Recorded Future security researchers believe they were able to correctly identify the individual who in 2016 leaked data stolen in high profile data breaches such as LinkedIn, Twitter, Tumblr, and others.
In early 2016, using various aliases, the individual posted on several underground forums, attempting to sell an extensive list of compromised, high-profile databases, such as LinkedIn, VKontakte, Yahoo, Yandex, Rambler, Myspace, Badoo, QIP, and Mobango.
Mostly known as tessa88, the hacker was banned from dark web communities within several months, and ceased all communication with both the media and the public.
According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work.
A well known Russian state-sponsored cyber-espionage group has used a new Trojan as a secondary payload in recent attacks targeting government entities around the globe, Palo Alto Networks reports.
Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the Sofacy group is believed to have orchestrated the attacks targeting the 2016 presidential election in the United States.
Espoolaiset lukiolaiset ovat löytäneet lukuisia tietoturvaongelmia Espoon eri nettipalveluista. Lukiolaiset löysivät muun muassa Espoon kehitysvaiheessa olevista järjestelmistä kaikkiaan seitsemän ongelmaa, joista osa liittyi käytettävyyteen ja osa oli selkeitä tietoturvahaavoittuvuuksia
Löydökset liittyvät loka-marraskuussa käynnissä olleeseen Hack with Espoo -nimiseen eettisen hakkeroinnin kurssiin
An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks.
Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week.
Wianin neuvo on, että harvemmin käytettävät salasanat kannattaa suosiolla unohtaa, sillä ihmiset käyttävät niissä muistisääntöjä, jotka tekevät salasanoista haavoittuvaisia.
”Koko salasanojen ajatus lähtee siitä, että sen pitäisi olla käyttäjälle helppo mutta hakkeroijalle vaikea este. Minusta teknologia ei tue tätä, koska nykypäivän vaatimuksien vuoksi salasanat ovat usein vaikeita käyttää, mutta kyberrikollisille todella mitätön este.”
Wian onkin ilahtunut siitä, että monet verkkokaupat vaativatkin tilin luomista vasta, jos asiakas haluaa jälkikäteen tarkastaa ostoksiaan. Muuten kauppojen käyttäjätili on pitkälti täysin turha, ja vieläpä tietoturvan kannalta vaarallinen.
Read our tips to ensure that your business and customer data is kept as secure as possible
Keeping data safe has never been more critical for businesses, but implementing effective security can sometimes seem overwhelming, with a huge range of options.
There’s no silver bullet for guaranteeing security of your organisation’s data, but a layered approach, combining tools, practices and culture can make sure that as much has been done as possible.
A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past.
DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers https://www.imperva.com/blog/dirtycow-bug-drives-attackers-to-a-backdoor-in-vulnerable-drupal-web-servers/
In this post we’ll unpack a short — but no less serious — attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines.
Russian state-backed hacking crew Fancy Bear (aka APT28) is distributing malware-riddled files with a suggested link to the recent Lion Air crash in order to dupe government workers into downloading software nasties – and has developed a new remote-access trojan called Cannon, according to Palo Alto Networks.
Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page.
FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.
In this article we analyze this malicious traffic workflow, as well as samples targeting the Windows platform. At the end of the article, we also analyze the attribution information to try and determine who is behind these attacks.
The interpreter code of the Action Script Virtual Machine (AVM)
does not reset a with-scope pointer when an exception is caught,
leading later to a type confusion bug, and eventually to a remote code execution.
Special report Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting.
This information can be used to target adverts at you based on your interests, or otherwise work out the kind of stuff you’re into and collect it in safe-keeping for future reference.
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
It’s every sysadmin’s worst nightmare: discovering that someone has planted a device in your network, among all your servers, and you have no idea where it came from nor what it does. What do you do?
Well, one IT manager at a college in Austria decided the best bet was to get on Reddit and see what the tech hive mind could figure out.
Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a study of students at University of Maryland, Baltimore County suggests.
Citing IBM data suggesting human error is a factor in 95 per cent of security incidents, researchers from the school’s department of computer science and electrical engineering conducted a phishing test to assess the relationship between demographic factors and susceptibility to phishing.
Vision Direct has admitted customers’ personal and financial data was leaked earlier this month after hackers compromised the company’s website.
Vision Direct stated on its website:
The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.
Financial cybercrime in Brazil is known as one of the most geospecific panoramas, where local cybercriminals attack local internet users. With close to 210 million residents in the country, criminals are in lavish turf. Some reports cite losses of nearly 70 billion Brazilian reals — which equates to about $18.6 billion — to fraud and online scams in 2017.
In following the evolution of cyber activity in Brazil, IBM Security sees this threat landscape as unique, where technical sophistication is neither the norm nor a requirement.
The VEIL.AI service enables potentially sensitive individual-level information to be used in various research and development projects as well as commercial applications. VEIL.AI processes information without affecting the value of collected data sets, but ensuring that individuals can no longer be identified.
VEIL.AI uses artificial intelligence to speed up the computationally heavy processes required for de-identification.
Palantir hired a cybersecurity firm last year to test its digital defenses. A confidential report shows how the pro hackers were able to dominate the tech company’s network.
Facepalm: China is well known for embracing facial recognition tech to catch lawbreakers, but these systems don’t always get it right. Earlier this week, one camera captured the image of a famous businesswoman and publicly shamed her, but she wasn’t even there at the time.
The camera had seen her face on the side of a bus advertisement for Gree Electric and mistakenly thought she was crossing during a red light.
Whenever the system identifies jaywalkers, it posts their photo onto a large public screen to ‘name and shame’ the perpetrators. It showed Dong’s face and name, though it incorrectly spelled her surname
Ningbo’s traffic police wrote on Chinese microblogging site Weibo that the system had made a mistake and all record of the violation was being deleted.
We’ve heard reports of China using facial recognition in several ways, from analyzing students’ emotions in schools to scanning for suspects via special glasses. Back in April, the system reportedly identified a suspected criminal from a crowd of 50,000 people
Never underestimate the power of the internet, and how a governing body could one day use it to see what you’ve been up to and what your behavior looks like. Remember; The Internet Is Forever.
If certain lawmakers get their way in New York, they’ll successfully pass a bill that would require all persons, looking to obtain a pistol permit, go through a ‘social media review’ in which their various online activities would be checked.
The law would require applicants to hand over their login information for sites such as Facebook, so that a thorough search could be conducted. Talk about invasion of privacy.
Posts from the past three years on site like Facebook, Twitter and Snapchat would be reviewed for language containing slurs, racial/gender bias, threats and terrorism.
One year of search history on Google/Yahoo/Bing would also be reviewed.
“There should be more restrictions on how guns are purchased. We should have more background checks,” Paul McQuillen, director of the Buffalo chapter of New Yorkers Against Gun Violence, told WKBW.
James Tresmond, a gun rights lawyer, told the local NY station that the bill would violate multiple constitutional rights.
Some are arguing that the subjective nature of the bill is highly concerning.
Amazon, which got its start selling books and still bills itself as “Earth’s most customer-centric company,” has officially entered the surveillance business.
The company has developed a powerful and dangerous new facial recognition system and is actively helping governments deploy it. Amazon calls the service “Rekognition.”
Twenty-one-year-old Manhattan con man Nicholas Truglia hacked into the phones of Silicon Valley bigwigs to try to steal their cryptocurrency — and in one instance, pulled it off, authorities said Tuesday.
“It’s a new way of doing an old crime,” said deputy DA Erin West of Santa Clara Superior Court to The Post. “It’s a pervasive problem, and it involves millions of dollars.”
But the Department of Homeland Security seems to think it is.
What kind of person racks up debts and doesn’t pay them? Your credit score is an attempt to answer this question. These important three-digit numbers summarize our statistical risk for lenders. The allure of the credit score is its clarity: It cuts through appearances and converts our messy lives into an easily readable metric.
But the U.S. Department of Homeland Security wants to use credit scores for an entirely different purpose, one they were never built for and are not suited for. The agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status.
Setting aside the proposal’s moral abdication when it comes to the needy, we should be troubled by another injustice: its abuse of personal metrics.
The proposal’s “totality of circumstances” framework offers few specifics as to exactly how credit scores would figure into immigration decisions.
The US government has initiated an extraordinary outreach campaign to foreign allies, trying to persuade wireless and internet providers in these countries to avoid telecommunications equipment from Chinese company Huawei, according to a Wall Street Journal report.
The move will ramp up pressure on GCSB Minister Andrew Little and Communications Minister Kris Faafoi to ban Huawei – as security agencies in the US and Australia have already recommended.
But Little indicates New Zealand will plot its own course, and that his government won’t interfere as Spark, Vodafone and 2degrees consider technology providers for their pending 5G upgrades.”
John P. Carlin / Politico:
Inside US law enforcement’s hunt for British ISIS hacker Junaid Hussain, who used Twitter and other tools for spreading online propaganda and recruiting — How a British hacker joined ISIS’s top ranks and launched a deadly global cyber plot. — This text is excerpted from the book Dawn of the Code War …
How a British hacker joined ISIS’s top ranks and launched a deadly global cyber plot.
For the first half of his digital life, the hacker operated with impunity, bragging in an interview that he was many steps ahead of the authorities: “One hundred percent certain they have nothing on me. I don’t exist to them, I’ve never used my real details online, I’ve never purchased anything. My real identity doesn’t exist online—and no, I don’t fear getting caught.”
By 2015, at age 21, he knew different—he was a marked man, hunted by the United States, the No. 3 leader of the Islamic State in Iraq and Syria (ISIS) on the government’s most wanted list.
Within the government, alarm bells rang daily, but we attempted to downplay the threat publicly. We didn’t want to elevate Hussain to another global figurehead like Osama bin Laden, standing for the twisted ideology of Islamic jihad.
We wouldn’t even really talk about him publicly until he was dead.
Hussain represented an online threat we long recognized would arrive someday—a tech-savvy terrorist who could use the tools of modern digital life to extend the reach of a terror group far beyond its physical location.
In the summer of 2015, he successfully executed one of the most global cyber plots we’d ever seen: A British terrorist of Pakistani descent, living in Syria, recruited a Kosovar hacker who was studying computer science in Malaysia, to enable attacks on American servicemen and women inside the United States.
Hussain’s path to becoming a cyber terrorist started with a simple motive: revenge.
Hussain to found a hacker group with seven friends; they called themselves TeaMp0isoN, hacker-speak for “Team Poison,” based on their old hacking forum p0ison.org. They became notorious in 2011 for their unique brand of “hacktivism,” defacing websites, often with pro-Palestine messages
Hussain—who originally went online by the moniker TriCk—said he started hacking at around age 11. He’d been playing a game online when another hacker knocked him offline. “I wanted revenge so I started googling around on how to hack,”
By 13, he found the game childish, and by 15, he “became political.”
TeaMp0isoN, hacker-speak for “Team Poison,” based on their old hacking forum p0ison.org. They became notorious in 2011 for their unique brand of “hacktivism,” defacing websites, often with pro-Palestine messages, and attacking online key websites such as BlackBerry and NATO and figures such as former Prime Minister Tony Blair—they hacked his personal assistant and then released his address book online. Hussain dismissed other “hacktivist” groups such as Anonymous, saying they symbolized the online equivalent of “peaceful protesting
His online exploits didn’t last long: By September 2012, he had been arrested and sentenced to six months in prison for the Blair stunt.
We knew that sooner or later terrorists would turn to the internet—the same principles that make the web great for insurgents and niche communities
The terrorists saw the possibilities, too: Al Qaeda even released a video comparing the vulnerabilities in computer network security to weak points in aviation security before 9/11.
Terrorism online presented a new twist—never before had the United States been involved in a conflict where the enemy could communicate from overseas directly with the American people.
Islamic extremism had mainly developed in countries with state-controlled media, such as Egypt and Saudi Arabia, so the movement naturally invested heavily in alternative means of communication from the beginning. “Core” al Qaeda relied primarily on in-person lectures and fundraising tours
a new, more tech-savvy generation who understood the power of images online
It didn’t take long before this new generation began to play a key role for al Qaeda.
When “al Qaeda in Iraq” split from “core” al Qaeda and evolved into the fighting force known as ISIS, the group’s leadership managed to dramatically evolve the multimedia efforts of other terror groups, particularly as use of social media such as Twitter exploded around the world. As ISIS advanced on Baghdad in 2014, social media showed photos of its black flag flying over the Iraqi capital, and the terrorist army tweeted 40,000 times in just a single day.
ISIS’s large and sophisticated propaganda arm understood how to command the public’s attention
Those horrific videos that came to be their global brand for most of the public represented only a small fraction of ISIS’s total’s multimedia efforts—most videos they produced flew below the world radar, focused instead on providing would-be jihadists an equally distorted view of how lovely it was to join the jihad and live in ISIS-controlled territory.
That approach turned out to be common: There simply weren’t regular people who woke up one morning, read a Twitter thread and decided then and there to kill Americans. There’s not one track to radicalization, and the web doesn’t provide some magical radicalization potion. Radicalization is a process, a journey, but online propaganda and dialogue drastically lowers the barriers and complications of recruiting would-be terrorists from far away. Terrorists overseas can communicate directly, intimately and in real time with kids in our basements, here.
These online radicals were also deeply challenging for law enforcement and intelligence agencies to identify.
Working among a dozen cyber jihad recruiters, Hussain and his fellow terrorists declared themselves the head of the CyberCaliphate in mid-2014 and applied some of his old TeaMp0isoN tactics to ISIS, defacing websites and seizing control of home pages and social media accounts. He played a constant cat-and-mouse game with Twitter
“Very soon carrying out 1st operation of Islamic State in North America,” Hussain responded quickly to make sure ISIS got the social media credit for the attack: “Can u make a video first?”
Inside the government, the tide seemed overwhelming.
It felt like we were just waiting for the next terrorist attack. Too often, it seemed like luck kept us safe—that we’d only discover a plot because a would-be terrorist spoke to the wrong person or because his device failed to work.
Throughout that year, we lived what amounted to tactical success but strategic failure—interdicting plots one by one, but failing to stem the tide of social media inspiration emanating from ISIS.
The summer of 2015 brought perhaps the most troubling case of all—a dangerous combination cybercrime and terrorism that revealed a new face of the global war on terror.
“NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”
It was a message I’d echo to businesses and organizations many times in the years to come: You need to report when your networks have been attacked because you never know how your intrusion, however seemingly minor, might impact a larger investigation. What to you might be a small inconvenience could, with broader intelligence, represent a terrorist, a global organized crime syndicate, or a foreign country’s sophisticated attack.
In court proceedings, Ferizi came off as a confused youth—like many of the would-be ISIS recruits we saw.
sentenced Ferizi to 20 years in prison
The Illinois Supreme Court on Tuesday heard its first-ever case on Illinois’ tough biometric privacy law, which imposes restrictions on the collection of things like retina scans and fingerprints.
At issue is whether people can sue just for having their information collected.
The story begins with an eighth-grade trip to Six Flags Great America.
In order to get a season pass to the amusement park, 14-year-old Alexander Rosenbach had his thumbprint scanned.
Family lawyer Phillip Bock argues that under Illinois’ biometric privacy law, that’s enough to sustain a lawsuit.
“You have a property right in your own personal biometrics,” Bock told the justices during oral arguments on Tuesday.
Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by.
The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn’t have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174.
GreyEnergy is an Advanced Persistent Threat (APT) which has been targeting industrial networks in Ukraine and other Eastern European countries for the past several years.
The firms, known for their Chrome and Firefox web browsers, are heading a group that is devising a way for users to save changes they make using web apps.
A group led by Google and Mozilla is working to make it easy to edit files using browser-based web apps but wants advice on how to guard against the “major” security and privacy risks.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
558 Comments
Tomi Engdahl says:
Who is tessa88? Security Researchers Believe They Know Hacker’s True Identity
https://www.securityweek.com/researchers-reveal-identity-hacker-behind-massive-data-breaches
Recorded Future security researchers believe they were able to correctly identify the individual who in 2016 leaked data stolen in high profile data breaches such as LinkedIn, Twitter, Tumblr, and others.
In early 2016, using various aliases, the individual posted on several underground forums, attempting to sell an extensive list of compromised, high-profile databases, such as LinkedIn, VKontakte, Yahoo, Yandex, Rambler, Myspace, Badoo, QIP, and Mobango.
Mostly known as tessa88, the hacker was banned from dark web communities within several months, and ceased all communication with both the media and the public.
Tomi Engdahl says:
Patches Released for Flaws Affecting Dell EMC, VMware Products
https://www.securityweek.com/patches-released-flaws-affecting-dell-emc-vmware-products
https://www.vmware.com/security/advisories/VMSA-2018-0029.html
Tomi Engdahl says:
Facebook Increases Rewards for Account Hacking Vulnerabilities
https://www.securityweek.com/facebook-increases-rewards-account-hacking-vulnerabilities
According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work.
Tomi Engdahl says:
Infamous Russian Hacking Group Used New Trojan in Recent Attacks
https://www.securityweek.com/infamous-russian-hacking-group-used-new-trojan-recent-attacks
A well known Russian state-sponsored cyber-espionage group has used a new Trojan as a secondary payload in recent attacks targeting government entities around the globe, Palo Alto Networks reports.
Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the Sofacy group is believed to have orchestrated the attacks targeting the 2016 presidential election in the United States.
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8757-espoolaislukiolaiset-loysivat-tietoturva-aukkoja
Espoolaiset lukiolaiset ovat löytäneet lukuisia tietoturvaongelmia Espoon eri nettipalveluista. Lukiolaiset löysivät muun muassa Espoon kehitysvaiheessa olevista järjestelmistä kaikkiaan seitsemän ongelmaa, joista osa liittyi käytettävyyteen ja osa oli selkeitä tietoturvahaavoittuvuuksia
Löydökset liittyvät loka-marraskuussa käynnissä olleeseen Hack with Espoo -nimiseen eettisen hakkeroinnin kurssiin
Tomi Engdahl says:
Käteisautomaatin hakkerointiin ei kulu kahvitaukoa kauempaa – Suomessakin syytä huoleen
https://www.tivi.fi/Kaikki_uutiset/kateisautomaatin-hakkerointiin-ei-kulu-kahvitaukoa-kauempaa-suomessakin-syyta-huoleen-6750192
Pankkien turvallisuuteen erikoistuneen Positive Technologiesin asiantuntijat testasivat NCR:n, Diebold Nixdorfin ja GRGBankingin valmistamia käteisautomaatteja, kirjoittaa ZDNet.
NCR:n ja Diebold Nixdorfin laitteita käytetään myös Suomessa Ottopisteiden automaatteina, ilmenee Oton verkkosivuilta.
Most ATMs can be hacked in under 20 minutes
Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking.
https://www.zdnet.com/article/most-atms-can-be-hacked-in-under-20-minutes/
An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks.
Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/tietoturvaekspertti-neuvoo-unohda-harvoin-kaytettavat-salasanat-6750202
Wianin neuvo on, että harvemmin käytettävät salasanat kannattaa suosiolla unohtaa, sillä ihmiset käyttävät niissä muistisääntöjä, jotka tekevät salasanoista haavoittuvaisia.
”Koko salasanojen ajatus lähtee siitä, että sen pitäisi olla käyttäjälle helppo mutta hakkeroijalle vaikea este. Minusta teknologia ei tue tätä, koska nykypäivän vaatimuksien vuoksi salasanat ovat usein vaikeita käyttää, mutta kyberrikollisille todella mitätön este.”
Wian onkin ilahtunut siitä, että monet verkkokaupat vaativatkin tilin luomista vasta, jos asiakas haluaa jälkikäteen tarkastaa ostoksiaan. Muuten kauppojen käyttäjätili on pitkälti täysin turha, ja vieläpä tietoturvan kannalta vaarallinen.
https://computersweden.idg.se/2.2683/1.710639/glom-losenord
Tomi Engdahl says:
Tietoturva on jokaisen vastuulla – tässä neljä tapaa pitää tärkeä data turvassa
https://www.tivi.fi/CIO/tietoturva-on-jokaisen-vastuulla-tassa-nelja-tapaa-pitaa-tarkea-data-turvassa-6750178
Four ways to secure sensitive data
https://www.itpro.co.uk/security/32397/four-ways-to-secure-sensitive-data
Read our tips to ensure that your business and customer data is kept as secure as possible
Keeping data safe has never been more critical for businesses, but implementing effective security can sometimes seem overwhelming, with a huge range of options.
There’s no silver bullet for guaranteeing security of your organisation’s data, but a layered approach, combining tools, practices and culture can make sure that as much has been done as possible.
Tomi Engdahl says:
Aurora / Zorro Ransomware Actively Being Distributed
https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/
A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past.
Tomi Engdahl says:
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
https://www.darkreading.com/attacks-breaches/russia-linked-group-resurfaces-with-large-scale-phishing-campaign/d/d-id/1333322
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Tomi Engdahl says:
DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers
https://www.imperva.com/blog/dirtycow-bug-drives-attackers-to-a-backdoor-in-vulnerable-drupal-web-servers/
In this post we’ll unpack a short — but no less serious — attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines.
https://www.wired.com/story/rowhammer-ecc-memory-data-hack/
Tomi Engdahl says:
Fancy Bear hacker crew Putin dirty RATs in Word documents emailed to govt orgs – report
Disguised as files about recent Lion Air crash, no less
https://www.theregister.co.uk/2018/11/21/apt_28_cannon_trojan_palo_alto/
Russian state-backed hacking crew Fancy Bear (aka APT28) is distributing malware-riddled files with a suggested link to the recent Lion Air crash in order to dupe government workers into downloading software nasties – and has developed a new remote-access trojan called Cannon, according to Palo Alto Networks.
Tomi Engdahl says:
Mirai Evolves From IoT Devices to Linux Servers
https://www.darkreading.com/attacks-breaches/mirai-evolves-from-iot-devices-to-linux-servers/d/d-id/1333329
Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel
servers.
Researchers from Netscout Alert have discovered what they believe are the first non-IoT versions of Mirai malware in the wild.
Tomi Engdahl says:
Amazon leaks users’ names and emails in ‘technical error’
https://www.theverge.com/2018/11/21/18106306/amazon-email-address-leak-technical-error-phishing
But it’s declined to share further details
Tomi Engdahl says:
How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
https://thehackernews.com/2018/11/apple-macos-zeroday.html
Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page.
Tomi Engdahl says:
Cookie Maker: Inside the Google Docs Malicious Network
https://www.fortinet.com/blog/threat-research/cookie-maker-inside-the-google-docs-malicious-network.html
FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.
In this article we analyze this malicious traffic workflow, as well as samples targeting the Windows platform. At the end of the article, we also analyze the attribution information to try and determine who is behind these attacks.
Tomi Engdahl says:
Four ways to secure sensitive data
https://www.itpro.co.uk/security/32397/four-ways-to-secure-sensitive-data
Prioritise encryption
Reinforce database protection
Separate out sensitive data
Build a culture of security
Tomi Engdahl says:
Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
https://thehackernews.com/2018/11/tessa88-russian-hacker.html
Tomi Engdahl says:
Flash News
TLDR; There’s a bug in Adobe Flash.
https://www.ragestorm.net/blogs/?p=421
The interpreter code of the Action Script Virtual Machine (AVM)
does not reset a with-scope pointer when an exception is caught,
leading later to a type confusion bug, and eventually to a remote code execution.
Tomi Engdahl says:
Russian hacker arrested in Bulgaria for ad fraud of over $7 million
https://www.zdnet.com/article/russian-hacker-arrested-in-bulgaria-for-ad-fraud-of-over-7-million/
Alexander Zhukov, a supposed hacker who went online by the name of “Nastra,” is currently fighting extradition to the US.
Tomi Engdahl says:
Emotet malware runs on a dual infrastructure to avoid downtime and takedowns
https://www.zdnet.com/article/emotet-malware-runs-on-a-dual-infrastructure-to-avoid-downtime-and-takedowns/
Researchers spot unique design in the server infrastructure propping up the Emotet malware.
Tomi Engdahl says:
Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you’re visiting
Yes, even the Tor browser can be spied on by this nasty code
https://www.theregister.co.uk/2018/11/21/unmasking_browsers_side_channels/
Special report Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting.
This information can be used to target adverts at you based on your interests, or otherwise work out the kind of stuff you’re into and collect it in safe-keeping for future reference.
Tomi Engdahl says:
USPS Site Exposed Data on 60 Million Users
https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
Tomi Engdahl says:
New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit
https://researchcenter.paloaltonetworks.com/2018/11/unit42-new-wine-old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/
Tomi Engdahl says:
What the #!/%* is that rogue Raspberry Pi doing plugged into my company’s server room, sysadmin despairs
Online sleuths dig into the case, with surprising success
https://www.theregister.co.uk/2018/11/20/rogue_raspberry_pi_reddit/
It’s every sysadmin’s worst nightmare: discovering that someone has planted a device in your network, among all your servers, and you have no idea where it came from nor what it does. What do you do?
Well, one IT manager at a college in Austria decided the best bet was to get on Reddit and see what the tech hive mind could figure out.
Tomi Engdahl says:
A little phishing knowledge may be a dangerous thing
Boffins find those who know about phishing more likely to be duped than the less informed
https://www.theregister.co.uk/2018/11/19/phishing_knowledge_dangerous/
Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a study of students at University of Maryland, Baltimore County suggests.
Citing IBM data suggesting human error is a factor in 95 per cent of security incidents, researchers from the school’s department of computer science and electrical engineering conducted a phishing test to assess the relationship between demographic factors and susceptibility to phishing.
Tomi Engdahl says:
Vision Direct ‘fesses up to hack that exposed customer names, payment cards
Data including CVV numbers slurped up as customers submitted it to website
https://www.theregister.co.uk/2018/11/19/vision_direct_fesses_up_to_hack_that_exposed_customer_names_and_payment_deets/
Vision Direct has admitted customers’ personal and financial data was leaked earlier this month after hackers compromised the company’s website.
Vision Direct stated on its website:
The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.
Tomi Engdahl says:
Easy Does It! A Timely Look Into Fraud TTPs in the Brazilian Financial Cybercrime Landscape
https://securityintelligence.com/easy-does-it-a-timely-look-into-fraud-ttps-in-the-brazilian-financial-cybercrime-landscape/
Financial cybercrime in Brazil is known as one of the most geospecific panoramas, where local cybercriminals attack local internet users. With close to 210 million residents in the country, criminals are in lavish turf. Some reports cite losses of nearly 70 billion Brazilian reals — which equates to about $18.6 billion — to fraud and online scams in 2017.
In following the evolution of cyber activity in Brazil, IBM Security sees this threat landscape as unique, where technical sophistication is neither the norm nor a requirement.
Tomi Engdahl says:
VEIL.AI enables the efficient use of sensitive data
https://www.helsinki.fi/en/news/data-science-news/veil.ai-enables-the-efficient-use-of-sensitive-data
The VEIL.AI service enables potentially sensitive individual-level information to be used in various research and development projects as well as commercial applications. VEIL.AI processes information without affecting the value of collected data sets, but ensuring that individuals can no longer be identified.
VEIL.AI uses artificial intelligence to speed up the computationally heavy processes required for de-identification.
Tomi Engdahl says:
How Hired Hackers Got “Complete Control” Of Palantir
https://www.buzzfeednews.com/amphtml/williamalden/how-hired-hackers-got-complete-control-of-palantir?__twitter_impression=true
Palantir hired a cybersecurity firm last year to test its digital defenses. A confidential report shows how the pro hackers were able to dominate the tech company’s network.
Tomi Engdahl says:
Chinese facial recognition system confuses bus ad for jaywalker
https://www.techspot.com/news/77546-chinese-facial-recognition-system-confuses-face-bus-ad.html
The famous businesswoman was named and shamed
Facepalm: China is well known for embracing facial recognition tech to catch lawbreakers, but these systems don’t always get it right. Earlier this week, one camera captured the image of a famous businesswoman and publicly shamed her, but she wasn’t even there at the time.
The camera had seen her face on the side of a bus advertisement for Gree Electric and mistakenly thought she was crossing during a red light.
Whenever the system identifies jaywalkers, it posts their photo onto a large public screen to ‘name and shame’ the perpetrators. It showed Dong’s face and name, though it incorrectly spelled her surname
Ningbo’s traffic police wrote on Chinese microblogging site Weibo that the system had made a mistake and all record of the violation was being deleted.
We’ve heard reports of China using facial recognition in several ways, from analyzing students’ emotions in schools to scanning for suspects via special glasses. Back in April, the system reportedly identified a suspected criminal from a crowd of 50,000 people
Tomi Engdahl says:
Proposed Law Would Require Pistol Permit Applicants To Go Through A “Social Media Review”
http://concealednation.org/2018/11/proposed-law-would-require-pistol-permit-applicants-to-go-through-a-social-media-review/
Never underestimate the power of the internet, and how a governing body could one day use it to see what you’ve been up to and what your behavior looks like. Remember; The Internet Is Forever.
If certain lawmakers get their way in New York, they’ll successfully pass a bill that would require all persons, looking to obtain a pistol permit, go through a ‘social media review’ in which their various online activities would be checked.
The law would require applicants to hand over their login information for sites such as Facebook, so that a thorough search could be conducted. Talk about invasion of privacy.
Proposed law would let State search gun owner’s social media and internet history
https://www.rochesterfirst.com/news/local-news/proposed-law-would-let-state-search-gun-owner-s-social-media-and-internet-history/1610876946
Posts from the past three years on site like Facebook, Twitter and Snapchat would be reviewed for language containing slurs, racial/gender bias, threats and terrorism.
One year of search history on Google/Yahoo/Bing would also be reviewed.
Tomi Engdahl says:
Gun Bill To Require Buyers To Hand Over Social Media Passwords & Search History
https://www.zerohedge.com/news/2018-11-23/gun-bill-require-buyers-hand-over-social-media-passwords-search-history
“There should be more restrictions on how guns are purchased. We should have more background checks,” Paul McQuillen, director of the Buffalo chapter of New Yorkers Against Gun Violence, told WKBW.
James Tresmond, a gun rights lawyer, told the local NY station that the bill would violate multiple constitutional rights.
Some are arguing that the subjective nature of the bill is highly concerning.
The bill is currently in committee
Tomi Engdahl says:
Amazon Teams Up With Government to Deploy Dangerous New Facial Recognition Technology
http://concealednation.org/2018/11/proposed-law-would-require-pistol-permit-applicants-to-go-through-a-social-media-review/
Amazon, which got its start selling books and still bills itself as “Earth’s most customer-centric company,” has officially entered the surveillance business.
The company has developed a powerful and dangerous new facial recognition system and is actively helping governments deploy it. Amazon calls the service “Rekognition.”
Tomi Engdahl says:
China blacklists millions of people from booking flights as ‘social credit’ system introduced
https://www.independent.co.uk/news/world/asia/china-social-credit-system-flight-booking-blacklisted-beijing-points-a8646316.html
Officials say aim is to make it ‘difficult to move’ for those deemed ‘untrustworthy’
Tomi Engdahl says:
Man hacked into Silicon Valley execs’ phones to steal cryptocurrency: cops
https://nypost.com/2018/11/20/man-hacked-into-silicon-valley-execs-phones-to-steal-cryptocurrency-cops/
He’s the Billy the Kid of bitcoin.
Twenty-one-year-old Manhattan con man Nicholas Truglia hacked into the phones of Silicon Valley bigwigs to try to steal their cryptocurrency — and in one instance, pulled it off, authorities said Tuesday.
“It’s a new way of doing an old crime,” said deputy DA Erin West of Santa Clara Superior Court to The Post. “It’s a pervasive problem, and it involves millions of dollars.”
Tomi Engdahl says:
Your Credit Score Isn’t a Reflection of Your Moral Character
https://slate.com/technology/2018/11/dhs-credit-scores-legal-resident-assessment.html
But the Department of Homeland Security seems to think it is.
What kind of person racks up debts and doesn’t pay them? Your credit score is an attempt to answer this question. These important three-digit numbers summarize our statistical risk for lenders. The allure of the credit score is its clarity: It cuts through appearances and converts our messy lives into an easily readable metric.
But the U.S. Department of Homeland Security wants to use credit scores for an entirely different purpose, one they were never built for and are not suited for. The agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status.
Setting aside the proposal’s moral abdication when it comes to the needy, we should be troubled by another injustice: its abuse of personal metrics.
The proposal’s “totality of circumstances” framework offers few specifics as to exactly how credit scores would figure into immigration decisions.
Tomi Engdahl says:
US asks allies to drop Huawei, but Little asserts independence
https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12165136
The US government has initiated an extraordinary outreach campaign to foreign allies, trying to persuade wireless and internet providers in these countries to avoid telecommunications equipment from Chinese company Huawei, according to a Wall Street Journal report.
The move will ramp up pressure on GCSB Minister Andrew Little and Communications Minister Kris Faafoi to ban Huawei – as security agencies in the US and Australia have already recommended.
But Little indicates New Zealand will plot its own course, and that his government won’t interfere as Spark, Vodafone and 2degrees consider technology providers for their pending 5G upgrades.”
Tomi Engdahl says:
Kids’ toys are the latest battleground in the online privacy wars
https://www.vox.com/the-goods/2018/11/21/18106917/kids-holiday-gifts-connected-toys
A consumer report sheds light on security risks associated with kids’ toys, including a popular Amazon tablet.
Tomi Engdahl says:
Gift Guide: The best security and privacy tech to keep your friends safe
https://techcrunch.com/2018/11/09/gift-guide-best-security-privacy-tech/?utm_source=tcfbpage&sr_share=facebook
Tomi Engdahl says:
CELLULAR INTERCEPTION
Ability can intercept GSM, UMTS, LTE and CDMA networks.
http://www.interceptors.com/cellular-interception/
Tomi Engdahl says:
Alarm over talks to implant UK employees with microchips
https://www.theguardian.com/technology/2018/nov/11/alarm-over-talks-to-implant-uk-employees-with-microchips
Trades Union Congress concerned over tech being used to control and micromanage
Tomi Engdahl says:
John P. Carlin / Politico:
Inside US law enforcement’s hunt for British ISIS hacker Junaid Hussain, who used Twitter and other tools for spreading online propaganda and recruiting — How a British hacker joined ISIS’s top ranks and launched a deadly global cyber plot. — This text is excerpted from the book Dawn of the Code War …
Inside the Hunt for the World’s Most Dangerous Terrorist
https://www.politico.com/magazine/story/2018/11/21/junaid-hussain-most-dangerous-terrorist-cyber-hacking-222643
How a British hacker joined ISIS’s top ranks and launched a deadly global cyber plot.
For the first half of his digital life, the hacker operated with impunity, bragging in an interview that he was many steps ahead of the authorities: “One hundred percent certain they have nothing on me. I don’t exist to them, I’ve never used my real details online, I’ve never purchased anything. My real identity doesn’t exist online—and no, I don’t fear getting caught.”
By 2015, at age 21, he knew different—he was a marked man, hunted by the United States, the No. 3 leader of the Islamic State in Iraq and Syria (ISIS) on the government’s most wanted list.
Within the government, alarm bells rang daily, but we attempted to downplay the threat publicly. We didn’t want to elevate Hussain to another global figurehead like Osama bin Laden, standing for the twisted ideology of Islamic jihad.
We wouldn’t even really talk about him publicly until he was dead.
Hussain represented an online threat we long recognized would arrive someday—a tech-savvy terrorist who could use the tools of modern digital life to extend the reach of a terror group far beyond its physical location.
In the summer of 2015, he successfully executed one of the most global cyber plots we’d ever seen: A British terrorist of Pakistani descent, living in Syria, recruited a Kosovar hacker who was studying computer science in Malaysia, to enable attacks on American servicemen and women inside the United States.
Hussain’s path to becoming a cyber terrorist started with a simple motive: revenge.
Hussain to found a hacker group with seven friends; they called themselves TeaMp0isoN, hacker-speak for “Team Poison,” based on their old hacking forum p0ison.org. They became notorious in 2011 for their unique brand of “hacktivism,” defacing websites, often with pro-Palestine messages
Hussain—who originally went online by the moniker TriCk—said he started hacking at around age 11. He’d been playing a game online when another hacker knocked him offline. “I wanted revenge so I started googling around on how to hack,”
By 13, he found the game childish, and by 15, he “became political.”
TeaMp0isoN, hacker-speak for “Team Poison,” based on their old hacking forum p0ison.org. They became notorious in 2011 for their unique brand of “hacktivism,” defacing websites, often with pro-Palestine messages, and attacking online key websites such as BlackBerry and NATO and figures such as former Prime Minister Tony Blair—they hacked his personal assistant and then released his address book online. Hussain dismissed other “hacktivist” groups such as Anonymous, saying they symbolized the online equivalent of “peaceful protesting
His online exploits didn’t last long: By September 2012, he had been arrested and sentenced to six months in prison for the Blair stunt.
We knew that sooner or later terrorists would turn to the internet—the same principles that make the web great for insurgents and niche communities
The terrorists saw the possibilities, too: Al Qaeda even released a video comparing the vulnerabilities in computer network security to weak points in aviation security before 9/11.
Terrorism online presented a new twist—never before had the United States been involved in a conflict where the enemy could communicate from overseas directly with the American people.
Islamic extremism had mainly developed in countries with state-controlled media, such as Egypt and Saudi Arabia, so the movement naturally invested heavily in alternative means of communication from the beginning. “Core” al Qaeda relied primarily on in-person lectures and fundraising tours
a new, more tech-savvy generation who understood the power of images online
It didn’t take long before this new generation began to play a key role for al Qaeda.
When “al Qaeda in Iraq” split from “core” al Qaeda and evolved into the fighting force known as ISIS, the group’s leadership managed to dramatically evolve the multimedia efforts of other terror groups, particularly as use of social media such as Twitter exploded around the world. As ISIS advanced on Baghdad in 2014, social media showed photos of its black flag flying over the Iraqi capital, and the terrorist army tweeted 40,000 times in just a single day.
ISIS’s large and sophisticated propaganda arm understood how to command the public’s attention
Those horrific videos that came to be their global brand for most of the public represented only a small fraction of ISIS’s total’s multimedia efforts—most videos they produced flew below the world radar, focused instead on providing would-be jihadists an equally distorted view of how lovely it was to join the jihad and live in ISIS-controlled territory.
That approach turned out to be common: There simply weren’t regular people who woke up one morning, read a Twitter thread and decided then and there to kill Americans. There’s not one track to radicalization, and the web doesn’t provide some magical radicalization potion. Radicalization is a process, a journey, but online propaganda and dialogue drastically lowers the barriers and complications of recruiting would-be terrorists from far away. Terrorists overseas can communicate directly, intimately and in real time with kids in our basements, here.
These online radicals were also deeply challenging for law enforcement and intelligence agencies to identify.
Working among a dozen cyber jihad recruiters, Hussain and his fellow terrorists declared themselves the head of the CyberCaliphate in mid-2014 and applied some of his old TeaMp0isoN tactics to ISIS, defacing websites and seizing control of home pages and social media accounts. He played a constant cat-and-mouse game with Twitter
“Very soon carrying out 1st operation of Islamic State in North America,” Hussain responded quickly to make sure ISIS got the social media credit for the attack: “Can u make a video first?”
Inside the government, the tide seemed overwhelming.
It felt like we were just waiting for the next terrorist attack. Too often, it seemed like luck kept us safe—that we’d only discover a plot because a would-be terrorist spoke to the wrong person or because his device failed to work.
Throughout that year, we lived what amounted to tactical success but strategic failure—interdicting plots one by one, but failing to stem the tide of social media inspiration emanating from ISIS.
The summer of 2015 brought perhaps the most troubling case of all—a dangerous combination cybercrime and terrorism that revealed a new face of the global war on terror.
“NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”
It was a message I’d echo to businesses and organizations many times in the years to come: You need to report when your networks have been attacked because you never know how your intrusion, however seemingly minor, might impact a larger investigation. What to you might be a small inconvenience could, with broader intelligence, represent a terrorist, a global organized crime syndicate, or a foreign country’s sophisticated attack.
In court proceedings, Ferizi came off as a confused youth—like many of the would-be ISIS recruits we saw.
sentenced Ferizi to 20 years in prison
Tomi Engdahl says:
Illinois Supreme Court Asked To Limit Lawsuits Over Biometric Privacy Violations
http://www.nprillinois.org/post/illinois-supreme-court-asked-limit-lawsuits-over-biometric-privacy-violations#stream/0
The Illinois Supreme Court on Tuesday heard its first-ever case on Illinois’ tough biometric privacy law, which imposes restrictions on the collection of things like retina scans and fingerprints.
At issue is whether people can sue just for having their information collected.
The story begins with an eighth-grade trip to Six Flags Great America.
In order to get a season pass to the amusement park, 14-year-old Alexander Rosenbach had his thumbprint scanned.
Family lawyer Phillip Bock argues that under Illinois’ biometric privacy law, that’s enough to sustain a lawsuit.
“You have a property right in your own personal biometrics,” Bock told the justices during oral arguments on Tuesday.
Tomi Engdahl says:
Technical foul: Amazon suffers data snafu days before Black Friday, emails world+dog
$1tn biz doesn’t answer very basic questions – like how or why it happened
https://www.theregister.co.uk/2018/11/21/amazon_data_breach/
Tomi Engdahl says:
New Linux crypto-miner steals your root password and disables your antivirus
Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks.
https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/
Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by.
The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn’t have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174.
Tomi Engdahl says:
Analyzing the GreyEnergy Malware: from Maldoc to Backdoor
https://www.nozominetworks.com/2018/11/20/blog/analyzing-the-greyenergy-malware-from-maldoc-to-backdoor/
GreyEnergy is an Advanced Persistent Threat (APT) which has been targeting industrial networks in Ukraine and other Eastern European countries for the past several years.
https://www.nozominetworks.com/2018/10/29/blog/greyenergy-malware-targets-industrial-critical-infrastructure/
Tomi Engdahl says:
Google, Mozilla working on letting web apps edit files despite warning it could be ‘abused in terrible ways’
https://www.techrepublic.com/article/google-mozilla-working-on-letting-web-apps-edit-files-despite-warning-it-could-be-abused-in-terrible/
The firms, known for their Chrome and Firefox web browsers, are heading a group that is devising a way for users to save changes they make using web apps.
A group led by Google and Mozilla is working to make it easy to edit files using browser-based web apps but wants advice on how to guard against the “major” security and privacy risks.
Tomi Engdahl says:
Apache Hadoop spins cracking code injection vulnerability YARN
Loose .zips sink chips 2: Electric Boogaloo
https://www.theregister.co.uk/2018/11/23/apache_hadoop_yarn_zip_slip_vulnerability/
Tomi Engdahl says:
https://www.hackread.com/l0rdix-dark-web-malware-steals-data-mines-crypto-botnet/