Tag Archives: russia

Security Never Sleeps- ElasticSearch Malware, Quantum Communications

ElasticSearch Servers Found Hosting PoS Malware Files

“Over 4,000 servers affected”

Kromtech Security Center has found that over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of Point of Sale malwares, AlinaPOS and JackPOS. The researchers discovered these exposed ElasticSearch servers last week during routine scans. Intrigued by their initial discovery, the Kromtech team used Shodan to identify more than 15,000 ElasticSearch instances that were left exposed online without any form of authentification.

Bashware hacking technique puts 400 million Windows 10 PCs at risk

“Vulnerable to new technique”

Somewhere in the range of 400 million PC users running Windows 10 around the world may now be susceptible to a fresh cyber attack approach referred to as Bashware. Cyber security firm Check Point discovered and named the new malware, and explain that Bashware exploits the built-in Linux shell in Windows to allow malware to bypass common antivirus and other security software.

RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks

“Netgear routers infected likely by Russian hacker”

A Russian-speaking hacker has been infecting Netgear routers over the past several months with yet another new strain of malware named RouteX. This is used to turn infected devices into what are called called SOCKS proxies, which carry out credential stuffing attacks. This is all according to US cyber-security firm Forkbombus Labs, firm that uncovered this new threat. The hacker allegedly is exploiting CVE-2016-10176, a vulnerability disclosed last December to take over Netgear WNR2000 routers.

U.S. Energy Department Invests $20 Million in Cybersecurity

“Department announced intentions to invest up to $50 million”

The United States Department of Energy announced on Tuesday its investments in the research and development of tools and technologies that would make the country’s energy infrastructure more resilient and secure. Over $20 million of that amount has been allocated to projects focusing on cyber security. The funding, awarded to various national laboratories, will be used to support early-stage research and development of next-generation tools and technologies that improve the resilience and security of critical energy infrastructure, including the power grid, and oil and natural gas infrastructure.

China sets up first ‘commercial’ quantum network for secure communications

“Latest step in developing hackproof communications”

China has set up its first “commercial” quantum network in its northern province of Shandong, Chinese state media has reported. This is the country’s latest step in advancing a technology expected to enable the highest security communications. China touts that it is at the forefront of developing quantum technology. In August it said it sent its first “unbreakable” quantum code from an experimental satellite to the Earth. The Pentagon has called the launch of that satellite a year earlier a “notable advance”.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Google Apps, Fancy Bear

Google Kicks 500 Apps Off Online Store Over Spyware Concerns

“Developers likely unaware of flaws”

The decision to remove over 500 apps from the Google Play online app store comes after researchers raised spyware concerns. Cyber security firm Lookout have disclosed that they have found apps that contain and spread spyware programs. Certain software used in the apps had the ability to covertly siphon people’s personal data on their devices without alerting the app makers, Lookout said.

Potential Data Breach of Oceanside Online Utility Payment System

“Residents report abnormalities”

City of Oceanside officials said Tuesday that the internet payment systems where Oceanside residents can pay their utility bills have possibly been breached. Authorities first learned of the potential issue when several residents alerted the municipal institutions, saying the cards they used to pay utility bills had charges to their accounts that had not been authorized. At least two victims used the affected accounts only to pay their utility bill and no other purpose. Though Oceanside officials have not confirmed the utility payment is necessarily the source of the breach, the reports raised the concern and speculation of vulnerability.

Russia-Linked Hackers Leak Football Doping Files

“Fancy Bear claims to be associated with the hacking attacks”

The infamous Fancy Bear, a group of hackers commonly believed to be operating out of Russia has leaked emails and medical records related to football (or soccer, to us Americans) players who have used illegal substances. Fancy Bears has made assertions before to be associated with the broader Anonymous hacktivist movement previously. Their members have constructed a website, fancybears.net, where they leaked numerous files as part of a campaign dubbed “OpOlympics.”

The hackers released a statement in which they comment on their operations: “Today Fancy Bears’ hack team is publishing the material leaked from various sources related to football. Football players and officials unanimously affirm that this kind of sport is free of doping. Our team perceived these numerous claims as a challenge and now we will prove they are lying.”

Enjoy your read? Check out our other content here.

10Fold Security Never Sleeps- Fancy Bear, IoT Security


“Russian espionage campaign used WiFi networks to spy on guests”

High profile customers have been targeted by Russia’s ‘Fancy Bear’malware, now with upgraded NSA hacking tool EternalBlue leaked out to the public on the internet. According to FireEye, the attacks are are hitting victims through minimal security hotel WiFi routers. The security firm has also stated that they suspect the group is working with Russian Intelligence agency GRU.

8 Critical IoT Security Technologies

“Necessary as prevalence grows”

Gartner has recently reported a prediction of nearly 20.4 billion connected IoT devices in just the next three years. That’s a rate of about 5.5 million new ‘Things’ per day! These metrics suggest that standard security practices will be insufficient in the very near future to counter the cyber threats that face IoT devices.

Report: SMBs Better Prepared For IoT Security Threats Than Large Enterprises

“SMB prioritize cyber threats more effectively”

IoT security firm Pwine Express has found that SMB’s are far more equipped to handle and identify threats to their workplace networks than larger competitive businesses. About 41% of IT security pro’s at large firms did not know what types of attacks had actually occurred on their devices last year, compared to 25% at SMB-based companies.

Hackers Say Humans Most Responsible for Security Breaches

“Hackers asked about methods and practices”

About 250 hackers at Black Hat 2017 were polled on the processes they use in hacking systems. Thycotic surveyed many of these individuals, finding that 51% identify as ‘white hats,’ 34% as ‘grey hats,’ and 15% as ‘black hats.’ Defenders can use this data to understand better how to safeguard their own systems.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 187

Undetected For Years, Stantinko Malware Infected Half a Million Systems

“Massive botnet remained under the radar for five years”

Half a millions devices have been infected by a rogue botnet, dubbed Stantinko. ESET researchers warn that affected systems can “execute anything on the infected host.” The malware has powered a huge adware campaign since at least 2012, largely targeting Russia and Ukraine, but remained hidden via code encryption until now.

Network Spreading Capabilities Added to Emotet Trojan

“Emotet Trojan spreads malware on internal networks”

Fidelis Cybersecurity researchers have identified a new variant of the Emotet Trojan that can distribute malicious programs on internal systems. Recent WannaCry and NotPetya incidents have shown us just how efficient and costly these attacks can be if they spread, increasing concerns among security researchers on greater prevalence in the future.

US Banks Targeted with Trickbot Trojan

“Necurs spreads to financial institutions”

New Emotet banking Trojan signals increasingly complex attacks on the finance industry. An official blog post had subsequently confirmed that a ‘security alert is ongoing related to the discovery, the effects of which are continuing.

Healthcare Industry Lacks Awareness of IoT Threat, Survey Says

“Three quarters of IT decision makers report that they are ‘confident’ they’re secure”

Healthcare networks are filled with IoT devices, but a study has found that the majority of IT experts claim that security systems for many of these are not adequately protected despite many believing that they are.

Kansas data breach compromised millions of Social Security numbers In 10 States

“Over 5.5 million potentially compromised”

A breach of the Kansas Department of Commerce may have given hackers access to millions of social security numbers, putting the department on the hook for credit monitoring services for all victims. The SSN’s had not been previously reported. The Kansas News Services obtained the information through an open records request.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 176

Criminal Petya ‘ransomware’ starts to look like wiper malware

“Seemingly intended to wipe systems”

Suspected at first to be a ransomware attack, it seems that Petya, the latest cyberscare in the Ukraine, seems as though it was more of a targeted attack. Large firms such as FedEx, Cadbury, Maersk, and more were affected by the malware, however more indicators point to the fact that the attack was not financially motivated but intended to solely destroy device memory.

Cyber security in industrial control systems poor, says Crest

“Lack of efficient standards to deter attacks”

Industrial control environments are at risk of serious infrastructure risk based on a lack of technical security testing. Crest has publicly pressed for for an upgrade to the cyber security systems ICS environments in response.

Bill Would Bar Pentagon From Business With Russian Cyber Firm Kaspersky

“Russian Cyber Security Firm would be blocked”

A segment of a new bill making its way through the United States Senate would halt any contracting Kaspersky Labs has with the U.S. Department of Defense. The Russian-based security firm had FBI agents visit the homes of many employees in the last week by FBI agents, indicating that congressional pressure may force the company out of one of its markets.

10Fold- Security Never Sleeps- 165

WannaCry ‘Highly Likely’ Work of North Korean-linked Hackers, Symantec Says

“Lazarus hacking group suspected”

One of the most debilitating ransomware attaks in recent memory was almost certainly the work of North-Korean linked hacking organization ‘Lazarus,’ security group Symantec claims. The suggestion was based on information that the tools and infrasturcture of the program are similar to that of previous Lazarus projects.

Russian Hackers Infected 1 Million Phones With Banking Trojan

“Over 20 suspects involved”

Russian Interior Ministry authorities announced that a major cybercriminal gang has been disbanded on Monday. This paricular group had been responsible for almost $900,000 from banking instituions after the infection of over one million Android devices. The group leader is believed to be a 30-year-old in Ivanovo, however members are spread through at least five regions of Russia.

Hackers easily trick scanner to unlock Samsung Galaxy S8

“Concerns of featured security measure”

Samsung has been touting their new iris recognition technology as ‘virtually impossible’ to replicate, advertising it as the new flagship S8 security feature. However the hacking group Chaos Computer Club (CCC) has had a differnet story to tell about the new phone’s technology. The organization has claimed that it has easily defeated the feature with just a camera, printer, and a contact lens.

Emerging Threats to Add to Your Security Radar Screen

“New tech promises even more complex defense in the future”

The technology of the future, such IoT and machine learning devices, promise to increase productivity to points never before imagined. However, they also promise to make security threats even more broad than they currently are. As more and more businesses across all fields employ the technology, the vulnerabilities continue to spread with them.

10Fold- Security Never Sleeps- 161

Guardian Soulmates dating website suffers data breach

“Users receive unsavory emails”

Many usernames and e-mail addresses have been exposed by a data breach. Guradian News and Media (GNM), which has run the dating service since the early 2000’s, claims the sensitive security information was exposed by a third party service provider.

Evidence suggests Russia behind hack of French president-elect

“Nine Gigabytes of data allegedly stolen”

As the presidential candidates in the french election entered a press blackout May 5, Emmanuel Macron’s campaign internet archives were breached. The hackers posted the data stolen on the web, and were widely distributed via 4Chan and Wikileaks. The ‘forensic metadata’ suggests that the attacks were consistent with Russian contractor breaches. Evidence also exists that the hacker may have falsified or edited many of the documents released.

FCC hit with DDoS attacks after John Oliver takes on net neutrality

“Website slows to a crawl”

The United States Federal Communication’s Commision website nearly came to a halt after famous comedian John Oliver suggested to his viewers that they should flood the website in attempts to support net neutrality. FCC CIO David Bray claims that the FCC site was subsequently hit with several DDoS attacks at about midnight Eastern Time, causing major disturbances and limited access.


10Fold- Security Never Sleeps- 154

Dridex gang uses unpatched Microsoft Word exploit to target millions

“Attacks beginning in January”

The group associated with the Dridex trojan software has begun using an unpatched Microsoft Word vulnerability that allows it to potentially affect millions of users. The capability of harm was revealed Friday by McAfee antivirus researchers, and security researchers firm FireEye have confirmed more instances of issues over the past several weeks as well.

US dismantles Kelihos botnet after Russian hacker’s arrest

“Unrelated to potential tampering in U.S. election”

The recent arrest of a Russian cybercriminal in Spain has led to the destruction of a large scale botnet. Kelihos, a botnet that is directly responsible for the remote control and ‘enslavement’ of hundreds of thousands of IoT devices, has been used to distribute malware globally in the past. On Monday the U.S. Justice Department released a statement claiming it had taken actions to officially dismantle the project.

Hackers Steal Customer Card Data From GameStop

“Popular gaming retailer apparently breached”

GameStop, a popular retailer among the gaming community, allegedly has been compromised with the possibility of customer payment card information stolen. Included are the name, address, and verification numbers of credit cards.

Cisco Finds Many Flaws in Moxa Industrial Aps

“More than a dozen issues identified”

Talos Intelligence, a Cisco research group, has finished a two-week observation of a wireless AP from Moxa, concluding that many vulnerabilities are apparent from their tests. Over a dozen were officially verified, including remote exploitation that would effectively give a cybercriminal full access to operating functions of a device. Moxa has apatched all but on of these vulnerabilities, the details of which will be disclosed after it has been dealt with.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 144

Locked and Loaded: Huge Botnet Updated for DDoS

“Botnets equipped with new, far-reaching features”

BitSight Technologies, a division of Anubis Networks, has announced that one of the largest botnet systems has been armed with several new weapons that would allegedly dwarf any DDoS attack the public has witnessed so far.

Russian cybersecurity expert charged with treason

“Allegedly shared ‘secrets’ with U.S. firms”

Apparently Ruslan Stoyanov, a cybercrime investigator with Kaspersky Labs who was charged for treason by the Russian government, was arrested for passing secrets of state to several United States firms, including Verisign.

Remember when Ruslan Stoyanov, a top cybercrime investigator for Kaspersky Lab, was arrested and charged with treason? It is now being reported that the treason charges were for allegedly passing state secrets to Verisign and other US companies.

A Super-Common Crypto Tool Turns Out to Be Super-Insecure

“SHA-1 concerns no longer theoretical”

SHA-1 vulnerabilities that until recently seemed unlikely to be exploited are now demonstrably exposed to cybercriminals. A team of researchers from CWI Amsterdam and Google have both been successful in developing programs that are able to easily pull assets and other data from SHA-1 files.

More on Bluetooth Ingenico Overlay Skimmers

“Card and PIN skimmer stories increasing in frequency”

Ingenico-brand card readers at check-out lanes and other self serve pay stations are receiving massive amounts of ‘overlay’ incidences. This article shares several photos detailing the devices from compromised terminals and provide more insight into how the system is so successful.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 126

‘Expect lots of data dump’ in coming days warns Twitter hacker group Legion

“Hacks affecting senior members of Indian government and political party accounts”

Rahul Gandhi, leader of the Indian Congress Party, was the victim of a Twitter hack in late November, with the hijacker posting obscene and offensive images and phrases on his account. The official congress Party account, @IncIndia, was also affected in the same way. The cyber criminals responsible expressed an agenda of further attacks in the future.

An unpatched vulnerability exposes Netgear routers to hacking

“Various models affected by problematic vulnerabilities”

Netgear has publicly disclosed a vulnerability that is exploitable by hackers, leaving them open to commandeering and remote commands. A researcher using the username of ‘Acew0rm reported the flaw to Netgear in August, but reportedly never received a reply to his claim. The problem comes from malfunctions with the management interface that is intended to block and allow for remote commands.

Edit: Beta firmware to fix security issue 582384 related to the router issues has been released. More information is available at 

Obama Orders Inquiry Into Cyberattacks On Democratic Party Websites

“Several intelligence agencies involved”

A full-scale review of the hacking security incidents related to the Democratic Party during the 2016 presidential elections has been initiated by President Obama, events many believe were undertaken by the Russian government to influence the results of the race. A full report, done with cooperation from several agencies, is expected to be filed and reviewed by the president before the end of his term.

Enjoy your read? Check out our other content here.