Tag Archives: China

Security Never Sleeps- SEC Security, CCleaner Security

SEC admits data breach, suggests illicit trading was key

“Regulator database opened”

The SEC has admitted to being hacked in 2016, with illegal trading potentially at the root of the breach. On Wednesday, SEC Chairman Jay Clayton said one of the financial regulator’s databases, containing corporate announcements, was compromised and may have been used to gain an advantage in stock trading.

CCleaner Hack Carried Out In Order to Target Big Tech Companies

“Group believed to operate out of China”

The CCleaner hack that took place over the summer and came to light this week might have been carried out by an infamous cyber-espionage group, believed to be operating out of China, and which targeted a list of who’s who of western tech companies. Thin lines connect evidence collected from the CCleaner incident to the activity of a cyber-espionage group that goes primarily by the name of Axiom, but is also referenced as APT17, DeputyDog, Tailgater Team, Hidden Lynx, Voho, Group 72, or AuroraPanda.

Attackers Take Over WordPress, Joomla, JBoss Servers to Mine Monero

“Frequency of attacks up about 6 times”

Attacks aimed at delivering cryptocurrency mining tools on enterprise networks have gone up significantly, according to telemetry data collected by IBM’s X-Force team between January and August 2017. A recent report by fellow cyber-security firm Kaspersky found that cryptocurrency mining malware also infected over 1.65 million machines running Kaspersky solutions in the first eight months of the year.

Equifax Sent Breach Victims to Fake Website

“Failure after failure”

Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. Equifax staff advised breach victims on Twitter at least 8 times to access securityequifax2017.com instead of equifaxsecurity2017.com, the website created by the credit reporting agency following the hacker attack that affected as many as 143 million consumers in the U.S., 400,000 in the U.K. and 100,000 in Canada.

Enjoy your read? Check out our other content here.

Security Never Sleeps- ElasticSearch Malware, Quantum Communications

ElasticSearch Servers Found Hosting PoS Malware Files

“Over 4,000 servers affected”

Kromtech Security Center has found that over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of Point of Sale malwares, AlinaPOS and JackPOS. The researchers discovered these exposed ElasticSearch servers last week during routine scans. Intrigued by their initial discovery, the Kromtech team used Shodan to identify more than 15,000 ElasticSearch instances that were left exposed online without any form of authentification.

Bashware hacking technique puts 400 million Windows 10 PCs at risk

“Vulnerable to new technique”

Somewhere in the range of 400 million PC users running Windows 10 around the world may now be susceptible to a fresh cyber attack approach referred to as Bashware. Cyber security firm Check Point discovered and named the new malware, and explain that Bashware exploits the built-in Linux shell in Windows to allow malware to bypass common antivirus and other security software.

RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks

“Netgear routers infected likely by Russian hacker”

A Russian-speaking hacker has been infecting Netgear routers over the past several months with yet another new strain of malware named RouteX. This is used to turn infected devices into what are called called SOCKS proxies, which carry out credential stuffing attacks. This is all according to US cyber-security firm Forkbombus Labs, firm that uncovered this new threat. The hacker allegedly is exploiting CVE-2016-10176, a vulnerability disclosed last December to take over Netgear WNR2000 routers.

U.S. Energy Department Invests $20 Million in Cybersecurity

“Department announced intentions to invest up to $50 million”

The United States Department of Energy announced on Tuesday its investments in the research and development of tools and technologies that would make the country’s energy infrastructure more resilient and secure. Over $20 million of that amount has been allocated to projects focusing on cyber security. The funding, awarded to various national laboratories, will be used to support early-stage research and development of next-generation tools and technologies that improve the resilience and security of critical energy infrastructure, including the power grid, and oil and natural gas infrastructure.

China sets up first ‘commercial’ quantum network for secure communications

“Latest step in developing hackproof communications”

China has set up its first “commercial” quantum network in its northern province of Shandong, Chinese state media has reported. This is the country’s latest step in advancing a technology expected to enable the highest security communications. China touts that it is at the forefront of developing quantum technology. In August it said it sent its first “unbreakable” quantum code from an experimental satellite to the Earth. The Pentagon has called the launch of that satellite a year earlier a “notable advance”.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 141

Stolen Health Record Databases Sell For $500,000 In The Deep Web

“Underground cybercriminals increasingly targeting medical records”

Medical insurance profiles and electronic health record databases are attracting the eyes of criminals looking to steal the information to sell in the deep web. New reports show that EHR databases can sell for upwards of $500,000 on the Deep Web, and other smaller pieces of information (like insurance ID information, or medical identities) still fetch a pretty penny.

Google prevents 10 million malicious emails every 60 seconds

“Gmail users are being attacked at astonishing rates”

The Google Security Blog has posted earlier today that the security systems Google employs stop nearly over 10 million unsafe or spam emails every minute that would very likely infect the users computer. In San Francisco at last weeks RSA Conference Google contrasted threats to Google consumer vs. corporate accounts, stating that corporate users are at a greater risk to attack.

Serious Breach Linked to Chinese APTs Comes to Light

“New vulnerability affects several major organizations”

The attacks, occuring in 2015, appear to be linked to cybercriminals that many claim to be centered in China. RSA reports from earlier this month describes that Kingslayer, a supply chain attack that targeted many large organizations, breached the systems of a firm that provides event log analyzers and replaced a legitimate application with a backdoor version that allows for remote access.

 Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 121

Software in Android Phones Can Send Data to China, Experts Warn

“Secret backdoor allows for information comprise”

Security firm Kryptowire has discovered a secret vulnerability in Android phone software that sends personal data to cybercriminals in China. Information that is sent to the unauthorized third-party is capable of collecting texts and even geographical location.

Flaws Found in Lynxspring SCADA Product

“Defects detected in operating software”

Researcher Maxim Rupp has uncovered glaring vulnerabilities in the automation and management solution providers JENEsys operating system. The BAS Bridge was found to be the most problematic, which connects integration efforts between Modbus TCP/RTU and BACnet IP. Ethernet devices.

New Android Spyware for Governments Found on the Internet

“Originated in Italy, has spread far further”

Malware hunters have observed a new high risk malware that was originally marketed to governments and police forces on the loose on the internet. Researchers released a report Monday that discusses the malicious software’s capabilities, which include recording of video and audio, toggle GPS functions, and steal data from nearly any desired area of the device.

PlayStation Hack Denied Following Complaints From Gamers

“Many players locked out of their accounts”

Over the last two days over one hundred PlayStation Network users have been locked out of their accounts and contacted the Sony Twitter account with complaints. Sony has released a statement to the BBC that PSN has not been compromised had not been hacked amid concerns that the accounts affected had been hijacked, saying; “We routinely monitor for irregular activity, and if such activity is detected, we may sometimes reset passwords of affected accounts to protect users and their account information.”

 

10Fold- Security Never Sleeps- 118

Tesco Acknowledges, Apologizes for Compromise of Over 40,000 Accounts

“Cash stolen from about half of accounts accessed”

One of the biggest hacking events on a bank in United Kingdom history occurred Monday, ending with nearly 40,000 accounts compromised according to Tesco CEO Benny Higgins. “Online criminal activity” was reported by the firm over the weekend, and it was later reported that 15% of its total accounts had shown signs of fraudulent withdrawal. The bank has issued various statements on the refunding of cash thefts to date.

RCE Flaw in Bopup Found

“Enterprise IM manager has significant security breach”

Cybersecurity service firm Trustwave has found a remote code execution flaw in Bopup Communications servers, a buffer overflow that cybercriminals to exploit the application. A packet is able to be sent to a remote administration port and allows for remote execution of commands on the communication sites servers.

Controversial Cybersecurity Law Passes in China

“Watchdog organizations warn of human rights violations”

Greater control over the internet in China has many worried about implications towards businesses and individual rights. While the government added certain amendments to address these concerns, it did little to appease critics. Many corporations have announced that the law will force them out of the country, while Sophie Richardson of Human Rights Watch has declared that the requiring of local storage data is in violation with many international treaties.

Moxa Ethernet Products Found to Have Serious Issues

“Critical and moderate vulnerabilities found”

Several security flaws have been detected in Taiwan based Moxa Industrial Ethernet products, according to an advisory recently distributed by ICS-CERT. The Moxa OnCell LTE cellular gateways, AWK Wireless AP/bridge/client products, TAP railway wireless units, and WAC wireless access controllers have improper authentication and other vulnerabilities.

 

 

10Fold- Security Never Sleeps- 114

A PREDATOR to Fight DNS Domain Abuse

“Intended to block malicious domain registration”

Princeton University, Google and several other institutions have been able to develop a program that will allow the detection and stop of bad actors that look to register domain names for malicious purposes. Details of the new Proactive Recognition and Elimination of Domain Abuse at Time of Registration was presented at the ACM conference last week.

“Booter” Services Going Extinct?

“Research shows potential measures that could prevent mass attacks”

Web-based contracted cyber criminals, whose services are known as “booter” or “stresser” attacks, may soon be prevented from engaging in further nefarious activities soon. German researchers have studied patterns that come about when malicious actors mass-scan the internet in attempts to find website weaknesses, or DDoS attacks.

Many Joomla Sites Hacked via Recently Patched Flaws

“Flaws could be exploited to upload a backdoor of vulnerable websites”

Fewer than 24 hours that a new patch was made available to fix serious flaws in Joomla websites, researchers had already witnessed several events in which bad actors were able to overtake privilege escalations and create access points allowing for remote execution of commands. The two most critical concerns which are now patched, CVE-2016-8869 and CVE-2016-8870, could allow for serious backdoor authorization if a hacker is well versed in their trade.

Controversial Chinese Cybersecurity Law Looks Likely to Pass

“Foreign governments and business groups eager to protest”

The Chinese Parliament has now readied its third draft of a widely criticized new law that will officially codify the sanctions it has placed over the internet within its own borders. The bill will be presented for a vote on the seventh of this month, and is met with vast opposition from many sectors of society which all claim that its inherent vagueness would allow discrimination against firms abroad on an arbitrary basis.