Latest News

6 mins ago
Dan Goodin / Ars Technica

Mining Malware Infects Tesla Amazon Cloud Account, Some Sensitive Data Exposed in Breach

An unknown hacker or group of hackers accessed one of automaker Tesla’s Amazon cloud accounts and used it to run cryptocurrency mining software, researchers at security firm RedLock report. The breach appears similar to those suffered by Gemalto, the world’s biggest SIM card maker, and multinational insurance company Aviva, which Redlock reported last October. The point of entry for the hackers was an unsecured administrative console for Kubernetes, an open source package used by companies to deploy and manage large numbers of cloud-based applications and resources, with the hackers hiding behind an IP address behind hosted by Cloudflare. Aside from allowing the mining of cryptocurrency, the breach exposed non-public Tesla data, including sensitive telemetry information related to Tesla cars. Tesla said it quickly disinfected its systems of the malware.
9 hours ago
Zack Whittaker / ZDNet

Year-Old Coldroot RAT Ignored by Anti-Virus Makers Despite Publicly Available Code

A remote access trojan (RAT) called Coldroot, which can remotely control a vulnerable computer and steal passwords from users’ keychains, has largely gone unnoticed by anti-virus makers, security research Patrick Wardle of Digita Security discovered.  None of the antivirus makers listed on online malware scanner VirusTotal are currently able to detect the malware even though the Coldroot code has been publicly available on Github since 2016. The malware masquerades as a document that asks the users’ for their passwords when opened. Once users enter their credentials, the malware silently installs and awaits instructions from the attackers.

9 hours ago
Andy Greenberg / Wired

North Korea’s Aggressive APT37 Hacking Group Is Expanding Beyond Traditional Targets

A group of sophisticated state-sponsored hackers called APT37, also known by the names ScarCruft and Group123, is emerging as a major North Korean cybersecurity threat, alongside the better-known North Korean threat actors, the Lazarus Group, researchers at FireEye report. APT37 is branching out beyond it usual attacks on South Korean companies, human rights groups, individuals involved in the Olympics and North Korean defectors, having recently struck a Japanese organization associated with the United Nations’ enforcement of sanctions, the director of a Vietnamese transport and trading firm, and a Middle Eastern business involved in a dispute with the North Korean government. The group has relied on an array of tools to breach targets and install malware including a tool that FireEye calls RUHappy, which has the potential to wipe and destroy systems.

14 hours ago
Andrei Khalip / Reuters

U.N Secretary General Calls for Global Rules on Cyberwarfare

In a speech to his alma mater, the University of Lisbon, U.N. Secretary General Antonio Guterres has called for global rules regarding cyberwarfare, saying the next war will begin with a massive cyber attack to destroy military capacity and cripple critical infrastructure. Guterres offered the U.N. as the platform for developing such rules and urged university professors and engineers to contribute to the process.

15 hours ago
BBC News

More Than 25% of UK Councils Were Breached Since 2013, With 37 Attempts Per Minute

More than 25% of UK councils have had their computer systems breached in the past five years, while three-quarters of UK councils do not require cybersecurity training and 16% do not offer any training at all, according to a report by privacy group Big Brother Watch. Big Brother Watch received responses form 395 local authorities across the UK in a cybersecurity survey, which also found that the councils were subject to at least 98 million cyber attacks between 2013 and 2017, with attacks defined as malicious attempts to damage, disrupt, or gain unauthorized access to computer systems, networks or devices, averaging 37 attacks per minute.

15 hours ago
Steven Musil / CNET

Apple Issues Updates for iPhones, iPads, Macs and Watches to Fix Telugu Character Bug

Apple has issued updates for the so-called Telugu character bug that was capable of crashing iPhones, iPads, Macs and Apple Watches when delivered to a recipient through any app capable of displaying characters. The updates cover iOS 11.2.6 for the iPhone and iPad, TVOS 11.2.6 for the Apple TV, WatchOS 4.2.3 for all Apple Watch models and MacOS 10.13.3 for the Mac.

