Tag Archives: cyberattack

10Fold- Security Never Sleeps- 103

Hack Claims from Guccifer 2.0 Denounced by Clinton Foundation

“Widely believed to be political in motivation”

Guccifer 2.0, the hacker who claims responsibility for the Democratic National Committee leaks that aimed to expose corruption within its ranks, claims to have breached the servers of the Clinton Foundation and attained documents that could be damaging to Hillary Clinton’s presidential campaign, despite denial from the Clinton Foundation itself. The hacker posted screenshots of spreadsheets online, claiming that they were documents from the institution and that: ‘… her staff don’t even bother about the information security.”

The political motivations of the cyber-attack remain obvious, as the hacker made clear favorable reference to Julian Assange, founder of WikiLeaks and outspoken opponent of Hillary Clinton.

Report Claims that Email Provider Yahoo Assisted in Spying on U.S. Citizens

“Raises questions of why Yahoo did not fight the order”

A program developed by Yahoo Inc. last year reportedly allows the U.S. Federal government to search through email databases for certain phrases. Anonymous former employees narrowed government agencies involved to either or both the National Security Agency or the Federal Bureau of Intelligence.

The news is surprising, given the typical resistance to government mandates to enter customer accounts that tech firms generally uphold. However, Yahoo not only complied with the order, but dedicated its own resources and staff to assist with the operation.

TalkTalk fined £400K for mistakes that led to 2015 hack

“Actions first taken to clear its reputation of highly hacked service”

After the personal data theft of over 155,000 customers Telecom firm TalkTalk has been fined £400,000 for its security vulnerabilities in 2015. Well over 15,000 of those affected had bank information stolen and suffered serious ramifications for what Information Commissioner Elizabeth Dunham reported that even the most basic of security measures failed to be acted upon and “…(the company) could have done more to safeguard its customer information.”

Malware Infested-Ads Plaguing Spotify

“Free version of service seems to open malicious sites”

Malware seems to have worked its way into the Spotify servers and is continuously serving itself to the users who use the Spotify free product to stream music. The ads have been reported to open infected sites, causing potential harm to those that travel to them.

 

 

10fold- Security Never Sleeps- 101

Nearly Half of State Voter Registrations Attacked by Russian Hackers

“Four were cracked, leaving speculation on security of upcoming election”

As we covered in our last installment, cyber security threats from the Russians have been on the rise in this year’s voting season. We can see now that these fears may have some legitimacy, as Russian hackers were successfully able to enter several voter registration systems in the U.S.

James Comey, Director of the FBI released in his statement that “There’s no doubt that some bad actors have been poking around.” Among those attempted to be breached were what many political analysts consider to be this year’s electoral ‘swing states’, including Arizona and Illinois.

GAO Claims Issue at FDA Cybersecurity Systems

“Confidential health data potentially at risk”

Security firewalls and 80 other weaknesses were found in the Food and Drug Administration’s computer programs. This lack of proper security would allow hackers to breach confidential health information. The information was made public after the GAO, the Government Accountability Office, made 15 instructional changes to beef up security measures after an extensive audit undertaken to strengthen government agencies from potential cyber attacks.

Ransomware Spread Increases

“Weak desktop credentials biggest point of most common point of contact”

Stolen credentials for widespread remote administration application TeamViewer has been largely used to insert ransomware software ‘Surprise’, according to a research team in March. The number of attacks have increased significantly of late, adopted by more highly effective cybercriminals noting its success from their lesser-known counterparts.

The cyberattacks began long before the TeamViewer insertion via RPD servers, but started as crude password generator attacks. This recent development allows criminals to be far more effective in their theft and hacking techniques.

Tofsee Malware Now Distributed Via Spam

“Experts believe the new method is more profitable for hackers”

While malware program Tofsee has been around since 2013, its current spam distribution method is fairly new. The RIG exploit kit that recently oversaw the spread of the malware has stopped circulating, leaving spammers to employ their bots to pick up the slack. Cybercriminals often use Tofsee to engage in , including click fraud, cryptocurrency mining, DDoS attacks and sending spam.

