IP fragmentation has always been a tricky issue. Many operating systems had issues implementing it and RFCs have often been ignored (for more or less good reasons). Over the last years, techniques like “Path MTU Discovery” have become popular to mostly eliminate the need for fragmentation, in particular with IPv6 making it mandatory.
So first a quick primer on the how and why of fragmentation in IPv4.
We need fragmentation mostly because not all networks use the same MTU.
Ethernet typically uses an MTU of 1500 bytes but can go all the way up to 9198 bytes. So in short, MTUs are “all over” and there is no guarantee as to what MTU you will find on networks forwarding your packet.
Path MTU Discovery solved this problem.
Problems with fragments:
They may arrive out of order. So recipients need to buffer them (for how long? The IPv4 RFC doesn’t say..)
They could overlap (the RFC suggests that hosts take the first arriving copy in this case, but not all operating systems have done this in the past)
buffering fragments requires resources
One issue that highlighted these problems recently was labeled “Fragmentsmack”. Reassembling lots of fragments arriving in various orders can overwhelm some of the reassembly algorithms, and as a result, cause a DoS condition. This issue appears to have affected Linux and Windows. Linux advised using a smaller memory buffer for fragments to fix this issue. Microsoft yesterday’ suggested in its patch Tuesday note to drop all out of order fragments via a registry fix.
For Linux, a patch was submitted in response that would drop all overlapping fragments.
A huge database with email addresses, passwords in clear text, and partial credit card data has been uploaded to a free, public hosting service.
The operator of the sharing service sent the set to Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site, to compare it and check whether it was the result of an unknown data breach.
What do you do when you finish working with your laptop? Do you turn it off? Put it to sleep? Just close the lid and walk away?
Many people might not realize that what they do when leaving their laptop unattended, even a laptop with full disk encryption, can cause serious security headaches. .
“Sleep mode is vulnerable mode,” says F-Secure Principal Security Consultant Olle Segerdahl.
Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world’s biggest vendors like Dell, Lenovo, and even Apple.
In late August, Microsoft announced a free service that arguably reveals more about the future of the email business and its struggles with security than several years’ worth of earnest press releases.
Called AccountGuard, it’s Microsoft’s answer to the phenomenon of Russian phishing meddling with the US elections and the candidates who stand in them. The idea is simple: a lot of candidates and their helpers get their email provision through Office 365, Outlook.com, or what used to be called Hotmail.com, but these lack the security needed to keep the bad guys out. AccountGuard, ostensibly, will be that extra defence.
At its core, the service is a monitored version of Office 365 email that draws on information from the company’s Microsoft Threat Intelligence Center, or MSTIC.
An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.
A security analysis of cyber-attacks against universities and colleges in the UK has discovered staff or students could often be responsible, rather than organised crime or hacking groups.
A government-funded agency that provides cyber-security has examined the timing of 850 attacks in 2017-18.
Jisc found a “clear pattern” of attacks being concentrated during term times and during the working day.
Nicole Nguyen / BuzzFeed News:
European website finds that a free app is exposing the exact locations of Grindr’s 3.6M+ active users via unauthorized access to Grindr’s private API — The gay dating app Grindr is still exposing the precise location of its more than 3.6 million active users although it has long been aware of the issue.
The “high level of precision” of Grindr’s distance data is revealing the location of millions of its users.
The gay dating app Grindr is still exposing the precise location of its more than 3.6 million active users although it has long been aware of the issue. According to experts, there is a simple tweak that would protect users, but Grindr hasn’t implemented it.
In a post published Thursday, the website Queer Europe detailed how easy it is to find any Grindr user’s location using an app called Fuckr, which employs a technique called “trilateration” to find users.
Grindr is not deliberately revealing the locations of its users. But the “incredibl[y] high level of precision” of the distance data Grindr collects and shares allows apps like Fuckr to pinpoint users’ whereabouts
GitHub, which has hosted the Fuckr repository since it was released in 2015, disabled public access to the app shortly after the Queer Europe post published, citing Fuckr’s unauthorized access to the Grindr API.
It’s not the first time Grindr has exposed sensitive information. In April, BuzzFeed News reported that the app was letting other companies see users’ HIV status.
Many Grindr users are concerned that the app exposes their locations.
Hundreds of e-commerce Sites Impacted by MageCart Compromise of Cloud Service Provider
Payment card data from customers of hundreds of e-commerce websites may have been stolen after the MageCart threat actors managed to compromise customer engagement service Feedify.
German Chancellor Angela Merkel said Friday Berlin was boosting military cyber capabilities to respond to Russian hybrid warfare that is targeting its troops deployed on NATO’s eastern flank.
“Here you are also confronted with a situation that represents another part of the Russian military doctrine: the idea of hybrid warfare,” she told German troops stationed in Lithuania as part of a NATO force deployed to deter Russia.
NATO allies have accused Russia of using “hybrid warfare” techniques, including subversion, propaganda and cyber warfare, to undermine the West without triggering a full NATO military response.
A Nigerian man was sentenced in Manhattan federal court to 60 months in prison for his role in fraudulent business email compromise (BEC) scams, the United States Department of Justice announced this week.
Recently attacks launched by the China-linked threat actor APT10 against the Japanese media sector revealed the use of updated tactics, techniques and procedures (TTPs), FireEye says.
Dutch ‘Expelled Two Russian Spies Over Novichok Lab Plot’
Dutch intelligence services arrested two alleged Russian spies on suspicion of planning to hack a Swiss laboratory investigating the poisoning of double agent Sergei Skripal, reports and officials said Friday
Secureworks is offering a complementary evaluation (an online process supported by a security expert) to help organizations benchmark their own security maturity. The model incorporates elements of well-known frameworks like National Institute of Standards and Technology (NIST) and ISO 27001/02 with insight from Secureworks’ global threat intelligence. It comprises four levels: guarded, informed, integrated and resilient.
Further information, and a route map for attaining security maturity, can be found in a white paper titled ’5 Critical Steps to a More Mature Security Posture’ (PDF). This paper suffers from one major drawback: security leaders who have achieved the title or function of CISO in a major organization will already know and understand everything contained in the paper.
In North America 32 percent of data breaches have resulted in a C-level manager, president or CEO losing their job, according to new research.
The study from Kaspersky Lab shows that 42 percent of businesses worldwide experienced at least one data breach in the last year. When a data breach occurs it not only results in a costly recovery burden, now put at $1.23 million on average, but it can also impact the company’s reputation, customer privacy, and even severely impact employees’ careers.
The research highlights how responsibility for a breach often extends beyond technical IT employees. Among employees let go, senior non-IT employees were laid off in 29 percent of small and medium-sized businesses (50 to 999 employees) and 27 percent of enterprises (over 1,000 employees).
Senators demand answers after government report finds that only 11 percent of the Department of State’s devices use multi-factor authentication.
Five US senators have sent a letter to Secretary of State Mike Pompeo requesting answers why the State Department has not widely deployed basic cyber-security protections, such as multi-factor authentication (MFA).
The first of these is a 2018 General Service Administration (GSA) assessment of the Department of State’s cyber-security practices.
We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA,” the five senators wrote in the joint letter.
A hacker going online by the pseudonym of “aabbccddeefg” has exploited a vulnerability to steal over 44,400 EOS coins ($220,000) from a blockchain-based betting app. The hack targeted a blockchain app that lets users bet with EOS coins in a classic dice game.
The entire incident is quite hilarious because four days before it happened, the company behind the app was boasting on Twitter that every other dice betting game had been hacked and lost funds.
While the hack is somewhat the definition of karma police, it is also quite funny because the hacker himself didn’t really care about hiding his tracks or laundering the stolen funds.
Hacker steals roughly $220,000 from blockchain-based online gambling app by exploiting vulnerability in EOS smart contract (game’s source code).
The game has been running online for a few months, but yesterday, a Reddit user spotted that an EOS user named aabbccddeefg had siphoned a large stack of funds from the EOSBet Dice’s shared money pool.
The hacker operated by sending a transaction to the EOSBet main game account, which exploited a lack of proper parameter checks that allowed the hacker to trick the game into sending back fake earnings.
Wall Street Journal:
Investigation: North Korean operatives are evading US sanctions and earning millions by using fake identities on services like Github, Slack, and Paypal
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
“The attack uses a weakness in the -webkit-backdrop-filter CSS property,”
“All browsers on iOS are affected because the underlying rendering engine is WebKit,”
The Kraken Cryptor Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it.
In North America 32 percent of data breaches have resulted in a C-level manager, president or CEO losing their job, according to new research.
The study from Kaspersky Lab shows that 42 percent of businesses worldwide experienced at least one data breach in the last year. When a data breach occurs it not only results in a costly recovery burden, now put at $1.23 million on average, but it can also impact the company’s reputation, customer privacy, and even severely impact employees’ careers.
“While a data breach is devastating to a business as a whole, it can also have a very personal impact on people’s lives — whether they are customers or failed employees — so this is a reminder that cybersecurity has real-life implications and is in fact everyone’s concern,”
By Anthony Spadafora 2018-09-14T15:14:43ZSecurity
Two thirds of German manufacturers have fallen victim to a cyberattack.
A new survey published by the German IT sector association Bitkom has revealed that two thirds of the country’s manufacturers have fallen victim to a cyberattack costing Europe’s largest economy around $50bn.
Bitkom surveyed 503 of the top managers and security chiefs across Germany’s manufacturing sector to discover that the SMBs that form the backbone of the country’s economy are particularly vulnerable to cyberattacks.
Bitkom’s survey identified a number of risks across the industry with a third of the companies surveyed reporting their employees’ mobile phones had been stolen and a quarter saying they had lost sensitive data.
The survey also found that cybercriminals had employed other techniques to disrupt German manufacturing. Of those surveyed, 19 per cent said their IT and production systems had been sabotaged digitally while 11 per cent reported that their communications had been tapped.
A Russian man pleaded guilty on Wednesday in U.S. federal court in Connecticut to criminal hacking charges stemming from his operation of the Kelihos botnet, the U.S. Justice Department said in a statement.
North Korea strongly denied claims by the United States that a computer programmer working for the North Korean government was involved in the hack of Sony Pictures Entertainment and the spread of the WannaCry ransomware virus.
Last month, we warned of the dangers that the FBI’s most wanted cybercriminals pose. Among these criminals are the perpetrator of the cyberattacks against HBO and the developer of the Zeus malware. And there is now a new name at the top of the list.
Park Jin Hyok, who has officially been charged by the US Department of Justice for carrying out the WannaCry attacks, among other cybercrimes.
Park allegedly belongs to the hacking group known, among other names, as Lazarus Group – a group that has carried out numerous cyberattacks against South Korea.
Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw.
German Chancellor Angela Merkel said Friday Berlin was boosting military cyber capabilities to respond to Russian hybrid warfare that is targeting its troops deployed on NATO’s eastern flank.
“Here you are also confronted with a situation that represents another part of the Russian military doctrine: the idea of hybrid warfare,” she told German troops stationed in Lithuania as part of a NATO force deployed to deter Russia.
Wall Street Journal:
Amazon confirms it is investigating claims that its employees in US and China accepted bribes for internal data and other confidential info on Amazon merchants
Employees, through intermediaries, are offering internal data to help merchants increase their sales on the website
Amazon.com Inc. is investigating suspected data leaks and bribes of its employees as it fights to root out fake reviews and other seller scams from its website.
Bristol Airport has blamed a cyber attack for causing flight display screens to fail for two days.
An airport spokesman said the information screens were taken offline early on Friday to contain an attack similar to so-called “ransomware”.
Spokesman James Gore said: “We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens.
“That was done to contain the problem and avoid any further impact on more critical systems.
The publication reports that the car was stolen through some customer support trickery. Phoning Tesla’s customer support, he somehow managed to get the model vehicle’s unique vehicle identification number (VIN) sent to his own smartphone. Once he did so, he could unlock it and drive it away, no key required.
Disabling GPS tracking on the car, it initially looked as if the thief had got away with his sneaky crime.
And let security kit fail for 10 months due to bad cert
Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers’ database queries on a test system to find out.
During that attack, hackers broke into the credit check agency’s systems, getting sight of roughly 150 million people in America plus 15 million Brits, and others.
Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers
We’ll call that the “holy crap” moment but there were other failings, including a lack of segmentation, a technique that could have isolated the databases from one another, or at least triggered an alarm when the intruders tried to move sideways through the network.
attackers to execute approximately 9,000 such queries
Equifax did get lucky on one score: had the attackers erased some of the logs, reconstructing what they’d been up to during all those weeks of easy access may have been much harder.
A Telegram malware called Telegrab targets Telegram’s desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.
Mike Memoli / NBC News:
Facebook debuts pilot program to expand its security tools and procedures, like 2FA and threat monitoring, for candidates and campaign staff ahead of midterms — The program is meant to identify patterns of malicious behavior earlier, making Facebook’s reaction quicker.
The program is meant to identify patterns of malicious behavior earlier, making Facebook’s reaction quicker.
With less than 50 days to the 2018 U.S. midterms, Facebook is launching a new program that would give U.S. political campaigns an extra layer of protection against potential cyber threats.
The social media giant on Monday announced a pilot program open to any campaign for state or federal office that would offer additional security protections for their Facebook pages and accounts.
Under the program, campaigns as well as campaign committees that opt in to the program would be designated potential high-priority users and be able to take advantage of expedited troubleshooting if they detect any unusual behavior involving their accounts.
Charlie Osborne / ZDNet:
Researchers disclose 0-day flaw allowing remote code execution on security cameras running Nuuo software, say hundreds of thousands of devices may be affected
Database has now been secured. Server was also ransomed by a criminal group back in June.
On Monday, a security researcher specialized in finding exposed databases has identified an unsecured MongoDB server that was leaking the personal details of nearly 11 million users. The server appears to belong to an email marketing firm based in California.
The data, contained in a 43.5GB dataset, included full names, email addresses, gender information, and physical addresses such as state, city, and ZIP code for 10,999,535 users.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
493 Comments
Tomi Engdahl says:
So What is Going on With IPv4 Fragments these Days?
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
IP fragmentation has always been a tricky issue. Many operating systems had issues implementing it and RFCs have often been ignored (for more or less good reasons). Over the last years, techniques like “Path MTU Discovery” have become popular to mostly eliminate the need for fragmentation, in particular with IPv6 making it mandatory.
So first a quick primer on the how and why of fragmentation in IPv4.
We need fragmentation mostly because not all networks use the same MTU.
Ethernet typically uses an MTU of 1500 bytes but can go all the way up to 9198 bytes. So in short, MTUs are “all over” and there is no guarantee as to what MTU you will find on networks forwarding your packet.
Path MTU Discovery solved this problem.
Problems with fragments:
They may arrive out of order. So recipients need to buffer them (for how long? The IPv4 RFC doesn’t say..)
They could overlap (the RFC suggests that hosts take the first arriving copy in this case, but not all operating systems have done this in the past)
buffering fragments requires resources
One issue that highlighted these problems recently was labeled “Fragmentsmack”. Reassembling lots of fragments arriving in various orders can overwhelm some of the reassembly algorithms, and as a result, cause a DoS condition. This issue appears to have affected Linux and Windows. Linux advised using a smaller memory buffer for fragments to fix this issue. Microsoft yesterday’ suggested in its patch Tuesday note to drop all out of order fragments via a registry fix.
For Linux, a patch was submitted in response that would drop all overlapping fragments.
Tomi Engdahl says:
Malicious Kodi Add-ons Install Windows & Linux Coin Mining Trojans
https://www.bleepingcomputer.com/news/security/malicious-kodi-add-ons-install-windows-and-linux-coin-mining-trojans/
Tomi Engdahl says:
Files With 42 Million Emails and Passwords Found On Free Hosting Service
https://www.bleepingcomputer.com/news/security/files-with-42-million-emails-and-passwords-found-on-free-hosting-service/
A huge database with email addresses, passwords in clear text, and partial credit card data has been uploaded to a free, public hosting service.
The operator of the sharing service sent the set to Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site, to compare it and check whether it was the result of an unknown data breach.
Most likely intended for credential stuffing
Tomi Engdahl says:
The Chilling Reality of Cold Boot Attacks
https://blog.f-secure.com/cold-boot-attacks/
What do you do when you finish working with your laptop? Do you turn it off? Put it to sleep? Just close the lid and walk away?
Many people might not realize that what they do when leaving their laptop unattended, even a laptop with full disk encryption, can cause serious security headaches. .
“Sleep mode is vulnerable mode,” says F-Secure Principal Security Consultant Olle Segerdahl.
Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world’s biggest vendors like Dell, Lenovo, and even Apple.
Tomi Engdahl says:
Email security crisis… What email security crisis?
Let them eat phish
https://www.theregister.co.uk/2018/09/11/email_security_crisis_what_email_security_crisis/
In late August, Microsoft announced a free service that arguably reveals more about the future of the email business and its struggles with security than several years’ worth of earnest press releases.
Called AccountGuard, it’s Microsoft’s answer to the phenomenon of Russian phishing meddling with the US elections and the candidates who stand in them. The idea is simple: a lot of candidates and their helpers get their email provision through Office 365, Outlook.com, or what used to be called Hotmail.com, but these lack the security needed to keep the bad guys out. AccountGuard, ostensibly, will be that extra defence.
At its core, the service is a monitored version of Office 365 email that draws on information from the company’s Microsoft Threat Intelligence Center, or MSTIC.
Tomi Engdahl says:
Microsoft September Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Tomi Engdahl says:
https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/
Tomi Engdahl says:
Mongo Lock Attack Ransoming Deleted MongoDB Databases
https://www.bleepingcomputer.com/news/security/mongo-lock-attack-ransoming-deleted-mongodb-databases/
An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.
Tomi Engdahl says:
Home » Security » Answers to Your Questions on Our Apps in the Mac App Store
Answers to Your Questions on Our Apps in the Mac App Store
https://blog.trendmicro.com/answers-to-your-questions-on-our-mac-apps-store/
Tomi Engdahl says:
Students blamed for university and college cyber-attacks
https://www.bbc.co.uk/news/education-45496714
A security analysis of cyber-attacks against universities and colleges in the UK has discovered staff or students could often be responsible, rather than organised crime or hacking groups.
A government-funded agency that provides cyber-security has examined the timing of 850 attacks in 2017-18.
Jisc found a “clear pattern” of attacks being concentrated during term times and during the working day.
Tomi Engdahl says:
You’ll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it
https://www.theregister.co.uk/2018/09/14/cold_boot_attack_reloaded/
Hardware hackers bring cold boot attacks out of the deep freeze
Tomi Engdahl says:
10 critical points from Zuckerberg’s epic security manifesto
https://techcrunch.com/2018/09/13/zuckerberg-strikes-back/
Tomi Engdahl says:
Almost half of US cellphone calls will be scams by next year, says report
https://www.cnet.com/news/almost-half-of-us-cell-phone-calls-will-be-scams-by-next-year-says-report/
Fraudsters most often use local prefixes to trick people.
Many of us are already conditioned to ignore phone calls from unknown numbers. A new study seems to validate that M.O.
