfbpage&sr_share=facebook
Over the summer, Microsoft President Brad Smith called for governments to take a closer look at how facial detection technology is being implemented across the globe. This week, he returned with a similar message — only this time the executive is calling out fellow technology purveyors to help address myriad issues around the technology before it becomes too pervasive.
https://blogs.microsoft.com/on-the-issues/2018/12/06/facial-recognition-its-time-for-action/