Cybersecurity & Espionage Articles
Original Post at TechRepublic
Some 175,000 Internet of Things (IoT) connected security cameras are vulnerable to hacks that would allow cybercriminals to enter a user's network, spy on the owner, or become part of a malicious botnet, according to a new report from security provider Bitdefender. The cameras are manufactured by Shenzhen Neo Electronics, a Chinese company that provides surveillance and security solutions such as sensors, alarms, and IP cameras. Researchers found several buffer overflow vulnerabilities present in two cameras studied: The iDoorbell model, and the NIP-22 model. However, it's likely that all cameras sold by the company use the same software, and are also vulnerable, the report noted. "These vulnerabilities could allow, under certain conditions, remote code execution on the device," the report stated. "This type of vulnerability is also present on the gateway which controls the sensors and alarms." This could allow hackers to potentially disable alarms or sensors as well.
1 Comment
Original Post at Yahoo! Tech
Facebook shut down a pair of its artificial intelligence robots after they invented their own creepy language. Researchers at Facebook Artificial Intelligence Research built a chatbot earlier this year that was meant to learn how to negotiate by mimicking human trading and bartering. But when the social network paired two of the programs, nicknamed Alice and Bob, to trade against each other, they started to learn their own bizarre form of communication. The chatbot conversation "led to divergence from human language as the agents developed their own language for negotiating," the researchers said. Original Post at Fox News
Five Russians accused of being hackers have been arrested in a series of American-led raids over the last nine months – all of them grabbed while on vacation across Europe. The arrests come at a moment when relations between Moscow and Washington are tense -- at best -- and where politicians are grappling with the allegations that Kremlin hackers intervened in the U.S. election in an effort to help President Trump. According to Axios, the arrests also come as Russian security services struck a deal with the country’s cybercriminals that allow them to work as long as they also conduct state-ordered missions. The five men have been identified as: Pyotr Levashov, 36; Evgeny Nikulin, 29; Alexander Vinnik, 38; Stanislav Lisov, 31; and Yury Martyshev, 35. They were all grabbed outside of their homeland, which has no extradition agreement with the United States. Original Post at CNN Politics
A self-described "email prankster" in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official's private email address unsolicited. "Tom, we are arranging a bit of a soirée towards the end of August," the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. "It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening." Bossert wrote back: "Thanks, Jared. With a promise like that, I can't refuse. Also, if you ever need it, my personal email is" (redacted). Bossert did not respond to CNN's request for comment; the email prankster said he was surprised Bossert responded given his expertise. The emails were shared with CNN by the email prankster. Original Post at Yahoo! Finance
The FCC has provided a few — very few — details of the steps it has taken to prevent attacks like the one that briefly took down its comment system in May. The agency has faced criticism over its secrecy regarding the event, and shows no sign of opening up; citing "the ongoing nature of the threats," to reveal its countermeasures would "undermine our system's security." These cryptic comments are the first items of substance in a letter (PDF) sent to the House Energy and Commerce and Government Reform committees. Members thereof had sent letters to the FCC in late June asking what solutions the it was implementing to mitigate or prevent future attacks. A cover letter from FCC Chairman Ajit Pai emphasizes the fact that millions of comments have been filed since, including 2 million in the 4 days following the attack. He writes that the Commission's IT staff "has taken additional steps... to ensure the ongoing integrity and resiliency of the system." What those steps are, however, he did not feel at liberty to say, except that they involve "commercial cloud providers" and "internet-based solutions." Since the comment filing system is commercially cloud-hosted, and the system is fundamentally internet-based, neither of these descriptions is particularly revelatory. Original Post at The Hill
Unknown hackers have dumped information online, purportedly coming from a breach of Mandiant, a subsidiary of cybersecurity firm FireEye. In a post to the website Pastebin, the individuals claimed to have breached the “infrastructure” of Mandiant, a cyber forensics subsidiary. In the message, coined “Op #LeakTheAnalyst,” the hackers said they breached Mandiant’s internal networks and compromised client data, which they hinted could be leaked separately. The firm, however, says that there is no evidence its systems were breached. Original Post at Yahoo!
Hackers have broken into the networks of HBO and reportedly leaked unreleased episodes of a number of shows, as well as the script for next week’s “Game of Thrones” episode. Altogether, they have reportedly obtained a total of 1.5 terabyte of data. HBO confirmed the intrusion in a statement sent to Variety: “HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information. We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.” Entertainment Weekly was first to report about the hack, and allegedly leaked content, Monday. According to that report, the hackers have already leaked unreleased episodes of “Ballers” and “Room 104.” HBO chairman and CEO Richard Plepler addressed the hack in an email to employees, calling it “disruptive, unsettling, and disturbing for all of us.” Plepler said that the problem is being addressed by “senior leadership and our extraordinary technology team, along with outside experts,” and went on to call the efforts to mitigate the hack “nothing short of herculean.” Original Post at Yahoo!
Russia has banned VPNs and other technology that allows users to gain anonymous access to websites. The new law (link via Google Translate), signed today by President Vladimir Putin, goes into effect on Nov. 1 and represents another major blow to an open Internet. This weekend, news broke that Apple has removed most major VPN apps from the App Store in China to comply with regulations passed earlier this year that require VPN apps to be explicitly licensed by the Chinese government. According to state-run news agency RIA (link via Google Translate), Leonid Levin, chairman of the Duma’s committee on information policy and technology, has said that the law is not targeted at “introducing new bans for law-abiding citizens.” Instead, he claims it is to prohibit access to illegal content. The scope of what is considered “illegal content” in Russia, however, has widened considerably during Putin’s third term as president, with the government exerting more control over what people access or post online. As Freedom House notes, “anti-extremism laws are widely used as a pretext to block political content, often without judicial oversight.” Russia’s attempts to limit access to online information are concurrent with legislation that may put the privacy of users at risk. In 2015, the government passed legislation that requires all user data from Russian citizens to be stored in Russian-based servers, and last year it passed another law that requires telecoms and Internet service providers to retain traffic data for up to a year, a move that prompted VPN provider Private Internet Access to discontinue its Russian gateways. Original Post at BBC News
North Korean hackers are increasingly trying to steal cash rather than secrets, a South Korean government-backed report suggests. Cyber-criminals are targeting financial institutions as Pyongyang faces tough nuclear sanctions, the Financial Security Institute (FSI) claims. Suspected hacking attempts were until recently thought to be aimed at causing disruption or accessing data. North Korea has routinely denied involvement in cyber-attacks. The FSI analysed cyber-attacks between 2015 and 2017. Original Post at CSO Online
Even the Department of Defense is working hard to keep pace with the changing landscape of cybersecurity threats. The key, by most estimates, is information sharing. But whether the DOD and other agencies are ready for the level of sharing required is another matter. At the Defensive Cyber Operations Symposium held this past June, Justin Ball, technical director for the Department of Defense Information Network's Operations and Defensive Planning Division, spoke about some of the challenges faced by the agency in the face of new and increased security threats. The Department of Defense Information Network (DoDIN) is a globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating and managing information on-demand to warfighters, policy makers and support personnel. Ball acknowledged that considerable attention has been given recently to the standing up of cyber mission teams in the DOD, and the importance of cyber workforces throughout all levels of government. For these teams and workforces to succeed, however, he noted that threat information must be shared broadly and systematically. Original Post at HelpNetSecurity
Two years after researchers Billi Rios and Terry McCorkle first flagged serious vulnerabilities in automatic, smart car wash systems by US manufacturer PDQ, the company is finally acknowledging the danger. Original Post at Yahoo!
Wall Street's top U.S. regulator needs to improve the way it protects its own computer networks from cyber attacks, according to a new report by a congressional watchdog office. The 27-page report by the Government Accountability Office found the Securities and Exchange Commission did not always fully encrypt sensitive information, used unsupported software, failed to fully implement an intrusion detection system and made missteps in how it configured its firewalls, among other things. "Information security control deficiencies in the SEC computing environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by its systems," the GAO said. "Until SEC mitigates its control deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise." The SEC, as Wall Street's top regulator, houses a tremendous amount of sensitive and confidential information that it must closely safeguard to protect against identity theft or efforts by cyber criminals who might want to use the information for insider-trading or harming U.S. equity markets. The GAO report did give credit to the SEC for making improvements, saying that since September 2016, the agency had resolved 47 of 58 different recommendations previously made by the watchdog office. However, the GAO noted that 11 recommendations to protect against cyber intrusions remain outstanding, and another 15 new control deficiencies were identified in the GAO's latest review. Among some of its new recommendations include maintaining up-to-date network diagrams and performing continuous monitoring on its operating systems, databases and network devices. In a July 14 letter, SEC Chief Information Officer Pamela Dyson said the agency concurs with the recommendations and that it has fixed or plans to fix the problems that were identified. An SEC spokeswoman did not comment beyond the letter responding to the GAO's conclusions. Original Post at The Hill
TheShadowBrokers, a group that leaked purported NSA hacking tools eventually used in a massive global ransomware attack, are seeking more money for their leaks. The group had launched a monthly subscription service in June they likened to a "wine of the month club," offering to people who paid regular leaks of hacking tools and documents. The service was launched at $27,000 a month in digital currency. The group raised the price to $61,000 that same month. On Thursday, TheShadowBrokers raised the price again to roughly $92,500. Original Post at HelpNetSecurity
Many workers will feel the need to check-up on work emails while they are away from the office and enjoying a well-earned vacation. Unfortunately, by doing that, they can open organizations to many security risks. T-Systems, the corporate IT and cyber-security arm of Deutsche Telekom, has asked 2,050 full-time workers UK about their cyber security practices while on holiday, and found that:
Original Post at BBC News
Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google. The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type. Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat. Two types of ransomware made most of the money, it said, but other variants are starting to emerge. Original Post at One America News Network
Hackers believed to be working for the Iranian government have impersonated a young female photographer on social media for more than a year, luring men working in industries strategically important to Tehran’s regional adversaries, according to research published Thursday. The so-called Mia Ash persona has been active on sites including LinkedIn, Facebook Inc <FB.O>, WhatsApp and Blogger since at least April of last year, researchers at Dell SecureWorks said. The campaign showed Iran engaged in a social engineering plot to ensnare its targets with a “honey pot”, a classic espionage trap often involving seduction, more commonly used by criminal hackers. Dell SecureWorks observed Mia Ash sending specific malware, concealed as a “photography survey” with an attachment, to a victim that matched malware sent by Iranian hacking group Cobalt Gypsy during an unsuccessful “spearphishing” email attempt to the same victim’s employer in January. The malware, known as PupyRAT, would give an attacker complete control of a compromised computer and access to network credentials, suggesting government espionage. The researchers did not have visibility into how many targets were compromised or what Mia Ash sought to gain with the access. The fake profile used publicly available social media images of a real photographer based in eastern Europe to create an identity of an attractive woman in her mid-twenties who lived in London and enjoyed travel, soccer, and popular musicians including Ed Sheeran and Ellie Goulding, Dell SecureWorks said. Her social media biographies appeared to lift details from a New York photographer’s LinkedIn profile. Dell SecureWorks said it had high confidence Mia Ash was created and operated by the Iranian hacking group known as Cobalt Gypsy. Iranian officials did not immediately respond to requests for comment. Mia Ash primarily lured middle-aged men who worked as technicians and engineers at oil and gas, aerospace and telecommunications firms in the Middle East that had been previously targeted by the same group. Those include Saudi Arabia and Israel in addition to India and the United States. Mia Ash’s victims failed to notice that none of her profiles included a way to contact her for photography services, according to Allison Wikoff, a senior security researcher at Dell SecureWorks who tracked Mia Ash’s activity. “These guys aren’t hiring her for photography,” Wikoff said. “Their main thing is, ‘Wow, she’s young, she’s cute, she likes to travel, she’s whimsical’.” LinkedIn removed the fake Mia Ash profile before Dell SecureWorks finished its research, Wikoff said. Facebook, where Mia Ash listed her relationship status as “it’s complicated,” took down the profile last week after being contacted by Dell SecureWorks. Cobalt Gypsy, also known as OilRig, has been previously accused of operating a network of fake LinkedIn profiles to pose as recruiters at major companies, including Northrop Grumman Corp <NOC.N> and General Motors Co <GM.N>, but the Mia Ash persona showed an elevated level of persistence, Wikoff said. Western security officials for years have considered Iran to be among the most sophisticated nation-state cyber adversaries, along with Russia, China and North Korea. Another report released this week by researchers at Tokyo-based Trend Micro and ClearSky of Israel described efforts to impersonate major technology brands including Twitter Inc <TWTR.N> and Microsoft Corp <MSFT.O> by another hacking group widely suspected of having links to Iran. Original Post at Fox News
Russia used fake Facebook accounts to try to access personal data on associates of candidate Emmanuel Macron during France’s 2017 presidential election, a report says. Citing unnamed sources, Reuters reported a total of 12 bogus Facebook accounts were created, in the names of friends of members of the Macron camp, in a bid to spy on the election's eventual winner, the report said. Reuters said it received the information from an unnamed U.S. congressman and two other people who were briefed on the matter. Although Russia has continued to deny allegations of election meddling, U.S. intelligence agencies confirmed Russia’s involvement in a May conversation with Reuters. However, those intelligence officials could not verify that the Kremlin was behind the hacking. Facebook employees became aware of spying during the first round of the French election, and the social networking company confirmed to Reuters the presence of bogus accounts in France that were subsequently deactivated and deleted. It is not believed the hackers were able to give away any personal information or download malicious software. However, Macron campaign officials had content of their emails leaked online in the final days of the runoff portion of the election. A unit of the Russian intelligence agency GRU -- the same group believed to be behind U.S. election meddling -- is believed responsible for the effort targeting Macron’s campaign, Reuters reported. The news came as the U.S. House passed legislation Tuesday intended to crack down on Russia, as well as North Korea and Iran. The bill is expected to pass the Senate as well, and await President Trump’s signature. According to the White House, Trump supports a plan to place sanctions on Russia, though that could interfere with his goal of achieving a better relationship with the country. Original Post at Mashable
At least nine of the ring of hackers that developed the "Fireball" malware have been arrested by Chinese authorities, according to state-run news outlets. Fireball's reach was one of the world's most extensive. News of it emerged a month ago, and it's been estimated to have infected 250 million computers worldwide — or about 20 percent of corporate networks. The hackers behind it worked at a Beijing digital marketing company named Rafotech, had earned more than 80 million yuan ($11.84 million) generating fake clicks and traffic to other websites, according to Chinese paper Beijing Youth Daily. Ransomware victims shelled out $25 million over the last two years, according to Google report7/25/2017 Original Post at TechRepublic
With recent ransomware attacks like affecting hundreds of thousands of computer users around the globe— WannaCry alone impacted around 300,000, from the UK's National Health Service to the Russian postal service to Chinese government agencies, as reported by ZDNet—it's no wonder that IT departments are putting significant resources towards beefing up security systems. And new research, first reported on by The Verge, from Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering has put an exact dollar amount on the funds extorted through ransomware attacks over the last two years: $25 million. The research, which will be presented on Wednesday at Black Hat in Las Vegas, explored 34 different varieties of malware and carefully tracked blockchain payments—via public sales—to uncover the scale and scope of bounty money that was paid to hackers. Ninety-five percent of the ransomware payments were paid through a bitcoin exchange program. Certain ransomware attacks proved more lucrative than others, with "Locky" drawing in $7 million alone. Original Post at CNN Tech
Scaling China's Great Firewall is getting a whole lot harder. Beijing said in January it would restrict virtual private networks, or VPNs, and this month reportedly told the three big telecoms companies to block individuals' access to them by early next year. China's regulator defended the crackdown on Tuesday, saying recent measures were part of an ongoing campaign aimed at "cleaning and standardizing" access to the internet. "Our restrictions target service providers without licenses or operating illegally," said Zhang Feng, spokesman for the Ministry of Industry and Information Technology, at a press conference. "Law-abiding individuals and businesses won't be affected," he said. |
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |