Worried about sending emails with sensitive information on your phone? Gmail has rolled out its Confidential Mode to the Gmail iOS and Android apps.
Confidential Mode gives you tight control over the emails you send. You can set emails to expire after a set amount of time, similar to a Snapchat message, or take away someone’s access to a confidential email at any time. The recipient won’t be able to forward, copy, print or download a confidential message, but Google points out they can still take screenshots.
When sending a confidential email you also have the option of requiring a SMS passcode to open the message. If you choose this, the recipient will get a text with a passcode, and have to enter it to open the message.
Confidential Mode is part of the new Gmail that Google released this year.
One way operating system developers try to protect a computers’s secrets from probing hackers is with an appeal to the human at the keyboard. By giving the user a choice to “allow” or “deny” a program’s access to sensitive data or features, the operating system can create a checkpoint that halts malware while letting innocent applications through. But former NSA staffer and noted Mac hacker Patrick Wardle has spent the last year exploring a nagging problem: What if a piece of malware can reach out and click on that “allow” button just as easily as a human?
At the DefCon hacker conference Sunday in Las Vegas, Wardle plans to present a devious set of automated attacks he’s pulled off against macOS versions as recent as 2017 release High Sierra, capable of so-called synthetic clicks that allow malware to breeze through the permission prompts meant to block it. The result could be malware that, once it has found a way onto a user’s machine, can bypass layers of security to perform tricks like finding the user’s location, stealing their contacts or, with his most surprising and critical technique, taking over the deepest core of the operating system, known as the kernel, to fully control the computer.
As we had the previous week SegmentSmack (CVE-2018-5390) allowing remote DoS attacks by sending crafted TCP packets, this week a similar vulnerability has been reported on IP fragments.
Juha-Matti Tilli has reported a vulnerability in the IP implementation of the Linux kernel, versions 3.9+. The vulnerability is being named FragmentSmack (CVE-2018-5391) and can be exploited by sending special crafted IP fragments at a low rate. Due to the increase of the reassembly queue size (you can find the commit here) in the Linux kernel 3.9+ it became exploitable. Similar vulnerabilities (exploits are being known as Teardrop attacks) have been seen before as far as in the 90′s, starting with Windows NT 4.0, Windows 95 and Linux up to 2.0.32 (see this article). It has resurfaced in Windows 7 and Windows Vista and now reappearing in the Linux Kernel. The Teardrop attack originally crashed the system, while these newer vulnerabilities will “just” trigger excessive resource usage (increased CPU and RAM usage).
If you are not able to apply the patch, changing the values net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively) or below will mitigate this problem.
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions.
PHP unserialization or object injection vulnerabilities were initially documented in 2009, which could allow an attacker to perform different kinds of attacks by supplying malicious inputs
Misconfigured DIY smart-home hubs for home automation could allow attackers to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.
Tens of thousands of consumer-grade Internet of Things (IoT) servers have been found wide-open on the internet, allowing cybercriminals to potentially compromise homeowners’ physical security. Bad actors can gain complete access to smart-home footprints to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.
The servers in question are 49,000 Message Queuing Telemetry Transport (MQTT) servers, which are publicly visible due to misconfigured MQTT protocol, according to research released Thursday from Avast. This includes more than 32,000 servers with no password protection.
Hollywood has provided a spectacular number of films depicting hackers involved in crime rings such as Lyle, the character portrayed by Seth Green in the Italian Job. At the end of the film, Lyle leverages his skills and talents to look after the health and welfare of his associates by manipulating traffic signals to control the flow of traffic, which subsequently assists in their successful heist.
This scene is no longer fantasy. For instance, the traffic lights that are referenced do exist. They are often connected back to a smart city’s infrastructure through the use of VPN tunnels and other private means of communication over devices like cellular gateways. These gateways are similar to the modems and routers used by consumers at home but with an additional feature, cellular connectivity, often in the form of 4G/LTE, if available. Additionally, these devices are capable of providing a variety of connection options, including wireless connectivity over 802.11x, Ethernet, USB, serial; analog and digital I/O; and cellular bands ranging from 2G through 4G LTE. If said devices are not configured properly, an attacker may be able to access them and do just as Lyle did in the Italian Job.
It feels like a time warp, but as with all cyber threats, they do not appear instantly. They evolve slowly in the background over long periods of time until the problem seems to reach a critical mass.
Researchers and several major tech companies this week disclosed the details of three new speculative execution side-channel vulnerabilities affecting Intel processors.
ESET on Thursday announced the general availability of a new line of enterprise security solutions that include endpoint detection and response (EDR), forensic investigation, threat monitoring, sandbox, and management tools.
The new EDR tool is ESET Enterprise Inspector, which provides real-time data from the cybersecurity firm’s endpoint security platform. The product is fully customizable and ESET claims it offers “vastly more visibility for complete prevention, detection and response against all types of cyber threats.”
The new enterprise solutions also include ESET Threat Hunting, an on-demand forensic investigation tool that provides details on alarms and events, and ESET Threat Monitoring, which constantly monitors all Enterprise Inspector data for threats.
Each month, Google sends thousands of warnings to users who might have been targeted in government-backed attacks, even if the attempts have been blocked.
Highly targeted and more sophisticated when compared to typical phishing attempts, which are mainly focused on financial fraud, these state-sponsored attacks come from dozens of countries worldwide, Google says.
Only an extremely small fraction of Google’s users have received such an alert, and they don’t necessarily mean that accounts have been compromised, but the search giant urges all of those who receive the notification to take immediate action.
The security of electronic voting and the direct-recording election (DRE) voting machines used has been questioned for years. The upcoming U.S. midterm elections in November, coupled with the attempted Russian meddling in the 2016 presidential election, have made this a current and major concern for many in the security industry and beyond. Now it has gone to court.
Security concerns
Concern over the security of electronic voting was heightened following the 2016 presidential election. The incumbent Obama administration accused Russia of interfering and being behind a breach of the DNC and subsequent leak of sensitive data.
For the most part it is believed that Russia attempted to influence rather than control the vote. However, an NSA document acquired and discussed by The Intercept in June 2017 “raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.”
There is no claim that Russia affected the outcome of the election. The primary concern is that nobody knows the extent of what was done, nor what could have been done – and, more disconcertingly, what might be done next time.
Microsoft on Monday announced that it took control of several domains associated with a notorious Russia-linked threat actor. The names of the domains suggest the hackers may have been using them in campaigns related to the upcoming midterm elections in the United States.
The tech giant’s Digital Crimes Unit obtained a court order to take control of six domains created by a threat group tracked as APT28, Fancy Bear, Pawn Storm, Strontium, Sednit, Tsar Team and Sofacy.
‘Legacy system’ exposed Black Hat 2018 attendees’ contact information
Zack Whittaker
@zackwhittaker / 14 hours ago
Black Hat
A “legacy system” was to blame for exposing the contact information of attendees of this year’s Black Hat security conference.
Colorado-based pen tester and security researcher who goes by the handle NinjaStyle said it would have taken about six hours to collect all the registered attendees’ names, email and home addresses, company names and phone numbers from anyone who registered for the 2018 conference.
In a blog post, he explained that he used a reader to access the data on his NFC-enabled conference badge, which stored his name in plaintext and other scrambled data. The badge also contained a web address to download BCard, a business card reader app.
The rate at which we were able to brute force the API would mean that we could successfully collect all BlackHat 2018 registered attendees’ names, email addresses, company names, phone numbers, and addresses in only approximately 6 hours.
After the concept was proved successfully, I began the disclosure process. The ITN team was initially difficult to get in contact with as they do not have a security@ or abuse@ email address, but they were extremely polite, professional, and responsive once I was able to get in contact with the right person. Additionally, they had this issue resolved within 24 hours of initial contact.
Public safety departments are catching up with futuristic, augmented reality technology. Some people aren’t happy about it: for example, Microsoft is raising the alarm about facial recognition, wanting to regulate law enforcement use of the tech. However, there are cases where emergency services clearly serve their community better with augmented reality (AR). From training to response, here are three savvy AR public safety applications.
The Democratic National Committee has prevented an attempt to hack into its database of tens of millions of voters.
CNN and the Associated Press reported on Wednesday, citing an unnamed party official, that the political organization was warned Tuesday of the attempt.
Lookout, a security firm, told TechCrunch that its staff detected a phishing page hosted on DigitalOcean, a cloud computing and hosting giant, which replicated a login page for NGP VAN, a technology provider for Democratic campaigns.
Jeremy Richards, principal engineer at the security firm, notified DigitalOcean of the phishing site, which was taken offline.
It’s not uncommon for political parties to store vast amounts of information on voters.
Hackers that targeted a Democratic senator up for reelection this year may have left behind clues in their attack that further suggest Russian involvement.
The office of Claire McCaskill, a Missouri senator, was targeted in an apparent targeted phishing attack from a fake Microsoft domain that the software giant later seized pursuant to a court order. The Daily Beast reported that a then-McCaskill staffer was the target of the attack
Government-backed surveillance projects are deploying brain-reading technology to detect changes in emotional states in employees on the production line, the military and at the helm of high-speed trains
NBC News:
New facial recognition technology at Washington Dulles airport catches man trying to enter the US illegally just three days after the tech started being used
An identification card from the Republic of Congo was found hidden in the man’s shoe, officials said.
Facial recognition technology caught an impostor trying to enter the U.S. on a fake passport that may have passed at face value with humans, federal officials said Thursday.
And the groundbreaking arrest came on just the third day the biometric technology has been used at Washington Dulles International Airport.
The 26-year-old man arrived Wednesday on a flight from Sao Paulo, Brazil, and presented a French passport to the customers officer, according to the U.S. Customs and Border Protection (CBP). Using the new facial comparison biometric system, the officer determined the unidentified traveler did not match the passport he presented.
Raymond Zhong / New York Times:
Australia bans Huawei and ZTE from providing 5G equipment to support the country’s new telecom networks, citing risks of foreign interference and hacking — BEIJING — The fog of cyberespionage concerns surrounding Huawei has for years kept the Chinese technology giant largely out of the United States.
Andy Greenberg / Wired:
A look at the Russia-linked NotPetya cyberattack, which caused an estimated $10B+ in damages worldwide after initially targeting Ukrainian companies — Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.
New York Times:
A look at how FireEye helped Facebook identify Iran-linked fake accounts, after working on the DNC hack in 2016 — SAN FRANCISCO — FireEye, a cybersecurity company that has been involved in a number of prominent investigations, including the 2016 attack on the Democratic National Committee …
FireEye, a cybersecurity company that has been involved in a number of prominent investigations, including the 2016 attack on the Democratic National Committee, alerted Facebook in July that it had a problem.
Security analysts at the company noticed a cluster of inauthentic accounts and pages on Facebook that were sharing content from a site called Liberty Front Press. It looked like a news site, but most of its content was stolen from outlets like Politico and CNN. The small amount of original material was written in choppy English.
FireEye’s tip eventually led Facebook to remove 652 fake accounts and pages. And Liberty Front Press, the common thread among much of that sham activity, was linked to state media in Iran, Facebook said on Tuesday.
Facebook’s latest purge of disinformation from its platforms highlighted the key role that cybersecurity outfits are playing in policing the pages of giant social media platforms. For all of their wealth and well-staffed security teams, companies like Facebook often rely on outside firms and researchers for their expertise.
The discovery of the disinformation campaign also represented a shift in the bad behavior that independent security companies are on the lookout for. Long in the business of discovering and fending off hacking attempts and all sorts of malware, security companies have expanded their focus to the disinformation campaigns that have plagued Facebook and other social media for the past few years.
Attributing attacks to Iran has been tricky. Security experts who have studied Iranian hackers said many take part in attacks, or disinformation campaigns, while they are still in college. They are often recruited for government work, but may also float in and out of government-backed contracts.
Over 14 million detailed voter records were found on an unprotected server
A massive trove of voter records containing personal information on millions of Texas residents has been found online.
The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters.
It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections.
Granted, much of that data is public. According to The Texas Tribune, that kind of voter data in Texas is already obtainable for a fee, but information relating to individuals’ political affiliations and party memberships is not.
Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been targeting banks and other financial companies around the globe. Over the last few months, Lazarus has successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies.
Kaspersky Lab has been assisting with incident response efforts. While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email. It turned out that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to. There have been multiple reports on the reappearance of Fallchill, including one from US-CERT.
Over the past few years, I have been giving workshops on Android reverse engineering – my next one will be an advanced session at Virus Bulletin in October. As most other researchers on Android, I typically start off with a slide explaining that an Android Package (APK) is just a ZIP. Since Android 7.0, however, this is no longer true.
ecurity researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign.
Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording phone calls, and monitoring text messages, secretly stealing photos and videos, and collecting location data—all without users’ knowledge.
We have recently stumbled on several active samples of an Android spyware. They belong to a family we have named BondPath (also known as PathCall or Dingwe), which was first reported in May 2016. While our customers have been protected against that malware since 2016, in July 2018 we discovered that some samples are still in the wild and continue to be a threat to unprotected smartphones.
This malware poses as a Google Play Store Services application. The fact that it is signed by the unknown developer hola should be the first clue to raise an alert.
An attempt to break into the Democratic National Committee’s massive voter database has been thwarted, a party official said Wednesday, two years after Russian operatives sent the party into disarray by hacking into its computers and facilitating the release of tens of thousands of emails amid the presidential election.
A web security firm using artificial intelligence uncovered the attempt. The DNC was notified Tuesday, it said. Hackers had created a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party’s voter file, a party official said. The file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, the official said. The FBI was notified.
The official wasn’t authorized to speak about sensitive security information and spoke to The Associated Press on condition of anonymity.
Threat actors apparently working out of Iran have been conducting an operation whose goal is to influence the opinions of people in the United States and other countries around the world, FireEye reported on Tuesday.
This campaign, which the cybersecurity firm describes as an “influence operation,” involves a network of “inauthentic” news websites and clusters of social media accounts whose apparent purpose is to “promote political narratives in line with Iranian interests.”
Updates released on Wednesday for the Apache Struts 2 open source development framework address a critical vulnerability that can be exploited for remote code execution.
The flaw, tracked as CVE-2018-11776, affects Struts 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and possibly unsupported versions of the framework.
Operators will now be able to block the F-35′s systems from sending data back to the United States, but other security concerns may remain.
Lockheed Martin has received a multi-million dollar contract for work on a firewall that will allow F-35 Joint Strike Fighter operators to prevent the transfer of potentially sensitive information that the jet’s sensors and computer brain scoop up and send back to the United States via a cloud-based network. The development comes as foreign partners in the project become increasingly worried about the data that the aircraft is collecting and storing, but concerns could remain about security breaches or if the links to the system gets cut altogether, especially in the middle of a crisis.
A recent wave of ransomware attacks against organizations around the world have been linked to a notorious North Korean threat actor, security firm Check Point says.
The campaign appears highly targeted, with at least three organizations in the United States and worldwide severely affected. Because some victims decided to pay large ransoms in order to retrieve access to their files, the campaign operators are estimated to have netted over $640,000 to date.
Ghostscript Impacted by Multiple -dSAFER Sandbox Bypass Vulnerabilities
Unpatched vulnerabilities in Ghostscript impact a broad range of popular software products, including several Linux distributions, CERT CC reveals in a Tuesday alert.
Security researchers have uncovered a supply chain attack aimed at infecting organizations in South Korea with a remote access Trojan (RAT) to steal valuable information.
Called Operation Red Signature, the attack was first detected in July and was carried out through the compromised update server of a remote support solutions provider. The end goal was to infect targets of interest with the 9002 RAT backdoor.
The attackers managed to steal a valid digital certificate and use it to sign their malware. They also reconfigured the update server to only deliver the malicious files to organizations within a specified range of IP addresses.
Once on an infected machine, the 9002 RAT would also install additional malware, such as an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper.
“These tools hint at how the attackers are also after data stored in their target’s web server and database,” Trend Micro, the security firm that discovered the campaign, reveals.
Intentionally or not, Microsoft has emerged as a kind of internet cop by devoting considerable resources to thwarting Russian hackers.
The company’s announcement Tuesday that it had identified and forced the removal of fake internet domains mimicking conservative U.S. political institutions triggered alarm on Capitol Hill and led Russian officials to accuse the company of participating in an anti-Russian “witch hunt.”
Microsoft stands virtually alone among tech companies with an aggressive approach that uses U.S. courts to fight computer fraud and seize hacked websites back. In the process, it has acted more like a government detective than a global software giant.
Every 60 seconds, 1,861 people are impacted by cybercrimes such as malware and phishing attacks, cybersecurity company RiskIQ revealed in its Evil Internet Minute 2.0 report.
That total represents a $282,724 increase since last year, cybersecurity company RiskIQ revealed in its Evil Internet Minute 2.0 report, which draws on the company’s global threat intelligence data, as well as third-party research, to examine the volume of malicious Web activity.
Sometimes scammers just need to say they hacked you to pull in the cash. Since July, cybersecurity researchers, journalists and victims, have seen a spike in extortion letters and emails demanding hefty sums of bitcoin. The twist is that the scammers send the victim one of their own passwords, likely gleaned from an already public breach, and use that as an intimidation tactic. The blackmailers then claim they have hacked into the target’s webcam while they were watching pornography. Pay up, or they’ll release the (made-up) video.
Now, researchers have found this scam has been pretty profitable, especially considering the low-level of work involved on the fraudsters’ part.
“What is worrying is that, scammers were able to siphon off [$500,000], from old passwords dumps, with very little effort,” Suman Kar, CEO of cybersecurity firm Banbreach, told Motherboard in an online chat.
In July, cybersecurity journalist Brian Krebs reported on the new wave of sextortion emails.
