RE: News of the Cyber World - kyonides - 06-22-2021
Something unusual happened in Texas a few days ago.
Texas KHOU Wrote:Some said they didn't know their thermostats were being accessed from afar until it was almost 80 degrees inside their homes.
Many of them claim someone has been turning up the temperature on their thermostats since the energy shortage began.
...
His wife received an alert on her phone soon after that. The family said their thermostat had been changed remotely, raising the temperature of their home during a three-hour “energy saving event.”
The family’s smart thermostat was installed a few years ago as part of a new home security package. Many smart thermostats can be enrolled in a program called "Smart Savers Texas." It's operated by a company called EnergyHub.
The agreement states that in exchange for an entry into sweepstakes, electric customers allow them to control their thermostats during periods of high energy demand. EnergyHub’s list of its clients include TXU Energy, CenterPoint and ERCOT.
English said he unenrolled their thermostat as soon as he found out.
A nice experiment indeed.
I seriously doubt any responsible parent would love to go through the same situation and risk his or her family like that just because IoT sounds taunting at first. Please keep your internet connection for stuff that really needs it (and won't be able to spy on you).
RE: News of the Cyber World - kyonides - 07-03-2021
CyberScoop Wrote:The Department of Justice said Iran’s Islamic Radio and Television Union controlled 33 websites, months after the U.S. issued sanctions against the same organization for what officials described as spreading disinformation meant to influence Americans’ opinions prior to the presidential election in 2020.
Press TV, Iran’s state-owned news broadcaster, and three other sites that the U.S. said are connected to Kata’ib Hizballah, a foreign terrorist organization, also broadcast messages saying the Justice Department had taken control of the domains.
The Treasury Department issued sanctions against IRTVU in October 2020, along with the Islamic Revolutionary Guard Corps and three other entities, for either direct or indirect complicity in foreign interference in the U.S. elections.
IRTVU is a propaganda arm of the Iranian military’s Quds Force, which specializes in information warfare and other unconventional tactics, according to a Treasury notice. The organization is also tied to Bayan Gostar, a front company that the U.S. says planned to launch disinformation efforts focused on the COVID-19 pandemic, and denigrating U.S. politicians.
Iranian officials have denied the allegations, calling the website seizures an attack on free speech.
Of course, they would! They're used to Twitter and Facebook letting ayatollahs publish any warmongering post on their platforms for free while conservatives get blocked for defending their views and beliefs.
CyberScoop Wrote:Citations and internal police department files from the city of Tulsa, Oklahoma are circulating on cybercriminal marketplaces after a ransomware incident in which hackers stole some 18,000 files, city officials say.
A notice posted on a municipal website on June 22 warns that residents’ data including names, birth dates and driver’s license numbers is accessible to scammers following a hack carried out by the Conti ransomware gang. The digital extortionists breached the Tulsa police department in May, leaking stolen data about 22 officers and promising to publish more if the city refused to pay a ransom.
The theft from the Tulsa police department roughly coincided with unrelated breaches at Washington D.C.’s Metropolitan Police Department, as well as smaller departments in Florida, Maine and Arizona.
In this case, the main suspect is a prolific group known as Conti. The same criminal organization, thought to be based in Russia, is known for a recent attack against Ireland’s national health service. I just hope you don't live in those places.
RE: News of the Cyber World - kyonides - 07-09-2021
ZeroDayNet Wrote:Graphene strips folded in similar fashion to origami paper could be used to build microchips that are up to 100 times smaller than conventional chips, found physicists – and packing phones and laptops with those tiny chips could significantly boost the performance of our devices.
New research from the University of Sussex in the UK shows that changing the structure of nanomaterials like graphene can unlock electronic properties and effectively enable the material to act like a transistor.
The scientists deliberately created kinks in a layer of graphene and found that the material could, as a result, be made to behave like an electronic component. Graphene, and its nano-scale dimensions, could therefore be leveraged to design the smallest microchips yet, which will be useful to build faster phones and laptops.
This sounds like real madness to me. Or is this a required step before 6G networks could ever be implemented?
RE: News of the Cyber World - kyonides - 07-10-2021
CyberScoop Wrote:Security researchers at Lookout identified more than 170 apps that advertise themselves as providing cryptocurrency-mining services on the cloud for a fee. Unlike other popular cryptocurrency scams on mobile, the criminals aren’t seeking to empty a user’s wallet or download malicious software. Instead, the apps simply charge users for a service that doesn’t exist.
Similar scams have existed in desktop form for a while, but this is the first time researchers have noticed apps designed to conduct such a fraud.
...
Lookout estimates that the apps have scammed more than 93,000 victims out of more than $350,000. The apps fell into two different families of code and Hebeisen says he suspects more scammers will catch on to their playbook.
Only 25 of the mining scam apps identified by researchers were available for download on Google Play. The vast majority had to be sideloaded from a non-trusted source.
...
Google has removed the 25 apps flagged by Lookout. Lookout is a participant in Google’s App Defense Alliance, a consortium of mobile security research partners that work with Google Play.
Wall Street Journal Wrote:New York City has become the first major American metropolitan area to open a real-time operational center to protect against cybersecurity threats, regional officials said.
Set in a lower Manhattan skyscraper, the center is staffed by a coalition of government agencies and private businesses, with 282 partners overall sharing intelligence on potential cyber threats. Its members range from the New York Police Department to Amazon.com Inc. and International Business Machines Corp. to the Federal Reserve Bank and several New York healthcare systems.
Until last week, the two-year effort known as New York City Cyber Critical Services and Infrastructure was completely virtual.
New York’s cyberdefense center opens as attacks against government and business infrastructure increase across the country. In recent months, cyberattacks have struck U.S. pipelines, meat producers and software companies.
New York has long been seen as particularly vulnerable because of its status as a business center and symbol of American financial and cultural power.
RE: News of the Cyber World - kyonides - 07-21-2021
CyberScoop Wrote:Spanish national police arrested a U.K. citizen Wednesday charged by U.S. law enforcement in connection with a July 2020 Twitter hack that compromised over 130 accounts, the Justice Department announced.
The 2020 breach compromised dozens of high profile accounts including those of former president Barack Obama, Tesla CEO Elon Musk, Microsoft founder Bill Gates and rapper Kanye West. Attackers gained access to internal account management systems by targeting employees. Twitter changed security practices for its administrative tools after the hack.
The suspect, Joseph O’Connor, is also charged with allegedly hacking TikTok and Snapchat user accounts as well as cyberstalking a juvenile. Details about those incidents were not immediately clear.
...
Florida teenager Graham Ivan Clark pleaded guilty earlier this year for orchestrating the Twitter hack, which allowed him to steal more than $117,000 in cryptocurrencies by spreading cryptocurrency scams from the high profile accounts. Clark accepted a plea deal that will require him to serve three years in a juvenile facility.
I wonder if that would be enough to prevent that group from hacking such platforms ever again.
RE: News of the Cyber World - kyonides - 07-24-2021
CyberScoop Wrote:Roughly three weeks after Russia-based ransomware group REvil attacked Kaseya, the Florida-based IT firm has obtained a working decryption key to unlock encrypted files belonging to hundreds of victims, a spokesperson confirmed to CyberScoop on Thursday.
Dana Liedholm, the company’s senior vice president of marketing, declined to comment on the source of the key, other than to say it came from a “trusted third party.” She also declined to comment when asked if the company had paid to obtain the key, or and on long it would take to remediate all the clients that had been impacted by the attack.
Security firm Emisoft confirmed in a blog post that the decryptor works and it has been working with customers to restore their files.
...
Private cybersecurity firms have suggested a higher figure, as Huntress Labs estimated the number of victims at closer to 2,000. Sophos Labs identified 145 victims in the United States, including local and state agencies, governments, and small and medium-sized businesses.
Hackers exploited a Kaseya platform that’s used by managed service providers, or companies that provide third-party IT service to other organizations. Because these companies have administration privileges with their clients, the number of victims quickly spiraled beyond Kaseya and its direct customers.
Among the victims are New Zealand schools, international textile company Miroglio Group, Swedish grocery store chain COOP, and two Maryland towns.
Earlier this month...
StatesCoop Wrote:The towns of Leonardtown and North Beach, both located along the Chesapeake Bay, both confirmed this week their computers and networks had been disabled, with some municipal services disrupted. In North Beach, town staff said they became aware of network issues at around 12:30 p.m. last Friday, about the time news of the Kaseya incident was unfolding.
It's fine to know that they have finally retrieved the encryption key but we don't know what's the actual price being paid there...
RE: News of the Cyber World - kyonides - 08-07-2021
CyberScoop Wrote:More email users fell for scams using CAPTCHA technology in 2020, a new report from security firm Proofpoint shows.
The technique, which uses a visual puzzle to help authenticate human behavior, received 50 times as many clicks in 2020 compared to 2019. That’s still only a 5% overall response rate, researchers note. Comparatively, one in five users clicked attachment-based emails with malware disguised as Microsoft PowerPoints or Excel spreadsheets. Campaigns using attachments to hide malware made up one in four of the attacks researchers at Proofpoint monitored.
“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint said in a statement.
...
Hackers are increasingly turning to email to distribute initial malware that’s used later to download ransomware rather than using email as the initial attack vector. In 2020, Proofpoint detected 48 million emails that contained malware that was used to launch ransomware. Top threats detected by Proofpoint included names like The Trick, Dridex and Qbot.
...
Ransomware dominated 38% of the incident types detected by Accenture. REvil, the Russia-based group behind the Kaseya attack was behind a quarter of those ransomware attacks.
Who would tell they would also use Captcha's or scheduled downloads against us?
RE: News of the Cyber World - kyonides - 08-18-2021
CyberScoop Wrote:T-Mobile is investigating claims by a hacker that they have put sensitive information about more than 100 million of the company’s customers up for sale after breaching its servers.
T-Mobile confirmed on Monday that some of its data was accessed without authorization. The company says it has not determined if the data included personal information or the number of records affected.
T-Mobile said it is coordinating its investigation with law enforcement.
The data acquired by the hacker appears to include names, Social Security numbers, addresses, phone numbers and driver’s license information, Motherboard first reported. The sales ad for the data asks for roughly $278,781 worth of bitcoin in exchange for 30 million Social Security numbers and driver’s licenses from the data set.
Let me surf the web on my brand new only to learn that it might have been breached already!?
What an awful situation it is!
CyberScoop Wrote:A critical set of software flaws first revealed in April also affects code made by BlackBerry that is used in countless devices in the medical, automotive and energy sectors, the technology vendor confirmed on Tuesday.
A hacker who exploits the so-called BadAlloc software vulnerabilities, which Microsoft researchers uncovered, could cause devices running the software to crash. In BlackBerry’s case, the attacker would need to first gain access to a targeted network and then go after devices that are exposed to the internet.
The affected software is BlackBerry’s QNX Real-Time Operating System, a suite of software that manages data across a network. It’s unclear just how many devices are running the affected BlackBerry software. The firm said last year that its QNX software was embedded in more than 175 million cars alone. A BlackBerry spokesperson did not immediately respond to a request for comment.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also urged BlackBerry users to update their software because a compromise of certain infrastructure running the code “could result in a malicious actor gaining control of highly sensitive systems.”
CyberScoop Wrote:A flaw in software used by millions of smart home devices could allow hackers to intercept audio and video data on equipment such as baby monitors and web cameras, security researchers said Tuesday.
The vulnerability is in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek, which has customers including the Chinese electronics giant Xiaomi. ThroughTek says 83 million devices made by other brands, such as the camera vendor Wyze, run its software.
To exploit the flaw, an attacker would need “comprehensive knowledge” of the software protocol, and to obtain unique identifiers used by the targeted device, according to Mandiant, a division of FireEye, which discovered the issue. With that access, a hacker could communicate with devices remotely, potentially leading to follow-on hacks. The Department of Homeland Security plans to issue a public advisory to raise awareness of the security issue, Mandiant said.
Like a lot of third-party software running on IoT devices, for example, the ThroughTek protocol is integrated into equipment manufacturers and resellers, making it difficult to discern just how many devices might be affected by the flaw. You didn't buy a baby camera to monitor your lil' baby only to find out that it'd be hacked right?
RE: News of the Cyber World - kyonides - 08-24-2021
CyberScoop Wrote:A fresh wave of attacks against Microsoft Exchange has government cybersecurity officials on guard for a possible repeat of the chaos hackers rendered earlier this year by exploiting different vulnerabilities in the popular workplace mail server.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent warning Saturday that cybercriminals are actively exploiting months-old vulnerabilities in Microsoft’s ProxyShell.
CISA recommended that customers update their systems using software patches that Microsoft released in May to address the vulnerabilities. National Security Agency Cybersecurity Director Rob Joyce also urged companies to patch against the vulnerabilities.
Huntress Lab, which first reported the surge in attacks, reported 300 total compromised servers as of Monday. Targeted organizations identified by Huntress include seafood processors, industrial machinery, auto repair shops, dental and law offices and more.
...
Microsoft Exchange servers are an extremely valuable target for both nation-state and criminal hackers looking to conduct espionage and distribute malware. Tens of thousands of private companies, governments and nonprofits around the world use the technology.
...
Another key difference is that hackers don’t need to access credentials to use all the ProxyShell vulnerabilities, making them even easier to weaponize.
...
Hammond said that “this isn’t the sky is falling incident like March was yet,” but that it’s urgent that companies patch and look for indicators of compromise to prevent it from getting there. Huntress has already identified malicious actors storing web shells in uncommon places, potentially making it harder for victims to remediate the damage.
I don't think you'd ever love to hear that some attorney got hacked and your private information might be purchased by a third party organization...
CyberScoop Wrote:T-Mobile on Friday announced roughly 6 million additional accounts had data was swiped in a recent hack, bringing the total number of victims of the breach to over approximately 55 million individuals.
The revelations come as lawmakers have ramped up scrutiny of the company.
An additional 5.3 million subscriber accounts had addresses, names, dates of birth, and phone numbers accessed, T-Mobile said. The company also found that the data of 667,000 more accounts of former T-Mobile customers, including their names, phone numbers, addresses and dates of birth, had been accessed.
Unlike the first set of customers identified by T-Mobile on Wednesday, none of these additional accounts had their Social Security Numbers or ID information compromised, the company said.
The new findings also reveal that phone data, IMEI and IMSIs were also accessed. IMEIs, which are often used for advertising purposes, are a unique fingerprint for a device that cannot be reset.
The company also noted that up to 52,000 prepaid Metro by T-Mobile accounts may have also been included in the attack. T-Mobile has actively re-sent customer PINs for all prepaid accounts accessed by the hacker. No data from the company’s other prepaid services have been found in the breach.
T-Mobile announced it was investigating the breach on Monday after reports that a hacker had put the stolen data up for sale on the dark web. The hacker claimed to have stolen the account information of more than 100 million accounts.
...
T-Mobile has expressed confidence that the company has shut off the access point the hacker used to get into its servers.
You better check out whether or not your cellphone has been compromised.
RE: News of the Cyber World - kyonides - 08-28-2021
CyberScoop Wrote:Scammers affiliated with a digital extortion outfit known as Hive are using phone calls to dial victims who are infected with a malicious software strain that locks up their files until they agree to pay a hostage fee, according to an August 25 FBI alert. Investigators first observed hackers deploying the malware in June, with attackers leveraging Microsoft’s Remote Desktop Protocol to infect business networks.
In some cases, if victims don’t pay the demanded fee within two to six days, they have reported receiving phone calls from the hacking group. It’s the latest iteration of a personal tactic pioneered by other gangs — Maze, Conti and Ryuk, for instance — in which malware operators are thought to outsource tasks to a call center. Security firms Emsisoft and Coveware reported earlier this year that attackers with non-English accents were phoning more ransomware victims.
In this case, if victims refuse to pay the ransom, hackers threaten to leak stolen files on “HiveLeaks,” a dark-web site. Victims listed on the site include companies in a range of industries, from financial services to manufacturing, with listed revenues between $2 million and more than $100 million.
CyberScoop Wrote:A malicious version of a popular modification or “mod” of the encrypted messaging app WhatsApp is carrying a mobile trojan that can launch advertisements, issue paid subscriptions and intercept text messages, security researchers said Tuesday.
According to Kaspersky, hackers inserted the Triada trojan into a modified version of FMWhatsapp, a WhatsApp mod. Such mods have a following among users who want to customize WhatsApp, such as being able to send larger files or apply custom animated themes.
FMWhatsapp isn’t available on the Google Play store and is only available via third party websites, which means users who desire the extra features the mod offers don’t get the security protections inherent in more officially-vetted apps.
Kaspersky first spotted Triada in 2016, when the company deemed the hacking tool “one of the most advanced mobile Trojans our malware analysts have ever encountered.”
Users grant FMWhatsapp permission to read SMS messages, Kaspersky said, simultaneously granting the trojan access to text messages, too. Hackers inserted Triada into the modified FMWhatsapp along with the advertising software development kit. That’s similar to something that happened with the APKPure app used to download unavailable Android apps.
CyberScoop Wrote:Microsoft is warning customers of its Azure cloud platform about a software vulnerability that exposed data belonging to thousands of clients for roughly two years.
The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said.
There was no evidence that hackers or any other outsider exploited the vulnerability to access customer data, according to the company.
Reuters first reported on the vulnerability, which was discovered by Wiz research team.
Microsoft fixed the vulnerability within 48 hours of its disclosure on August 12, but that the vulnerability had been exploitable since mid-2019, according to Wiz researchers. Microsoft notified roughly over 30% of its clients about the data exposure, but researchers warn that the effects were likely more widespread.
...
Microsoft has asked customers to reset keys to their accounts as a precautionary measure, according to an email sent from the company to customers shared by a Wiz researcher.
It's curious to see how often MS apps and services have been targeted by hackers or even their own clients in the last year.
|