 

10Fold – Security Never Sleeps – 38

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: HSBC blames the banking outage on a DDoS attack and claims that everything is fine, contrary to what the customers believe. OpenSSL cryptographic code library suffered a high-severity vulnerability that allowed attackers to obtain the key’s to decrypts secured communication. NYC has launched an investigation into four baby monitor companies that have been lacking in security for their devices. A report released by a security researcher revealed that UK businesses are 25% more likely to suffer from constant threats.

HSBC online banking suffers major outage, blames DDoS attack Publication: Ars Technica Reporter name: Kelly Fiveash

HSBC has been battling an apparent Distributed Denial of Service (DDoS) attack on its online banking system for the past few hours. HSBC blamed the outage on a DDoS attack, and attempted to spin the whole thing as a success story to mainstream news outlets. By way of example, witness this headline over at ITV News. The bank’s customers may see things a little differently, however, given the major disruption to the service on what will be one of the busiest days of the year for many people. Not only is the final Friday of the month payday for many folk in the UK, it’s also the end of January—which is a big deal for any freelance bods currently filing their annual tax returns.


High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic Publication: Ars Technica Reporter name: Dan Goodin

Maintainers of the OpenSSL cryptographic code library have fixed a high-severity vulnerability that made it possible for attackers to obtain the key that decrypts communications secured in HTTPS and other transport layer security channels. While the potential impact is high, the vulnerability can be exploited only when a variety of conditions are met. First, it’s present only in OpenSSL version 1.0.2. Applications that rely on it must use groups based on the digital signature algorithm to generate ephemeral keys based on the Diffie Hellman key exchange. By default, servers that do this will reuse the same private Diffie-Hellman exponent for the life of the server process, and that makes them vulnerable to the key-recovery attack.


NYC Launches Investigation Into Hackable Baby Monitors Publication: Wired Reporter name: Andy Greenberg

On Wednesday the New York City Department of Consumer Affairs launched an investigation into the baby monitor industry’s hackable vulnerabilities, sending subpoenas to four companies—which the agency has declined to name for now—demanding information about their security practices. The subpoenas, according to the agency, demand to see evidence to back up claims that the companies make about the security of their devices, complaints they’ve received about unauthorized access to the cameras, their use of encryption on the devices, and their history of handling vulnerabilities discovered in the devices, including alerting customers, releasing patches, and whether those patches were actually implemented by the devices’ owners.


UK businesses under constant and increasing malware threat Publication: ITProPortal Reporter name: Sead Fadilpasic

UK’s businesses have had a bigger chance of being attacked by a malware than those in the US or the Republic of Ireland in December 2015, a new report by security researchers suggest. The risk of malware infection in the UK thus increased 17 percent, the company concludes, with the number of active malware families increasing by 25 percent. The company says more than 1,500 different active malware families were identified in December, up from 1,200 in November same year.

10Fold – Security Never Sleeps – 33

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could be used to hack or spy on users. An Austrian airplane component maker for Boeing and Airbus said earlier this week a cybercrime-related fraud has caused $54 million in damages. Security experts are warning corporates to redouble their efforts to guard against the insider threat after federal prosecutors indicted five people including two scientist at GlaxoSmithKline on charges of stealing trade secrets. The battle between CISA and Safe Harbor continues as both governments debate whether a universal law could apply to both US and EU citizens. The European union is set to meet on Feb. 2nd to determine how data transfers to the US should continue, meanwhile the US government debates over what is actually considered personally identifiable information and what information they can legally collect.

Baffling ‘Batman’ Backdoor Busted In Comms Used By Global Governments

Researchers from Austrian firm SEC Consult have uncovered what they claim are deliberately hidden backdoors in products from AMX, a provider of conference room communications to private firms and government organizations the world over, including the White House and US military bodies. The researchers first became suspicious after encountering a function called “setUpSubtleUserAccount” that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it’s connected to.


Aircraft part manufacturer says cybercrime incident cost it $54 million

An Austrian airplane component maker for Boeing and Airbus said earlier this week a cybercrime-related fraud has caused $54 million in damages. It characterized the incident as an “outflow” of $54 million of “liquid funds.” The loss does not pose an economic threat to the company. FACC did say the attack did not affect its IT infrastructure, data security, or intellectual property rights, and its production and engineering units are operating normally.


Insider Threat Warning as Scientists Steal Pharma Secrets

Security experts are warning corporates to redouble their efforts to guard against the insider threat after federal prosecutors indicted five people including two scientist at GlaxoSmithKline on charges of stealing trade secrets. The two research scientists, Yu Xue and Lucy Xi, are said to have emailed and downloaded information on around a dozen products to co-conspirators who wanted to “market and sell” the trade secrets through a newly formed Chinese company they set up: Renopharma. Many of the products targeted were designed to treat cancer or other serious diseases.UK managing director at access management firm 8MAN, argued that managers need to exercise vigilance round-the-clock – especially in industries which generate valuable IP like pharmaceuticals.


No Safe Harbor Is Coming — CISA Made Sure Of It

European Union privacy regulators will meet in Brussels Feb. 2, and hope to decide at that time whether and how data transfers to the United States should continue. The U.S. also didn’t improve matters when they delayed action this week on the proposed Judicial Redress Act, which would allow European citizens to sue the U.S. if law enforcement agencies misused their personal data. The US Attorney General and the Department of Homeland Security have been given 60 days from the passage of the law to issue more guidelines on how precisely cyber threat indicators must be shared. The details of those rules will provide a clearer picture of what data government agencies may and may not obtain.

10Fold – Security Never Sleeps – 28

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  A Google researcher discovered critical flaw in TrendMicro that allows hackers to view all contents of a password manager program. Forbes has recently instituted a policy that visitors must turn off ad blocking software before they can view content, but that new policy left website visitors wide open to malware attacks. A survey commissioned by ISACA revealed that 83% of security professionals believe that there will be another critical infrastructure attack that will happen this year. Lastly, Windows announced today that it will no longer support older versions of internet explorer, which leaves unaware users wide open for new viruses and attacks.

Google Security Researcher Excoriates TrendMicro For Critical AV Defects – Publication: Ars Technica – Reporter name: Dan Goodin

Antivirus provider TrendMicro has released an emergency product update that fixes critical defects that allow attackers to execute malicious code and to view contents of a password manager built in to the malware protection program. The release came after a Google security researcher publicly castigated a TrendMicro official for the threat. Details of the flaws became public last week after Tavis Ormandy, a researcher with Google’s Project Zero vulnerability research team, published a scathing critique disclosing the shortcomings. While the code execution vulnerabilities were contained in the password manager included with the antivirus package, they could be maliciously exploited even if end users never make use of the password feature.


How Forbes Inadventently Proved The Anti-Malware Value Of Ad Blockers – Publication: Network World – Reporter name: Andy Patrizio

A security researcher found malicious ads on Forbes after following the site’s policy that insists readers disable ad-blocking software. Forbes has taken an aggressive line against ad blockers. When it detects one running on your system, it denies you access to the content until you turn off the ad blocker. Needless to say, this hasn’t gone over very well with some people. Forbes included a prominent security research in an article called “The Forbes 30 Under 30,” which drew a number of other security researchers to check out the article. After disabling Adblock Plus, they were immediately served with pop-under malware.


83% Of InfoSec Pros Think (Another) Successful Cyberattack On Critical Infrastructure Likely In 2016 – Publication: Dark Reading – Reporter name: Sara Peters

On the heels of the cyberattack that caused a blackout in the Ukraine, the lion’s share of cybersecurity professionals think a successful cyberattack on critical infrastructure is likely to happen in 2016 — 37.56 percent high, 45.55 percent medium likelihood — according to ISACA’s latest Cybersecurity Snapshot report. (The survey was conducted Dec. 21 through Jan. 2, so it was open for a small window before the breach Dec. 23.) ISACA surveyed about 2,900 cybersecurity professionals, mostly in the United States, about their opinions on a wide variety of pressing issues, from hiring to legislation


Windows Users Face A Dangerous World With End Of Support For Older Internet Explorer Versions – Publication: ZDNet – Reporter name: Ed Bot

With the end of support for Windows XP in April 2014, Internet Explorer versions 6 and 7 finally fell off the official support lifecycle. But that still leaves four versions of Internet Explorer in widespread use. Effective today, Microsoft officially ends support for all but the latest version of Internet Explorer. This certainly shouldn’t come as a surprise; the company gave nearly 18 months of warning, starting in August 2014.