Cisco Talos has recently observed multiple campaigns using the Remcos remote access tool (RAT) that is offered for sale by a company called Breaking Security. While the company says it will only sell the software for legitimate uses as described in comments in response to the article here and will revoke the licenses for users not following their EULA, the sale of the RAT gives attackers everything they need to establish and run a potentially illegal botnet.
Remcos’ prices per license range from €58 to €389. Breaking Security also offers customers the ability to pay for the RAT using a variety of digital currencies. This RAT can be used to fully control and monitor any Windows operating system, from Windows XP and all versions thereafter, including server editions.
Turla, also known as Snake, is an espionage group notorious for having breached some heavily-
protected networks such as the US Central Command in 2008
[1]
. Since then, they have been busy
attacking diplomats and military targets around the world. Among the notable victims were the Finnish
Foreign Ministry in 2013
[2]
, the Swiss military firm RUAG between 2014 and 2016
[3]
and more recently,
the German government at the end of 2017/beginning of 2018
The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
428 Comments
Tomi Engdahl says:
Gmail Confidential Mode lets you send top-secret emails on your phone
This email will self-destruct in 3…2…1
https://www.cnet.com/news/gmail-confidential-mode-lets-you-send-top-secret-emails-on-your-phone/
Worried about sending emails with sensitive information on your phone? Gmail has rolled out its Confidential Mode to the Gmail iOS and Android apps.
Confidential Mode gives you tight control over the emails you send. You can set emails to expire after a set amount of time, similar to a Snapchat message, or take away someone’s access to a confidential email at any time. The recipient won’t be able to forward, copy, print or download a confidential message, but Google points out they can still take screenshots.
When sending a confidential email you also have the option of requiring a SMS passcode to open the message. If you choose this, the recipient will get a text with a passcode, and have to enter it to open the message.
Confidential Mode is part of the new Gmail that Google released this year.
Tomi Engdahl says:
Invisible Mouse Clicks Let Hackers Burrow Deep Into MacOS
https://www.wired.com/story/invisible-mouse-clicks-hack-macos/
One way operating system developers try to protect a computers’s secrets from probing hackers is with an appeal to the human at the keyboard. By giving the user a choice to “allow” or “deny” a program’s access to sensitive data or features, the operating system can create a checkpoint that halts malware while letting innocent applications through. But former NSA staffer and noted Mac hacker Patrick Wardle has spent the last year exploring a nagging problem: What if a piece of malware can reach out and click on that “allow” button just as easily as a human?
At the DefCon hacker conference Sunday in Las Vegas, Wardle plans to present a devious set of automated attacks he’s pulled off against macOS versions as recent as 2017 release High Sierra, capable of so-called synthetic clicks that allow malware to breeze through the permission prompts meant to block it. The result could be malware that, once it has found a way onto a user’s machine, can bypass layers of security to perform tricks like finding the user’s location, stealing their contacts or, with his most surprising and critical technique, taking over the deepest core of the operating system, known as the kernel, to fully control the computer.
Tomi Engdahl says:
Back to the 90′s: FragmentSmack
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
As we had the previous week SegmentSmack (CVE-2018-5390) allowing remote DoS attacks by sending crafted TCP packets, this week a similar vulnerability has been reported on IP fragments.
Juha-Matti Tilli has reported a vulnerability in the IP implementation of the Linux kernel, versions 3.9+. The vulnerability is being named FragmentSmack (CVE-2018-5391) and can be exploited by sending special crafted IP fragments at a low rate. Due to the increase of the reassembly queue size (you can find the commit here) in the Linux kernel 3.9+ it became exploitable. Similar vulnerabilities (exploits are being known as Teardrop attacks) have been seen before as far as in the 90′s, starting with Windows NT 4.0, Windows 95 and Linux up to 2.0.32 (see this article). It has resurfaced in Windows 7 and Windows Vista and now reappearing in the Linux Kernel. The Teardrop attack originally crashed the system, while these newer vulnerabilities will “just” trigger excessive resource usage (increased CPU and RAM usage).
If you are not able to apply the patch, changing the values net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively) or below will mitigate this problem.
Tomi Engdahl says:
New PHP Code Execution Attack Puts WordPress Sites at Risk
https://thehackernews.com/2018/08/php-deserialization-wordpress.html
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions.
PHP unserialization or object injection vulnerabilities were initially documented in 2009, which could allow an attacker to perform different kinds of attacks by supplying malicious inputs
Tomi Engdahl says:
https://www.laptopmag.com/articles/intel-foreshadow-l1tf-flaws
Tomi Engdahl says:
Beyond Spectre: Foreshadow, a new Intel security problem
https://www.zdnet.com/article/beyond-spectre-foreshadow-a-new-intel-security-problem/
Researchers have broken Intel’s Software Guard Extensions, System Management Mode, and x86-based virtual machines.
Tomi Engdahl says:
Open MQTT Servers Raise Physical Threats in Smart Homes
https://threatpost.com/open-mqtt-servers-raise-physical-threats-in-smart-homes/136586/
Misconfigured DIY smart-home hubs for home automation could allow attackers to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.
Tens of thousands of consumer-grade Internet of Things (IoT) servers have been found wide-open on the internet, allowing cybercriminals to potentially compromise homeowners’ physical security. Bad actors can gain complete access to smart-home footprints to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.
The servers in question are 49,000 Message Queuing Telemetry Transport (MQTT) servers, which are publicly visible due to misconfigured MQTT protocol, according to research released Thursday from Avast. This includes more than 32,000 servers with no password protection.
Tomi Engdahl says:
Breaking Down the Door to Emergency Services through Cellular IoT Gateways
https://www.f5.com/labs/articles/threat-intelligence/breaking-down-the-door-to-emergency-services-through-cellular-io
Hollywood has provided a spectacular number of films depicting hackers involved in crime rings such as Lyle, the character portrayed by Seth Green in the Italian Job. At the end of the film, Lyle leverages his skills and talents to look after the health and welfare of his associates by manipulating traffic signals to control the flow of traffic, which subsequently assists in their successful heist.
This scene is no longer fantasy. For instance, the traffic lights that are referenced do exist. They are often connected back to a smart city’s infrastructure through the use of VPN tunnels and other private means of communication over devices like cellular gateways. These gateways are similar to the modems and routers used by consumers at home but with an additional feature, cellular connectivity, often in the form of 4G/LTE, if available. Additionally, these devices are capable of providing a variety of connection options, including wireless connectivity over 802.11x, Ethernet, USB, serial; analog and digital I/O; and cellular bands ranging from 2G through 4G LTE. If said devices are not configured properly, an attacker may be able to access them and do just as Lyle did in the Italian Job.
It feels like a time warp, but as with all cyber threats, they do not appear instantly. They evolve slowly in the background over long periods of time until the problem seems to reach a critical mass.
Tomi Engdahl says:
Key Considerations When Designing A Wireless Network
https://www.ecnmag.com/blog/2018/08/key-considerations-when-designing-wireless-network
Tomi Engdahl says:
Industry Reactions to Foreshadow Flaws: Feedback Friday
https://www.securityweek.com/industry-reactions-foreshadow-flaws-feedback-friday
Researchers and several major tech companies this week disclosed the details of three new speculative execution side-channel vulnerabilities affecting Intel processors.
Tomi Engdahl says:
ESET Launches New Enterprise Security Tools
https://www.securityweek.com/eset-launches-new-enterprise-security-tools
ESET on Thursday announced the general availability of a new line of enterprise security solutions that include endpoint detection and response (EDR), forensic investigation, threat monitoring, sandbox, and management tools.
The new EDR tool is ESET Enterprise Inspector, which provides real-time data from the cybersecurity firm’s endpoint security platform. The product is fully customizable and ESET claims it offers “vastly more visibility for complete prevention, detection and response against all types of cyber threats.”
The new enterprise solutions also include ESET Threat Hunting, an on-demand forensic investigation tool that provides details on alarms and events, and ESET Threat Monitoring, which constantly monitors all Enterprise Inspector data for threats.
Tomi Engdahl says:
Microsoft Rolls Out End-to-End Encryption in Skype
https://www.securityweek.com/microsoft-rolls-out-end-end-encryption-skype
Tomi Engdahl says:
Google Warns Thousands Each Month of State-Sponsored Attacks
https://www.securityweek.com/google-warns-thousands-each-month-state-sponsored-attacks
Each month, Google sends thousands of warnings to users who might have been targeted in government-backed attacks, even if the attempts have been blocked.
Highly targeted and more sophisticated when compared to typical phishing attempts, which are mainly focused on financial fraud, these state-sponsored attacks come from dozens of countries worldwide, Google says.
Only an extremely small fraction of Google’s users have received such an alert, and they don’t necessarily mean that accounts have been compromised, but the search giant urges all of those who receive the notification to take immediate action.
Tomi Engdahl says:
Hacking Elections: Georgia’s Midterm Electronic Voting in the Dock
https://www.securityweek.com/hacking-elections-georgias-midterm-electronic-voting-dock
The security of electronic voting and the direct-recording election (DRE) voting machines used has been questioned for years. The upcoming U.S. midterm elections in November, coupled with the attempted Russian meddling in the 2016 presidential election, have made this a current and major concern for many in the security industry and beyond. Now it has gone to court.
Security concerns
Concern over the security of electronic voting was heightened following the 2016 presidential election. The incumbent Obama administration accused Russia of interfering and being behind a breach of the DNC and subsequent leak of sensitive data.
For the most part it is believed that Russia attempted to influence rather than control the vote. However, an NSA document acquired and discussed by The Intercept in June 2017 “raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.”
There is no claim that Russia affected the outcome of the election. The primary concern is that nobody knows the extent of what was done, nor what could have been done – and, more disconcertingly, what might be done next time.
Tomi Engdahl says:
Microsoft Disrupts Election-Related Domains Used by Russian Hackers
https://www.securityweek.com/microsoft-disrupts-election-related-domains-used-russian-hackers
Microsoft on Monday announced that it took control of several domains associated with a notorious Russia-linked threat actor. The names of the domains suggest the hackers may have been using them in campaigns related to the upcoming midterm elections in the United States.
The tech giant’s Digital Crimes Unit obtained a court order to take control of six domains created by a threat group tracked as APT28, Fancy Bear, Pawn Storm, Strontium, Sednit, Tsar Team and Sofacy.
Tomi Engdahl says:
Even the world’s most popular security meet-up is susceptible to hacks…
‘Legacy system’ exposed Black Hat 2018 attendees’ contact information
https://techcrunch.com/2018/08/22/legacy-system-exposed-black-hat-2018-attendees-contact-information/?sr_share=facebook&utm_source=tcfbpage
AdChoices
‘Legacy system’ exposed Black Hat 2018 attendees’ contact information
Zack Whittaker
@zackwhittaker / 14 hours ago
Black Hat
A “legacy system” was to blame for exposing the contact information of attendees of this year’s Black Hat security conference.
Colorado-based pen tester and security researcher who goes by the handle NinjaStyle said it would have taken about six hours to collect all the registered attendees’ names, email and home addresses, company names and phone numbers from anyone who registered for the 2018 conference.
In a blog post, he explained that he used a reader to access the data on his NFC-enabled conference badge, which stored his name in plaintext and other scrambled data. The badge also contained a web address to download BCard, a business card reader app.
How I Hacked BlackHat 2018
Enumerating registered BlackHat attendees with the BCard API
https://ninja.style/post/bcard/
The rate at which we were able to brute force the API would mean that we could successfully collect all BlackHat 2018 registered attendees’ names, email addresses, company names, phone numbers, and addresses in only approximately 6 hours.
After the concept was proved successfully, I began the disclosure process. The ITN team was initially difficult to get in contact with as they do not have a security@ or abuse@ email address, but they were extremely polite, professional, and responsive once I was able to get in contact with the right person. Additionally, they had this issue resolved within 24 hours of initial contact.
Tomi Engdahl says:
Augmented Public Safety: AR Technology Gives Emergency Services Second Set of Eyes
https://www.sealevel.com/2018/07/27/augmented-public-safety-ar-technology-gives-emergency-services-second-set-of-eyes/
Public safety departments are catching up with futuristic, augmented reality technology. Some people aren’t happy about it: for example, Microsoft is raising the alarm about facial recognition, wanting to regulate law enforcement use of the tech. However, there are cases where emergency services clearly serve their community better with augmented reality (AR). From training to response, here are three savvy AR public safety applications.
Tomi Engdahl says:
Hackers failed to hack into DNC voter database, says security firm
https://techcrunch.com/2018/08/22/hackers-failed-to-hack-into-dnc-voter-database-says-security-firm/?utm_source=tcfbpage&sr_share=facebook
The Democratic National Committee has prevented an attempt to hack into its database of tens of millions of voters.
CNN and the Associated Press reported on Wednesday, citing an unnamed party official, that the political organization was warned Tuesday of the attempt.
Lookout, a security firm, told TechCrunch that its staff detected a phishing page hosted on DigitalOcean, a cloud computing and hosting giant, which replicated a login page for NGP VAN, a technology provider for Democratic campaigns.
Jeremy Richards, principal engineer at the security firm, notified DigitalOcean of the phishing site, which was taken offline.
It’s not uncommon for political parties to store vast amounts of information on voters.
Tomi Engdahl says:
Russian hackers slipped up in attempt to hack senator
https://techcrunch.com/2018/08/23/russian-hackers-slipped-up-in-attempt-to-hack-senator/?sr_share=facebook&utm_source=tcfbpage
Hackers that targeted a Democratic senator up for reelection this year may have left behind clues in their attack that further suggest Russian involvement.
The office of Claire McCaskill, a Missouri senator, was targeted in an apparent targeted phishing attack from a fake Microsoft domain that the software giant later seized pursuant to a court order. The Daily Beast reported that a then-McCaskill staffer was the target of the attack
Tomi Engdahl says:
Hak5 925 – Break into shell with MsPaint, Launchy, BackTrack Wireless and more
https://www.hak5.org/episodes/hak5-925
Tomi Engdahl says:
‘Forget the Facebook leak’: China is mining data directly from workers’ brains on an industrial scale
https://m.scmp.com/news/china/society/article/2143899/forget-facebook-leak-china-mining-data-directly-workers-brains
Government-backed surveillance projects are deploying brain-reading technology to detect changes in emotional states in employees on the production line, the military and at the helm of high-speed trains
Tomi Engdahl says:
NBC News:
New facial recognition technology at Washington Dulles airport catches man trying to enter the US illegally just three days after the tech started being used
New facial recognition tech catches first impostor at D.C. airport
https://www.nbcnews.com/news/us-news/new-facial-recognition-tech-catches-first-impostor-d-c-airport-n903236
An identification card from the Republic of Congo was found hidden in the man’s shoe, officials said.
Facial recognition technology caught an impostor trying to enter the U.S. on a fake passport that may have passed at face value with humans, federal officials said Thursday.
And the groundbreaking arrest came on just the third day the biometric technology has been used at Washington Dulles International Airport.
The 26-year-old man arrived Wednesday on a flight from Sao Paulo, Brazil, and presented a French passport to the customers officer, according to the U.S. Customs and Border Protection (CBP). Using the new facial comparison biometric system, the officer determined the unidentified traveler did not match the passport he presented.
Tomi Engdahl says:
Raymond Zhong / New York Times:
Australia bans Huawei and ZTE from providing 5G equipment to support the country’s new telecom networks, citing risks of foreign interference and hacking — BEIJING — The fog of cyberespionage concerns surrounding Huawei has for years kept the Chinese technology giant largely out of the United States.
Australia Bars China’s Huawei From Building 5G Wireless Network
https://www.nytimes.com/2018/08/23/technology/huawei-banned-australia-5g.html
Tomi Engdahl says:
Andy Greenberg / Wired:
A look at the Russia-linked NotPetya cyberattack, which caused an estimated $10B+ in damages worldwide after initially targeting Ukrainian companies — Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world
Tomi Engdahl says:
New York Times:
A look at how FireEye helped Facebook identify Iran-linked fake accounts, after working on the DNC hack in 2016 — SAN FRANCISCO — FireEye, a cybersecurity company that has been involved in a number of prominent investigations, including the 2016 attack on the Democratic National Committee …
How FireEye Helped Facebook Spot a Disinformation Campaign
https://www.nytimes.com/2018/08/23/technology/fireeye-facebook-disinformation.html
FireEye, a cybersecurity company that has been involved in a number of prominent investigations, including the 2016 attack on the Democratic National Committee, alerted Facebook in July that it had a problem.
Security analysts at the company noticed a cluster of inauthentic accounts and pages on Facebook that were sharing content from a site called Liberty Front Press. It looked like a news site, but most of its content was stolen from outlets like Politico and CNN. The small amount of original material was written in choppy English.
FireEye’s tip eventually led Facebook to remove 652 fake accounts and pages. And Liberty Front Press, the common thread among much of that sham activity, was linked to state media in Iran, Facebook said on Tuesday.
Facebook’s latest purge of disinformation from its platforms highlighted the key role that cybersecurity outfits are playing in policing the pages of giant social media platforms. For all of their wealth and well-staffed security teams, companies like Facebook often rely on outside firms and researchers for their expertise.
The discovery of the disinformation campaign also represented a shift in the bad behavior that independent security companies are on the lookout for. Long in the business of discovering and fending off hacking attempts and all sorts of malware, security companies have expanded their focus to the disinformation campaigns that have plagued Facebook and other social media for the past few years.
Attributing attacks to Iran has been tricky. Security experts who have studied Iranian hackers said many take part in attacks, or disinformation campaigns, while they are still in college. They are often recruited for government work, but may also float in and out of government-backed contracts.
Tomi Engdahl says:
Millions of Texas voter records exposed online
https://techcrunch.com/2018/08/23/millions-of-texas-voter-records-exposed-online/
Over 14 million detailed voter records were found on an unprotected server
A massive trove of voter records containing personal information on millions of Texas residents has been found online.
The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters.
It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections.
Granted, much of that data is public. According to The Texas Tribune, that kind of voter data in Texas is already obtainable for a fee, but information relating to individuals’ political affiliations and party memberships is not.
Tomi Engdahl says:
Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware
https://securelist.com/operation-applejeus/87553/
Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been targeting banks and other financial companies around the globe. Over the last few months, Lazarus has successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies.
Kaspersky Lab has been assisting with incident response efforts. While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email. It turned out that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill, an old tool that Lazarus has recently switched back to. There have been multiple reports on the reappearance of Fallchill, including one from US-CERT.
Tomi Engdahl says:
An Android Package is no Longer a ZIP
https://www.fortinet.com/blog/threat-research/an-android-package-is-no-longer-a-zip.html
Over the past few years, I have been giving workshops on Android reverse engineering – my next one will be an advanced session at Virus Bulletin in October. As most other researchers on Android, I typically start off with a slide explaining that an Android Package (APK) is just a ZIP. Since Android 7.0, however, this is no longer true.
The APK Format: a Modified ZIP File
The Format of an APK File Since Android 7.0
Tomi Engdahl says:
New Android Malware Framework Turns Apps Into Powerful Spyware
https://thehackernews.com/2018/08/android-malware-spyware.html
ecurity researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign.
Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording phone calls, and monitoring text messages, secretly stealing photos and videos, and collecting location data—all without users’ knowledge.
Tomi Engdahl says:
Android/BondPath: a Mature Spyware
https://www.fortinet.com/blog/threat-research/android-bondpath–a-mature-spyware.html
We have recently stumbled on several active samples of an Android spyware. They belong to a family we have named BondPath (also known as PathCall or Dingwe), which was first reported in May 2016. While our customers have been protected against that malware since 2016, in July 2018 we discovered that some samples are still in the wild and continue to be a threat to unprotected smartphones.
This malware poses as a Google Play Store Services application. The fact that it is signed by the unknown developer hola should be the first clue to raise an alert.
Tomi Engdahl says:
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8340-android-lahettaa-paikkatietosi-14-kertaa-tunnissa
https://digitalcontentnext.org/wp-content/uploads/2018/08/DCN-Google-Data-Collection-Paper.pdf
Tomi Engdahl says:
Attempt to Break Into Democratic Party Voter Data Thwarted
https://www.securityweek.com/attempt-break-democratic-party-voter-data-thwarted
An attempt to break into the Democratic National Committee’s massive voter database has been thwarted, a party official said Wednesday, two years after Russian operatives sent the party into disarray by hacking into its computers and facilitating the release of tens of thousands of emails amid the presidential election.
A web security firm using artificial intelligence uncovered the attempt. The DNC was notified Tuesday, it said. Hackers had created a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party’s voter file, a party official said. The file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, the official said. The FBI was notified.
The official wasn’t authorized to speak about sensitive security information and spoke to The Associated Press on condition of anonymity.
Tomi Engdahl says:
Microsoft Releases Intel Microcode Patches for Foreshadow Flaws
https://www.securityweek.com/microsoft-releases-intel-microcode-patches-foreshadow-flaws
Microsoft this week made available another round of microcode updates created by Intel for mitigating the recently disclosed speculative
execution vulnerabilities tracked as Foreshadow and L1 Terminal Fault (L1TF).
The Foreshadow/L1TF vulnerabilities are CVE-2018-3615, which impacts Intel’s Software Guard Extensions (SGX); CVE-2018-3620, which impacts
operating systems and System Management Mode (SMM); and CVE-2018-3646, which affects virtualization software and Virtual Machine Monitors
(VMM).
Tomi Engdahl says:
Iran-Linked Influence Campaign Targets US, Others
https://www.securityweek.com/iran-linked-influence-campaign-targets-us-others
Threat actors apparently working out of Iran have been conducting an operation whose goal is to influence the opinions of people in the United States and other countries around the world, FireEye reported on Tuesday.
This campaign, which the cybersecurity firm describes as an “influence operation,” involves a network of “inauthentic” news websites and clusters of social media accounts whose apparent purpose is to “promote political narratives in line with Iranian interests.”
Tomi Engdahl says:
Critical Apache Struts 2 Flaw Allows Remote Code Execution
https://www.securityweek.com/critical-apache-struts-2-flaw-allows-remote-code-execution
Updates released on Wednesday for the Apache Struts 2 open source development framework address a critical vulnerability that can be exploited for remote code execution.
The flaw, tracked as CVE-2018-11776, affects Struts 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and possibly unsupported versions of the framework.
Tomi Engdahl says:
Foreign F-35 Users Spend Millions To Stop Jet’s Computer From Sharing Their Secrets
http://www.thedrive.com/the-war-zone/23052/foreign-f-35-users-spend-millions-to-stop-jets-computer-from-sharing-their-secrets
Operators will now be able to block the F-35′s systems from sending data back to the United States, but other security concerns may remain.
Lockheed Martin has received a multi-million dollar contract for work on a firewall that will allow F-35 Joint Strike Fighter operators to prevent the transfer of potentially sensitive information that the jet’s sensors and computer brain scoop up and send back to the United States via a cloud-based network. The development comes as foreign partners in the project become increasingly worried about the data that the aircraft is collecting and storing, but concerns could remain about security breaches or if the links to the system gets cut altogether, especially in the middle of a crisis.
Tomi Engdahl says:
Organizations Hit With North Korea-Linked Ryuk Ransomware
https://www.securityweek.com/organizations-hit-north-korean-linked-ryuk-ransomware
A recent wave of ransomware attacks against organizations around the world have been linked to a notorious North Korean threat actor, security firm Check Point says.
The campaign appears highly targeted, with at least three organizations in the United States and worldwide severely affected. Because some victims decided to pay large ransoms in order to retrieve access to their files, the campaign operators are estimated to have netted over $640,000 to date.
Tomi Engdahl says:
Unpatched Ghostscript Vulnerabilities Impact Popular Software
https://www.securityweek.com/unpatched-ghostscript-vulnerabilities-impact-popular-software
Ghostscript Impacted by Multiple -dSAFER Sandbox Bypass Vulnerabilities
Unpatched vulnerabilities in Ghostscript impact a broad range of popular software products, including several Linux distributions, CERT CC reveals in a Tuesday alert.
Tomi Engdahl says:
DMARC Use is Growing, But Difficult to Configure Correctly and Completely
https://www.securityweek.com/dmarc-use-growing-difficult-configure-correctly-and-completely
Tomi Engdahl says:
Supply Chain Attack Hits South Korean Firms
https://www.securityweek.com/supply-chain-attack-hits-south-korean-firms
Security researchers have uncovered a supply chain attack aimed at infecting organizations in South Korea with a remote access Trojan (RAT) to steal valuable information.
Called Operation Red Signature, the attack was first detected in July and was carried out through the compromised update server of a remote support solutions provider. The end goal was to infect targets of interest with the 9002 RAT backdoor.
The attackers managed to steal a valid digital certificate and use it to sign their malware. They also reconfigured the update server to only deliver the malicious files to organizations within a specified range of IP addresses.
Once on an infected machine, the 9002 RAT would also install additional malware, such as an exploit tool for Internet Information Services (IIS) 6 WebDav (exploiting CVE-2017-7269) and an SQL database password dumper.
“These tools hint at how the attackers are also after data stored in their target’s web server and database,” Trend Micro, the security firm that discovered the campaign, reveals.
Tomi Engdahl says:
Microsoft’s Anti-Hacking Efforts Make it an Internet Cop
https://www.securityweek.com/microsofts-anti-hacking-efforts-make-it-internet-cop
Intentionally or not, Microsoft has emerged as a kind of internet cop by devoting considerable resources to thwarting Russian hackers.
The company’s announcement Tuesday that it had identified and forced the removal of fake internet domains mimicking conservative U.S. political institutions triggered alarm on Capitol Hill and led Russian officials to accuse the company of participating in an anti-Russian “witch hunt.”
Microsoft stands virtually alone among tech companies with an aggressive approach that uses U.S. courts to fight computer fraud and seize hacked websites back. In the process, it has acted more like a government detective than a global software giant.
Tomi Engdahl says:
Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East
https://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian-influence-operation.html
Tomi Engdahl says:
More Than $1.1M Lost to Cybercrime Every Minute
By Angela Moscaritolo 21 Aug 2018, noon
https://uk.pcmag.com/webroot-secureanywhere-internet-security-complete/116979/news/more-than-11m-lost-to-cybercrime-every-minute
Every 60 seconds, 1,861 people are impacted by cybercrimes such as malware and phishing attacks, cybersecurity company RiskIQ revealed in its Evil Internet Minute 2.0 report.
That total represents a $282,724 increase since last year, cybersecurity company RiskIQ revealed in its Evil Internet Minute 2.0 report, which draws on the company’s global threat intelligence data, as well as third-party research, to examine the volume of malicious Web activity.
Tomi Engdahl says:
Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn
Scammers tricked victims to pay ransom in bitcoin for compromising video that didn’t exist.
https://motherboard.vice.com/en_us/article/xwk3wq/hackers-sextortion-half-million-blackmail-caught-watching-porn
Sometimes scammers just need to say they hacked you to pull in the cash. Since July, cybersecurity researchers, journalists and victims, have seen a spike in extortion letters and emails demanding hefty sums of bitcoin. The twist is that the scammers send the victim one of their own passwords, likely gleaned from an already public breach, and use that as an intimidation tactic. The blackmailers then claim they have hacked into the target’s webcam while they were watching pornography. Pay up, or they’ll release the (made-up) video.
Now, researchers have found this scam has been pretty profitable, especially considering the low-level of work involved on the fraudsters’ part.
“What is worrying is that, scammers were able to siphon off [$500,000], from old passwords dumps, with very little effort,” Suman Kar, CEO of cybersecurity firm Banbreach, told Motherboard in an online chat.
In July, cybersecurity journalist Brian Krebs reported on the new wave of sextortion emails.
Sextortion Scam Uses Recipient’s Hacked Passwords
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
Tomi Engdahl says:
Is malware protection software for smart phones needed?
Maybe not because the problem is very small at least in Finland.
https://www.tivi.fi/Kaikki_uutiset/maksatko-turhasta-sk-kannykoiden-lisatietoturva-usein-tarpeetonta-suomessa-hyokkayksia-vain-kymmenia-vuodessa-6737553
Tomi Engdahl says:
Älypuhelinten tietoturva yllätti: rikoksia vain muutamia kymmeniä vuodessa – Maksullinen lisäturva usein turhaa
https://suomenkuvalehti.fi/jutut/kotimaa/alypuhelinten-tietoturva-yllatti-rikoksia-vain-muutamia-kymmenia-vuodessa-maksullinen-lisaturva-usein-turhaa/?shared=1034177-dce500d7-4
Tomi Engdahl says:
Picking Apart Remcos Botnet-In-A-Box
https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
Cisco Talos has recently observed multiple campaigns using the Remcos remote access tool (RAT) that is offered for sale by a company called Breaking Security. While the company says it will only sell the software for legitimate uses as described in comments in response to the article here and will revoke the licenses for users not following their EULA, the sale of the RAT gives attackers everything they need to establish and run a potentially illegal botnet.
Remcos’ prices per license range from €58 to €389. Breaking Security also offers customers the ability to pay for the RAT using a variety of digital currencies. This RAT can be used to fully control and monitor any Windows operating system, from Windows XP and all versions thereafter, including server editions.
Tomi Engdahl says:
TURLA OUTLOOK BACKDOOR
Analysis of an unusual Turla backdoor
https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf
Turla, also known as Snake, is an espionage group notorious for having breached some heavily-
protected networks such as the US Central Command in 2008
[1]
. Since then, they have been busy
attacking diplomats and military targets around the world. Among the notable victims were the Finnish
Foreign Ministry in 2013
[2]
, the Swiss military firm RUAG between 2014 and 2016
[3]
and more recently,
the German government at the end of 2017/beginning of 2018
Tomi Engdahl says:
Turla: In and out of its unique Outlook backdoor
https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails