This posting is here to collect cyber security news in August 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
240 Comments
Tomi Engdahl says:
Researchers Can Duplicate Keys from the Sounds They Make in Locks
https://kottke.org/20/08/researchers-can-duplicate-keys-from-the-sounds-they-make-in-locks
Researchers have demonstrated that they can make a working 3D-printed copy of a key just by listening to how the key sounds when inserted into a lock. And you don’t need a fancy mic — a smartphone or smart doorbell will do nicely if you can get it close enough to the lock.
Tomi Engdahl says:
Secret Service reportedly paid to access phone location data
https://www.cnet.com/news/secret-service-reportedly-paid-to-access-to-phone-location-data/
The agency purchased Locate X, a product that uses data gathered by apps to track device locations, according to Motherboard.
Tomi Engdahl says:
Cops Are Buying Your Social Media Location Data Without a Warrant
https://futurism.com/the-byte/cops-buying-social-media-location-data-without-warrant
A shocking number of apps on your phone, ranging from sports to weather, are probably quietly selling your location data to the highest bidder. And according to documents obtained by Motherboard, that bidder is sometimes federal law enforcement.
The Secret Service paid millions of dollars to a company called Babel Street for its “Locate X” product, which tracks mobile devices using location data scraped from a number of apps, according to the documents. And because the agency is buying the data rather than obtaining it through the courts, it can do so without a warrant.
Tomi Engdahl says:
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
https://thehackernews.com/2020/08/p2p-botnet-malware.html
Cybersecurity researchers today took the wraps off a sophisticated,
multi-functional peer-to-peer (P2P) botnet written in Golang that has
been actively targeting SSH servers since January 2020.. Called
“FritzFrog,” the modular, multi-threaded and file-less botnet has
breached more than 500 servers to date, infecting well-known
universities in the US and Europe, and a railway company, according to
a report released by Guardicore Labs today.. see also
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Tomi Engdahl says:
Unohtuneista salasanoista kertyy lihava lasku työnantajille:
sairaanhoitopiirille jopa 200 000 euroa vuodessa
https://yle.fi/uutiset/3-11499841
Salasanoihin liittyviä puheluja ja palvelupyyntöjä tulee eniten
lomakausien jälkeen, eli elokuussa ja tammikuussa.
Tomi Engdahl says:
Pretty wild that a malicious mailto: link might attach your secret
keys and files from your PC to an outgoing message
https://www.theregister.com/2020/08/19/openpgp_smime_email_client_mailto_flaws/
Some OpenPGP, S/MIME-capable email clients vulnerable to attack
Tomi Engdahl says:
WannaRen ransomware author contacts security firm to share decryption
key
https://www.zdnet.com/article/wannaren-ransomware-author-contacts-security-firm-to-share-decryption-key/
A major ransomware outbreak hit Chinese internet users earlier this
year in April. For about a week, a ransomware strain known as WannaRen
made tens of thousands of victims among both home consumers and local
Chinese and Taiwanese companies.
Tomi Engdahl says:
Voice Phishers Targeting Corporate VPNs
https://krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/
The COVID-19 epidemic has brought a wave of email phishing attacks
that try to trick work-at-home employees into giving away credentials
needed to remotely access their employers networks. . But one
increasingly brazen group of crooks is taking your standard phishing
attack to the next level, marketing a voice phishing service that uses
a combination of one-on-one phone calls and custom phishing sites to
steal VPN credentials from employees.
Tomi Engdahl says:
Tens of suspects arrested for cashing-out Santander ATMs using
software glitch
https://www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/
Santander says it fixed the ATM software glitch that was exploited
this week across the tri-state area.
Feasycom_Bluetooth says:
I think you need help, the following link can help you, is my summary for a long time
PRODUCTS:
Bluetooth Module
WiFi Module
Bluetooth Beacon
Bluetooth Adapter
Feasycom_Bluetooth says:
DA14531 FSC-BP108 | IP67 Waterproof Bluetooth Beacon
SOURCE FROM :https://www.feasycom.com/product-DA14531-IP67-Waterproof-Bluetooth-Beacon-FSC-BP108.html
Basic Parameter
FSC-BP108 is an innovative IP67 Waterproof Bluetooth Beacon with Bluetooth 5.1 specifications, it simultaneously supports iBeacon, Eddystone (e.g. URL, UID, TLM), AltBeacon for broadcasting and provides the ability to advertise up to 10 slots of advertising frames.
Item Description
Chipset DA14531
Bluetooth Version Bluetooth 5.1
TX power -19.5 dBm to +2.5 dBm
Antenna Ceramic antenna
Power Supply CR3032
Battery Life 6 Years (ADV Interval = 1300 ms; TX Power = 0 dBm)
Material ABS plastic
Color White or customized
Size 48(L)mm x 37(W)mm x 7.8(H) mm
Net weight 15 g
Protection IP67
Operating temperature -20°C to +60°C
Features:
*IP67 Waterproof
*Bluetooth Beacon with design patent
*Bluetooth 5.1 Compliant
*Pre-programmed with Feasycom Standard Beacon Firmware
*Up to 10 slots of Advertising Frames
*Portable Smart Beacon with 6 Years Battery Life (At most)
*Configurable by Free FeasyBeacon Mobile App and SDK
*Customizable Color, Logo, Hardware, Software
Applications:
*Asset Tracking
*Pet Locating
*Advertising
*Proximity Marketing
Feasycom Provides:
*Free Beacon Configuring APP in Goole Play & APP Store(FeasyBeacon)
*Firmware, APP, Cloud SDK is avialable
*Pre-configure UUID, Major, Minor and etc before the shipment.
*Software, Hardware, Mold, Package can be customized
*Global Service and Technical Support
Feasycom_Bluetooth says:
FSC-BP119 | 100m USB Bluetooth Dongle Adapter
SOURCE FROM : https://www.feasycom.com/product-100m-usb-bluetooth-dongle.html
Basic Parameter
CSR 4.0 100m wireless USB Bluetooth Dongle Bluetooth Adapter compatible with Windows 10 8.1 8 7 XP vista
Product details
– This USB Bluetooth adapter adopt BT 4.0version, max transmission rate up to 3Mbps, give you high quality music and data transmission experience with no packet loss or data delay.
– Transmission range can reach to 100m in open space. Make your non-Bluetooth devices connectible and narrow the connected distance and enable you move freely.
– High Compatibility for windows 10/8/7, XP, Vista 32bit/64bit, with unique free CSR Harmony Wireless Software Stack drive, makes your device functional to connect with Bluetooth speakers, headphones, headsets, keyboards, mouse etc.
– Multiple devices connect supported at once. Enable you to work with multiple devices, save your time greatly and reduce steps for using it separately.
– Energy efficient, 12 month Worry Free Warranty, step-by-step instruction and 24-hour technical support. Please feel free to contact us via our site http://www.feasycom.com.
Product preview
* Plug and Play
* Support Hardware and Firmware Design
* Up to 3 Mbps data transfer rate with Enhanced Data Rate (EDR) support;
* CSR8510A chipset up to 100m long operation range USB dongle;
* Compatible with 32/64 bit windows 10/8/7/vista / 2000 /XP
Tomi Engdahl says:
https://www.securityweek.com/ongoing-campaign-uses-html-smuggling-malware-delivery
Tomi Engdahl says:
Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government
https://threatpost.com/transparent-tribe-ongoing-spy-campaign-military-government/158515/
The group has added a management console and a USB worming function to its main malware, Crimson RAT.
The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world. The effort features a worm that can propagate from machine to machine while stealing files from USB removable drives.
Tomi Engdahl says:
IBM Finds Flaw in Millions of Thales Wireless IoT Modules >
IBM Finds Flaw in Millions of Thales Wireless IoT Modules
Insulin Pumps Could Be Manipulated and Smart Meters Could Be Wrecked, IBM Warns
https://www.govinfosecurity.com/ibm-finds-flaw-in-millions-thales-wireless-iot-modules-a-14858
A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including smart meters and insulin pumps. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.
On Wednesday, IBM’s X-Force Red team revealed the vulnerability, CVE-2020-15858, which it found last September in Thales’ Cinterion EHS8 M2M modules. The flaw is also in related products, including the BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81 and PLS62 modules. The modules are used in devices in a variety of industries, including healthcare, automotive, energy and telecommunications.
The modules, which IBM describes as mini circuit boards, enable 3G or 4G connectivity, but also store secrets such as passwords, credentials and code, according to Adam Laurie, X-Force Red’s lead hardware hacker, and Grzegorz Wypych, senior security consultant, who wrote a blog post.
“This vulnerability could enable attackers to compromise millions of devices and access the networks or VPNs supporting those devices by pivoting onto the provider’s backend network,” Laurie and Wypych write. “In turn, intellectual property, credentials, passwords and encryption keys could all be readily available to an attacker.”
Full Read, Write Access
The modules run microprocessors with an embedded Java ME interpreter and use flash storage. Also, there are Java “midlets” that allow for customization. One of those midlets copies custom Java code added by an OEM to a secure part of the flash memory, which should only be in write mode so that code can be written there but not read back.
“This way, an OEM’s private Java code containing their IP, as well as any security related files such as PKI keys or certificates and application related databases are secured against theft by third parties,” IBM says.
“This vulnerability could enable attackers to compromise millions of devices and access the networks or VPNs supporting those devices by pivoting onto the provider’s backend network. In turn, intellectual property, credentials, passwords and encryption keys could all be readily available to an attacker.”
—IBM X-Force Red
“Using information stolen from the modules, malicious actors can potentially control a device or gain access to the central control network to conduct widespread attacks – even remotely via 3G in some cases,” IBM says.
The possibilities for attack are sweeping: Smart meters could be wrecked or an insulin pump could be manipulated to overdose a patient, according to the researchers. Because Java code can be easily reversed, it would also be possible to clone a device or modify its functionality, they write.
The patch can be installed either over the air or via USB, IBM says. But it might not be completely straightforward.
“The patching process for this vulnerability is completely dependent on the manufacturer of the device and its capabilities – for example, whether the device has access to the internet could make it complicated to work with,”
Tomi Engdahl says:
Former Uber Security Chief Charged Over Covering Up 2016 Hack That Affected 57 Million Accounts
https://www.forbes.com/sites/mattperez/2020/08/20/former-uber-security-chief-charged-over-covering-up-2016-hack-that-affected-57-million-accounts/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
Uber’s former chief security officer Joseph Sullivan, 52, was charged by federal prosecutors on Thursday with obstruction of justice and failing to inform authorities of a felony in covering up a 2016 hack at the ride-sharing company, in what may be the first criminal charges leveled at an executive over their response to a data breach.
The 2016 hack became public knowledge in 2017 and involved 57 million customer and driver accounts, including compromising drivers’ license numbers for around 600,000 drivers.
Tomi Engdahl says:
Anonymous Hacks Syrian President; His Password Was 12345
https://www.tomshardware.com/news/Anonymous-Syrian-president-email-password-leaked-hacked,14663.html?fbclid=IwAR07FtExqhfiWK41Ala3PV_iB-g1mzxFt5cX8dgjVwpzqh9KLDs2pBCUdkc
Tomi Engdahl says:
Over 70 Republican National Security Officials Endorse Biden, Deem Trump ‘Dangerously Unfit’ For President
https://www.forbes.com/sites/jemimamcevoy/2020/08/20/over-70-republican-national-security-officials-endorse-biden-deem-trump-dangerously-unfit-for-president/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
A group of 73 former U.S. National Security officials who served under GOP administrations, including former CIA and FBI chiefs, endorsed Democratic nominee Joe Biden in a joint statement on Thursday, joining the growing number of prominent Republicans to depart from their party for the 2020 election.
Tomi Engdahl says:
Thanks for the memories… now pay up or else: Maze ransomware crew
claims to have hacked SK hynix, leaks ’5% of stolen files’
https://www.theregister.com/2020/08/20/maze_crew_sk_hynix/
The Maze hacker gang claims it has infected computer memory maker SK
hynix with ransomware and leaked some of the files it stole.
Tomi Engdahl says:
Default Credentials Expose Cisco ENCS, CSP Appliances to Attacks
https://www.securityweek.com/default-credentials-expose-cisco-encs-csp-appliances-attacks
Cisco informed customers on Wednesday that it has patched a critical default credentials vulnerability affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances.
Tomi Engdahl says:
U.S. Details North Korean Malware Used in Attacks on Defense Organizations
https://www.securityweek.com/us-details-north-korean-malware-used-attacks-defense-organizations
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries.
Dubbed BLINDINGCAN, the malware was apparently used in “Dream Job,” a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.
Tomi Engdahl says:
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
Tomi Engdahl says:
https://futurism.com/the-byte/cops-buying-social-media-location-data-without-warrant
Tomi Engdahl says:
https://www.bloomberg.com/news/articles/2020-08-18/putin-ordered-2016-democratic-hack-bipartisan-senate-panel-says
Tomi Engdahl says:
NSA and FBI make public ‘Drovorub,’ a sophisticated hacking tool used by Russian intel
https://taskandpurpose.com/news/nsa-fbi-russian-intel-hacking-tool
NSA discloses new Russian-made Drovorub malware targeting Linux
https://www.bleepingcomputer.com/news/security/nsa-discloses-new-russian-made-drovorub-malware-targeting-linux/
Tomi Engdahl says:
https://artkond.com/2017/03/23/pivoting-guide/
Tomi Engdahl says:
https://www.kitploit.com/2020/08/pe-tree-python-module-for-viewing.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+PentestTools+(PenTest+Tools)&m=1
Tomi Engdahl says:
Ettercap and Middle-attacks Tutorial
https://pentestmag.com/ettercap-tutorial-for-windows/
#pentest #magazine #pentestmag #pentestblog #PTblog #Ettercap #middleattack #tutorial #tool #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Running Python in your downloads folder can be used as an attack vector
Never Run ‘python’ In Your Downloads Folder
https://glyph.twistedmatrix.com/2020/08/never-run-python-in-your-downloads-folder.html
Python can execute code. Make sure it executes only the code you want it to.
Tomi Engdahl says:
https://www.cbsnews.com/news/russian-hackers-2016-election-democratic-congressional-campaign-committee-60-minutes-2020-08-23/?ftag=CNM-00-10aab5j&linkId=97930500
Tomi Engdahl says:
Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme
https://www.zdnet.com/article/top-exploits-used-by-ransomware-gangs-are-vpn-bugs-but-rdp-still-reigns-supreme/
While some ransomware groups have heavily targeted Citrix and Pulse Secure VPNs to breach corporate networks in H1 2020, most ransomware attacks take place because of compromised RDP endpoints.
Tomi Engdahl says:
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
https://thehackernews.com/2020/08/p2p-botnet-malware.html
Tomi Engdahl says:
NSA and FBI warn that new Linux malware threatens national security
Previously unknown Drovorub is being used by advanced hacking group APT 28.
https://arstechnica.com/information-technology/2020/08/nsa-and-fbi-warn-that-new-linux-malware-threatens-national-security/
Tomi Engdahl says:
FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers
The FBI and NSA issue joint security alert containing technical details about new Linux malware developed by Russia’s military hackers.
https://www.zdnet.com/article/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers/
Tomi Engdahl says:
This NSA, FBI security advisory has four words you never want to see together: Fancy Bear Linux rootkit
From Russia, with love
https://www.theregister.com/2020/08/13/drovorub_nsa_fbi/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/nsa-discloses-new-russian-made-drovorub-malware-targeting-linux/
Tomi Engdahl says:
Chinese-Made Smartphones Are Secretly Stealing Money From People Around The World
https://www.buzzfeednews.com/article/craigsilverman/cheap-chinese-smartphones-malware
Preinstalled malware on low-cost Chinese phones has stolen data and money from some of the world’s poorest people.
Tomi Engdahl says:
https://threatpost.com/the-sounds-a-key-make-can-produce-3d-printed-replica/158457/
Tomi Engdahl says:
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/
Tomi Engdahl says:
China now blocking ESNI-enabled TLS 1.3 connections, say Great-Firewall-watchers
And needs a very blunt instrument to do the job, because the protocol works as planned
https://www.theregister.com/2020/08/11/china_blocking_tls_1_3_esni/
Tomi Engdahl says:
CBP Now Has a Massive Searchable Database for Devices Seized at the Border
https://www.vice.com/en_us/article/v7gjay/cbp-now-has-a-massive-searchable-database-for-devices-seized-at-the-border?utm_content=1598297153&utm_medium=social&utm_source=MOTHERBOARD_facebook
The US border agency will be able to sift through data extracted from travelers’ laptops and cellphones for up to 75 years.
Tomi Engdahl says:
Fears Grow of Exit Scam as the Biggest Darknet Empire Market Goes Offline For More than 72 Hours
https://www.darknetstats.com/fears-grow-of-exit-scam-as-the-biggest-darknet-empire-market-goes-offline-for-more-than-72-hours/
Panic has gripped Dark web after Empire Market went offline for more than 3 days without any explanation from admins about the downtime.
Tomi Engdahl says:
Malicious Chinese SDK In 1,200 iOS Apps With Billions Of Installs Causing ‘Major Privacy Concerns To Hundreds Of Millions Of Consumers’
https://www.forbes.com/sites/johnkoetsier/2020/08/24/malicious-chinese-sdk-in-1200-ios-apps-with-billions-of-installs-causing-major-privacy-concerns-to-hundreds-of-millions-of-consumers
A Chinese ad network named Mintegral is accused of spying on user activity and committing ad fraud in more than 1,200 apps with 300 million installs per month since July 2019. Mintegral is headquartered in Beijing, China, and is owned by another Chinese ad network, Mobvista, which has a head office in Guangzhou, China.
One of the apps, Helix Jump, has over 500 million total installs. Other popular apps that are impacted include Talking Tom, PicsArt, Subway Surfers and Gardenscapes.
All together, this likely impacts billions of total app installs on iPhone and iPad.
Tomi Engdahl says:
Microsoft Removes Option to Disable Windows Defender Antivirus
https://www.extremetech.com/computing/314144-microsoft-removes-option-to-disable-windows-defender-antivirus
In the latest Windows 10 builds, Microsoft has taken things to their logical conclusion by removing the option to disable Defender entirely. Microsoft regularly takes flak for removing customization options in Windows, but this change actually makes some sense.
In Windows 10, there was never an “easy” way to disable Defender. Those who really wanted to shut off the Windows antivirus could do so by digging around in the registry to modify the “DisableAntiSpyware” key. As Microsoft points out, it put this key in Windows so system builders and IT professionals could turn off Defender in order to deploy a different AV program by itself. Naturally, some personal users turned to this feature to turn off Microsoft’s AV program.
According to Microsoft, it removed the registry key because it’s no longer needed for its intended purpose. Windows 10 can now detect when there’s another antivirus program running and disables itself. So, this essentially prevents you from running Windows without an AV solution. You’ll just have to hope that Defender turns itself off correctly to avoid the stability issues that can come from running two security suites.
Tomi Engdahl says:
DDoS downs New Zealand stock exchange for third consecutive day
So much for NZ as the last refuge of civilisation
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
New Zealand’s stock exchange (NZX) has closed for a third day thanks to a distributed denial-of-service (DDoS) attack.
The exact nature of the incident is not known: an NZX spokesperson told The Register that “network connectivity issues relating to DDoS cybersecurity attacks”
Local media suggest that the Exchange’s web site is the target of the attack, rather than its core trading systems. However the Exchange has shut down trading because if the website is down it prevents market-moving company information reaching investors.
New Zealand telecommunications concern Spark, which provides network services to the NZX, said that late on Tuesday it had identified and mitigated a DDoS and restored service.
Tomi Engdahl says:
Mercenary hacker group targets companies with 3Ds Max malware
Hacker-for-hire group uses a malicious 3Ds Max plugin to infect companies with malware and steal proprietary information.
https://www.zdnet.com/article/mercenary-hacker-group-targets-companies-with-3ds-max-malware/
Security firm Bitdefender said it discovered what appears to be a new hacker group that is currently targeting companies across the globe with malware hidden inside malicious 3Ds Max plugins.
3Ds Max is a 3D computer graphics application developed by software giant Autodesk and is an app commonly installed and used by engineering, architecture, gaming, or software companies.
The Bitdefender report is also the second report where hackers created malware for an Autodesk software program. In November 2018, security firm Forcepoint discovered an industrial espionage hacker group that targeted companies in the energy sector with AutoCAD-based malware.
Tomi Engdahl says:
As global business is migrating toward conducting more transactions
online, threat actors have become more invested in identifying and
exploiting vulnerabilities in website payment processing systems and
interfaces, particularly ones that permit threat actors to inject
malicious JavaScript (JS) and exfiltrate customer data and payment
card details
https://www.recordedfuture.com/credit-card-sniffers/
As this and previous Recorded Future reporting highlights, the
injection of malicious JS code into websites is not reserved to
Magecart an umbrella term for threat actor groups employing this
technique but is also being marketed by multiple threat actors on the
dark web who develop customized payment sniffers that are updated
regularly, contain multiple capabilities, and are available for
Tomi Engdahl says:
Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers
https://www.securityweek.com/vulnerabilities-expose-popular-dvb-t2-set-top-boxes-botnets-researchers
Many such set-top boxes are primitive, consisting of a TV tuner and an output device, some packing Internet support, and many are highly insecure, Avast’s security researchers reveal.
Analysis of two popular devices, namely Thomson THT741FTA and Philips DTR3502BFTA, revealed a series of vulnerabilities that could be exploited to inject malware and create botnets of set-top boxes.
One of the first discoveries the security researchers made was the lack of Telnet protections, with the device allowing them to connect without prompting for a login. Furthermore, the devices allowed for the transmission of data over FTP, courtesy of ftpput and ftpget.
The boxes were found to use the MIPS architecture and run Linux kernel 3.10.23, which stopped receiving support in November 2017.
The researchers also discovered that they could tamper with the content displayed to the user through weather and RSS feed applications on the device, due to the use of unencrypted communication. Both MiTM and DNS hijack attacks can be used for that, they say.
Tomi Engdahl says:
Researchers Hijack 28,000 Printers to Show How Easily They Can Be Hacked
https://www.securityweek.com/researchers-hijack-28000-printers-show-how-easily-they-can-be-hacked
Researchers have once again demonstrated that many printers can be hacked remotely, by hijacking 28,000 devices and instructing them to print out a printer security guide.
The research was conducted by security experts at CyberNews, who claim to have identified more than 800,000 printers that were accessible over the internet and had network printing features enabled.
They then selected a sample of 50,000 exposed printers and sent them a script that instructed the devices to print the security guide. The researchers said the document was printed by nearly 28,000 of those devices, which suggests that 56% of exposed printers can be hijacked. This translates to roughly 447,000 printers of the total number of 800,000 exposed devices.
CyberNews told SecurityWeek that the experiment did not involve exploitation of any known or unknown vulnerabilities; the researchers abused the fact that the devices were not configured with security in mind.
https://cybernews.com/security/we-hacked-28000-unsecured-printers-to-raise-awareness-of-printer-security-issues/
Tomi Engdahl says:
DDoS extortionists target NZX, Moneygram, Braintree, and other
financial services
https://www.zdnet.com/article/ddos-extortionists-target-nzx-moneygram-braintree-and-other-financial-services/
For the past weeks, a criminal gang has launched DDoS attacks against
some of the world’s biggest financial service providers and demanded
Bitcoin payments as extortion fees to stop their attacks. Just this
week, the group has attacked money transfer service MoneyGram, YesBank
India, Worldpay, PayPal, Braintree, and Venmo, a source involved in
the DDoS mitigation field has told ZDNet. The New Zealand stock
exchange (NZX), which halted trading for the third day in a row today,
is also one of the group’s victims.