Cyber Security July 2018

This posting is here to collect security alert news in July 2018.

I post links to security vulnerability news to comments of this article.

91 Comments

  1. Tomi Engdahl says:

    Foeke Postma / bellingcat:
    Analysis: fitness tracking website Polar Flow exposed info like names and home addresses of ~6500 military, FBI, NSA, and other staffers at 200+ sensitive sites

    After Strava, Polar is Revealing the Homes of Soldiers and Spies
    https://www.bellingcat.com/resources/articles/2018/07/08/strava-polar-revealing-homes-soldiers-spies/

    Polar, a fitness app, is revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world, a joint investigation of Bellingcat and Dutch journalism platform De Correspondent reveals.

    In January Nathan Ruser discovered that the fitness app Strava revealed sensitive locations throughout the world as it tracked and published the exercises of individuals, including soldiers at secret (or, “secret”) military outposts. The discovery of those military sites made headlines globally, but Polar, which can feed into the Strava app, is revealing even more.

    The manufacturing company known for making the world’s first wireless heart-rate monitor uses its site ‘Polar Flow’ as a social platform where users can share their runs.

    By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well. Tracing all of this information is very simple through the site: find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised.

    Users often use their full names in their profiles, accompanied by a profile picture — even if they did not connect their Facebook profile to their Polar account.

    Polar is not the only app doing this, but the difference between it and other popular fitness platforms, such as Strava or Garmin, is that these other sites require you to navigate to a specific person to view separate instances of his or her sessions

    you only need to navigate to an interesting site, select one of the profiles exercising there, and you can get a full history of that individual.

    With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning

    We can find Western military personnel in Afghanistan through the Polar site. Cross-checking one name and profile picture with social media confirmed one soldier or officer’s identity.

    We were able to scrape Polar’s site (another security flaw) for individuals exercising at 200+ of such senstive sites, and we gathered a list of nearly 6,500 unique users.

    The risk from Polar’s open data set also poses a risk to civilians

    On registering your account, Polar asks you to provide a name, location, height, weight, date of birth, gender and the amount of training per week.

    As with most open sources, Polar’s platform has its limitations. The Polar data relies on GPS, which can be inaccurate and spoofed

    The data tends to be accurate enough to tell when users are on the street, or on the property of a particular house.

    The U.S. military has already reviewed its rules for fitness trackers, and it is likely other countries will have done so too.

    Fitness devices and apps are just one more area where people need to be aware of what kind of data they are sharing, particularly as they strongly rely on sensitive data such as location and health-metrics.

    Reply
  2. Tomi Engdahl says:

    German Hosting Firm DomainFactory Hacked
    https://www.securityweek.com/german-hosting-firm-domainfactory-hacked

    DomainFactory, a Germany-based web hosting services provider of GoDaddy-owned Host Europe Group, informed customers late last week that their personal and financial information was exposed after a hacker gained access to some of its systems.

    According to DomainFactory, one of the largest hosting firms in Germany, the breach occurred in late January, but the company only learned of the incident on July 3 after the hacker started disclosing samples of the stolen information on the DomainFactory forum.

    The hack is still being investigated, but the attacker appears to have gained access to data such as customer name, company name, customer number, address, email address, phone number, DomainFactory phone password, date of birth, and bank name and account number.

    The company says it has secured the point of entry used by the hacker, but has warned customers that the compromised information may be misused for financial fraud and other types of attacks.

    Reply
  3. Tomi Engdahl says:

    Timehop Data Breach Hits 21 Million Users
    https://www.securityweek.com/timehop-data-breach-hits-21-million-users

    Timehop informed users late last week that hackers gained unauthorized access to some of its systems as part of an attack that impacts roughly 21 million accounts.

    New York-based Timehop has created an application that shows users the photos, videos and posts they shared on the current day in previous years on Facebook, Instagram, Twitter and other websites. The app also allows users to share these memories with their friends.

    According to Timehop, the attacker accessed a database storing usernames, phone numbers, email addresses and social media access tokens.

    Reply
  4. Tomi Engdahl says:

    Fitness App Revealed Data on Military, Intelligence Personnel
    https://www.securityweek.com/fitness-app-revealed-data-military-intelligence-personnel

    Mobile fitness app Polar has suspended its location tracking feature after security researchers found it had revealed sensitive data on military and intelligence personnel from 69 countries.

    Reply
  5. Tomi Engdahl says:

    Hackers Using Stolen D-Link Certificates for Malware Signing
    https://www.securityweek.com/hackers-using-stolen-d-link-certificates-malware-signing

    A cyber-espionage group is abusing code-signing certificates stolen from Taiwan-based companies for the distribution of their backdoor, ESET reports.

    The group, referred to as BlackTech, appears highly skilled and focused on the East Asia region, particularly Taiwan. The certificates, stolen from D-Link and security company Changing Information Technology Inc., have been used to sign the Plead backdoor, ESET’s security researchers say.

    Evidence of the fact that the D-Link certificate was stolen comes from the fact that it was used to sign non-malicious D-Link software, not only the Plead malware, ESET explains.

    After being informed on the misuse of its certificate, D-Link revoked it, along with a second certificate, on July 3. In an advisory, the company said that most of its customers should not be affected by the revocation.

    “D-Link was victimized by a highly active cyber espionage group which has been using PLEAD Malware to steal confidential information from companies and organizations based in East Asia, particularly in Taiwan, Japan, and Hong Kong,” the company said.

    Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign
    https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/

    D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan

    Reply
  6. Tomi Engdahl says:

    Two More Traders Convicted in Newswire Hacking Scheme
    https://www.securityweek.com/two-more-traders-convicted-newswire-hacking-scheme

    Two more individuals, a hedge fund manager and a securities trader, have been convicted by a U.S. court for their role in a $30 million scheme that involved hacking major newswire companies.

    The scheme involved Ukraine-based hackers breaking into the systems of Marketwired, PR Newswire and Business Wire between February 2010 and August 2015, and stealing as many as 150,000 press releases. The hackers sent the stolen press releases containing nonpublic financial information to several traders who quickly monetized it.

    Korchevsky and Khalupsky are said to have traded based on nonpublic press releases issued by hundreds of companies, including Align Technology, CA Technologies, Caterpillar, HP, Home Depot, Panera Bread, and Verisign.

    According to authorities, Korchevsky made more than $15 million over the course of the scheme

    nine individuals accused of making $30 million through the newswire hacking scheme

    Reply
  7. Tomi Engdahl says:

    HNS Evolves From IoT to Cross-Platform Botnet
    https://www.bleepingcomputer.com/news/security/hns-evolves-from-iot-to-cross-platform-botnet/

    A botnet discovered at the start of the year and named Hide ‘N Seek (HNS) has expanded from infecting Internet of Things (IoT) devices and is now also targeting cross-platform database solutions as well.

    This is an important development in the botnet’s evolution, which also passed a significant milestone in May when it became the first IoT malware that was capable of surviving device reboots.

    Reply
  8. Tomi Engdahl says:

    Protecting against the latest LTE network attacks
    https://blogs.cisco.com/security/protecting-against-the-latest-lte-network-attacks

    Recently, researchers have uncovered new attacks against the Long-Term Evolution (LTE) network protocol. LTE, a type of 4G network, is a mobile communications standard used by billions of devices around the world.

    Security researchers from Ruhr-Universität Bochum and New York University Abu Dhabi discovered three new attacks against LTE technology. The first two are passive attacks — identity mapping and website fingerprinting. These allow the attacker to listen in on not only the destinations that are visited from the target’s mobile device, but also on what data is passing over the network. The third is an active domain name system (DNS) redirect attack, referred to as “aLTEr” by the research team.

    How does the attack work?

    This attack works by taking advantage of a design flaw within the LTE network — the data link layer (or layer 2) of the LTE network is encrypted with AES-CTR but it is not integrity-protected. This means an attacker can modify the bits even within an encrypted data packet, which later decrypts to a related plaintext. As a result, the attacker is posing as a cell tower to the victim, while pretending to be a subscriber to the real network.

    These types of attacks are not only limited to LTE networks. 5G networks may also be vulnerable to these attacks in the future

    How can you protect against these types of attacks?

    The best way to protect against DNS spoofing attacks is to encrypt DNS queries, and only use trusted DNS resolvers.

    The Cisco Security Connector app protects users from connecting to malicious destinations in the first place. It leverages security intelligence to first classify the requested domain, and then determines if the request should be allowed — for safe destinations, or blocked — for malicious destinations.

    Reply
  9. Tomi Engdahl says:

    Using AutorunsToWinEventLog
    https://isc.sans.edu/diary/rss/23840

    “Autoruns conveniently includes a non-interactive command line utility. This code generates a CSV of Autoruns entries, converts them to JSON, and finally inserts them into a custom Windows Event Log. By doing this, we can take advantage of our existing WEF infrastructure to get these entries into our SIEM and start looking for signs of malicious persistence on endpoints and servers.”

    https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog

    Reply
  10. Tomi Engdahl says:

    You Can Bypass Authentication on HPE iLO4 Servers With 29 “A” Characters
    https://www.bleepingcomputer.com/news/security/you-can-bypass-authentication-on-hpe-ilo4-servers-with-29-a-characters/

    Details and public exploit code have been published online for a severe vulnerability affecting Hewlett Packard Integrated Lights-Out 4 (HP iLO 4) servers.

    HP iLO devices are extremely popular among small and large enterprises alike. iLO cards can be embedded in regular computers. They have a separate Ethernet network connection and run a proprietary embedded server management technology that provides out-of-band management features, allowing sysadmins to manage computers from afar.

    iLO cards allow sysadmins to install firmware remotely, reset servers, provide access to a remote console, read logs, and more.

    A vulnerability in iLO cards can be used to break into many companies’ networks and possibly gain access to highly sensitive or proprietary information.

    Stupid-simple exploit found in HP iLO4 servers

    The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware.

    Vulnerability patched last year

    But iLO server owners don’t need to panic. The security research team discovered this vulnerability way back in February 2017 and notified HP with the help of the CERT division at Airbus.

    HP released patches for CVE-2017-12542 in August last year, in iLO 4 firmware version 2.54. System administrators who’re in the habit of regularly patching servers are most likely protected against this bug for months.

    PoCs available online

    In the past few months, the research team has been presenting their findings at security conferences, such as ReCon Brussels and SSTIC 2018.

    The SSTIC 2018 talk is available here, although the team presented their findings in French. Slides and an in-depth research paper —in English— are also available.

    Backdooring your server through its BMC: the HPE iLO4 case — Alexandre Gazet, Fabien Perigaud, Joffrey Czarny
    https://www.sstic.org/2018/presentation/backdooring_your_server_through_its_bmc_the_hpe_ilo4_case/

    Reply
  11. Tomi Engdahl says:

    Attackers could use heat traces left on keyboard to steal passwords
    https://www.welivesecurity.com/2018/07/06/thermanator-attackers-heat-keyboard-password/

    The attack, called “Thermanator”, could use your body heat against you in order to steal your credentials or any other short string of text that you have typed on a computer keyboard

    A team of academics from the University of California, Irvine (UCI), have presented a type of attack that could enable a malefactor to retrieve sensitive information you entered via your keyboard – possibly up to a minute after you typed it.

    The researchers had 30 users enter 10 different passwords, both strong and weak, on four common external keyboards. Using a thermal imaging camera, the researchers then scanned the residual heat left on the recently-pressed keys. In the second stage, they enlisted the help of eight non-experts in the field who, acting as “adversaries”, were asked to derive the set of pressed keys from the thermal imaging data – which they reliably did.

    Long story short, the subjects successfully retrieved entire sets of key-presses that were captured by the camera as late as 30 seconds after the first key was entered. In addition, recovery of a partial set of key-presses was possible one minute after the first key was pressed

    “If you type your password and walk or step away, someone can learn a lot about it after-the-fact,” said one of the paper’s authors, Gene Tsudik.

    A study back in 2011 showed that PIN codes entered on cash machines can also be recovered by analyzing the residual heat left behind on the keypads.

    ICS Researchers Introduce Thermanator, Revealing a New Threat to Using Keyboards to Enter Passwords and Other Sensitive Information
    https://www.cs.uci.edu/ics-researchers-introduce-thermanator-revealing-a-new-threat-to-using-keyboards-to-enter-passwords-and-other-sensitive-information/

    Reply
  12. Tomi Engdahl says:

    An Invasive Spyware Attack on Military Mobile Devices
    https://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/

    Earlier this week, Israeli security agencies announced that the Hamas terrorist organization had installed spyware on Israeli soldiers’ smartphones in its latest attempt to collect information on its long time enemy. About 100 people fell victim to the attack that came in the form of fake World Cup and online dating apps that had been uploaded to the Google Play Store, the official app store of Google.

    Reply
  13. Tomi Engdahl says:

    New Smoke Loader Attack Targets Multiple Credentials
    https://www.securityweek.com/new-smoke-loader-attack-targets-multiple-credentials

    A recently detected Smoke Loader infection campaign is attempting to steal credentials from a broad range of applications, including web browsers, email clients, and more.

    The attacks begin with malicious emails carrying a Word document as an attachment. Using social engineering, the attackers attempt to lure victims into opening the document and executing an embedded macro.

    Reply
  14. Tomi Engdahl says:

    Google Fixes Critical Android Vulnerabilities
    https://www.securityweek.com/google-fixes-critical-android-vulnerabilities

    Google this week released its July 2018 set of Android patches to address tens of vulnerabilities in the mobile operating system, including several rated as Critical.

    The Internet giant addressed 11 vulnerabilities as part of the 2018-07-01 security patch level, including three rated Critical and 8 High risk bugs. The issues impact framework, media framework, and system.

    “The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google notes in an advisory.

    Affected operating system versions include Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1.

    A total of 32 flaws were addressed as part of the 2018-07-05 security patch level, 8 rated Critical severity and 24 considered High risk.

    Android Security Bulletin—July 2018
    https://source.android.com/security/bulletin/2018-07-01

    Reply
  15. Tomi Engdahl says:

    NHS Digital Erroneously Reveals Data of 150,000 Patients
    https://www.securityweek.com/nhs-digital-erroneously-reveals-data-150000-patients

    On Monday July 2, Jackie Doyle-Price, the parliamentary under-secretary of state for health, delivered a written statement to the UK parliament. It explained that 150,000 NHS patients who had specifically opted out of the NHS patient data-sharing regime were in fact not opted out.

    “As a result,” says the statement, “these objections were not upheld by NHS Digital in its data disseminations between April 2016, when the NHS Digital process for enabling them to be upheld was introduced, and 26 June 2018. This means that data for these patients has been used in clinical audit and research that helps drive improvements in outcomes for patients.”

    NHS Digital is the national information and technology partner to the health and social care system.

    On the same day, NHS Digital released its own statement. “We apologize unreservedly for this issue, which has been caused by a coding error by a GP system supplier (TPP) and means that some people’s data preferences have not been upheld when we have disseminated data. The TPP coding error meant that we did not receive these preferences and so have not been able to apply them to our data.”

    NHS Digital and TPP statement about type 2 objections error
    https://digital.nhs.uk/news-and-events/latest-news/statement-on-type-2-opt-out-error

    Reply
  16. Tomi Engdahl says:

    CipherTrace Unveils Crypto-Currency Anti-Money Laundering Solution
    https://www.securityweek.com/ciphertrace-unveils-crypto-currency-anti-money-laundering-solution

    Cryptocurrency theft and its use to launder other illegal activity is booming. This has prompted the evolution of a related industry that sits on the borderline of legality (barely legal in some jurisdictions, illegal in others): cryptocurrency money laundering. The laundering of illegally-obtained money may be illegal, but the process used may not be.

    Menlo Park, Calif. startup CipherTrace is a firm founded on the need for cryptocurrency anti-money laundering (AML), blockchain forensics and enforcement solutions. It aids law enforcement and financial regulators in their investigations, helps enterprises to deploy real-world cryptocurrency transactional systems within regulations, and offers a bitcoin scam and theft asset recovery service.

    https://ciphertrace.com/

    Reply
  17. Tomi Engdahl says:

    As Facial Recognition Use Grows, So Do Privacy Fears
    https://www.securityweek.com/facial-recognition-use-grows-so-do-privacy-fears

    The unique features of your face can allow you to unlock your new iPhone, access your bank account or even “smile to pay” for some goods and services.

    The same technology, using algorithms generated by a facial scan, can allow law enforcement to find a wanted person in a crowd or match the image of someone in police custody to a database of known offenders.

    Facial recognition came into play last month when a suspect arrested for a shooting at a newsroom in Annapolis, Maryland, refused to cooperate with police and could not immediately be identified using fingerprints.

    Reply
  18. Tomi Engdahl says:

    Trojan Either Encrypts Files or Mines for Cryptocurrency
    https://www.securityweek.com/trojan-either-encrypts-files-or-mines-cryptocurrency

    A long established ransomware family recently added the ability to deploy a cryptocurrency miner instead of file encryptor, based on the victim machine’s configuration.

    The malware, which Kaspersky Lab detects as Rakhni, was first discovered in 2013 and has received numerous updates ever since. The latest feature added to the threat, however, makes it stand out from the crowd: the malware’s downloader checks the victim system and decides whether to infect it with a cryptor or a miner.

    Mainly affecting users in Russia but spread worldwide, the Trojan is being distributed via spam emails with a malicious Word document attached. The file has an embedded PDF document that, once opened, launches a malicious downloader and also displays a fake error message to the victim.

    Reply
  19. Tomi Engdahl says:

    Criminals Don’t Read Instructions or Use Strong Passwords
    https://isc.sans.edu/diary/rss/23850

    Going over my WebLogic honeypot, I am used to seeing a lot of crypto miners. The honeypot is vulnerable to CVE-2017-10271. I have written before about the various crypto miners.

    But this weekend, I finally spotted something a bit different. The attacker installed a backdoor which so far is not recognized by any antivirus tool according to Virustota

    This binary establishes a connection to the attacker for remote control protected by a trivial default password. Note to the attacker: If the password is “replace with your password”; do it!”

    The malicious file was uploaded and executed via a well known WebLogic vulnerability.

    Reply
  20. Tomi Engdahl says:

    Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach
    https://www.bleepingcomputer.com/news/security/security-firm-sued-for-failing-to-detect-malware-that-caused-a-2009-breach/

    Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client’s network for months, an issue that led to one of the biggest security breaches of the 2000s. The security firms says the lawsuit is meritless.

    The two insurance firms are Lexington Insurance Company and Beazley Insurance Company, and both insured Heartland Payment Systems, a leading payment processing company.

    Lawsuit related to 2009 Heartland mega breach

    In January 2009, Heartland announced a major security breach of its network, following which an attacker stole details for over 100 million payment cards stored on its systems by over 650 of Heartland’s customers.

    Following this devastating hack and one of the biggest of the 2000s, Heartland paid over $148 million in settlement fees for various lawsuits, and other remediation costs and expenses Heartland owed its customers.

    Lawsuit related to 2009 Heartland mega breach

    In January 2009, Heartland announced a major security breach of its network, following which an attacker stole details for over 100 million payment cards stored on its systems by over 650 of Heartland’s customers.

    Lawsuit claims Trustwave failed to detect intrusion

    The two insurance firms claim that Chicago-based Trustwave Holdings, Inc. —the security firm— had failed to detect that an attacker used an SQL injection attack to breach Heartland’s systems on July 24, 2007.

    Furthermore, the two say Trustwave also failed to detect that attackers installed malware on the payments processor’s servers on May 14, 2008, and did not raise a sign of alarm about the event.

    The lawsuit also mentions that in the aftermath of the hack, Visa conducted a review of Heartland’s servers and found that Trustwave incorrectly certified Heartland as PCI DSS compliant.

    The lawsuit claims that Visa discovered that Trustwave ignored the fact that Heartland didn’t run a firewall, was using vendor-supplied passwords, didn’t have sufficient protection for the storage system used for card data, failed to assign unique identification to each person accessing its system, and had failed to monitor servers and cardholder data at regular intervals.

    All of these are PCI DSS compliance rules, and Visa said that despite all the problems on Heartland’s network, Trustwave provided PCI DSS attestation.

    Trustwave denies fault, says it’s an old story

    But in a statement to Bleeping Computer, Trustwave says the lawsuit is meritless.

    This is the third time Trustwave is on the receiving end of such a lawsuit.

    Reply
  21. Tomi Engdahl says:

    Vengeful hacker exposes DomainFactory customer banking data and passwords
    https://hotforsecurity.bitdefender.com/blog/vengeful-hacker-exposes-domainfactory-customer-banking-data-and-passwords-20094.html

    A German web-hosting firm has suffered a severe data breach because one of its customers reportedly owed money to the attacker. The company only learned of the breach when the hacker announced it himself, on its support forum

    On Jan. 29, the attacker compromised customer names, company names, various addresses, telephone numbers, DomainFactory passwords, dates of birth, bank names and account numbers, and Schufa scores (German credit score).

    However, the company and its customers only learned of the breach six months later, on July 3

    The reason behind the attack, according to German news outlet Heise Online, was to obtain the credentials of an customer who owed the attacker money. When he noticed that DomainFactory was reluctant to acknowledge the breach, he decided to make it public.

    DomainFactory’s explanation, however, differs a bit

    Reply
  22. Tomi Engdahl says:

    Another data-leaking Spectre CPU flaw among Intel’s dirty dozen of security bug alerts today
    https://www.theregister.co.uk/2018/07/10/intel_security_spectre_advisories/

    Chipzilla preps for quarterly public patch updates

    Exclusive Intel will today emit a dozen security alerts for its products – including details of another data-leaking vulnerability within the family of Spectre CPU flaws.

    Rather than drop surprise alerts onto its security advisory page at irregular intervals, Intel hopes to gradually adopt a routine similar to Microsoft’s monthly Patch Tuesday, albeit once every three months.

    Urgent security updates will be pushed out in between these quarterly batches.

    From what we understand, Intel hopes to give folks – from IT administrators to ordinary netizens – time and notice to plan for installing security updates at regular-ish intervals, rather than relying on them to look out for sporadic patches.

    Speculative execution continues to haunt
    The new Spectre-class side-channel vulnerability in Intel’s processors, to be disclosed today, can be exploited in a bounds-check bypass store attack.

    function pointers and return addresses are overwritten in the attack, allowing the malicious code to change the CPU’s course, and infer the contents of memory that should be out of reach.

    The good news is that software mitigations available today for Spectre variant 1 will thwart bounds-check bypass store attacks. Thus, web browsers and other applications employing anti-Spectre mechanisms should be safe.

    For programmers and compiler writers, this means slipping LFENCE instructions into code, before it reads from memory,

    The other good news is that there is little or no malware known to be circulating in the wild exploiting Spectre vulnerabilities

    Instead, Spectre, for now, remains a fascinating insight into the world of CPU design, where engineers across the industry trade off a little security for a little more performance.

    Reply
  23. Tomi Engdahl says:

    California malls are sharing license plate tracking data with ICE
    https://techcrunch.com/2018/07/10/alpr-license-plate-recognition-ice-irvine-company/?sr_share=facebook&utm_source=tcfbpage

    A chain of California shopping centers is sharing its license plate reader data with a well-known U.S. Immigration and Customs Enforcement (ICE) contractor, giving that agency the ability to track license plate numbers it captures in near real-time.

    Reply
  24. Tomi Engdahl says:

    Racketeers Sending Fake Blackmail Emails Demanding Bitcoin Ransom
    https://darkwebnews.com/bitcoin/fake-email-bitcoin-ransom/

    For every real criminal out there, there will always be a phony riding on the coattails of his success.

    A number of people have already been bombarded with fake threat emails demanding an amount in Bitcoin, failure to which would lead to grave consequences. The racketeers take blackmail letter examples from the internet and modify them before sending it to you.

    these racketeers are banking on panic and rash decision-making to keep their businesses thriving and Bitcoin flowing.

    The Fake Threat Emails are poorly written; sent en Masse

    Fake ransomware racketeering is on the rise.

    The emails demanding Bitcoin are usually authored in poor English and often contain threats to leak private information if the Bitcoin ransom is not paid.

    Reply
  25. Tomi Engdahl says:

    US Air Force drone documents found for sale on the dark web for $200
    https://techcrunch.com/2018/07/11/reaper-drone-dark-web-air-force-hack/?utm_source=tcfbpage&sr_share=facebook

    You never quite know what you’ll find on the dark web. In June, a threat intelligence team known as Insikt Group at security research firm Recorded Future discovered the sale of sensitive U.S. military information in the course of monitoring criminal activity on dark web marketplaces.

    English-speaking hacker purported to have documentation on the MQ-9 Reaper unmanned aerial vehicle

    other set of documents appears to have been stolen from a U.S. Army official or from the Pentagon

    In the course of its investigation, Insikt Group determined that the hacker obtained the documents by accessing a Netgear router with misconfigured FTP login credentials. When the team corresponded with the hacker to confirm the source of hacked drone documents, the attacker disclosed that he also had access to footage from a MQ-1 Predator drone.

    Here’s how he did it

    Insikt Group notes that it is “incredibly rare” for hackers to sell military secrets on open marketplaces.

    Reply
  26. Tomi Engdahl says:

    Ransomware technique uses your real passwords to trick you
    https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/?sr_share=facebook&utm_source=tcfbpage

    A few folks have reported a new ransomware technique that preys upon corporate inability to keep passwords safe. The notes – which are usually aimed at instilling fear – are simple: the hacker says “I know that your password is X. Give me a bitcoin and I won’t blackmail you.”

    This is cool. A Bitcoin ransom with using what I think is passwords from a big leak. Pretty neat since people would be legit scared when they see their password. The concealed part is actually an old password

    To be clear there is very little possibility that anyone has video of you cranking it unless, of course, you video yourself cranking it. Further, this is almost always a scam. That said, the fact that the hackers are able to supply your real passwords – most probably gleaned from the multiple corporate break-ins that have happened over the past few years – is a clever change to the traditional cyber-blackmail methodology.

    Luckily, the hackers don’t have current passwords.

    Reply
  27. Tomi Engdahl says:

    SENATORS FEAR MELTDOWN AND SPECTRE DISCLOSURE GAVE CHINA AN EDGE
    https://www.wired.com/story/meltdown-and-spectre-intel-china-disclosure/

    Reply
  28. Tomi Engdahl says:

    Ukraine Says It Stopped a VPNFilter Attack on a Chlorine Distillation Station
    https://www.bleepingcomputer.com/news/security/ukraine-says-it-stopped-a-vpnfilter-attack-on-a-chlorine-distillation-station/

    The Ukrainian Secret Service (SBU) said today it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region.

    Reply
  29. Tomi Engdahl says:

    Mueller indicts 12 Russian military officers for election hacking, says DCLeaks & Guccifer 2.0 were Russia intel
    https://boingboing.net/2018/07/13/indictment-friday.html

    As Mister Trump and his wife greeted the Queen of England, a reporter on a hot mic broke the embargo that the U.S. is indicting 12 Russian military officers with attacks on the 2016 U.S. Presidential elections, and that Guccifer 2.0 and DC LEAKS were Russian intelligence missions.

    “Both were created and controlled by Russia’s GRU,”

    Related comments from page:

    Aric Toler
    @AricToler
    Most of the breaking news breathlessly reported in the U.S. press on Russian hacking or troll factory activities were uncovered years ago by independent Russian journalists; reading their work is like having spoilers for American news months in advance

    Reply
  30. Tomi Engdahl says:

    12 Russians indicted in Mueller investigation
    https://edition.cnn.com/2018/07/13/politics/russia-investigation-indictments/index.html

    Washington (CNN)The Justice Department announced indictments against 12 Russian nationals as part of special counsel Robert Mueller’s investigation of Russian interference in the 2016 election, accusing them of engaging in a “sustained effort” to hack Democrats’ emails and computer networks.

    The revelations provide more detail on the sophisticated assault on the US election in 2016, including the release of emails designed to damage Democratic presidential candidate Hillary Clinton.

    Trump is due to meet Russian President Vladimir Putin — who has denied election meddling — in Helsinki on Monday

    The Justice Department says the hacking targeted Clinton’s campaign, Democratic National Committee and the Democratic Congressional Campaign Committee, with the intention to “release that information on the internet under the names DCLeaks and Guccifer 2.0 and through another entity.”

    “The Russians are nailed. No Americans are involved. Time for Mueller to end this pursuit of the President and say President Trump is completely innocent,”

    Reply
  31. Tomi Engdahl says:

    Researchers find that filters don’t prevent porn
    https://techcrunch.com/2018/07/13/researchers-find-that-filters-dont-prevent-porn/?sr_share=facebook&utm_source=tcfbpage

    In a paper entitled Internet Filtering and Adolescent Exposure to Online Sexual Material, Oxford Internet Institute researchers Victoria Nash and Andrew Przybylski found that Internet filters rarely work to keep adolescents away from online porn.

    “It’s important to consider the efficacy of Internet filtering,” said Dr, Nash. “Internet filtering tools are expensive to develop and maintain, and can easily ‘underblock’ due to the constant development of new ways of sharing content. Additionally, there are concerns about human rights violations – filtering can lead to ‘overblocking’, where young people are not able to access legitimate health and relationship information.”

    This research follows the controversial news that the UK government was exploring a country-wide porn filter

    The study’s most interesting finding was that between 17 and 77 households “would need to use Internet filtering tools in order to prevent a single young person from accessing sexual content” and even then a filter “showed no statistically or practically significant protective effects.”

    https://www.liebertpub.com/doi/full/10.1089/cyber.2017.0466

    Reply
  32. Tomi Engdahl says:

    Russian hackers used bitcoin to fund election interference, so prepare for FUD
    https://techcrunch.com/2018/07/13/russian-hackers-used-bitcoin-to-fund-election-interference-so-prepare-for-fud/?utm_source=tcfbpage&sr_share=facebook

    the alleged hackers paid for their nefarious deeds with bitcoin and other cryptocurrencies.

    It is perhaps the most popular and realistic argument against cryptocurrency that it enables anonymous transactions globally and at scale, no exception made for Russian intelligence or ISIS. So the news that a prominent and controversial technology was used to fund state-sponsored cyber attacks will not be passed over by its critics.

    You can expect bluster on cable news and some sharp words from lawmakers, who will also probably issue some kind of public denouncement of cryptocurrencies and call for more stringent regulation. It’s only natural: their constituencies will hear that Russians are using bitcoin to hack the election systems and take it at face value. They have to say something.

    But this knee-jerk criticism is misguided and hypocritical for several reasons.

    the process of laundering, after all, becomes rather difficult when there is an immutable, peer-maintained record of every penny being pushed around

    So although bitcoin has its shady side, it’s far from perfect secrecy

    it doesn’t provide much in the way of new capabilities for those who wish to keep secret their activities online.

    Reply
  33. Tomi Engdahl says:

    Hackers are selling backdoors into PCs for just $10
    https://www.zdnet.com/article/hackers-are-selling-backdoors-into-pcs-for-just-10/

    “This is definitely not something you want to discover on a Russian underground RDP shop,” warn researchers.

    Cyber criminals are offering remote access to IT systems for just $10 via a dark web hacking store — potentially enabling attackers to steal information, disrupt systems, deploy ransomware and more.

    The sales of backdoor access to compromised systems was uncovered by researchers at security company McAfee Labs looking into the sale of remote desktop protocol (RDP) access to hacked machines on underground forums — some of which are selling access to tens of thousands of compromised systems.

    Systems advertised for sale on the forum range from Windows XP through to Windows 10, with access to Windows 2008 and 2012 Server most common. The store owners also offer tips for how those using the illicit logins can remain undetected.

    Reply
  34. Tomi Engdahl says:

    As facial recognition technology becomes pervasive, Microsoft (yes, Microsoft) issues a call for regulation
    https://techcrunch.com/2018/07/13/as-facial-recognition-technology-becomes-pervasive-microsoft-yes-microsoft-issues-a-call-for-regulation/?utm_source=tcfbpage&sr_share=facebook

    Technology companies have a privacy problem. They’re terribly good at invading ours and terribly negligent at protecting their own.

    And with the push by technologists to map, identify and index our physical as well as virtual presence with biometrics like face and fingerprint scanning, the increasing digital surveillance of our physical world is causing some of the companies that stand to benefit the most to call out to government to provide some guidelines on how they can use the incredibly powerful tools they’ve created.

    Reply
  35. Tomi Engdahl says:

    The 1.5 Billion Dollar Market: IoT Security
    https://blog.paessler.com/investments-in-iot-security-are-set-to-increase-rapidly-in-2018?utm_source=facebook&utm_medium=cpc&utm_campaign=Burda-Blog-Global&utm_content=1%2C5IOTSecurity&hsa_grp=23842989932620129&hsa_cam=23842989931580129&hsa_net=facebook&hsa_ver=3&hsa_ad=23842989933220129&hsa_src=fb&hsa_acc=2004489912909367

    IoT devices are frequently largely without any protection. Even if they are quite uninteresting for attack scenarios such as ransomware, the security issues in connection with smart devices remain an explosive topic. The devices are relatively easy to manipulate so that users can be spied on or information stolen.

    So how big is the IoT security market really? According to Gartner’s market researchers, global spending on IoT security will increase to $1.5 billion this year. By 2021, compliance is to become the most important factor influencing the growth of IoT security. Cyberattacks on the Internet of Things (IoT) are already a reality

    Gartner predicts that global spending on IoT security will amount to $1.5 billion in 2018. This would mean a growth of 28 percent compared to 2017 ($1.2 billion).

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*