New York Times:
Sources: Marriott hack part of Chinese intelligence effort that also hacked health insurers, other hotels, and security clearance files of millions of Americans — WASHINGTON — The cyberattack on the Marriott hotel chain that collected passport information or other personal details …
The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.
The hackers, they said, are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.
Zack Whittaker / TechCrunch:
A misconfigured domain led to an exploit in Microsoft’s login system, now fixed, that made it possible to hijack anyone’s Office account, researcher finds
Matt Novak / Gizmodo:
DHS watchdog finds numerous problems with Customs and Border Protection’s data security, including leaving data copied from traveler’s devices on thumb drives
Last year, U.S. Customs and Border Protection (CBP) searched through the electronic devices of more than 29,000 travelers coming into the country. CBP officers sometimes upload personal data from those devices to Homeland Security servers by first transferring that data onto USB drives—drives that are supposed to be deleted after every use. But a new government report found that the majority of officers fail to delete the personal data.
Customs officials can conduct two kinds of electronic device searches at the border for anyone entering the country. The first is called a “basic” or “manual” search and involves the officer visually going through your phone, your computer or your tablet without transferring any data. The second is called an “advanced search” and allows the officer to transfer data from your device to DHS servers for inspection by running that data through its own software. Both searches are legal and don’t require a warrant or even probable cause—at least they don’t according to DHS.
New technologies continue to present great risks and opportunities for humanitarian action. To ensure that their use does not result in any harm, humanitarian organisations must develop and implement appropriate data protection standards, including robust risk assessments.
The OpenSSH client and server are now available as a supported Feature-on-Demand in Windows Server 2019 and Windows 10 1809! The Win32 port of OpenSSH was first included in the Windows 10 Fall Creators Update and Windows Server 1709 as a pre-release feature.
Now you can get paid up to $40,000 for finding and responsibly reporting critical vulnerabilities in the websites and mobile applications owned by Facebook that could allow cyber attackers to take over user accounts.
THE MASSIVE DATA breach that affected 500 million Marriott customers feels like a recent event, given that the company just discovered and disclosed it over the past four months. But it’s important to remember that the attack began much earlier
China’s role in the Marriott hack remains unconfirmed, but the accusation comes amid already heightened tensions between the United States and China over trade and intellectual property theft.
If China did perpetrate the Marriott hack in 2014, though, that would make it just one of several devastating, roughly concurrent cyberattacks against the United States. That same year, Chinese actors pilfered extremely sensitive and expansive data on tens of millions of US citizens from the Office of Personnel Management.
And in February 2014, Chinese hackers allegedly breached Anthem insurance
The diversity of data could allow Chinese espionage agents to check and cross-reference information and track individuals over time.
Taken all together, China’s 2014 hacking spree could potentially have revealed data on virtually every adult in the US.
Taylor Swift held a concert at California’s Rose Bowl this past May that was monitored by a facial recognition system. The system’s target? Hundreds of Swift’s stalkers.
Recently, a patent application from Amazon became public that would pair face surveillance — like Rekognition, the product that the company is aggressively marketing to police and Immigration and Customs Enforcement — with Ring, a doorbell camera company that Amazon bought earlier this year.
While the details are sketchy, the application describes a system that the police can use to match the faces of people walking by a doorbell camera with a photo database of persons they deem “suspicious.”
The Android Keystore provides application developers with a set of cryptographic tools that are designed to secure their users’ data. Keystore moves the cryptographic primitives available in software libraries out of the Android OS and into secure hardware. Keys are protected and used only within the secure hardware to protect application secrets from various forms of attacks. Keystore gives applications the ability to specify restrictions on how and when the keys can be used. Android Pie introduces new capabilities to Keystore. We will be discussing two of these new capabilities in this post. The first enables restrictions on key use so as to protect sensitive information. The second facilitates secure key use while protecting key material from the application or operating system.
Ships are the victims of cyber-security incidents more often than people think. Industry groups publish cyber-security guidelines to address issues.
Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals.
The document is the third edition of the “Guidelines on Cyber Security onboard Ships,”
The report also puts a great deal of attention on USB thumb drives, usually used to update systems or transfer new documents into air-gapped networks.
the guidelines also warned against IT screw-ups, which, while not technically cyber-security incidents, usually cause the same effects.
The fact that ships are vulnerable to hacking and malware infections isn’t anything new. Ships have been a disaster waiting to happen for years
Many of these ship-designed IT systems either use default credentials or feature backdoor accounts, putting the ship, cargo, and passengers in harm’s way due to sheer negligence.
The shipping industry got its cyber-security wake up call last year when Merck, the biggest cargo shipping company in the world, was infected with the NotPetya ransomware. The incident incurred costs of over $300 million
The French foreign ministry said Thursday its travel alert registry website had been pirated and citizens’ personal data “could be misused”.
In a statement the ministry did not say how many people were affected by the breach of the Ariane system, which lets people register for security alerts when travelling abroad.
A government organization in Rhode Island announced on Wednesday that it has filed a lawsuit against Google’s parent company, Alphabet Inc., over the recent security incidents involving the Google+ social network.
The United States said Wednesday that China was behind the massive hack of data from hotel giant Marriott, part of an ongoing global campaign of cyber-theft run by Beijing.
Secretary of State Mike Pompeo confirmed to Fox News’ Fox & Friends program that the government believes China masterminded the Marriott data theft.
“They have committed cyber attacks across the world,” he told the show.
A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet.
Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies in 2012, when it destroyed data on over 30,000 systems.
The company confirmed last year that an Apache Struts vulnerability that had been exploited in the wild for months was used to gain access to its systems. Equifax was even warned about the vulnerability, but failed to properly patch it.
The attack on Equifax started in May, but was only detected in July, although the adversaries sent 9,000 queries on 48 unrelated databases during that time.
Misconfigured databases with poor or absent access controls on both cloud and in-house servers is a known and common problem. Where these databases are exposed to the internet, anybody — with or without cyber expertise — can access the database and its content. While there is no ‘hack’ involved, such instances should still be called a breach since there is often no way of knowing whether the data contained has been accessed by malicious actors.
The potential severity of such breaches can only be measured by the quantity and quality (in terms of malicious potency) of the data contained.
In March 2018, researchers at InfoArmor discovered (PDF) an exposed database that contained extensive personal data for 120 million Brazilians. This comprised a unique identity number (the Cadastro de Pessoas FÌsicas, or CPF) that is issued by the Brazilian Federal Reserve to Brazilian citizens and tax-paying resident aliens.
A string of bomb threats emailed to universities, police departments and news outlets from New York City to Dallas to San Francisco Thursday sent officers scrambling to sort out what appeared to be a nationwide electronic hoax.
Records of 120 million taxpayers have been openly available online for weeks, according to experts.
A publicly accessible server containing unique taxpayer registry identification numbers for Brazilian nationals has been discovered, placing as many as 120 million citizens at risk.
According to security firm InfoArmor, who discovered the incident, the information related to about 57 percent of Brazil’s population was leaked by a misconfigured server earlier this year.
“index.html” had been renamed to “index.html_bkp,” revealing the directory’s contents and giving unfettered access to anyone who knew the filename
“Two simple security measures could have prevented this: not renaming the main index.html file or prohibiting access through .htaccess configuration. Neither of these basic cybersecurity measures were in place,” the report states.
It’s not often you can put nuclear weapons, terrorism and climate change on the same list as quantum computing, artificial intelligence and the Internet of Things, but the U.S. government believes all pose an “emerging threat” to its national security.
A new scam is making the rounds that promises to disrupt countless offices and schools. The scam is simple: the scammers send an email threatening to detonate a bomb if they don’t get a certain amount of Bitcoin within a specified time frame. Because there is little upside to ignoring a bomb threat at this point in history, entire offices are now being evacuated as this scam spreads.
At this time, it appears that these threats are meant to cause disruption and/or obtain money.
FireEye’s deep learning classifier can successfully identify malware using only the unstructured bytes of the Windows PE file.
Import-based features, like names and function call fingerprints, play a significant role in the features learned across all levels of the classifier.
Unlike other deep learning application areas, where low-level features tend to generally capture properties across all classes, many of our low-level features focused on very specific sequences primarily found in malware.
End-to-end analysis of the classifier identified important features that closely mirror those created through manual feature engineering, which demonstrates the importance of classifier depth in capturing meaningful features.
Cybercriminals continue to stress-test Windows, and our protective technologies continue to detect their attempts and prevent exploitation. It is not the first or even the second discovery of this kind over the past three months. This time, our systems detected an attempt to exploit the vulnerability in Windows Kernel Transaction Manager.
The world of macOS malware has a new member that makes no effort to keep appearances and looks rather like a bare-bones version that is still under development.
Its functionality is limited to taking screenshots and running a backdoor.
Adi Robertson / The Verge:
Spammers are emailing businesses, schools, and other locations in the US, Canada, and New Zealand, demanding bitcoin as ransom to not detonate a supposed bomb
Global Cyberattack Campaign Hits 87 Organizations Using “Rising Sun” Malware
At least 87 organizations worldwide were infected with the same malware as part of a newly discovered campaign targeting nuclear, defense, energy, and financial sectors, McAfee reports.
The use of Lazarus source code and the presence of numerous technical links to the state-sponsored North Korean hackers “seem too obvious to immediately draw the conclusion that they are responsible for the attacks,”
A recent campaign attributed to the Russian cyber-espionage group Sofacy hit government agencies in four continents in an attempt to infect them with malware, Palo Alto Networks security researchers say.
Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the Russian state-sponsored hacking group has been focusing on Ukraine and NATO countries in recent years, and the new attacks are no different. The actor is also believed to have targeted the 2016 presidential election in the United States.
Last month, Palo Alto Networks revealed that the group had used a new Trojan called Cannon in attacks on government entities around the globe.
The malicious documents used a remote template function in Word to retrieve a malicious macro from the first stage command and control (C&C) server and to load and execute an initial payload. A generic lure image in the documents would request the victim to enable macros.
As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.
a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials.
Kagan said he was alarmed by the targeting of foreign nuclear experts.
“This is a little more worrisome than I would have expected,” he said.
“The targets are very specific,” Certfa researcher Nariman Gharib said.
Iran has previously denied responsibility for hacking operations, but an AP analysis of its targets suggests that Charming Kitten is working in close alignment with the Islamic Republic’s interests.
The mixed bag of government targets suggests “a fairly scattershot attempt,”
WordPress developers announced on Thursday the availability of version 5.0.1 of the content management system (CMS), which addresses several types of vulnerabilities.
Researcher Tim Coen has discovered several cross-site scripting (XSS) flaws in WordPress, including one caused by the ability of contributors to edit new comments from users with higher privileges. He also found that a specially crafted URL input can be exploited for XSS attacks – this issue only impacts some plugins.
We detected mining activity on our honeypot that involves the search engine Elasticsearch, which is a Java-developed search engine based on the Lucene library and released as open-source. The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch. The vulnerable versions are no longer supported by Elasticsearch.
Israeli and Turkish military bases are now helpfully identified by big blurry blocks.
A Russian online mapping company was trying to obscure foreign military bases. But in doing so, it accidentally confirmed their locations—many of which were secret.
Yandex Maps, Russia’s leading online map service, blurred the precise locations of Turkish and Israeli military bases, pinpointing their location. The bases host sensitive surface-to-air missile sites and facilities housing nuclear weapons.
The Federation of American Scientists reports that Yandex Maps blurred out “over 300 distinct buildings, airfields, ports, bunkers, storage sites, bases, barracks, nuclear facilities, and random buildings” in the two countries. Some of these facilities were well known, but some of them were not. Not only has Yandex confirmed their locations, the scope of blurring reveals their exact size and shape.
A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group.
Dubbed ‘Sharpshooter,’ the hacking campaign was observed impacting at least 87 entities across the globe in a timespan of just two months.
The system
With the ADS-B system, an aircraft uses a satellite navigation system to broadcast its position periodically. This information can be received by ATC ground stations to track the aircraft. This information can also be received by other aircraft in the vicinity, thereby providing situational awareness.
ADS-B data is transmitted every second. This makes the aircraft visible at all times to any ATCs and ADS-B-equipped aircraft in its vicinity. This data can further be used for post-flight analysis.
ADS-B consists of two components:
ADS-B Out: This broadcasts data that includes aircraft identification, current position, altitude, and velocity through a transmitter onboard the aircraft.
ADS-B In: This is the reception of ADS-B data from nearby aircraft for improved situational awareness.
An ADS-B system depends on a satellite navigation source for position determination and a data link. The data link operates at one of two frequencies: either 1,090 MHz or 978 MHz. Aircraft that operate below 18,000 feet (5,500 m) use the 978-MHz datalink, while commercial aircraft use the 1,090-MHz link.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
486 Comments
Tomi Engdahl says:
New York Times:
Sources: Marriott hack part of Chinese intelligence effort that also hacked health insurers, other hotels, and security clearance files of millions of Americans — WASHINGTON — The cyberattack on the Marriott hotel chain that collected passport information or other personal details …
Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing
https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html
The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.
The hackers, they said, are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
A misconfigured domain led to an exploit in Microsoft’s login system, now fixed, that made it possible to hijack anyone’s Office account, researcher finds
A bug in Microsoft’s login system made it easy to hijack anyone’s Office account
https://techcrunch.com/2018/12/11/microsoft-login-bug-hijack-office-accounts/
Tomi Engdahl says:
Matt Novak / Gizmodo:
DHS watchdog finds numerous problems with Customs and Border Protection’s data security, including leaving data copied from traveler’s devices on thumb drives
Border Agents Fail to Delete Personal Data of Travelers After Electronic Searches, Watchdog Says
https://gizmodo.com/u-s-customs-fails-to-delete-personal-data-after-electr-1831006534
Last year, U.S. Customs and Border Protection (CBP) searched through the electronic devices of more than 29,000 travelers coming into the country. CBP officers sometimes upload personal data from those devices to Homeland Security servers by first transferring that data onto USB drives—drives that are supposed to be deleted after every use. But a new government report found that the majority of officers fail to delete the personal data.
Customs officials can conduct two kinds of electronic device searches at the border for anyone entering the country. The first is called a “basic” or “manual” search and involves the officer visually going through your phone, your computer or your tablet without transferring any data. The second is called an “advanced search” and allows the officer to transfer data from your device to DHS servers for inspection by running that data through its own software. Both searches are legal and don’t require a warrant or even probable cause—at least they don’t according to DHS.
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8842-windows-10-keraa-historiatietoja-vaikka-sen-kieltaa
Tomi Engdahl says:
The Humanitarian Metadata Problem – Doing No Harm in the Digital Era
https://privacyinternational.org/report/2509/humanitarian-metadata-problem-doing-no-harm-digital-era
New technologies continue to present great risks and opportunities for humanitarian action. To ensure that their use does not result in any harm, humanitarian organisations must develop and implement appropriate data protection standards, including robust risk assessments.
Tomi Engdahl says:
Windows Server 2019 Includes OpenSSH
https://blogs.windows.com/buildingapps/2018/12/11/windows-server-2019-includes-openssh/
The OpenSSH client and server are now available as a supported Feature-on-Demand in Windows Server 2019 and Windows 10 1809! The Win32 port of OpenSSH was first included in the Windows 10 Fall Creators Update and Windows Server 1709 as a pre-release feature.
Tomi Engdahl says:
Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts
https://pentesttools.net/get-paid-up-to-40000-for-finding-ways-to-hack-facebook-or-instagram-accounts/?fbclid=IwAR3C9xVE-d0rJNoXaTqL4152t-1-GCqfb4WcEehmkY8x75gHiMz7XwTWKz4
Now you can get paid up to $40,000 for finding and responsibly reporting critical vulnerabilities in the websites and mobile applications owned by Facebook that could allow cyber attackers to take over user accounts.
Tomi Engdahl says:
US border officers don’t always delete collected traveler data
https://www.engadget.com/2018/12/11/cbp-officers-fail-to-delete-traveler-data/
They also aren’t properly documenting all their device searches.
Tomi Engdahl says:
Over 40,000 credentials for government portals found online
https://www.zdnet.com/article/over-40000-credentials-for-government-portals-found-online/
Malware operators have collected login credentials for government portals in Italy, Saudi Arabia, Portugal, Bulgaria, Romania, more.
Tomi Engdahl says:
Onko digitalisaatio hyvä vai paha? Dokumenttisarja etsii vastauksia
https://www.dna.fi/yrityksille/blogi/-/blogs/onko-digitalisaatio-hyva-vai-paha-dokumenttisarja-etsii-vastauksia?utm_source=facebook&utm_medium=artikkeli&utm_term=tietoturva&utm_campaign=tietoturvapalvelut&utm_content=onko_digitalisaatio_hyva_vai_paha_dokumenttisarja_etsii_vastauksia
Miten Suomen viranomaiset valvovat tietomurtoja? Mitä tapahtuu, jos soittaa nigerialaiskirjeen numeroon? Onko olemassa täydellistä tietoturvaa?
Tomi Engdahl says:
IF CHINA HACKED MARRIOTT, 2014 MARKED A FULL-ON ASSAULT
https://www.wired.com/story/marriott-hack-china-2014-opm-anthem/
THE MASSIVE DATA breach that affected 500 million Marriott customers feels like a recent event, given that the company just discovered and disclosed it over the past four months. But it’s important to remember that the attack began much earlier
China’s role in the Marriott hack remains unconfirmed, but the accusation comes amid already heightened tensions between the United States and China over trade and intellectual property theft.
If China did perpetrate the Marriott hack in 2014, though, that would make it just one of several devastating, roughly concurrent cyberattacks against the United States. That same year, Chinese actors pilfered extremely sensitive and expansive data on tens of millions of US citizens from the Office of Personnel Management.
And in February 2014, Chinese hackers allegedly breached Anthem insurance
The diversity of data could allow Chinese espionage agents to check and cross-reference information and track individuals over time.
Taken all together, China’s 2014 hacking spree could potentially have revealed data on virtually every adult in the US.
Tomi Engdahl says:
22 apps with 2 million+ Google Play downloads had a malicious backdoor
https://arstechnica.com/information-technology/2018/12/google-play-ejects-22-backdoored-apps-with-2-million-downloads/
Device-draining downloader used for ad fraud could have recovered other malicious files.
Tomi Engdahl says:
Taylor Swift tracked stalkers with facial recognition tech at her concert
Swift was scanning you as you walked in
https://www.theverge.com/2018/12/12/18137984/taylor-swift-facial-recognition-tech-concert-attendees-stalkers
Taylor Swift held a concert at California’s Rose Bowl this past May that was monitored by a facial recognition system. The system’s target? Hundreds of Swift’s stalkers.
Tomi Engdahl says:
Amazon’s Disturbing Plan to Add Face Surveillance to Your Front Door
https://www.aclu.org/blog/privacy-technology/surveillance-technologies/amazons-disturbing-plan-add-face-surveillance-yo-0
Recently, a patent application from Amazon became public that would pair face surveillance — like Rekognition, the product that the company is aggressively marketing to police and Immigration and Customs Enforcement — with Ring, a doorbell camera company that Amazon bought earlier this year.
While the details are sketchy, the application describes a system that the police can use to match the faces of people walking by a doorbell camera with a photo database of persons they deem “suspicious.”
Tomi Engdahl says:
China accused over Marriott data breach
https://www.itproportal.com/news/china-accused-over-marriott-data-breach/
Chinese intelligence services deny being behind attack.
Tomi Engdahl says:
New Keystore features keep your slice of Android Pie a little safer
https://security.googleblog.com/2018/12/new-keystore-features-keep-your-slice.html
The Android Keystore provides application developers with a set of cryptographic tools that are designed to secure their users’ data. Keystore moves the cryptographic primitives available in software libraries out of the Android OS and into secure hardware. Keys are protected and used only within the secure hardware to protect application secrets from various forms of attacks. Keystore gives applications the ability to specify restrictions on how and when the keys can be used. Android Pie introduces new capabilities to Keystore. We will be discussing two of these new capabilities in this post. The first enables restrictions on key use so as to protect sensitive information. The second facilitates secure key use while protecting key material from the application or operating system.
Tomi Engdahl says:
Ships infected with ransomware, USB malware, worms
https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/
Ships are the victims of cyber-security incidents more often than people think. Industry groups publish cyber-security guidelines to address issues.
Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals.
The document is the third edition of the “Guidelines on Cyber Security onboard Ships,”
The report also puts a great deal of attention on USB thumb drives, usually used to update systems or transfer new documents into air-gapped networks.
the guidelines also warned against IT screw-ups, which, while not technically cyber-security incidents, usually cause the same effects.
The fact that ships are vulnerable to hacking and malware infections isn’t anything new. Ships have been a disaster waiting to happen for years
Many of these ship-designed IT systems either use default credentials or feature backdoor accounts, putting the ship, cargo, and passengers in harm’s way due to sheer negligence.
The shipping industry got its cyber-security wake up call last year when Merck, the biggest cargo shipping company in the world, was infected with the NotPetya ransomware. The incident incurred costs of over $300 million
http://www.ics-shipping.org/docs/default-source/resources/safety-security-and-operations/guidelines-on-cyber-security-onboard-ships.pdf?sfvrsn=16
Tomi Engdahl says:
France’s Travel Alert Registry Hacked
https://www.securityweek.com/frances-travel-alert-registry-hacked
The French foreign ministry said Thursday its travel alert registry website had been pirated and citizens’ personal data “could be misused”.
In a statement the ministry did not say how many people were affected by the breach of the Ariane system, which lets people register for security alerts when travelling abroad.
Tomi Engdahl says:
Rhode Island Sues Alphabet Over Google+ Security Incidents
https://www.securityweek.com/rhode-island-sues-alphabet-over-google-security-incidents
A government organization in Rhode Island announced on Wednesday that it has filed a lawsuit against Google’s parent company, Alphabet Inc., over the recent security incidents involving the Google+ social network.
Tomi Engdahl says:
U.S. Believes Chinese Intelligence Behind Marriott Hack
https://www.securityweek.com/us-believes-chinese-intelligence-behind-marriott-hack
The United States said Wednesday that China was behind the massive hack of data from hotel giant Marriott, part of an ongoing global campaign of cyber-theft run by Beijing.
Secretary of State Mike Pompeo confirmed to Fox News’ Fox & Friends program that the government believes China masterminded the Marriott data theft.
“They have committed cyber attacks across the world,” he told the show.
Tomi Engdahl says:
Grammarly Launches Public Bug Bounty Program
https://www.securityweek.com/grammarly-launches-public-bug-bounty-program
Tomi Engdahl says:
New Variant of Shamoon Malware Uploaded to VirusTotal
https://www.securityweek.com/new-variant-shamoon-malware-uploaded-virustotal
A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet.
Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies in 2012, when it destroyed data on over 30,000 systems.
Tomi Engdahl says:
U.S. House Report Blasts Equifax Over Poor Security Leading to Massive 2017 Breach
https://www.securityweek.com/us-house-report-blasts-equifax-over-poor-security-leading-massive-2017-breach
The company confirmed last year that an Apache Struts vulnerability that had been exploited in the wild for months was used to gain access to its systems. Equifax was even warned about the vulnerability, but failed to properly patch it.
The attack on Equifax started in May, but was only detected in July, although the adversaries sent 9,000 queries on 48 unrelated databases during that time.
Tomi Engdahl says:
Personal Details of 120 Million Brazilians Exposed
https://www.securityweek.com/personal-details-120-million-brazilians-exposed
Misconfigured databases with poor or absent access controls on both cloud and in-house servers is a known and common problem. Where these databases are exposed to the internet, anybody — with or without cyber expertise — can access the database and its content. While there is no ‘hack’ involved, such instances should still be called a breach since there is often no way of knowing whether the data contained has been accessed by malicious actors.
The potential severity of such breaches can only be measured by the quantity and quality (in terms of malicious potency) of the data contained.
In March 2018, researchers at InfoArmor discovered (PDF) an exposed database that contained extensive personal data for 120 million Brazilians. This comprised a unique identity number (the Cadastro de Pessoas FÌsicas, or CPF) that is issued by the Brazilian Federal Reserve to Brazilian citizens and tax-paying resident aliens.
Tomi Engdahl says:
SAP Patches Critical Vulnerability in Hybris Commerce
https://www.securityweek.com/sap-patches-critical-vulnerability-hybris-commerce
Tomi Engdahl says:
Police departments nationwide sent scrambling by flood of e-mailed bomb threats
https://eu.usatoday.com/story/news/2018/12/13/police-departments-nationwide-hit-flood-e-mailed-bomb-threats/2303862002/
A string of bomb threats emailed to universities, police departments and news outlets from New York City to Dallas to San Francisco Thursday sent officers scrambling to sort out what appeared to be a nationwide electronic hoax.
Tomi Engdahl says:
Over half of Brazil’s population exposed in security incident
https://www.zdnet.com/article/over-half-of-brazils-population-exposed-in-security-incident/
Records of 120 million taxpayers have been openly available online for weeks, according to experts.
A publicly accessible server containing unique taxpayer registry identification numbers for Brazilian nationals has been discovered, placing as many as 120 million citizens at risk.
According to security firm InfoArmor, who discovered the incident, the information related to about 57 percent of Brazil’s population was leaked by a misconfigured server earlier this year.
“index.html” had been renamed to “index.html_bkp,” revealing the directory’s contents and giving unfettered access to anyone who knew the filename
“Two simple security measures could have prevented this: not renaming the main index.html file or prohibiting access through .htaccess configuration. Neither of these basic cybersecurity measures were in place,” the report states.
Tomi Engdahl says:
US intelligence community says quantum computing and artificial intelligence pose an ’emerging threat’ to national security
https://techcrunch.com/2018/12/13/us-intelligence-quantum-computing-artificial-intelligence-national-security-threat/?utm_source=tcfbpage&sr_share=facebook
It’s not often you can put nuclear weapons, terrorism and climate change on the same list as quantum computing, artificial intelligence and the Internet of Things, but the U.S. government believes all pose an “emerging threat” to its national security.
Tomi Engdahl says:
Scammers are sending bomb scares to nab BTC
https://techcrunch.com/2018/12/13/scammers-are-sending-bomb-scares-to-nab-btc/?sr_share=facebook&utm_source=tcfbpage
A new scam is making the rounds that promises to disrupt countless offices and schools. The scam is simple: the scammers send an email threatening to detonate a bomb if they don’t get a certain amount of Bitcoin within a specified time frame. Because there is little upside to ignoring a bomb threat at this point in history, entire offices are now being evacuated as this scam spreads.
At this time, it appears that these threats are meant to cause disruption and/or obtain money.
Tomi Engdahl says:
Ships infected with ransomware, USB malware, worms
https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/
Ships are the victims of cyber-security incidents more often than people think. Industry groups publish cyber-security guidelines to address issues.
Tomi Engdahl says:
Shamoon Disk-Wiping Malware Re-Emerges with a Third Variant
https://www.bleepingcomputer.com/news/security/shamoon-disk-wiping-malware-re-emerges-with-a-third-variant/
Tomi Engdahl says:
What are Deep Neural Networks Learning About Malware?
https://www.fireeye.com/blog/threat-research/2018/12/what-are-deep-neural-networks-learning-about-malware.html
Highlights
FireEye’s deep learning classifier can successfully identify malware using only the unstructured bytes of the Windows PE file.
Import-based features, like names and function call fingerprints, play a significant role in the features learned across all levels of the classifier.
Unlike other deep learning application areas, where low-level features tend to generally capture properties across all classes, many of our low-level features focused on very specific sequences primarily found in malware.
End-to-end analysis of the classifier identified important features that closely mirror those created through manual feature engineering, which demonstrates the importance of classifier depth in capturing meaningful features.
Tomi Engdahl says:
Vulnerability detected in Kernel Transaction Manager
https://www.kaspersky.com/blog/cve-2018-8611-detected/24972/
Cybercriminals continue to stress-test Windows, and our protective technologies continue to detect their attempts and prevent exploitation. It is not the first or even the second discovery of this kind over the past three months. This time, our systems detected an attempt to exploit the vulnerability in Windows Kernel Transaction Manager.
Tomi Engdahl says:
UK spam-texting tax consultancy slapped with £200k fine
Generic privacy policies won’t get you valid consent, says ICE
https://www.theregister.co.uk/2018/12/13/spam_texting_tax_consultancy_slapped_with_200k_fine/
A London firm that sent 14.8 million spam SMSes without consent has been fined £200,000 by the UK’s data protection watchdog.
Tomi Engdahl says:
New LamePyre macOS Malware Sends Screenshots to Attacker
https://www.bleepingcomputer.com/news/security/new-lamepyre-macos-malware-sends-screenshots-to-attacker/
The world of macOS malware has a new member that makes no effort to keep appearances and looks rather like a bare-bones version that is still under development.
Its functionality is limited to taking screenshots and running a backdoor.
Tomi Engdahl says:
Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
https://blog.trendmicro.com/trendlabs-security-intelligence/tildeb-analyzing-the-18-year-old-implant-from-the-shadow-brokers-leak/
Tomi Engdahl says:
Adi Robertson / The Verge:
Spammers are emailing businesses, schools, and other locations in the US, Canada, and New Zealand, demanding bitcoin as ransom to not detonate a supposed bomb
Bitcoin scammers send bomb threats worldwide, causing evacuations
https://www.theverge.com/2018/12/13/18139724/bitcoin-bomb-threat-scam-email-us-police-department-investigation-evacuations
Tomi Engdahl says:
France’s Travel Alert Registry Hacked
https://www.securityweek.com/frances-travel-alert-registry-hacked
The French foreign ministry said Thursday its travel alert registry website had been pirated and citizens’ personal data “could be misused”.
Tomi Engdahl says:
GitLab Launches Public Bug Bounty Program
https://www.securityweek.com/gitlab-launches-public-bug-bounty-program
Tomi Engdahl says:
“Operation Sharpshooter” Hits Global Defense, Critical Infrastructure Firms
https://www.securityweek.com/operation-sharpshooter-hits-global-defense-critical-infrastructure-firms
Global Cyberattack Campaign Hits 87 Organizations Using “Rising Sun” Malware
At least 87 organizations worldwide were infected with the same malware as part of a newly discovered campaign targeting nuclear, defense, energy, and financial sectors, McAfee reports.
The use of Lazarus source code and the presence of numerous technical links to the state-sponsored North Korean hackers “seem too obvious to immediately draw the conclusion that they are responsible for the attacks,”
Tomi Engdahl says:
Russia-Linked Phishing Attacks Hit Government Agencies on Four Continents
https://www.securityweek.com/russia-linked-phishing-attacks-hit-government-agencies-four-continents
A recent campaign attributed to the Russian cyber-espionage group Sofacy hit government agencies in four continents in an attempt to infect them with malware, Palo Alto Networks security researchers say.
Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the Russian state-sponsored hacking group has been focusing on Ukraine and NATO countries in recent years, and the new attacks are no different. The actor is also believed to have targeted the 2016 presidential election in the United States.
Last month, Palo Alto Networks revealed that the group had used a new Trojan called Cannon in attacks on government entities around the globe.
The malicious documents used a remote template function in Word to retrieve a malicious macro from the first stage command and control (C&C) server and to load and execute an initial payload. A generic lure image in the documents would request the victim to enable macros.
Tomi Engdahl says:
AP Exclusive: Iran Hackers Hunt Nuke Workers, US Officials
https://www.securityweek.com/ap-exclusive-iran-hackers-hunt-nuke-workers-us-officials
As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.
a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials.
Kagan said he was alarmed by the targeting of foreign nuclear experts.
“This is a little more worrisome than I would have expected,” he said.
“The targets are very specific,” Certfa researcher Nariman Gharib said.
Iran has previously denied responsibility for hacking operations, but an AP analysis of its targets suggests that Charming Kitten is working in close alignment with the Islamic Republic’s interests.
The mixed bag of government targets suggests “a fairly scattershot attempt,”
Tomi Engdahl says:
Several Vulnerabilities Patched With Release of WordPress 5.0.1
https://www.securityweek.com/several-vulnerabilities-patched-release-wordpress-501
WordPress developers announced on Thursday the availability of version 5.0.1 of the content management system (CMS), which addresses several types of vulnerabilities.
Researcher Tim Coen has discovered several cross-site scripting (XSS) flaws in WordPress, including one caused by the ability of contributors to edit new comments from users with higher privileges. He also found that a specially crafted URL input can be exploited for XSS attacks – this issue only impacts some plugins.
Tomi Engdahl says:
Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch
https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-spreads-via-old-vulnerabilities-on-elasticsearch/
We detected mining activity on our honeypot that involves the search engine Elasticsearch, which is a Java-developed search engine based on the Lucene library and released as open-source. The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch. The vulnerable versions are no longer supported by Elasticsearch.
Tomi Engdahl says:
Dear Joohn: The Sofacy Group’s Global Campaign
https://researchcenter.paloaltonetworks.com/2018/12/dear-joohn-sofacy-groups-global-campaign/
Tomi Engdahl says:
Oops! Mapping Service Blurs Out Military Bases, But Accidentally Locates Secret Ones
https://www.popularmechanics.com/military/a25461748/yandex-mapping-service-locates-secret-military-bases/
Israeli and Turkish military bases are now helpfully identified by big blurry blocks.
A Russian online mapping company was trying to obscure foreign military bases. But in doing so, it accidentally confirmed their locations—many of which were secret.
Yandex Maps, Russia’s leading online map service, blurred the precise locations of Turkish and Israeli military bases, pinpointing their location. The bases host sensitive surface-to-air missile sites and facilities housing nuclear weapons.
The Federation of American Scientists reports that Yandex Maps blurred out “over 300 distinct buildings, airfields, ports, bunkers, storage sites, bases, barracks, nuclear facilities, and random buildings” in the two countries. Some of these facilities were well known, but some of them were not. Not only has Yandex confirmed their locations, the scope of blurring reveals their exact size and shape.
Tomi Engdahl says:
Op ‘Sharpshooter’ Uses Lazarus Group Tactics, Techniques, and Procedures
https://www.bleepingcomputer.com/news/security/op-sharpshooter-uses-lazarus-group-tactics-techniques-and-procedures/
A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group.
Dubbed ‘Sharpshooter,’ the hacking campaign was observed impacting at least 87 entities across the globe in a timespan of just two months.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/trafin-verkkopalvelu-ei-ole-lain-vastainen-hyvin-yksinkertainen-tieto-olisi-kuitenkin-riittanyt-6752333
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/kysy-myyjalta-uusi-merkki-kertoo-tietoturvasta-6752355
Tomi Engdahl says:
A Cryptographic Proof-of-Concept for Securing Aircraft ADS-B Data
https://www.eeweb.com/profile/sudhindra-nayak/articles/a-cryptographic-proof-of-concept-for-securing-aircraft-ads-b-data
The system
With the ADS-B system, an aircraft uses a satellite navigation system to broadcast its position periodically. This information can be received by ATC ground stations to track the aircraft. This information can also be received by other aircraft in the vicinity, thereby providing situational awareness.
ADS-B data is transmitted every second. This makes the aircraft visible at all times to any ATCs and ADS-B-equipped aircraft in its vicinity. This data can further be used for post-flight analysis.
ADS-B consists of two components:
ADS-B Out: This broadcasts data that includes aircraft identification, current position, altitude, and velocity through a transmitter onboard the aircraft.
ADS-B In: This is the reception of ADS-B data from nearby aircraft for improved situational awareness.
An ADS-B system depends on a satellite navigation source for position determination and a data link. The data link operates at one of two frequencies: either 1,090 MHz or 978 MHz. Aircraft that operate below 18,000 feet (5,500 m) use the 978-MHz datalink, while commercial aircraft use the 1,090-MHz link.