By next year, nearly half of the mobile phone calls we get will be scams, according to a new report from First Orion
“Scammers relentlessly inundate mobile phones with increasingly convincing and scary calls,”
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Let’s Encrypt has issued 380M+ free TLS certificates on 129M unique domains in three years since launch, making it the largest certificate issuer in the world
https://techcrunch.com/2018/09/14/three-years-later-lets-encrypt-now-secures-75-of-the-web/
Tomi Engdahl says:
Nicole Nguyen / BuzzFeed News:
European website finds that a free app is exposing the exact locations of Grindr’s 3.6M+ active users via unauthorized access to Grindr’s private API — The gay dating app Grindr is still exposing the precise location of its more than 3.6 million active users although it has long been aware of the issue.
There’s A Simple Fix, But Grindr Is Still Exposing The Location Of Its Users
https://www.buzzfeednews.com/article/nicolenguyen/grindr-location-data-exposed
The “high level of precision” of Grindr’s distance data is revealing the location of millions of its users.
The gay dating app Grindr is still exposing the precise location of its more than 3.6 million active users although it has long been aware of the issue. According to experts, there is a simple tweak that would protect users, but Grindr hasn’t implemented it.
In a post published Thursday, the website Queer Europe detailed how easy it is to find any Grindr user’s location using an app called Fuckr, which employs a technique called “trilateration” to find users.
Grindr is not deliberately revealing the locations of its users. But the “incredibl[y] high level of precision” of the distance data Grindr collects and shares allows apps like Fuckr to pinpoint users’ whereabouts
GitHub, which has hosted the Fuckr repository since it was released in 2015, disabled public access to the app shortly after the Queer Europe post published, citing Fuckr’s unauthorized access to the Grindr API.
It’s not the first time Grindr has exposed sensitive information. In April, BuzzFeed News reported that the app was letting other companies see users’ HIV status.
Many Grindr users are concerned that the app exposes their locations.
Tomi Engdahl says:
Mitch Stoltz / Electronic Frontier Foundation:
EFF and Cyberlaw Clinic at Harvard Law School help eliminate “seven dirty words” restriction policy from .US domain name registrations, reinstating fucknazis.us
https://www.eff.org/deeplinks/2018/09/yes-you-can-name-website-fucknazisus
Tomi Engdahl says:
MageCart Attackers Compromise Cloud Service Firm Feedify
https://www.securityweek.com/magecart-attackers-compromise-cloud-service-firm-feedify
Hundreds of e-commerce Sites Impacted by MageCart Compromise of Cloud Service Provider
Payment card data from customers of hundreds of e-commerce websites may have been stolen after the MageCart threat actors managed to compromise customer engagement service Feedify.
Tomi Engdahl says:
German Troops Face Russian ‘Hybrid War’ in Lithuania: Merkel
https://www.securityweek.com/german-troops-face-russian-hybrid-war-lithuania-merkel
German Chancellor Angela Merkel said Friday Berlin was boosting military cyber capabilities to respond to Russian hybrid warfare that is targeting its troops deployed on NATO’s eastern flank.
“Here you are also confronted with a situation that represents another part of the Russian military doctrine: the idea of hybrid warfare,” she told German troops stationed in Lithuania as part of a NATO force deployed to deter Russia.
NATO allies have accused Russia of using “hybrid warfare” techniques, including subversion, propaganda and cyber warfare, to undermine the West without triggering a full NATO military response.
Tomi Engdahl says:
Nigerian Fraudster Who Stole Millions Heads to U.S. Prison
https://www.securityweek.com/nigerian-fraudster-who-stole-millions-heads-us-prison
A Nigerian man was sentenced in Manhattan federal court to 60 months in prison for his role in fraudulent business email compromise (BEC) scams, the United States Department of Justice announced this week.
Tomi Engdahl says:
China-linked APT10 Hackers Update Attack Techniques
https://www.securityweek.com/china-linked-apt10-hackers-update-attack-techniques
Recently attacks launched by the China-linked threat actor APT10 against the Japanese media sector revealed the use of updated tactics, techniques and procedures (TTPs), FireEye says.
Tomi Engdahl says:
Russian Spies Arrested on Suspicion of Plans to Hack Swiss Laboratory
https://www.securityweek.com/russian-spies-arrested-suspicion-plans-hack-swiss-laboratory
Dutch ‘Expelled Two Russian Spies Over Novichok Lab Plot’
Dutch intelligence services arrested two alleged Russian spies on suspicion of planning to hack a Swiss laboratory investigating the poisoning of double agent Sergei Skripal, reports and officials said Friday
Tomi Engdahl says:
Trump OKs Sanctions for Foreigners Who Meddle in Elections
https://www.securityweek.com/trump-oks-sanctions-foreigners-who-meddle-elections
Tomi Engdahl says:
How Apple’s Safari Browser Will Try to Thwart Data Tracking
https://www.securityweek.com/how-apples-safari-browser-will-try-thwart-data-tracking
New privacy features in Apple’s Safari browser seek to make it tougher for companies such as Facebook to track you.
Tomi Engdahl says:
Secureworks Launches New Security Maturity Model
https://www.securityweek.com/secureworks-launches-new-security-maturity-model
Secureworks is offering a complementary evaluation (an online process supported by a security expert) to help organizations benchmark their own security maturity. The model incorporates elements of well-known frameworks like National Institute of Standards and Technology (NIST) and ISO 27001/02 with insight from Secureworks’ global threat intelligence. It comprises four levels: guarded, informed, integrated and resilient.
Further information, and a route map for attaining security maturity, can be found in a white paper titled ’5 Critical Steps to a More Mature Security Posture’ (PDF). This paper suffers from one major drawback: security leaders who have achieved the title or function of CISO in a major organization will already know and understand everything contained in the paper.
Tomi Engdahl says:
32 percent of data breaches lead to executive job loss
https://betanews.com/2018/09/14/data-breach-executive-job-loss/
In North America 32 percent of data breaches have resulted in a C-level manager, president or CEO losing their job, according to new research.
The study from Kaspersky Lab shows that 42 percent of businesses worldwide experienced at least one data breach in the last year. When a data breach occurs it not only results in a costly recovery burden, now put at $1.23 million on average, but it can also impact the company’s reputation, customer privacy, and even severely impact employees’ careers.
The research highlights how responsibility for a breach often extends beyond technical IT employees. Among employees let go, senior non-IT employees were laid off in 29 percent of small and medium-sized businesses (50 to 999 employees) and 27 percent of enterprises (over 1,000 employees).
Businesses and personal data: In-depth analysis of practices and risks
https://www.kaspersky.com/blog/data-protection-report/23824/
Tomi Engdahl says:
Trump administration will send an alert to your phone next week
https://nypost.com/2018/09/15/trump-administration-will-send-an-alert-to-your-phone-next-week/?utm_campaign=iosapp&utm_source=facebook_app
Tomi Engdahl says:
Nasty piece of CSS code crashes and restarts iPhones
https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/nasty-piece-of-css-code-crashes-and-restarts-iphones/
Vulnerability most likely affects any iOS and macOS app that uses the WebKit rendering engine to display web pages. Apple is investigating.
Tomi Engdahl says:
State Department shamed for poor adoption of multi-factor authentication
https://www.zdnet.com/article/state-department-shamed-for-poor-adoption-of-multi-factor-authentication/
Senators demand answers after government report finds that only 11 percent of the Department of State’s devices use multi-factor authentication.
Five US senators have sent a letter to Secretary of State Mike Pompeo requesting answers why the State Department has not widely deployed basic cyber-security protections, such as multi-factor authentication (MFA).
The first of these is a 2018 General Service Administration (GSA) assessment of the Department of State’s cyber-security practices.
We are sure you will agree on the need to protect American diplomacy from cyber attacks, which is why we have such a hard time understanding why the Department of State has not followed the lead of many other agencies and complied with federal law requiring agency use of MFA,” the five senators wrote in the joint letter.
Tomi Engdahl says:
Cryptocurrency App Mocks Competitor For Getting Hacked. Gets Hacked 4 Days Later
https://it.slashdot.org/story/18/09/15/1543259/cryptocurrency-app-mocks-competitor-for-getting-hacked-gets-hacked-4-days-later?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
A hacker going online by the pseudonym of “aabbccddeefg” has exploited a vulnerability to steal over 44,400 EOS coins ($220,000) from a blockchain-based betting app. The hack targeted a blockchain app that lets users bet with EOS coins in a classic dice game.
The entire incident is quite hilarious because four days before it happened, the company behind the app was boasting on Twitter that every other dice betting game had been hacked and lost funds.
While the hack is somewhat the definition of karma police, it is also quite funny because the hacker himself didn’t really care about hiding his tracks or laundering the stolen funds.
Blockchain betting app mocks competitor for getting hacked. Gets hacked four days later
https://www.zdnet.com/article/blockchain-betting-app-mocks-competitor-for-getting-hacked-gets-hacked-four-days-later/
Hacker steals roughly $220,000 from blockchain-based online gambling app by exploiting vulnerability in EOS smart contract (game’s source code).
The game has been running online for a few months, but yesterday, a Reddit user spotted that an EOS user named aabbccddeefg had siphoned a large stack of funds from the EOSBet Dice’s shared money pool.
The hacker operated by sending a transaction to the EOSBet main game account, which exploited a lack of proper parameter checks that allowed the hacker to trick the game into sending back fake earnings.
The company pulled the game following the attack.
Tomi Engdahl says:
Wall Street Journal:
Investigation: North Korean operatives are evading US sanctions and earning millions by using fake identities on services like Github, Slack, and Paypal
Tech’s New Problem: North Korea
https://www.wsj.com/articles/north-koreans-exploit-social-medias-vulnerabilities-to-dodge-sanctions-1536944018
Hiding behind social-media fake profiles, a group linked to Pyongyang solicited technology work to send hard currency back home
Tomi Engdahl says:
Over two billion Bluetooth devices still vulnerable
http://etn.fi/index.php?option=com_content&view=article&id=8440&via=n&datum=2018-09-17_15:44:52&mottagare=31202
Tomi Engdahl says:
New CSS Attack Restarts an iPhone or Freezes a Mac
https://www.bleepingcomputer.com/news/security/new-css-attack-restarts-an-iphone-or-freezes-a-mac/
A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.
“The attack uses a weakness in the -webkit-backdrop-filter CSS property,”
“All browsers on iOS are affected because the underlying rendering engine is WebKit,”
Tomi Engdahl says:
Kernel sanders: Webroot vuln creates route to root Macs
Patched flaw hard to exploit, but serious once you get there, warn infoseccers
https://www.theregister.co.uk/2018/09/14/webroot_macos_vuln/
Tomi Engdahl says:
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/
The Kraken Cryptor Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it.
Tomi Engdahl says:
32 percent of data breaches lead to executive job loss
https://betanews.com/2018/09/14/data-breach-executive-job-loss/
In North America 32 percent of data breaches have resulted in a C-level manager, president or CEO losing their job, according to new research.
The study from Kaspersky Lab shows that 42 percent of businesses worldwide experienced at least one data breach in the last year. When a data breach occurs it not only results in a costly recovery burden, now put at $1.23 million on average, but it can also impact the company’s reputation, customer privacy, and even severely impact employees’ careers.
“While a data breach is devastating to a business as a whole, it can also have a very personal impact on people’s lives — whether they are customers or failed employees — so this is a reminder that cybersecurity has real-life implications and is in fact everyone’s concern,”
Businesses and personal data: In-depth analysis of practices and risks
https://www.kaspersky.com/blog/data-protection-report/23824/
Tomi Engdahl says:
Cyber-attacks targeting EU manufacturing giants
https://www.itproportal.com/news/cyber-attacks-targeting-eu-manufacturing-giants/
By Anthony Spadafora 2018-09-14T15:14:43ZSecurity
Two thirds of German manufacturers have fallen victim to a cyberattack.
A new survey published by the German IT sector association Bitkom has revealed that two thirds of the country’s manufacturers have fallen victim to a cyberattack costing Europe’s largest economy around $50bn.
Bitkom surveyed 503 of the top managers and security chiefs across Germany’s manufacturing sector to discover that the SMBs that form the backbone of the country’s economy are particularly vulnerable to cyberattacks.
Bitkom’s survey identified a number of risks across the industry with a third of the companies surveyed reporting their employees’ mobile phones had been stolen and a quarter saying they had lost sensitive data.
The survey also found that cybercriminals had employed other techniques to disrupt German manufacturing. Of those surveyed, 19 per cent said their IT and production systems had been sabotaged digitally while 11 per cent reported that their communications had been tapped.
Tomi Engdahl says:
Russian pleads guilty in U.S. to operating Kelihos botnet
https://www.reuters.com/article/us-usa-cyber-levashov/russian-pleads-guilty-in-us-to-operating-kelihos-botnet-idUSKCN1LS31M
A Russian man pleaded guilty on Wednesday in U.S. federal court in Connecticut to criminal hacking charges stemming from his operation of the Kelihos botnet, the U.S. Justice Department said in a statement.
Tomi Engdahl says:
N. Korea calls Sony, Wannacry hack charges smear campaign
https://apnews.com/80003a5e8f9440e0bb4cca664c63a132
North Korea strongly denied claims by the United States that a computer programmer working for the North Korean government was involved in the hack of Sony Pictures Entertainment and the spread of the WannaCry ransomware virus.
Tomi Engdahl says:
North Korean hacker officially charged for the WannaCry attacks
https://www.pandasecurity.com/mediacenter/news/korean-hacker-charged-wannacry/
Last month, we warned of the dangers that the FBI’s most wanted cybercriminals pose. Among these criminals are the perpetrator of the cyberattacks against HBO and the developer of the Zeus malware. And there is now a new name at the top of the list.
Park Jin Hyok, who has officially been charged by the US Department of Justice for carrying out the WannaCry attacks, among other cybercrimes.
Park allegedly belongs to the hacking group known, among other names, as Lazarus Group – a group that has carried out numerous cyberattacks against South Korea.
Tomi Engdahl says:
Google’s Android Team Finds Serious Flaw in Honeywell Devices
https://www.securityweek.com/googles-android-team-finds-serious-flaw-honeywell-devices
Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw.
Tomi Engdahl says:
MageCart Attackers Compromise Cloud Service Firm Feedify
https://www.securityweek.com/magecart-attackers-compromise-cloud-service-firm-feedify
Tomi Engdahl says:
German Troops Face Russian ‘Hybrid War’ in Lithuania: Merkel
https://www.securityweek.com/german-troops-face-russian-hybrid-war-lithuania-merkel
German Chancellor Angela Merkel said Friday Berlin was boosting military cyber capabilities to respond to Russian hybrid warfare that is targeting its troops deployed on NATO’s eastern flank.
“Here you are also confronted with a situation that represents another part of the Russian military doctrine: the idea of hybrid warfare,” she told German troops stationed in Lithuania as part of a NATO force deployed to deter Russia.
Tomi Engdahl says:
Wall Street Journal:
Amazon confirms it is investigating claims that its employees in US and China accepted bribes for internal data and other confidential info on Amazon merchants
Amazon Investigates Employees Leaking Data for Bribes
https://www.wsj.com/articles/amazon-investigates-employees-leaking-data-for-bribes-1537106401
Employees, through intermediaries, are offering internal data to help merchants increase their sales on the website
Amazon.com Inc. is investigating suspected data leaks and bribes of its employees as it fights to root out fake reviews and other seller scams from its website.
Tomi Engdahl says:
Cyber attack led to Bristol Airport blank screens
https://www.bbc.co.uk/news/uk-england-bristol-45539841
Bristol Airport has blamed a cyber attack for causing flight display screens to fail for two days.
An airport spokesman said the information screens were taken offline early on Friday to contain an attack similar to so-called “ransomware”.
Spokesman James Gore said: “We believe there was an online attempt to target part of our administrative systems and that required us to take a number of applications offline as a precautionary measure, including the one that provides our data for flight information screens.
“That was done to contain the problem and avoid any further impact on more critical systems.
Tomi Engdahl says:
How Someone Stole A Brand New Tesla Using Only A Phone
https://www.iflscience.com/technology/sneaky-thief-inventive-way-steal-tesla-model-3-mall/
The publication reports that the car was stolen through some customer support trickery. Phoning Tesla’s customer support, he somehow managed to get the model vehicle’s unique vehicle identification number (VIN) sent to his own smartphone. Once he did so, he could unlock it and drive it away, no key required.
Disabling GPS tracking on the car, it initially looked as if the thief had got away with his sneaky crime.
Tomi Engdahl says:
Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit
https://www.theregister.co.uk/2018/09/17/gao_report_equifax_mega_breach/
And let security kit fail for 10 months due to bad cert
Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers’ database queries on a test system to find out.
During that attack, hackers broke into the credit check agency’s systems, getting sight of roughly 150 million people in America plus 15 million Brits, and others.
Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers
We’ll call that the “holy crap” moment but there were other failings, including a lack of segmentation, a technique that could have isolated the databases from one another, or at least triggered an alarm when the intruders tried to move sideways through the network.
attackers to execute approximately 9,000 such queries
Equifax did get lucky on one score: had the attackers erased some of the logs, reconstructing what they’d been up to during all those weeks of easy access may have been much harder.
Tomi Engdahl says:
How does Telegram malware bypass end-to-end encryption?
https://searchsecurity.techtarget.com/answer/How-does-Telegram-malware-bypass-end-to-end-encryption
A Telegram malware called Telegrab targets Telegram’s desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.
Tomi Engdahl says:
Mike Memoli / NBC News:
Facebook debuts pilot program to expand its security tools and procedures, like 2FA and threat monitoring, for candidates and campaign staff ahead of midterms — The program is meant to identify patterns of malicious behavior earlier, making Facebook’s reaction quicker.
Facebook launches new cybersecurity tools for U.S. political campaigns
https://www.nbcnews.com/tech/tech-news/facebook-launches-new-cybersecurity-tools-u-s-political-campaigns-n910411
The program is meant to identify patterns of malicious behavior earlier, making Facebook’s reaction quicker.
With less than 50 days to the 2018 U.S. midterms, Facebook is launching a new program that would give U.S. political campaigns an extra layer of protection against potential cyber threats.
The social media giant on Monday announced a pilot program open to any campaign for state or federal office that would offer additional security protections for their Facebook pages and accounts.
Under the program, campaigns as well as campaign committees that opt in to the program would be designated potential high-priority users and be able to take advantage of expedited troubleshooting if they detect any unusual behavior involving their accounts.
Expanding Security Tools to Protect Political Campaigns
https://newsroom.fb.com/news/2018/09/security-political-campaigns/
Tomi Engdahl says:
Charlie Osborne / ZDNet:
Researchers disclose 0-day flaw allowing remote code execution on security cameras running Nuuo software, say hundreds of thousands of devices may be affected
Hackers hijack surveillance camera footage with ‘Peekaboo’ zero-day vulnerability
https://www.zdnet.com/article/hackers-can-tamper-with-surveillance-camera-footage-due-to-new-zero-day-vulnerability/
The previously unknown security flaw in Nuuo software is thought to impact hundreds of thousands of devices worldwide.
Tomi Engdahl says:
MongoDB server leaks 11 million user records from e-marketing service
https://www.zdnet.com/article/mongodb-server-leaks-11-million-user-records-from-e-marketing-service/
Database has now been secured. Server was also ransomed by a criminal group back in June.
On Monday, a security researcher specialized in finding exposed databases has identified an unsecured MongoDB server that was leaking the personal details of nearly 11 million users. The server appears to belong to an email marketing firm based in California.
The data, contained in a 43.5GB dataset, included full names, email addresses, gender information, and physical addresses such as state, city, and ZIP code for 10,999,535 users.