How often do we get a chance to learn what goes on in the minds of cybercriminals? Two members of McAfee’s Advanced Threat Research team recently did, as they attended a court case against two cybercriminal brothers.

Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine).

People are still running DVRs with ancient firmware

This vulnerability is CVE-2013-6117, discovered and detailed by Jake Reynolds, a security researcher with Depth Security.

According to the researcher’s blog post and to Anubhav, who explained the exploitation process to Bleeping Computer yesterday, an attacker can initiate a raw TCP connection on a Dahua DVR on port 37777 to sent a special payload.

Once a Dahua device receives this payload, it responds with DDNS credentials for accessing the device, and other data, all in plaintext.

The vulnerability has been known since 2013 and has been since patched, but many Dahua device owners have failed to update their equipment, and even to this day have continued to deploy DVRs running the antiquated firmware online.

Concerns about breaches is up, but the number of attacks is still rising.

There is far more talk about security in designs these days, and far more security features being added into chips and systems. So why isn’t it making a dent in the number of cyberattacks?

According to the Online Trust Alliance, there were 159,700 cyber incidents in 2017 around the globe. But the group notes that because most incidents are not reported, the real number could be twice as large. This is about twice what it was in 2016, with the biggest increase due to ransom-based attacks. Also of note, 93% were avoidable, the agency said.

Alarming, yes, but it’s actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.

This Public Service Announcement (PSA) is an update and companion to Business E-mail Compromise (BEC) PSA 1-050417-PSA posted on http://www.ic3.gov. This PSA includes new Internet Crime Complaint Center (IC3) complaint information and updated statistical data for the time frame October 2013 to May 2018.

DEFINITION

Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a sophisticated scam targeting both businesses and individuals performing wire transfer payments.

The scam is frequently carried out when a subject compromises legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

The scam may not always be associated with a request for transfer of funds. A variation of the scam involves compromising legitimate business e-mail accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees.

Sharing computer security threat information is now an established practice in IT. Whether automatically or manually, the primary motivator to pool resources is to improve your own capabilities and those of your peers for responding to security threats and incidents.

Another factor that can significantly improve your ability is sharing knowledge and experiences. As it happens, there are organizations designed explicitly for that: information sharing and analysis centers (ISACs).

Academics say they’ve mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations.

The research is of note because previous GPS spoofing attacks have been unable to trick humans, who, in past experiments, often received malicious driving instructions that didn’t make sense or were not in sync with the road infrastructure —for example taking a left on a straight highway.

To perform the attack researchers developed an algorithm that works in near real-time, along with a portable GPS-spoofing device that costs about $223, which can be easily attached to a car or put on a vehicle tailing the target’s car at distances of up to 50 meters.

Researchers say their algorithm allows an attacker to select an area where they could lure victims.

“The algorithm crafts the GPS inputs to the target device such that the triggered navigation instruction and displayed routes on the map
remain consistent with the physical road network,” researchers say. “In the physical world, the victim who follows the instruction would be led to a wrong route (or a wrong destination). ”

Attack worked on 95% of human testers

Academics said they tested their algorithm with traffic simulators but also in the real world, in China and the US.

In May 2018, a command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in multiple versions of Red Hat Enterprise Linux (CVE-2018-1111), which has since been patched. An attacker could attack this vulnerability either through the use of a malicious DHCP server, or malicious, spoofed DHCP responses on the local network. A successful attack could execute arbitrary commands with root privileges on systems using NetworkManager with DHCP configured.

This vulnerability poses a serious threat to individuals or organizations running vulnerable instance of Red Hat Enterprise Linux versions 6 or 7 and patches should be applied immediately.

At a time when the public and governments are watching their every move, today’s organizations are up against an unprecedented wave of crime and fraud-related risks that affect their internal and external relationships, regulatory status, and reputation. Unfortunately, not enough companies are truly aware of the fraud threats they face.

According to PricewaterhouseCooper’s 2018 Global Economic Crime and Fraud (GECF) Survey, a poll of some 7,200 respondents across 123 different countries, 49% say their companies had been victimized by fraud or economic crime, up from 36% in 2016. This uptick can be attributed to a greater global awareness of fraud, more survey responses, and better understanding of what constitutes “fraud.” But every company — no matter how vigilant — can have blind spots.

Some 44% of poll respondents indicate that they intend to increase spending in the next two years. Great — but where? These days, organizations are harnessing some seriously powerful technology and data analytics tools to battle the fraudsters. On top of these tech-based controls, many firms are also expanding whistleblower programs and taking care to keep leadership informed about real and potential breaches.

The alarming growth of malware attacks in the last years should concern each of us, but what is more important, should make us AWARE of the risks and consequences. Taking action and preventing these malicious activities operated by cybercriminals has to be a top priority IF we want to stay safe online.

The reality is that cyber attackers now use different strains of malware, much more sophisticated and agile that prove to be effective and successful, challenging us to build a stronger defense against them.

Malware evolves at a rapid pace because of advanced malware mastering the art of evasion. Thus, traditional antivirus engines find it difficult to detect attacks in the first stages. Malware is getting bigger and bigger. It fuels growth, innovation and encourages malicious actors to easily reach their goals.