I think this year everyone is going to get a turn.Quote:
Originally Posted by harrybarracuda
Printable View
I think this year everyone is going to get a turn.Quote:
Originally Posted by harrybarracuda
And now LinkedIn...
Quote:
Data scraped from 500 million LinkedIn users found for sale online
https://www.techrepublic.com/article/data-scraped-from-500-million-linkedin-users-found-for-sale-online/
Pwn2Own 2021: Microsoft Exchange Server, macOS, Windows 10 and Teams HackedQuote:
Pwn2Own 2021: Microsoft Exchange Server, macOS, Windows 10 and Teams Hacked
Winners of the first day have earned more than half a million already.
Probably by design....
Quote:
Joker malware infects over 500,000 Huawei Android devices
More than 500,000 Huawei users have downloaded from the company’s official Android store applications infected with Joker malware that subscribes to premium mobile services.
Researchers found ten seemingly harmless apps in AppGallery that contained code for connecting to malicious command and control server to receive configurations and additional components.
A report from antivirus maker Doctor Web notes that the malicious apps retained their advertised functionality but downloaded components that subscribed users to premium mobile services.
To keep users in the dark the infected apps requested access to notifications, which allowed them to intercept confirmation codes delivered over SMS by the subscription service.
According to the researchers, the malware could subscribe a user to a maximum of five services, although the threat actor could modify this limitation at any time.
The list of malicious applications included virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.
Joker malware infects over 500,000 Huawei Android devices
Malicious code in APKPure app
Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.
We notified the developers about the infection on April 8. APKPure confirmed the issue and promptly fixed it with the release of version 3.17.19.
Malicious code in APKPure app | Securelist
Another "dating service“ hack. If you are still in the closet, this could be a problem.
"Men's social networking website and online dating application Manhunt has suffered a data breach.
According to a security notice, the 20-year-old site was compromised in a cyber-attack that took place in February 2021.
An unauthorized third party downloaded personal information belonging to some Manhunt users after gaining access to the company's account credential database.
The compromised database contained customers' usernames, email addresses, and passwords. After discovering that a breach had occurred, Manhunt performed a forced reset of all users' passwords.
Manhunt began notifying users of the security incident last month. The company did not say how many of the approximately 6 million men who use the site had been impacted by the attack."
Dating Service Suffers Data Breach - Infosecurity Magazine
^Have you warned snubby and antsy about it yet?:)
I was hoping someone else would!Quote:
Originally Posted by deeks
Careful where you click...
https://ciso.economictimes.indiatime...aders/82324228Quote:
In perhaps one of the biggest phishing incidents targeting some of the world’s largest news organizations, hackers have created fake replica websites of news portals of 900 global news portals, including at least 57 from India including websites of The Hindu, NDTV, Hindustan Times, and News18 among many others and are using them to distribute malware and scam advertisements.
Other affected news portals include those belonging to Jagran, Moneycontrol, DNA, Punjab Kesari, Jan Satta, First Post and Business Standard. Global news portals that were targeted include portals of BBC, Washington Times, and The Australian among several others.
if you are really interested in computer and online security
you should read this and stop installing appliances on your edge - build only exactly what is needed
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth
https://www.goodreads.com/book/show/...SE4UQzz&rank=1
https://teakdoor.com/images/imported/2021/05/7.jpg
Not a lot of explanation there Baldrick. Has Zero Trust gone out of the window now then?
ZTNA is useless if you are trusting vendor appliances
Build your appliances yourself with an OS and applications that you can trust . It seems the zero days seem to be mainly available for vendor devices.
Not withstanding your users opening doc files
Chinky bastards at it again.
Chinese TV maker: Yes, our Android TVs spied on customers [updated] | Tom's Guide
Appears that a Chinese company is behind a "a major coordinated scheme by Amazon vendors to procure fake reviews for their products."
Misconfigured Database Exposes 200K Fake Amazon Reviewers - Infosecurity Magazine
Chinky bastards at it again.
Chinese cyberspies are targeting US, EU orgs with new malwareQuote:
Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances.
As FireEye threat analysts revealed last month, state-sponsored threat actors were exploiting a recently patched zero-day in the Pulse Connect Secure gateways.
After compromising the targeted devices, they deployed malware to maintain long-term access to networks, collect credentials, and steal proprietary data.
"We now assess that espionage activity by UNC2630 and UNC2717 supports key Chinese government priorities," FireEye said in a follow-up report published on Thursday.
"Many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent 14th Five Year Plan."
Might be a good time to buy shares in Tyson Foods...
Food giant JBS Foods shuts down production after cyberattackQuote:
JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.
The incident impacted multiple JBS production facilities worldwide over the weekend, including those from the United States, Australia, and Canada.
JBS is currently the world's largest beef and poultry producer and the second-largest global pork producer, with operations in the United States, Australia, Canada, the United Kingdom, and more.
The company has a team of 245,000 employees around the world, serving an extensive portfolio of brands including Swift, Pilgrim's Pride, Seara, Moy Park, Friboi, Primo, and Just Bare to customers from 190 countries on six continents.
June 1st: "Happy cow day."Quote:
Originally Posted by harrybarracuda
Seems the US is starting to take Ransomware seriously now:
US to Treat Ransomware Like Terrorism: US to Treat Ransomware Like Terrorism - Infosecurity Magazine
Ah, I remember those from years ago. As a teen, I'd fill the whole thing out. Bad choices.
Looks like we aren't going to see an end to price increases and supply shortages any time soon.
Cyberattacks on Transportation and Logistics System Witness a Surge
https://cyware.com/news/cyberattacks...surge-10d94d2b
Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet.
Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.
According to data breach notifications filed with the California and Maine Attorney General's office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.
On March 20th, VWGoA was notified by the vendor that an unauthorized person had accessed the data and may have obtained the customer information for Audi, Volkswagen, and some authorized dealers.
VWGoA states that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers.
The data exposed varies per customer but could range from contact information to more sensitive information such as social security numbers and loan numbers.
"The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages," explains the VWGoA data breach notification first reported by TechCrunch.
"The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers."
For those customers 90,000 customers who had more sensitive information exposed, Volkswagen is providing free credit protection and monitoring services, including $1 million of insurance against identity theft.
VWGoA began notifying affected customers and prospective customers yesterday via mail and warn that customers should be on the lookout for suspicious emails, calls, or texts.
Audi, Volkswagen data breach affects 3.3 million customers
Did buttplug ever rise to the challenge and hack Harrys passwords ?
If you had to sum up buttplug's hacking skills in a pic...Quote:
Originally Posted by Cujo
Attachment 70475
A very simple tutorial on how to turn on Windows 10's built in Ransomware Protection.
How to Turn on Windows 10 Ransomware Protection | Digital Trends
Good info, good timing.Quote:
Originally Posted by harrybarracuda
I get why they're doing it, but not sure how I feel about the ethics of it.
"Vigilante malware stops victims from visiting piracy websites"
Vigilante malware stops victims from visiting piracy websitesSecurity Affairs
WASHINGTON (AP) — A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.
The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond’s assessment.
“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”
Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically.
It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its website to immediately shut down servers running the affected software. It said the attack was limited to a “small number” of its customers.
Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said.
“This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations.
Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware. It’s no accident that this happened before the Fourth of July weekend, when IT staffing is generally thin, he added.
“There’s zero doubt in my mind that the timing here was intentional,” he said.
Hammond of Huntress said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers. He said thousand of computers were hit.
“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said.
Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi.” The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processer.
The federal Cybersecurity and Infrastructure Security Agency said in a statement late Friday that it is closely monitoring the situation and working with the FBI to collect more information about its impact.
CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.
The privately held Kaseya says it is based in Dublin, Ireland, with a U.S. headquarters in Miami. The Miami Herald recently described it as “one of Miami’s oldest tech companies” in a report about its plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.
Brian Honan, an Irish cybersecurity consultant, said by email Friday that “this is a classic supply chain attack where the criminals have compromised a trusted supplier of companies and have abused that trust to attack their customers.”
He said it can be difficult for smaller businesses to defend against this type of attack because they “rely on the security of their suppliers and the software those suppliers are using.”
The only good news, said Williams, of Rendition Infosec, is that “a lot of our customers don’t have Kaseya on every machine in their network,” making it harder for attackers to move across an organization’s computer systems.
That makes for an easier recovery, he said.
Active since April 2019, the group known as REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.
REvil is among ransomware gangs that steal data from targets before activating the ransomware, strengthening their extortion efforts. The average ransom payment to the group was about half a million dollars last year, said the Palo Alto Networks cybersecurity firm in a recent report.
Some cybersecurity experts predicted that it might be hard for the gang to handle the ransom negotiations, given the large number of victims — though the long U.S. holiday weekend might give it more time to start working through the list.
Ransomware hits hundreds of US companies, security firm says
Damn, if only there was a Security News thread for things like this...:)
Wonder if this will destroy Kaseya or make it stronger.
Solarwinds, though it's become a byword for supply chain attacks, doesn't appear to be struggling too much.
Update: "Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly"
Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly
D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router.
Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state.
The DIR-3040 security flaws discovered and reported by Cisco Talos security researcher Dave McDaniel include hardcoded passwords, command injection, and information disclosure bugs.
D-Link issues hotfix for hard-coded password router vulnerabilities
Chinky bastards at it again.
Quote:
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response:
- The White House has released a statement attributing recent Microsoft Exchange server exploitation activity to the People’s Republic of China (PRC).
- The Department of Justice has indicted four Chinese cyber actors from the advanced persistent threat (APT) group APT40 for malicious cyber activities, carried out on orders from PRC Ministry of State Security (MSS) Hainan State Security Department (HSSD). These activities resulted in the theft of trade secrets, intellectual property, and other high-value information from companies and organizations in the United States and abroad, as well as from multiple foreign governments.
- CISA and FBI have released Joint Cybersecurity Advisory: TTPs of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department to help network defenders identify and remediate APT40 intrusions and established footholds.
- CISA, NSA and FBI have released Joint Cybersecurity Advisory: Chinese Observed TTPs, which describes Chinese cyber threat behavior and trends and provides mitigations to help protect the Federal Government; state, local, tribal, and territorial governments; critical infrastructure, defense industrial base, and private industry organizations.
- CISA, NSA and FBI have released CISA Insights: Chinese Cyber Threat Overview for Leaders to help leaders understand this threat and how to reduce their organization's risk of falling victim to cyber espionage and data theft.
a fitting name for that product, innit? :)Quote:
Originally Posted by harrybarracuda
I don't get why China denies any involvement. One would think such hacking feats would bring glory to the nation, the party, or something.Quote:
Originally Posted by harrybarracuda
More printer vulnerabilities: "Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug."
Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug - The Record by Recorded Future
Well shit.
Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling | Ars TechnicaQuote:
The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.
As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities.
One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read.
A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.
Quote:
Originally Posted by harrybarracuda
you wouldn't want to do that manuallyQuote:
1/ We mkdir() a deep directory structure (roughly 1M nested directories)
As someone pointed out, I'm surprised that didn't blow up the system.Quote:
Originally Posted by baldrick