1 day ago
Globes

Morphisec Lands $12 Million in Series B Round That Includes Telecom Giant Orange

Israel-based cybersecurity company Morphisec, which specializes in a cybersecurity product called Moving Target Defense, has raised $12 million in a Series B round of funding that includes new investor Orange Digital Ventures, the digital investment arm of French multinational telecom giant Orange. Existing investors Jerusalem Venture Partners, GE and Deutsche Telekom, along with Maison, Portage Partners, OurCrowd, Kodem Growth Partners and Evolution Equity Partners, also participated in the round.

1 day ago
Joseph Cox / Motherboard

Flight Simulator Company Infected Software Pirates with Malware as Extreme Method of DRM

Flight simulator software providers FSLabs infected software pirates with malware designed to steal their Chrome passwords according to researchers at Fidus Information Security. FSLabs makes add-ons for the popular Microsoft Flight Simulator, which allows pilots to fly other aircraft starting at around $80. FSLabs delivered the malware in the form of a password dumper in a trusted installer. When run, the program extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs, presumably as an extreme method of digital rights management. Lefteris Kalamaras, founder and owner of FSLabs, defended the company’s use of the technology, but FSLabs released an updated version of its installer, this time without the password stealer.

1 day ago
Lee Bell / V3.co.uk

Apple’s Proprietary File System Suffers Vulnerability That Can Lead to Data Loss, Researcher

Apple’s APFS proprietary file system (APFS) is suffering from a disk image vulnerability that could lead to data loss according to Apple software developer Mike Bombich.  APFS, which aims to fix core problems on MacOS, iOS, tvOS and WatchOS, has a flaw in how it manages a sparse disk image, which is a disk image file used on MacOS that grows in size as the user adds data to the image, taking up only as much disk space as stored in it. APFS is most often used in disc backup and cloning. Bombich found that the free space on the APFS-formatted sparse disk image doesn’t update when the free space on the underlying physical host disk is reduced. He also found a lack of error reports when write requests fail, which results in data being written into a “void.” Both of these problems resulted in corrupted files and data loss.

1 day ago
Usama Jawad / Neowin

Google Exposes Another Security Flaw in Edge After Microsoft Fails to Fix It in Time

Google’s Project Zero team has exposed another security flaw in Microsoft Edge after the Redmond giant failed to fix it in time. The medium security flaw, which was reported to Microsoft in November 2017, has to do with Microsoft’s adoption of Arbitrary Code Guard (ACG) in Microsoft Edge with the Windows 10 Creators Update to mitigate arbitrary native code execution. Because most modern browsers rely on Just-in-Time (JIT) compilers, Microsoft was forced to transition the JIT functionality of Chakra into a separate process that runs in an isolated sandbox, which, if compromised, can expose the memory function. Google had expected Microsoft to fix this flaw in its February update, which didn’t happen. Microsoft says it expects a fix in the next update by March 13.

1 day ago
Gordon Rayner / Telegraph

GCHQ Raises Security Concerns over Smart Meters, Says They’re Vulnerable to Hacking

The UK’s top intelligence agency, GCHQ, has raised concerns over the security of smart meters the government plans to install in millions of homes, claiming the devices can be hacked to steal personal details and defraud consumers. The UK government has an ambitious program to install smart meters in 27 million homes but to date only eight million homes have received them. GCHQ’s latest warnings come on the cusp of the rollout of a second generation of smart meters, known as SMETS 2.

2 days ago
Catalin Cimpanu / Bleeping Computer

Hackers Use Jenkins Monero Mining Botnet to Steal $3+ Million in Currency

Hackers targeting Jenkins servers have stolen more than $3 million in Monero so far in a large botnet operation, researchers at CheckPoint Security report. Jenkins is a continuous integration/deployment web application built in Java that allows dev teams to run automated tests and execute various operations based on test results. The hackers, who are using an IP address in China, are leveraging CVE-2017-1000353, a vulnerability in the Jenkins Java deserialization implementation that allows attackers to run malicious code remotely without needing to authenticate first, to download and install a Monero miner. Previous research indicates there are over 25,000 Jenkins servers exposed online.

2 days ago
Devidutta Tripathy / Reuters

India’s City Union Bank Says Hackers Tried to Steal $2 Million Using SWIFT System

India’s City Union Bank said that cyber criminals” have hacked its systems and tried to transfer nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. The funds were sent via correspondent banks to accounts in Dubai, Turkey and China. City Union said it hsd been able to block one of the remittances for $800,000 which was headed to an account in Dubai while another remittance for $300,000 was blocked by its destination Turkish account. Two of the remittances were routed through Standard Chartered Bank accounts, one in New York and one in Frankfurt, while one was routed through a Bank of America account in New York.

4 days ago
Tom Warren / The Verge

Intel Faces 32 Class Action Lawsuits, Three Shareholder Actions Over Meltdown, Spectre Flaws

Intel revealed in an SEC filing that it is currently facing 32 lawsuits over the Meltdown and Spectre CPU flaws. Thirty of the lawsuits reflect customer class actions where the plaintiffs seek monetary damages and equitable relief and two of the lawsuits reflect securities class action lawsuits, where the plaintiffs “allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities.” Intel is also facing action from three shareholders who have each filed shareholder derivative actions that allege certain board members and officers at Intel have failed “to take action in relation to alleged insider trading,” presumably in reference to Intel CEO Brian Krzanich’s stock sales.

4 days ago
Ben Coley / The Dispatch

Another North Carolina County, Davidson County, Crippled by Ransomware Attack

The Davidson County, NC, government has been crippled by a ransomware attack and all business conducted via computer has been halted due to the propagation of ransomware called Samas. The ransomware has encrypted more than 70 servers and an unknown number of desktops and laptops. The hackers are asking for an undisclosed amount of Bitcoin in ransom and have given the county a seven-day deadline. None of the phone systems operated by the county are functioning either, although 911 service is still operating. County officials say they have sufficient back-ups and adequate insurance to hire law firms with expertise in handling ransomware attacks. Still, officials say it will be months before the county’s systems are fully functional. Another ransomware attack struck nearby Mecklenburg County’s offices in December.

4 days ago
Lorenzo Franceschi-Bicchierai / Motherboard

Hacker Claims He Wiped Stalkerware Company Retina-X Studios’ Servers for Second Time

A vigilante hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware, also known as stalkerwar,e products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X’s products allow people to have practically full access to the smartphone or computer of their targets. In his previous attempt, the hacker gained the private key and credentials to containers inside the Android app of PhoneSheriff, one of Retina-X’s spyware products, provided by cloud provider Rackspace. Those containers’ key and credentials were stored in plaintext. This time Retina-X obfuscated the key but the hacker maintains it was easy to hack the company anyway.

4 days ago
Cynthia Brumfield / Metacurity

Friday Report: Cryptomining Craze Is Here to Stay and So, Apparently, Is Russian Meddling

Welcome to Metacurity’s Friday report where we try to make sense from the fire hose of information security stories of the week. (It’s been hard to make much sense of anything this week when seventeen children not far from my hometown were wiped off the planet while in the presumed safety of their schools. Parents around the globe, particularly in war zones, have faced similar tragedies and maybe we’re all getting sick of this destruction from all sources to really do something about it. But this is a report on information security, so I digress.)

Cryptocurrencies still grabbed their fair share of the cybersecurity headlines this week, with cryptomining seemingly all the rage. First, infosec consultant Scott Helme discovered that at least 4,275 sites, including UK, Australian, U.S. and other government websites around the world, were injected with a in-browser Coinhive Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, was infected with a contaminated script. (Read the rest of the report here.)

4 days ago
SHARON LaFRANIERE / New York Times

Mueller Charges 13 Russians for Illegally Trying to Disrupt the 2016 Presidential Election

Robert Mueller, the special counsel investigating Russia’s interference in the 2016 presidential election, handed down indictments against 13 Russian nationals for illegally trying to disrupt the American political process, including efforts designed to boost the presidential candidacy of Donald Trump and hurt that of his rival, Hillary Clinton. In a 37-page indictment, Mueller said the 13 individuals have conspired since 2014 to violate laws that prohibit foreigners from spending money to influence federal elections in the United States and charged that the foreigners falsely posed as American citizens, stole identities and otherwise engaged in fraud and deceit using a Russia-based company called the Internet Research as a hub for a sophisticated campaign to spread misinformation, hold fake rallies and spend millions of dollars in the process of doing so. The group made a number of efforts to hide its tracks including running sites through U.S. hosting companies and operating a VPN to hide the true source of the campaign. Mueller also announced it has reached a plea deal with one American, Richard Pinedo, of Santa Paula, California, in connection with the Russian indictments. Pinedo had been charged with selling bank account numbers created using the stolen identities of US citizens to people or entities outside of the United States.

4 days ago
Mark Hodge / The Sun

Google to Investigate Claims That Iran Was Spying on Brits, Americans Using Play Store Apps

Following a report issued by the National Council of Resistance of Iran, which opposes the current Iranian regime, Google will investigate whether the Council’s claim that Iran used apps available via Google’s Play Store to spy on UK and American residents to hunt down anti-government protesters. The Council’s report maintains that apps from both Google’s store and Apple’s app store, specifically one popular among Iranian ex-pats called Mobogram, were weaponized to access contacts, track locations and read messages of Iranian ex-patriots.  The Council claims that the apps were used to threaten, arrest, torture and kill people.

4 days ago
Chris Smith / BGR

Apple Will Release Intermediate Update to Fix Telugu Character Bug That Crashes iPhones

Following the discovery that a single message containing an Indian character is capable of crashing anyone’s iPhone if received via chat apps, including iMessage, WhatsApp, Facebook Messenger, or email apps, Apple said it would issue an intermediate fix to address the problem, which will be fully addressed in the upcoming  iOS 11.3. The character comes from the Indian Telugu language.

Podcasts

5 hours ago
ISC StormCast

Apple Fixes Indian Character DoS; Hacking Back Gone Wrong; AMSI Bypass

Johannes Ullrich talks about Apple Releases Fix for Unicode Messaging DoS Flaw in All Operating Systems, Flight Simulator Mod Company Uses Password Stealer to “Fight Back”, Bypassing Microsoft’s Anti Malware Scan Interface.


5 hours ago
The Cyberlaw Podcast

News Roundup

Brian Egan, and Jamil Jaffer discuss the week’s top news including the Mueller indictments, election security, Kaspersky Lab’s  lawsuit, data security and breach notification and more. (Photo by Priscilla Du Preez on Unsplash.)


5 hours ago
BBC World Service / Click

Russia Bots: Truth, Trust and Technology

With news of Russian bots’ attempts to damage US institutions, is our faith in the transparency and honesty of news disseminated via the internet being undermined? Professor Charlie Beckett joins the programme to discuss the growing public discontent about the role of tech giants in policing abuse and disinformation. (Photo by Andrey Yachmenov on Unsplash.)


1 day ago
The Security Ledger

Episode 84: Free Alexa! Cory Doctorow on jailbreaking Voice Assistants and hacking diversity with Rapid7’s Corey Thomas

Paul Roberts talks with Cory Doctorow of the Electronic Frontier Foundation about his group’s efforts to win an exemption from the Digital Millennium Copyright Act’s prohibition on subverting copy protections in software and hardware for voice assistants like the Amazon Echo and Google Home. He also interviews Corey Thomas, the Chief Executive Officer of the firm Rapid 7 about what it means to be a black man in the information security industry and about his path to the field. (Photo by Jordan Whitfield on Unsplash.)


Cybersecurity Events

Feb. 19-22M3AAWGSan Francisco, CAUSA
Feb. 20-21European Information Security SummitLondonUK
Feb. 21-22Pacific Rim Critical Infrastructure Security SummitHonolulu, HIUSA
Feb. 22Cybertech Latin America Panama CityPanama
Feb. 22-23DevSecCon SingaporeSingaporeSingapore
Feb. 23Security TitansScottsdale, AZUSA
Feb. 23-24BSides NoVaHerndon, VAUSA
Feb. 24CrikeyConBrisbaneAustralia
Feb. 24-255th International Conference on Computer Science and Information Technology (CoSIT 2018)DubaiUAE
Feb. 26-27Source Security Conference and TrainingMesa, AZUSA
Feb. 26-27 International Privacy + Security ForumWashington, DCUSA
Feb. 26-Mar. 2Financial Cryptography and Data Security 2018Santa Barbara Beach ResortCuraçao
Feb. 25-Mar. 3SANS New York CityNew York, NYUSA
Feb. 27-28CU IT Security & Risk Management Summit?San Antonio, TXUSA
Feb. 27-28Cyberthreat 2018LondonUK


Subscribe to Our Newsletter!

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever.