The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.
In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis.
Catalin Cimpanu / ZDNet:
Tencent’s Blade security team finds SQLite vulnerability that affects thousands of apps, including Google Home and Chromium open-source browser engine
New ‘Magellan’ vulnerability will haunt the app ecosystem for years to come.
A security vulnerability in the massively popular SQLite database engine puts thousands of desktop and mobile applications at risk.
Discovered by Tencent’s Blade security team, the vulnerability allows an attacker to run malicious code on the victim’s computer, and in less dangerous situations, leak program memory or cause program crashes.
Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps.
The bad news, according to Tencent Blade researchers, is that this vulnerability can also be exploited remotely by accessing something as simple as a web page, if the underlying browser support SQLite and the Web SQL API that translates the exploit code into regular SQL syntax.
Firefox and Edge don’t support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected. A demo that crashes a Chrome tab is available here.
Facebook revealed on Friday that a bug related to its Photo API could have allowed third-party apps to access users’ photos, even ones that were supposed to be private.
According to the social media giant, its internal team discovered a bug in the Photo API that impacted users who had utilized Facebook Login and allowed third-party apps to access their photos.
The Irish data watchdog on Friday launched an investigation into Facebook, after the social media titan admitted a “bug” may have exposed unposted photos from up to 6.8 million users.
The Irish Data Protection Commission (DPC) probe will take place under strict new European privacy laws outlined in the General Data Protection Regulation (GDPR).
Germany’s IT watchdog has expressed scepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported Friday.
“For such serious decisions like a ban, you need proof,” the head of Germany’s Federal Office for Information Security (BSI), Arne Schoenbohm, told Spiegel, adding that his agency had no such evidence.
Many applications using the popular SQLite database management system could be exposed to attacks due to a potentially serious vulnerability that can lead to remote code execution, information disclosure, and denial-of-service (DoS) attacks.
You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.
Bad news if you’re an Android user: only the iPhone X defended against the attack.
Back in October 2018, the world stared dumbfounded (for a few reasons) as we saw Kanye West in the Oval Office alongside President Trump and typed in his phone password – “000000” – in full view of the world’s media.
However, judging by the state of this list, many of us have no reason to mock Mr Kanye’s incredibly hackable passwords.
“What if I told you that in 10 seconds I could take over your computer, generate thousands of dollars worth of cryptocurrencies all while you are drinking your morning coffee? You might think it’s impossible, by this is exactly what happened in Argentina earlier this year.” – Keren Elazari
August 10, 2018
Firewalld: The Future is nftables
Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.
Josh Constine / TechCrunch:
Twitter fixes flaw in support form that leaked users’ phone number country codes and other account info, after noticing tons of queries from Chinese, Saudi IPs — Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter.
Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out in which countries accounts were based, which could have ramifications for whistleblowers or political dissidents.
Kelly Weill / The Daily Beast:
Former far right extremists recall how they were radicalised by YouTube as teenagers, thanks to its algorithm which keeps surfacing extremist content
Former extremists say they were sucked in by propaganda as teenagers, thanks to an algorithm’s dark side.
For David Sherratt, like so many teenagers, far-right radicalization began with video game tutorials on YouTube. He was 15 years old and loosely liberal, mostly interested in “Call of Duty” clips. Then YouTube’s recommendations led him elsewhere.
“As I kept watching, I started seeing things like the online atheist community,” Sherratt said, “which then became a gateway to the atheism community’s civil war over feminism.” Due to a large subculture of YouTube atheists who opposed feminism, “I think I fell down that rabbit hole a lot quicker,” he said.
Dan Goodin / Ars Technica:
Researchers detail a phishing campaign by Iran-linked hackers targeting US government officials that bypassed SMS-based 2FA protections in Gmail and Yahoo Mail
Cho Mu-Hyun / ZDNet:
S. Korea’s finance watchdog FSS: damages from voice phishing grew ~73% YoY to $159M, and it will partner with SK Telecom to develop AI to prevent such attacks
With voice phishing attacks increasing by 74 percent, South Korea’s Financial Supervisory Service and SK Telecom will develop AI to prevent such attacks.
Thomas Brewster / Forbes:
Test shows that Android phones like LG G7 ThinQ, OnePlus 6, and Samsung Galaxy S9 and Note 8 can be unlocked via facial recognition using 3D-printed head models
The Army, Navy and Missile Defense Agency are failing to take basic cybersecurity steps to ensure that information on America’s ballistic missile defense system won’t fall into nefarious hands, according to a Defense Department Inspector General audit released Friday.
The man identified himself as a “white hat hacker” and part of the “Anonymous Calgary Mindhive.”
Andy Gregg was in his backyard when he heard the voice, belonging to someone who claimed to be a “white hat hacker” from Canada, Gregg told the Arizona Republic. A white hat hacker is a hacker who exposes security vulnerabilities for the greater good, rather than their own benefit.
Gregg told the newspaper that the hacker told him his private information had been “compromised,” and recited to Gregg a password that he had used for multiple websites. Since Gregg used the same password for his Nest, and apparently didn’t use two-factor authentication, it would have been easy for anyone with that information to log in remotely to the camera.
Extortion emails are getting wilder and wilder. First we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worlwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin.
These emails started appearing this week and have a subject line similar to “Pretty significant material for you right here 17.12.2018 08:33:00″.
Quasar, a legitimate open-source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation.
This Analysis Report provides information on Quasar’s functions and features, along with recommendations for preventing and mitigating Quasar activity.
Earlier this year, Fortinet’s FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned it the vulnerability identifier CVE-2018-8587.
Extortion emails are getting wilder and wilder. First we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worlwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin.
IN MAY, PRESIDENT Donald Trump announced that the United States would withdraw from the 2015 nuclear agreement, negotiated by the Obama Administration, designed to keep Iran from developing or acquiring nuclear weapons. As part of that reversal, the Trump administration reimposed economic sanctions on Iran.
From the start, the US actions stoked tensions and fear of Iranian retaliation in cyberspace. Now, some see signs that the pushback has arrived.
Iranian state-sponsored hacking never stopped entirely; it has continually targeted neighbors in the Middle East, and often focused on the energy sector. But while concrete attribution remains elusive, a wave of recent digital attacks has led some security analysts to suggest that Iranian state-sponsored hackers may have ramped up their digital assaults against the US and Europe as well.
“They hit a handful of organizations on a scale you can count on your fingers all at the same time, and then they sort of disappear again.”
The most direct potential tie to Iran comes from a new wave of attacks utilizing a variant of the famously destructive virus called Shamoon.
The actors behind Shamoon “have this sort of habit of going away with years even in between and then suddenly showing up again,” Chien says. “And then when they show up they hit a handful of organizations on a scale you can count on your fingers all at the same time, and then they sort of disappear again.”
Recent Shamoon activity is a continuation of the malware’s resurgence in 2016 and 2017
“Iran has targeted the West before and will continue to do so.”
ADAM MEYERS, CROWDSTRIKE
Through Cisco Talos’ investigation of illicit cryptocurrency mining campaigns in the past year, we began to notice that many of these campaigns shared remarkably similar TTPs
In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information.
The impacted support form in question was used by account holders to contact Twitter about issues with their account.
No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US’ ballistic missile system released on Friday by the US Department of Defense Inspector General (DOD IG).
Attack is only a proof-of-concept, but one that can be as damaging as ransomware or disk-wiping malware.
Their proof-of-concept attack is aimed at servers that feature a Baseboard Management Controller (BMC), a chip-on-chip system that allows for remote system management operations.
The attack portrayed in the video requires an attacker to gain access to a server beforehand, but researchers argue this isn’t a big issue in today’s software landscape where almost any software product is affected by a remotely exploitable vulnerability, and enterprises are plagued by password reuse and default credentials.
Netflix, Spotify and a bank was allowed to read and delete users’ private messages
Facebook gave unrestricted access to users’ personal data to more than 150 companies including big names like Microsoft, Netflix, Amazon, Spotify, and Yahoo, according to a New York Times report.
The publication obtained over 270 pages of Facebook’s internal documents from 2017.
Facebook has acknowledged allowing Netflix and Spotify to access people’s private messages.
The news came in response to a bombshell New York Times report that detailed how numerous companies had undisclosed access to user data.
Facebook said it allowed some companies to access people’s private messages so they could use its messaging features through other apps.
Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA)
NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked.
Shamoon’s comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack.
The first report named Italy as the origin for the sample upload to VirusTotal, while a new detection of a different strain of the malware was noted on the same scanning platform three days later, on December 13, from the Netherlands.
January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries.
In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and encouragement on which regions to target to ensure the highest profits.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
486 Comments
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/suomalainen-ydinlaitos-kohteena-arvostettu-tietoturvafirma-raportoi-salaperaisesta-hyokkayskampanjasta-6752577
“Suomalainen ydinlaitos kohteena” – arvostettu tietoturvafirma raportoi salaperäisestä hyökkäyskampanjasta
‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/
The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.
In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis.
Tomi Engdahl says:
Parody or not?
Honest Government Ad | Anti Encryption Law
https://m.youtube.com/watch?v=eW-OMR-iWOE&feature=youtu.be
The Australien Government has made an ad about its proposed anti encryption law and it’s surprisingly honest and informative.
Tomi Engdahl says:
Mass email hoax causes closures across the US and Canada
Emails threaten explosions unless people pay $20,000 in Bitcoin.
https://arstechnica.com/information-technology/2018/12/a-tsunami-of-emailed-bomb-hoaxes-prompts-evacuations-across-the-us-and-canada/
Tomi Engdahl says:
https://raw.githubusercontent.com/hiruna/hcimp/master/src/com/jcipher/10_million_password_list_top_1000000.txt
Tomi Engdahl says:
The top 25 worst passwords of 2018 based on 5 million leaked passwords on the internet
https://nordic.businessinsider.com/worst-passwords-of-2018-2018-12
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Tencent’s Blade security team finds SQLite vulnerability that affects thousands of apps, including Google Home and Chromium open-source browser engine
SQLite bug impacts thousands of apps, including all Chromium-based browsers
https://www.zdnet.com/article/sqlite-bug-impacts-thousands-of-apps-including-all-chromium-based-browsers/
New ‘Magellan’ vulnerability will haunt the app ecosystem for years to come.
A security vulnerability in the massively popular SQLite database engine puts thousands of desktop and mobile applications at risk.
Discovered by Tencent’s Blade security team, the vulnerability allows an attacker to run malicious code on the victim’s computer, and in less dangerous situations, leak program memory or cause program crashes.
Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps.
The bad news, according to Tencent Blade researchers, is that this vulnerability can also be exploited remotely by accessing something as simple as a web page, if the underlying browser support SQLite and the Web SQL API that translates the exploit code into regular SQL syntax.
Firefox and Edge don’t support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected. A demo that crashes a Chrome tab is available here.
https://worthdoingbadly.com/sqlitebug/
Tomi Engdahl says:
Photos of 6.8 Million Facebook Users Exposed by API Bug
https://www.securityweek.com/photos-68-million-facebook-users-exposed-api-bug
Facebook revealed on Friday that a bug related to its Photo API could have allowed third-party apps to access users’ photos, even ones that were supposed to be private.
According to the social media giant, its internal team discovered a bug in the Photo API that impacted users who had utilized Facebook Login and allowed third-party apps to access their photos.
Irish Data Authority Probes Facebook Photo Breach
https://www.securityweek.com/irish-data-authority-probes-facebook-photo-breach
The Irish data watchdog on Friday launched an investigation into Facebook, after the social media titan admitted a “bug” may have exposed unposted photos from up to 6.8 million users.
The Irish Data Protection Commission (DPC) probe will take place under strict new European privacy laws outlined in the General Data Protection Regulation (GDPR).
Tomi Engdahl says:
‘No Evidence’ of Huawei Spying, Says German IT Watchdog
https://www.securityweek.com/no-evidence-huawei-spying-says-german-it-watchdog
Germany’s IT watchdog has expressed scepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported Friday.
“For such serious decisions like a ban, you need proof,” the head of Germany’s Federal Office for Information Security (BSI), Arne Schoenbohm, told Spiegel, adding that his agency had no such evidence.
Tomi Engdahl says:
Code Execution Flaw in SQLite Affects Chrome, Other Software
https://www.securityweek.com/code-execution-flaw-sqlite-affects-chrome-other-software
Many applications using the popular SQLite database management system could be exposed to attacks due to a potentially serious vulnerability that can lead to remote code execution, information disclosure, and denial-of-service (DoS) attacks.
Tomi Engdahl says:
Facebook Paid Out $1.1 Million in Bug Bounties in 2018
https://www.securityweek.com/facebook-paid-out-11-million-bug-bounties-2018
Tomi Engdahl says:
3D-printed heads let hackers – and cops – unlock your phone
https://techcrunch.com/2018/12/16/3d-printed-heads-unlock-cops-hackers/?sr_share=facebook&utm_source=tcfbpage
You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.
Bad news if you’re an Android user: only the iPhone X defended against the attack.
Tomi Engdahl says:
If Your Password’s On This List Then You Should Change It Right Now
https://www.iflscience.com/technology/if-your-passwords-on-this-list-then-you-should-change-it-right-now/
Back in October 2018, the world stared dumbfounded (for a few reasons) as we saw Kanye West in the Oval Office alongside President Trump and typed in his phone password – “000000” – in full view of the world’s media.
However, judging by the state of this list, many of us have no reason to mock Mr Kanye’s incredibly hackable passwords.
Tomi Engdahl says:
Hackers are our society’s immune system – Keren Elazari on the future of Cybersecurity
https://securityboulevard.com/2018/12/hackers-are-our-societys-immune-system-keren-elazari-on-the-future-of-cybersecurity/
“What if I told you that in 10 seconds I could take over your computer, generate thousands of dollars worth of cryptocurrencies all while you are drinking your morning coffee? You might think it’s impossible, by this is exactly what happened in Argentina earlier this year.” – Keren Elazari
Tomi Engdahl says:
Firewalld: The Future is nftables
https://developers.redhat.com/blog/2018/08/10/firewalld-the-future-is-nftables/?sc_cid=7016000000127ECAAY
August 10, 2018
Firewalld: The Future is nftables
Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.
Tomi Engdahl says:
Two-Factor Authentication Evaluation Guide
https://duo.com/resources/ebooks/two-factor-authentication-evaluation-guide?key=face14c&utm_source=facebook&utm_medium=paid_social&utm_campaign=emea-h2-2017&utm_content=emea2017_rmrktingfb&_bf=23843038648430249#eyJoYXNoIjoiI2V5Sm9ZWE5vSWpvaUkyVjVTbTlaV0U1dlNXcHZhVWxwZDJsak1sWm9ZMjFPYjBscWIybFFNblJzWlZReGJWbFhUbXhOVkZKcVNtNVdNR0pXT1hwaU0xWjVXVEpWT1ZwdFJtcGFWMHAyWWpKemJXUllVblJZTWpGc1drZHNNV0pVTVhkWlYyeHJXRE5PZGxreWJHaGlRMW94WkVjeFpsa3lSblJqUjBad1dqSTBPVnBYTVd4WlV6RnZUV2t3ZVUxRVJUTktibFl3WWxZNWFtSXlOVEJhVnpVd1VGZFdkRnBYUlhsTlJFVXpXRE5LZEdOdGREQmhWelZ1V20xSmJWZ3lTbTFRVkVsNlQwUlJlazFFVFRST2FsRTBUa1JOZDAxcVVUVkpiakE5SWl3aWMyVmhjbU5vSWpvaVAydGxlVDFtWVdObE1UUmpKblYwYlY5emIzVnlZMlU5Wm1GalpXSnZiMnNtZFhSdFgyMWxaR2wxYlQxd1lXbGtYM052WTJsaGJDWjFkRzFmWTJGdGNHRnBaMjQ5WlcxbFlTMW9NaTB5TURFM0puVjBiVjlqYjI1MFpXNTBQV1Z0WldFeU1ERTNYM0p0Y210MGFXNW5abUltWDJKbVBUSXpPRFF6TURNNE5qUTRORE13TWpRNUluMD0iLCJzZWFyY2giOiI/a2V5PWZhY2UxNGMmdXRtX3NvdXJjZT1mYWNlYm9vayZ1dG1fbWVkaXVtPXBhaWRfc29jaWFsJnV0bV9jYW1wYWlnbj1lbWVhLWgyLTIwMTcmdXRtX2NvbnRlbnQ9ZW1lYTIwMTdfcm1ya3RpbmdmYiZfYmY9MjM4NDMwMzg2NDg0MzAyNDkifQ==
Tomi Engdahl says:
Worst passwords list is out, but this time we’re not scolding users
https://nakedsecurity.sophos.com/2018/12/17/worst-passwords-list-is-out-but-this-time-were-not-scolding-users/
Tomi Engdahl says:
Central London in facial recognition trial
https://www.bbc.com/news/uk-england-london-46584184?ns_campaign=bbc_london&ns_linkname=english_regions&ns_mchannel=social&ns_source=facebook
The Metropolitan Police Service is testing the technology around Soho on Monday and Tuesday
Tomi Engdahl says:
https://nordic.businessinsider.com/worst-passwords-of-2018-2018-12
Tomi Engdahl says:
Josh Constine / TechCrunch:
Twitter fixes flaw in support form that leaked users’ phone number country codes and other account info, after noticing tons of queries from Chinese, Saudi IPs — Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter.
Twitter bug leaks phone number country codes
https://techcrunch.com/2018/12/17/twitter-country-code-leak/
Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out in which countries accounts were based, which could have ramifications for whistleblowers or political dissidents.
Tomi Engdahl says:
Kelly Weill / The Daily Beast:
Former far right extremists recall how they were radicalised by YouTube as teenagers, thanks to its algorithm which keeps surfacing extremist content
How YouTube Built a Radicalization Machine for the Far-Right
https://www.thedailybeast.com/how-youtube-pulled-these-men-down-a-vortex-of-far-right-hate
Former extremists say they were sucked in by propaganda as teenagers, thanks to an algorithm’s dark side.
For David Sherratt, like so many teenagers, far-right radicalization began with video game tutorials on YouTube. He was 15 years old and loosely liberal, mostly interested in “Call of Duty” clips. Then YouTube’s recommendations led him elsewhere.
“As I kept watching, I started seeing things like the online atheist community,” Sherratt said, “which then became a gateway to the atheism community’s civil war over feminism.” Due to a large subculture of YouTube atheists who opposed feminism, “I think I fell down that rabbit hole a lot quicker,” he said.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
Researchers detail a phishing campaign by Iran-linked hackers targeting US government officials that bypassed SMS-based 2FA protections in Gmail and Yahoo Mail
Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail
Group breaches SMS-protected accounts. It’s still testing attacks against 2fa apps.
https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/
Tomi Engdahl says:
Cho Mu-Hyun / ZDNet:
S. Korea’s finance watchdog FSS: damages from voice phishing grew ~73% YoY to $159M, and it will partner with SK Telecom to develop AI to prevent such attacks
South Korea to develop AI to prevent voice phishing
https://www.zdnet.com/article/south-korea-to-develop-ai-to-prevent-voice-phishing/
With voice phishing attacks increasing by 74 percent, South Korea’s Financial Supervisory Service and SK Telecom will develop AI to prevent such attacks.
Tomi Engdahl says:
Thomas Brewster / Forbes:
Test shows that Android phones like LG G7 ThinQ, OnePlus 6, and Samsung Galaxy S9 and Note 8 can be unlocked via facial recognition using 3D-printed head models
We Broke Into A Bunch Of Android Phones With A 3D-Printed Head
https://www.forbes.com/sites/thomasbrewster/2018/12/13/we-broke-into-a-bunch-of-android-phones-with-a-3d-printed-head/#490b71af1330
Tomi Engdahl says:
New malware pulls its instructions from code hidden in memes posted to Twitter
https://techcrunch.com/2018/12/17/malware-commands-code-twitter-hidden-memes/?utm_source=tcfbpage&sr_share=facebook
Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.
What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.
Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator.
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Tomi Engdahl says:
Audit finds cyber vulnerabilities in US missile defense system
https://www.navytimes.com/news/your-navy/2018/12/14/audit-finds-cyber-vulnerabilities-in-us-missile-defense-system/
The Army, Navy and Missile Defense Agency are failing to take basic cybersecurity steps to ensure that information on America’s ballistic missile defense system won’t fall into nefarious hands, according to a Defense Department Inspector General audit released Friday.
Tomi Engdahl says:
GOOGLE’S SECRET CHINA PROJECT “EFFECTIVELY ENDED” AFTER INTERNAL CONFRONTATION
https://theintercept.com/2018/12/17/google-china-censored-search-engine-2/
Tomi Engdahl says:
Hacker Talks to Arizona Man Directly Through His IoT Security Camera
https://motherboard.vice.com/en_us/article/vbajqd/hacker-talks-to-arizona-man-directly-through-his-iot-security-camera
The man identified himself as a “white hat hacker” and part of the “Anonymous Calgary Mindhive.”
Andy Gregg was in his backyard when he heard the voice, belonging to someone who claimed to be a “white hat hacker” from Canada, Gregg told the Arizona Republic. A white hat hacker is a hacker who exposes security vulnerabilities for the greater good, rather than their own benefit.
Gregg told the newspaper that the hacker told him his private information had been “compromised,” and recited to Gregg a password that he had used for multiple websites. Since Gregg used the same password for his Nest, and apparently didn’t use two-factor authentication, it would have been easy for anyone with that information to log in remotely to the camera.
https://eu.azcentral.com/story/money/business/consumers/2018/12/03/phoenix-man-hacker-broke-talked-nest-security-cam-home/2115698002/
Tomi Engdahl says:
CHINESE TECH WORKERS TOLD NOT TO TRAVEL TO US ‘UNLESS IT’S ESSENTIAL’ AFTER HUAWEI EXEC ARRESTED
https://www.independent.co.uk/life-style/gadgets-and-tech/news/china-us-trade-tech-workers-travel-huawei-meng-wanzhou-arrest-a8681546.html
Tomi Engdahl says:
New Extortion Email Threatens to Send a Hitman Unless You Pay 4K
https://www.bleepingcomputer.com/news/security/new-extortion-email-threatens-to-send-a-hitman-unless-you-pay-4k/
Extortion emails are getting wilder and wilder. First we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worlwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin.
These emails started appearing this week and have a subject line similar to “Pretty significant material for you right here 17.12.2018 08:33:00″.
Tomi Engdahl says:
Analysis Report (AR18-352A)
Quasar Open-Source Remote Administration Tool
https://www.us-cert.gov/ncas/analysis-reports/AR18-352A
Quasar, a legitimate open-source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation.
This Analysis Report provides information on Quasar’s functions and features, along with recommendations for preventing and mitigating Quasar activity.
Tomi Engdahl says:
File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code
https://www.bleepingcomputer.com/news/security/file-inclusion-bug-in-kibana-console-for-elasticsearch-gets-exploit-code/
Tomi Engdahl says:
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
https://www.fortinet.com/blog/threat-research/a-deep-analysis-of-the-microsoft-outlook-vulnerability-.html
Earlier this year, Fortinet’s FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned it the vulnerability identifier CVE-2018-8587.
Tomi Engdahl says:
New Extortion Email Threatens to Send a Hitman Unless You Pay 4K
https://www.bleepingcomputer.com/news/security/new-extortion-email-threatens-to-send-a-hitman-unless-you-pay-4k/
Extortion emails are getting wilder and wilder. First we had sextortion scams that threatened to reveal victims doing dirty deeds on video, then bomb threats, which brought the worlwide attention of law enforcement, and now we have threats that a hitman is targeting the recipient unless they pay $4,000 in bitcoin.
Tomi Engdahl says:
THE IRAN HACKS CYBERSECURITY EXPERTS FEARED MAY BE HERE
https://www.wired.com/story/iran-hacks-nuclear-deal-shamoon-charming-kitten/
IN MAY, PRESIDENT Donald Trump announced that the United States would withdraw from the 2015 nuclear agreement, negotiated by the Obama Administration, designed to keep Iran from developing or acquiring nuclear weapons. As part of that reversal, the Trump administration reimposed economic sanctions on Iran.
From the start, the US actions stoked tensions and fear of Iranian retaliation in cyberspace. Now, some see signs that the pushback has arrived.
Iranian state-sponsored hacking never stopped entirely; it has continually targeted neighbors in the Middle East, and often focused on the energy sector. But while concrete attribution remains elusive, a wave of recent digital attacks has led some security analysts to suggest that Iranian state-sponsored hackers may have ramped up their digital assaults against the US and Europe as well.
“They hit a handful of organizations on a scale you can count on your fingers all at the same time, and then they sort of disappear again.”
The most direct potential tie to Iran comes from a new wave of attacks utilizing a variant of the famously destructive virus called Shamoon.
The actors behind Shamoon “have this sort of habit of going away with years even in between and then suddenly showing up again,” Chien says. “And then when they show up they hit a handful of organizations on a scale you can count on your fingers all at the same time, and then they sort of disappear again.”
Recent Shamoon activity is a continuation of the malware’s resurgence in 2016 and 2017
“Iran has targeted the West before and will continue to do so.”
ADAM MEYERS, CROWDSTRIKE
Tomi Engdahl says:
Connecting the dots between recently active cryptominers
https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html
Through Cisco Talos’ investigation of illicit cryptocurrency mining campaigns in the past year, we began to notice that many of these campaigns shared remarkably similar TTPs
Tomi Engdahl says:
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/
Tomi Engdahl says:
Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach
https://thehackernews.com/2018/12/twitter-data-breach.html
In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information.
The impacted support form in question was used by account holders to contact Twitter about issues with their account.
An issue related to one of our support forms
https://help.twitter.com/en/support-form
Tomi Engdahl says:
US ballistic missile systems have very poor cyber-security
DOD report finds no antivirus, no data encryption, no multifactor authentication.
https://www.zdnet.com/article/us-ballistic-missile-systems-have-very-poor-cyber-security/
No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US’ ballistic missile system released on Friday by the US Department of Defense Inspector General (DOD IG).
Tomi Engdahl says:
Watch researchers remotely brick a server by corrupting its BMC & UEFI firmware
https://www.zdnet.com/article/watch-researchers-remotely-brick-a-server-by-corrupting-its-bmc-uefi-firmware/
Attack is only a proof-of-concept, but one that can be as damaging as ransomware or disk-wiping malware.
Their proof-of-concept attack is aimed at servers that feature a Baseboard Management Controller (BMC), a chip-on-chip system that allows for remote system management operations.
The attack portrayed in the video requires an attacker to gain access to a server beforehand, but researchers argue this isn’t a big issue in today’s software landscape where almost any software product is affected by a remotely exploitable vulnerability, and enterprises are plagued by password reuse and default credentials.
Tomi Engdahl says:
Facebook Gave Microsoft, Amazon, Netflix Unrestricted Access To User Data
https://fossbytes.com/facebook-gave-microsoft-amazon-netflix-unrestricted-access-to-user-data/
Netflix, Spotify and a bank was allowed to read and delete users’ private messages
Facebook gave unrestricted access to users’ personal data to more than 150 companies including big names like Microsoft, Netflix, Amazon, Spotify, and Yahoo, according to a New York Times report.
The publication obtained over 270 pages of Facebook’s internal documents from 2017.
As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants
https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html
Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.
The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times.
Tomi Engdahl says:
Onko yrityksenne tietosuojatekemisen kypsyys jo riittävä?
https://www.talentbase.fi/blogi/yrityksen-riittava-tietosuoja/?utm_source=facebook&utm_medium=cpc&utm_campaign=adv-yrityksen-riittava-tietosuoja-blogi-sponsoroitu-julkaisu
Tomi Engdahl says:
Facebook admits that it allowed Netflix and Spotify to access your private messages
https://nordic.businessinsider.com/facebook-allowed-netflix-and-spotify-to-access-private-messages-2018-12
Facebook has acknowledged allowing Netflix and Spotify to access people’s private messages.
The news came in response to a bombshell New York Times report that detailed how numerous companies had undisclosed access to user data.
Facebook said it allowed some companies to access people’s private messages so they could use its messaging features through other apps.
Tomi Engdahl says:
Mayday! NASA Warns Employees of Personal Information Breach
https://thehackernews.com/2018/12/nasa-hack-data-breach.html?m=1
Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA)
NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked.
Tomi Engdahl says:
PewDiePie printer hackers strike again
https://www.bbc.com/news/technology-46552339
Hackers have taken control of printers around the world.
Tomi Engdahl says:
Chrome may stop websites from hijacking your browser’s back button
It would only show the sites you meant to visit.
https://www.engadget.com/2018/12/18/chrome-may-fight-back-button-hijacks/
Tomi Engdahl says:
Porn sites collect more user data than Netflix or Hulu. This is what they do with it.
https://qz.com/1407235/porn-sites-collect-more-user-data-than-netflix-or-hulu-this-is-what-they-do-with-it/
Tomi Engdahl says:
Chinese Hackers Breach U.S. Navy Contractors
https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401
Review of cyber vulnerability is ordered after intruders gain access to information about military technology
Tomi Engdahl says:
Shamoon Disk Wiper Returns with Second Sample Uncovered this Month
https://www.bleepingcomputer.com/news/security/shamoon-disk-wiper-returns-with-second-sample-uncovered-this-month/
Shamoon’s comeback early last week was not marked by one, but two occurrences of the data-wiping malware. The second sighting observed a different sample that could indicate a follow-up to the initial attack.
The first report named Italy as the origin for the sample upload to VirusTotal, while a new detection of a different strain of the malware was noted on the same scanning platform three days later, on December 13, from the Netherlands.
Tomi Engdahl says:
Phishing Attack Pretends to be a Office 365 Non-Delivery Email
https://www.bleepingcomputer.com/news/security/phishing-attack-pretends-to-be-a-office-365-non-delivery-email/
Tomi Engdahl says:
Check Point Forensic Files: Fileless GandCrab As Seen by SandBlast Agent
https://blog.checkpoint.com/2018/12/17/fileless-gandcrab-sandblast-agent-malware-behavioral-guard/
January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries.
In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and encouragement on which regions to target to ensure the highest profits.