Cyber Security January 2018

This posting is here to collect security alert news in January 2018.

I post links to security vulnerability news to comments of this article.


  1. Tomi Engdahl says:

    Internet-connected Sonos Speakers Leak User Information

    A vulnerability found in Internet-connected Sonos Play:1 speakers can be abused to access information on users, Trend Micro has discovered.

  2. Tomi Engdahl says:

    Let’s Close the Cybersecurity Knowledge Gap in the Boardroom

    As senior executives embrace digital transformation to move their business forward, cyber risk and security are a high priority. According to Aon’s 2017 Global Risk Management Survey, cyber risk is one of the top 10 business risks globally and number one in North America. Unfortunately, many executives lack the information or knowledge they need to mitigate cyber risk. The National Association of Corporate Directors’ (NACD) 2016–2017 Public Company Governance Survey finds that almost one-quarter of boards are dissatisfied with the reporting that management delivers on cybersecurity. At the same time, the report finds that only 14 percent of the respondents feel that their board has a high level of understanding about cyber risks.

  3. Tomi Engdahl says:

    Improved IoT Security Starts with Liability for Companies, Not Just Legislation

    With the holiday season upon us, take a moment to think on the security of the plethora of IoT devices that will be purchased, gifted and implemented into the daily lives of countless people. Despite troubling reports like the IoT teddy bear that leaked two million message recordings of kids and was found to be easily hacked and turned into a spy device, a quick look at one recap of 2018 Cyber Monday sales shows that connected and ‘smart’ gadgets are at the top of everyone’s shopping list. And yet it seems that people are buying these devices for their homes and offices without considering, or ultimately choosing to ignore, very real risks!

  4. Tomi Engdahl says:

    ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign
    Other OSes will need an update, performance hits loom

    A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

    Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.

    Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated

  5. Tomi Engdahl says:

    Psychedelic toasters fool image recognition tech

    A team of Google researchers has created psychedelic stickers that can fool image recognition software into seeing objects that are not there.

    The team said the method could be used to “attack” image recognition systems.

    “These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers,” the researchers said.

    “Even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class.”

  6. Tomi Engdahl says:

    Former NSA hacker reversed Kaspersky Lab antivirus to compose signatures capable of detecting classified documents

    Former NSA hacker, demonstrated how to subvert the Kaspersky Lab antivirus and turn it into a powerful search tool for classified documents.
    The Kaspersky case demonstrated that security software can be exploited by intelligence agencies as a powerful spy tool.

    Patrick Wardle, chief research officer at Digita Security and former NSA hacker, demonstrated it by subverting the Kaspersky Lab antivirus and turning it into a powerful search tool for classified documents.

  7. Tomi Engdahl says:

    Info Stealing – The cyber security expert Marco Ramilli spotted a new operation in the wild

    The Italia cyber security expert Marco Ramilli, founder of Yoroi, published an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies.

  8. Tomi Engdahl says:

    If Your Email Address Is On This List, Change Your Password Right Now

    In one of the largest single data sets of emails yet discovered, computer security experts have come across a spam list containing a pretty extraordinary 711 million email addresses. Initially uncovered by the Paris-based security researcher known as Benkow, it contains two separate troves of data, one simply of email addresses, while the second more serious set contains addresses and passwords.

  9. Tomi Engdahl says:


    Recently security researcher’s from enSilo group presented new evasion technique called Process Doppelgänging at Blackhat Europe-2017. This technique bypasses most popular Antivirus, NGFW and EDR solutions present in the market. This technique works on all windows starting Vista till Windows Server 2016.

    Process Doppelgänging makes malware capable to execute malicious code under radar of genuine executable without getting detected or flagged (Impersonating legitimate process). This attack uses the NTFS Transactions and windows process loader flaw.

  10. Tomi Engdahl says:

    Apple Working on Patch for New Year’s Eve macOS Flaw

    Apple is aware of the macOS vulnerability disclosed by a researcher on New Year’s Eve and the company plans on patching it later this month.

    A security expert who uses the online moniker Siguza has made public the details and proof-of-concept (PoC) code for a local privilege escalation vulnerability affecting all versions of the macOS operating system.

    The flaw, which the researcher described as a “zero day,” allows a malicious application installed on the targeted system to execute arbitrary code and obtain root privileges.

    Apple is working on patching the vulnerability and has shared some mitigation advice until the fix becomes available.

  11. Tomi Engdahl says:

    Google Patches Multiple Critical, High Risk Vulnerabilities in Android

    Google patched several Critical and High severity vulnerabilities as part of its Android Security Bulletin for January 2018.

    A total of 38 security flaws were resolved in the popular mobile OS this month, 20 as part of the 2018-01-01 security patch level and 18 in the 2018-01-05 security patch level. Five of the bugs were rated Critical and 33 were rated High risk.

    Four of the vulnerabilities addressed with the 2018-01-01 security patch level were rated Critical, all of them remote code execution bugs. The remaining 16 issues resolved in this patch level were High risk elevation of privilege and denial of service vulnerabilities.

    An elevation of privilege bug that Google patched in Android runtime could be exploited remotely to bypass user interaction requirements in order to gain access to additional permissions.

  12. Tomi Engdahl says:

    Devices Running GoAhead Web Server Prone to Remote Attacks

    A vulnerability affecting all versions of the GoAhead web server prior to version 3.6.5 can be exploited to achieve remote code execution (RCE) on Internet of Things (IoT) devices.

    GoAhead is a small web server employed by numerous companies, including IBM, HP, Oracle, Boeing, D-link, and Motorola, is “deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices,” according to EmbedThis, its developer.

    The web server is currently present on over 700,000 Internet-connected devices out there, a Shodan search has revealed.

    However, not all of these devices are impacted by said remote code execution vulnerability. Tracked as CVE-2017-17562, the vulnerability is triggered only in special conditions and affects only devices with servers running *nix that also have CGI support enabled with dynamically linked executables (CGI scripts).

  13. Tomi Engdahl says:

    247,000 DHS Employees Affected by Data Breach

    Information on nearly a quarter million Department of Homeland Security (DHS) employees was exposed as part of an “unauthorized transfer of data”, the DHS announced.

    The privacy incident involved a database used by the DHS Office of the Inspector General (OIG) which was stored in the DHS OIG Case Management System.

    The incident impacted approximately 247,167 current and former federal employees that were employed by DHS in 2014. The exposed Personally identifiable information (PII) of these individuals includes names, Social Security numbers, birth dates, positions, grades, and duty stations.

  14. Tomi Engdahl says:

    Hackers Expected to Remotely Exploit CPU Vulnerabilities

    Security experts believe hackers will soon start to remotely exploit the recently disclosed vulnerabilities affecting Intel, AMD and ARM processors, if they haven’t done so already.

    Researchers disclosed on Wednesday the details of Spectre and Meltdown, two new attack methods targeting CPUs. The attacks leverage three different flaws and they can be used to bypass memory isolation mechanisms and gain access to sensitive data, including passwords, photos, documents, and emails.

    The affected CPUs are present in billions of products, including PCs and smartphones, and attacks can also be launched against cloud environments.

    Researchers have developed a proof-of-concept (PoC) for Google Chrome that uses JavaScript to exploit Spectre and read private memory from the process in which it runs.

    Mozilla has conducted internal experiments and determined that these techniques can be used “from Web content to read private information between different origins.” While the issue is still under investigation, the organization has decided to implement some partial protections in Firefox 57.

    Google pointed out that attacks are possible via both JavaScript and WebAssembly.

    Microsoft has also confirmed that attacks can be launched via JavaScript code running in the browser. The company has released updates for its Edge and Internet Explorer web browsers to mitigate the vulnerabilities.

    Since a JavaScript PoC is available, experts believe it’s only a matter of time until malicious actors start exploiting the flaws remotely. While some say state-sponsored actors are most likely to leverage these attacks, others point out that mass exploitation is also possible, particularly via the ads served by websites.

  15. Tomi Engdahl says:

    Google Apps Script Allowed Hackers to Automate Malware Downloads

    Researchers at Proofpoint discovered recently that Google Apps Script could have been abused by malicious hackers to automatically download malware hosted on Google Drive to targeted devices.

    Google Apps Script is a JavaScript-based scripting language that allows developers to build web applications and automate tasks. Experts noticed that the service could have been leveraged to deliver malware by using simple triggers, such as onOpen or onEdit.

  16. Tomi Engdahl says:

    Protecting against combosquatting attacks

    Combosquatting, which tricks users into visiting domains that contain familiar trademarks with different or additional words, has become a growing problems and can adversely effect users.
    Gregory Hale, ISSSource

    It has been ingrained in computer users’ brain to constantly double-check website URLs before clicking on a link. Smart and wily attackers know that and are taking advantage of that practice to trick users into visiting website domains that contain familiar trademarks—but with additional words that change the destination to an attack site.

    For example, attackers might register a website with a similar name familiar to users. Unwary users see the familiar bank name in the URL, but the additional hyphenated word means the destination is very different from what was expected. The result could be counterfeit merchandise, stolen credentials, a malware infection—or another computer conscripted into a botnet attack.

    Combosquatting, as the practice is known, is a growing threat with millions of domains set up for malicious purposes, according to a new study.

    “This is a tactic that the adversaries are using more and more because they have seen that it works,” said Manos Antonakakis, an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “This attack is hiding in plain sight, but many people aren’t computer-savvy enough to notice the difference in the URLs containing familiar trademarked names.”

  17. Tomi Engdahl says:

    Anonymous Italia hacked speed camera database and took over the police systems in Correggio

    Last week, Anonymous hacked a Speed Camera Database in Italy, the hacktivists took control of a local police computer system in Correggio, Italy and erased the entire archive containing speed camera tickets. According to Gazzetta di Reggio, the hackers also released internal emails and documents.

  18. Tomi Engdahl says:

    Cryptocurrency scammers are tricking users with fake Binance links on Google

    Slippery scammers are targeting cryptocurrency rookies with fake landing pages for popular exchange desks – including leading platform Binance – that have been deliberately designed to appear like the real thing.

    Once a user has wound up on one of these fraudulent pages, all clickable links have been programmed to forward visitors to the official Binance website, but through an affiliate URL. While it appears the fake pages aren’t seeking to steal your credentials, it is advisable to practice extreme caution in case you end up on one.

    Reddit admits its email provider was hacked to steal Bitcoin Cash tips

    Following a brigade of spooked Redditors reporting hacked accounts and missing Bitcoin Cash tips, Reddit has now revealed the results of its internal investigation – and it doesn’t look good. A hacker purportedly breached the platform’s third-party password reset system, forcing access to the accounts of multiple victims.

    While the malicious agent was able to access the password recovery emails distributed by Reddit’s third-party software provider, Mailgun, the individual “did not have access to either Reddit’s systems or to a redditor’s email account,” according to site administrator gooeyblob.

  19. Tomi Engdahl says:

    India’s national ID database is reportedly accessible for less than $10

    The nightmare is a reality in India. Reports from the country suggest that the government’s national ID system — Aadhaar, which holds personal data belonging to more than one billion people — was compromised.

    On the slight positive side, the breach wasn’t down to hackers — at least on this occasion. The access hole was publicized after Indian newspaper The Tribune paid a man less than $10 in exchange for administration access to the database.

  20. Tomi Engdahl says:

    PyCryptoMiner botnet, a new Crypto-Miner Botnet spreads over SSH

    F5 researchers discovered a new Linux crypto-miner botnet dubbed PyCryptoMiner spreading over the SSH protocol. The Monero miner botnet is based on the Python scripting language, it leverages Pastebin as command and control server infrastructure when the original C&C isn’t available.


  21. Tomi Engdahl says:

    Western Digital My Cloud drives have a built-in backdoor

    Western Digital’s network attached storage solutions have a newfound vulnerability allowing for unrestricted root access.

    James Bercegay disclosed the vulnerability to Western Digital in mid-2017. After allowing six months to pass, the full details and proof-of-concept exploit have been published. No fix has been issued to date.

    More troubling is the existence of a hard coded backdoor with credentials that cannot be changed.

  22. Tomi Engdahl says:

    Xiaomi Mi Robot vacuum cleaner hacked

    Although security researchers Dennis Giese and Daniel Wegemer eventually managed to hack into the Xiaomi Mi Robot vacuum cleaner, their research shows that the device is much more secure than most other smart things are.

    Xiaomi Mi Robot vacuum cleaner hacked
    January 4, 2018
    The story of the Internet and its Things may seem as star-crossed a tale as any, but it does not need to be hopeless. Although security researchers Dennis Giese and Daniel Wegemer eventually managed to hack into the Xiaomi Mi Robot vacuum cleaner, their research shows that the device is much more secure than most other smart things are.

    In their talk at Chaos Communication Congress 34, which was held in Leipzig recently, the researchers explained how the device’s software works and which vulnerabilities they had to use to finally crack its protection.

    Xiaomi Mi Robot vacuum cleaner hacked
    Hacking the Mi Robot with tinfoil
    When they started their research, Giese and Wegemer were amazed to find that the Xiaomi vacuum cleaner has more powerful hardware than many smartphones do: It is equipped with three ARM processors, one of which is quad core. Sounds pretty promising, right? So, for starters, Giese and Wegemer tried to use several obvious attack vectors to hack the system.

    First, they examined a unit to see if there was a way in through the vacuum cleaner’s micro USB port. That was a dead end: Xiaomi has secured this connection with some kind of authentication. After that, the researchers took the Mi Robot apart and tried to find a serial port on its motherboard. This attempt was likewise unsuccessful.

    Their second hacking method was network based. The researchers tried to scan the device’s network ports, but all ports were closed. Sniffing network traffic didn’t help, either; the robot’s communications were encrypted. At this point, I’m already rather impressed: Most other IoT devices would have been hacked by now because their creators usually don’t go this far in terms of security.

    The researchers’ next attempt was to attack the vacuum cleaner’s hardware. Here, they finally succeeded — by using aluminum foil to short-circuit some of the tiny contacts connecting processor to motherboard, causing the processor to enter a special mode that allows reading and even writing to flash memory directly through the USB connection.

  23. Tomi Engdahl says:

    Security hole in AMD CPUs’ hidden secure processor code revealed ahead of patches
    Googler drops bug bomb in public – but don’t panic

    Cfir Cohen, a security researcher from Google’s cloud security team, on Wednesday disclosed a vulnerability in the fTMP of AMD’s Platform Security Processor (PSP), which resides on its 64-bit x86 processors and provides administrative functions similar to the Management Engine in Intel chipsets.

    This sounds bad. It’s not as bad as you think.

    The fTMP is a firmware implementation of the Trusted Platform Module, a security-oriented microcontroller specification. Cohen said he reported the flaw to AMD in late September last year, and the biz apparently had a fix ready by December 7. Now that the 90-day disclosure window has passed seemingly without any action by AMD, details about the flaw have been made public.

    A firmware update emerged for some AMD chips in mid-December, with an option to at least partially disable the PSP. However, a spokesperson for the tech giant said on Friday this week that the above fTMP issue will be addressed in an update due out this month, January 2018.

    As AMD explains it, the PSP – referred to as AMD Secure Technology – monitors the security environment for the processor, managing the boot process, initializing security mechanisms, and checking for suspect activity.

    It includes an embedded ARM microcontroller, cryptographic coprocessor, local memory, registers, and interfaces, not to mention the Environment Management Control block that oversees processor security checking. It runs the Trustonic TEE (Trusted Execution Environment) as its security kernel. It can also access system RAM and IO.

    The flaw, identified through manual static analysis, involves a stack-based overflow in a function called EkCheckCurrentCert, which is called from another function TPM2_CreatePrimary with an endorsement key (EK) certificate stored in non-volatile storage.

    An AMD spokesperson told The Register that an attacker would first have to gain access to the motherboard and then modify SPI-Flash before the issue could be exploited. But given those conditions, the attacker would have access to the information protected by the TPM, such as cryptographic keys.

  24. Tomi Engdahl says:

    Microsoft Patches for CPU Flaws Break Windows, Apps

    Users have complained that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities cause Windows to break down on some computers with AMD processors.

    Several individuals whose computers rely on AMD processors, particularly older Athlon models, say they are unable to start Windows 10 after installing KB4056892, an update released by Microsoft in response to the disclosure of serious flaws affecting Intel, AMD and ARM processors.

    While a majority of the affected users appear to have older AMD Athlon processors, some devices with AMD Turion CPUs also appear to have been hit.

    Some Windows users report that they simply cannot install the patches for the CPU vulnerabilities, and some say their web browsers have started crashing after applying the update.

    Shortly after releasing the Meltdown/Spectre updates, Microsoft warned that it had identified some compatibility issues with some antivirus products.

  25. Tomi Engdahl says:

    NSA Contractor Pleads Guilty in Embarrassing Leak Case

    A former contractor for the US National Security Agency’s elite hacking group has agreed to plead guilty to removing classified documents in a case that highlighted a series of disastrous leaks of top-secret NSA materials.

    Harold Martin, who reportedly worked for an NSA unit focused on hacking into target computer systems around the world, will plead guilty to one of 20 counts against him with the aim of concluding a 15-month-old case couched in deep secrecy, according to court documents filed late Wednesday.

    The indictment filed on February 8, 2017 accused Martin of hoarding an estimated 50 terabytes of NSA data and documents in his home and car over a 20-year period. The material reportedly included sensitive digital tools for hacking foreign governments’ computers.

    His arrest in late 2016 followed the NSA’s discovery that a batch of its hacking tools had fallen into the hands of a still-mysterious group called the Shadow Brokers, which offered them for sale online and also released some for free.

    At least publicly, Martin has not been accused of responsibility for any NSA leaks.

    In December, Nghia Hoang Pho, 67, a 10-year veteran of the NSA’s Tailored Access Operations hacking unit, was charged with and agreed to plead guilty to one count of removing and retaining top-secret documents from the agency.

    Vietnam-born Pho also had taken home highly classified NSA materials and programs.

    According to The New York Times, apparent Russian hackers broke into his personal computer to steal the files, accessing them via Pho’s use of Kaspersky software.

    But that case also has not been linked to the Shadow Brokers theft.

  26. Tomi Engdahl says:

    Hardcoded Backdoor Found on Western Digital Storage Devices

    Firmware updates released by Western Digital for its MyCloud family of devices address a series of security issues, including a hardcoded backdoor admin account.

    The vulnerabilities were found in WDMyCloud firmware prior to version 2.30.165 and are said to affect devices such as MyCloud, MyCloudMirror, My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.

    Discovered by GulfTech security researcher James Bercegay, the security flaws could be exploited to achieve remote root code execution on the affected WD My Cloud personal cloud storage units (the device is currently the best-selling NAS (network attached storage) device on Amazon).

  27. Tomi Engdahl says:

    Inside McAfee’s Acquisition of Skyhigh Networks

    On Jan. 3, McAfee completed the acquisition of Skyhigh Networks that was announced in November 2017. McAfee itself was spun out of Intel in April 2017 with the express purpose of becoming one of the world’s largest pure play cybersecurity firms. The purchase of Skyhigh, a cloud access security broker (CASB), now allows McAfee to offer an integrated security solution from endpoint across networks and into the cloud.

    “Today’s news marks a new milestone for the future of our company in cloud,” said Chris Young, McAfee’s CEO. “With two industry leaders meeting under one company, we will make cybersecurity an enabler to the transformative power of our digital age. We are focused on securing customers from their devices to the cloud.”

  28. Tomi Engdahl says:

    Industry Reactions to Meltdown, Spectre Attacks: Feedback Friday

    The attacks, known as Spectre and Meltdown, have already been addressed by several vendors, including Microsoft, Apple and Google, and Intel and others are also working on rolling out patches.

    Billions of PCs, mobile devices and cloud instances are vulnerable to attacks leveraging the Spectre and Meltdown vulnerabilities, and some fear we will soon witness remote exploitation attempts.

  29. Tomi Engdahl says:

    Tool Shows All Of Your Facebook Information That’s Publicly Available

    there’s a simple tool made by Supremo that can tell you how much of the stuff you put on Facebook is accessible to strangers.

    Every time you share something on Facebook, you are given a range of privacy setting options for that post. It’s very simple to change the settings, but if you’re unaware of the options then your personal information could be available for everyone to see, from annoying advertisers to criminals.

    Start by heading over to the website here and allowing it to access Facebook. It seems a little ironic permitting the tool to access your personal information

    “The point is simple! We all need to be very careful about how we choose to spare our information online and who with,” Supremo explain.

  30. Tomi Engdahl says:

    Devin Coldewey / TechCrunch:
    After breach exposing millions of parents and kids, toymaker VTech handed a $650K fine by FTC

    VTech, the maker of smart toys whose poor security practices exposed data from millions of parents and children, has been slapped on the wrist by the FTC to the tune of $650,000 and probation. It seems a light penalty for such a multifaceted failure affecting so many.

    The Hong Kong company makes a variety of “smart” toys, like watches and cameras, and parents and children were encouraged to set up profiles on VTech’s site with pictures and personal details. In November of 2015 a security researcher found that millions of those profiles could be accessed via one of the company’s websites.

    Not only was the website itself not secure, but the data were not encrypted in transit or at rest, contradicting security claims made in VTech’s privacy policy. This is not just poor practice, it’s a violation of COPPA, a rule meant to protect children’s privacy. The FTC stepped in shortly afterwards to look into these violations.

    The number of parents and children affected is hard to estimate, but at the time nearly 5 million parent records and 227,000 child records were shown to be accessible.

    The FTC today announced the results of its investigation, namely that VTech violated U.S. law in a couple of ways and failed to secure its data both as promised and as required. Its punishment: pay $650,000 and never do it again. The Canadian OPC doesn’t seem to have issued any punishment at all

    It’s hardly a heavy fine for a company that was selling millions of devices, and may embolden others weighing the cost of real security against the risk of being caught and fined.

  31. Tomi Engdahl says:

    CoffeeMiner PoC Targets Public Wi-Fi Networks to Mine for Cryptocurrency

    A recently published proof-of-concept notes that it could be possible for attackers to hijack coffee shop Wi-Fi networks and get connected users to mine cryptocurrencies, according to software developer Arnau Code.

    A couple of weeks back, an incident involving a Starbucks coffee shop having their customers mining for cryptocurrency – it seems the internet service provider that offered Wi-Fi connectivity was at fault – so it seems attackers physically in the coffee shop could hijack the network. Arnau pulled off the proof-of-concept by performing a man-in-the-middle attack that involved redirecting all customers through his proxy by performing an ARP-spoofing attack, then injecting a single line of code into visited HTML pages that calls the cryptocurrency miner in the victim’s browser.

  32. Tomi Engdahl says:

    Globally Gas Stations are Extremely Vulnerable to Internet of Things (“IoT”) Cyber Attacks

    2018 begins with the rise of the Internet of Things (” IoT “) which is based on the existence of an interconnection of all kinds of everyday objects, such as a printer, a SmartTv, a refrigerator, a smart blind, a book, a thermostat, etc.

    For effective, safe and secure use, it is necessary to take into account the use of passwords to access these devices, a question that is not always fulfilled. “For example, in Spain, the safety of automatic tank meters at gas stations is in question because of the 97 gas stations or tanks located in Spain, only 1 is protected by a password.”

    Today we are going to talk about a problem that affects gas stations, which although known since 2015, the expert in computer security Claudio Chifa has investigated and is referring to the safety of the automatic tank gauges of gas stations and surprisingly not has been corrected.

    Many valves have a built-in serial port for programming and monitoring. Some systems also have a TCP / IP card or even a serial adapter to TCP / IP.

    These cards allow technicians to monitor the system remotely. The most common TCP port used in these systems is port 10001.

    Accessing these systems is relatively simple and is done via telnet. There are more than 600 commands that can be executed, some of which include the setting of alarm thresholds, the editing of sensor configurations and the execution of tank tests.

    The hijacking, manipulation or destruction of critical industrial systems is more real than most people tend to believe, and it has long ceased to be a poetic license for Hollywood screenwriters.

  33. Tomi Engdahl says:

    BlackBerry Mobile Website hacked, crooks installed a Coinhive’s code to mine Monero

    According to Coinhive, the BlackBerry Mobile website was hacked by exploiting a critical security vulnerability in the Magento e-commerce software.

    The spike in the value of some cryptocurrencies like Bitcoin is attracting the interest of cyber criminals. The numbers of incidents and cyber attacks involving miners and mining scripts continue to increase

  34. Tomi Engdahl says:

    Finnish company Metsä Board suspect being hacked – therefore gave preliminary information on its results

    Turnover for the fourth quarter was approximately EUR 451 million, comparable operating result EUR 54 million and earnings per share EUR 0.12.

    Cardboard maker Metsä Board provides advance information on its October-December net sales and earnings. According to the company’s announcement, there is a suspected data breach in the background.

    Furthermore, the company can not yet say whether it has proceeded to a criminal investigation.


  35. Tomi Engdahl says:

    Monero Miner Sends Cryptocurrency to North Korean University

    An application compiled just weeks ago was found to be an installer for a Monero miner designed to send the mined currency to a North Korean university, AlienVault reports.

    The application’s developers, however, might not be of North Korean origins themselves, the security researchers say. They also suggest that the tool could either be only an experimental application or could attempt to trick researchers by connecting to Kim Il Sung University in Pyongyang, North Korea.

    Once the discovered installer is run, it copies a file named intelservice.exe to the system, which is often associated with cryptocurrency mining malware. The arguments the file is executed with reveal it is a piece of software called xmrig, a program already associated with wide campaigns exploiting unpatched IIS servers to mine Monero.

  36. Tomi Engdahl says:

    Microsoft Patches Zero-Day Vulnerability in Office

    Microsoft’s January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months.

    The zero-day vulnerability, tracked as CVE-2018-0802, has been described by Microsoft as a memory corruption issue that can be exploited for remote code execution by getting targeted users to open a specially crafted file via Office or WordPad.

  37. Tomi Engdahl says:

    Phishing Campaign Targeting Companies Associated with Pyeongchang Olympics

    Security researchers from McAfee spotted a Phishing campaign targeting companies associated with Pyeongchang Olympic 2018.The multi-sport event is to take place in South Korea.

    Attackers embedded malicious documents as a hypertext application (HTA) file and then hide it as an image in the remote server with visual basic macros to launch the decoder script.Researchers said they also wrote custom PowerShell code to decode the hidden image and reveal the implant.

  38. Tomi Engdahl says:

    Apple Passwords: They All ‘Just Work’

    When the Macintosh was released some thirty-odd years ago, to Steve Jobs’ triumphant return in the late 90s, there was one phrase to describe the simplicity of using a Mac. ‘It Just Works’.

    Apple has improved the macOS to such a degree that all passwords just work. That is to say, security on the latest versions of macOS is abysmal, and every few weeks a new bug is reported.

    The first such security vulnerability in macOS High Sierra was reported by [Lemi Ergin] on Twitter. Simply, anyone could login as root with an empty password after clicking the login button several times. The steps to reproduce were as simple as opening System Preferences, Clicking the lock to make changes, typing ‘root’ in the username field, and clicking the Unlock button. It should go without saying this is incredibly insecure, and although this is only a local exploit, it’s a mind-numbingly idiotic exploit. This issue was quickly fixed by Apple in the Security Update 2017-001

    Community bug reports
    AppStore Preferences lock is a lie

  39. Tomi Engdahl says:

    Highly Targeted Attacks Hit North Korean Defectors

    A recent set of attacks aimed at North Korean defectors and journalists were associated with a highly targeted campaign conducted by an actor that does not appear to be related to any known cybercrime groups, McAfee says.

    The attacks used a range of vectors to infect victims with malware, including email, the KakaoTalk chat application (which is popular in South Korea), and social network services such as Facebook. Some of the attacks also employed Google-shortened URLs to spread malware.

    McAfee’s research into the incident revealed the use of two versions of the dropper malware, namely applications called “Pray for North Korea” and “BloodAssistant.”

  40. Tomi Engdahl says:

    Proposed Legislation Would Create Office of Cybersecurity at FTC

    Punitive Data Breach Legislation Proposed Post-Equifax

    Two Democratic senators, Elizabeth Warren, D-Mass., and Mark Warner, D-Va, introduced a bill Wednesday that would provide the Federal Trade Commission (FTC) with punitive powers over the credit reporting industry — primarily Equifax, Credit Union and Experian — for poor cybersecurity practices.

    The bill is in response to the huge Equifax breach disclosed in September, 2017. “Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach,” said Senator Warren in a Wednesday statement.

  41. Tomi Engdahl says:

    Hackers Leak Olympic Committee Emails in Response to Russia Ban

    A group of hackers linked to Russia has leaked several emails apparently exchanged between officials of the International Olympic Committee (IOC) and other individuals involved with the Olympics. The leak comes in response to Russia being banned from the upcoming Pyeongchang 2018 Winter Games in South Korea.

    The group, calling itself Fancy Bears and claiming to be a team of hacktivists that “stand for fair play and clean sport,” previously released confidential athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA), and also targeted the International Association of Athletics Federations (IAAF).

    WADA representatives told Wired that Fancy Bears are looking to “undermine the work of WADA and others,” and claimed that everything they leaked this week is “dated.” WADA officially accused Russia of being behind previous attacks.

  42. Tomi Engdahl says:

    Android Malware Developed in Kotlin Programming Language Found in Google Play

    Security researchers at Trend Micro have discovered a malicious application in Google Play that was developed using the Kotlin programming language.

    Detected as ANDROIDOS_BKOTKLIND.HRX, the malicious program was masquerading as Swift Cleaner, a utility designed to clean and optimize Android devices. The application had between 1,000 and 5,000 installs when discovered.

    Kotlin, a first-class language for writing Android apps, was announced in May 2017. Coming from Google, it is open source and is already used by 17% of Android Studio projects. Some of the top applications to use the programming language include Twitter, Pinterest, and Netflix.

    Developers using Kotlin can deliver safer applications, due to avoiding entire classes of errors, and can also ensure their software is interoperable by taking advantage of existing libraries for JVM, Android, and the browser. What’s yet uncertain is how malware developers can leverage the programming language when building nefarious code.

  43. Tomi Engdahl says:

    Someone Is Building A Finnish-Themed Twitter Botnet

    Finland will hold a presidential election on the 28th January 2018. Campaigning just started, and candidates are being regularly interviewed by the press and on the TV. In a recent interview, one of the presidential candidates, Pekka Haavisto, mentioned that both his Twitter account, and the account of the current Finnish president, Sauli Niinistö had recently been followed by a number of bot accounts. I couldn’t resist investigating this myself.

  44. Tomi Engdahl says:

    Beagle – Find vulnerabilities in your websites easily

    came across a new scanner named Beagle. This scanner really crawls fast compared to the other scanners I have experienced. It’s faster in detecting vulnerabilities. Takes less CPU power.

  45. Tomi Engdahl says:

    Russian hackers may have compromised U.S. Senators’ email accounts

    Russian hackers are targeting U.S. Senate email accounts

    According to a new report, the same group that hacked the Democratic National Committee actively targeted the U.S. Senate through the latter half of 2017. The revelation comes out of a new report from Trend Micro

  46. Tomi Engdahl says:

    Someone hacked Blackberry to steal computing power for mining cryptocurrency [Updated]

    Cryptocurrency mining service Coinhive is again in the news for misuse by a customer, this time involving handset maker Blackberry. Apparently, someone hacked into the company’s global operations website and used it to steal visitors’ computing power to mine Monero – a digital currency.

    Coinhive sells a cryptocurrency mining tool that allows users to embed it in a desired platform – such as a website – and mine Monero using visitors’ computing power. It advertises the tool as a more elegant alternative to displaying intrusive ads.

    it has become a one-stop-shop for bad actors.

    Ironically, Blackberry claims to be offering the “world’s most trusted mobile security software.”

    Security vendors, including Bitdefender, classify cryptocurrency miners as malware, and block them. Although Coinhive states that customers should warn their end-users of the practice, many prefer to keep their mining a secret.

    The past year has seen several reports of concealed cryptocurrency mining – almost all of them involving Coinhive.


Leave a Comment

Your email address will not be published. Required fields are marked *