Latest News

2 days ago
Paul Karp / The Guardian

Symantec Downplays Data Breach That Allowed Hacker To Access List, Passwords for Large Australian Companies, Government Agencies

Cybersecurity leader Symantec has downplayed a data breach that allowed a hacker to access passwords and a purported list of its clients, including large Australian companies and government agencies. The list was extracted in February and appears to indicated that all major federal government departments were among the targets of a hacker who also claimed to be responsible for Medicare data being available for sale on the dark web. Symantec said the breach was a minor incident involving “an isolated, self-enclosed demo lab in Australia – not connected to Symantec’s corporate network – used to [demonstrate] various Symantec security solutions and how they work together.” The hackers stole a list of purported clients of Symantec’s CloudSOC services, account managers and account numbers but Symantec insists data contained in the system were “dummy e-mails and a small number of low-level and non-sensitive files for demonstration purposes” in a demo lab “not used for production purposes.”

2 days ago
Blake Sobczak / E&E News

Dangerous Hacking Group Xenotime Targeting U.S. Power Grid, Other Regions’ Electric Utility Operations, NERC and Dragos

A highly dangerous, notorious hacking group known as “Xenotime” has zeroed in on the U.S. power sector in recent months according to a nonpublic alert issued by the electric utility industry’s self-regulatory body North American Electric Reliability Corp. (NERC) this spring and new research conducted by industrial cybersecurity firm Dragos. NERC sounded the alarm on March 1, saying that  Xenotime has been spotted hitting U.S. electric utilities with “reconnaissance and potential initial access operations” since late last year.  Xenotime, infamous for infecting the safety systems of a Saudi petrochemical plant with highly specialized, life-threatening malware known as Triton two years ago, isn’t known to have broken through to the sensitive controls of U.S. power plants or substations. After hackers “successfully compromised several oil and gas environments,” Xenotime has demonstrated “consistent, direct interest in electric utility operations” spanning North America to the Asia-Pacific region, Dragos said in a blog post.

2 days ago
Maggie Miller / The Hill

Reps. Graves, Gottheimer Reintroduce Active Cyber Defense Certainty Act to Allow Private Sector Hacking Victims to Hack Back Against Attackers

Representatives Tom Graves (R-GA) and Josh Gottheimer (D-NJ) reintroduced the Active Cyber Defense Certainty Act that would partially legalize private sector hacking victims taking actions to hack back against their attackers. The bill would allow authorized individuals and companies to go onto other networks in order to establish who is attacking them online, to disrupt a cyber attack as it is occurring, to retrieve or destroy stolen files, to utilize beaconing technology and to monitor the behavior of the malicious actor. The bill would also require these individuals and companies to notify the FBI’s National Cyber Investigative Joint Task Force and receive a response before being allowed to take any of the defense steps. However, if a defender behaves improperly or recklessly, they will still bear the full penalty of existing law for their hacking back efforts.

2 days ago
Zack Whittaker / TechCrunch

Black Hat’s Pick of Will Hurd as Keynote Speaker Angers Some Cybersecurity Professionals Due to Lawmaker’s Poor Record on Women’s Rights

Some longtime attendees of one of the cybersecurity industry’s top conferences, Black Hat, are angered at the organizers’ decision to confirm Representative Will Hurd (R-TX) as the keynote speaker because of his dismal voting record on women’s rights. Hurd, a former CIA officer with cybersecurity expertise, is a self-described “pro-life” or anti-choice lawmaker with a record of voting against bills that support women’s rights. He has voted against a bill that would financially support women in STEM fields, voted in favor of allowing states to restrict access and coverage to abortions, and voted to defund Planned Parenthood. The decision to invite Hurd as keynote speaker comes at a time when women still make up a small fraction of cybersecurity professionals and efforts are continually underway to promote greater gender diversity in the field.

2 days ago
Catalin Cimpanu / ZDNet

Exim Servers Are Under Barrage of Attacks From Two Hacker Groups Seeking to Exploit Return of the WIZard Flaw, Server Owners Should Update As Soon as Possible

Exim servers, which are estimated to run nearly 57% of the internet’s email servers, are now under a barrage of attacks from two hacker groups trying to exploit a recent security flaw called Return of the WIZard (CVE-2019-10149) in order to take over vulnerable servers. The vulnerability allows remote attackers to send malicious emails to vulnerable Exim servers and run malicious code under the Exim process’ access level, which on most servers is root. Self-described security enthusiast Freddie Leeman first discovered the wave of attacks on June 9 when a first hacker group started blasting out exploits from a command-and-control server located on the clear web, at http://173[.]212.214.137/s. The second wave of attacks carried out by a second group was spotted on June 10 by Magni R. Sigurðsson, a security researcher at Cyren and on June 13 by Cybereason Head of Security Research Amit Serper.  Exim server owners should update to version 4.92 as soon as possible.

2 days ago
Zack Whittaker / TechCrunch

Two Vulnerabilities in Widely Used Hospital Infusion Pump Could Allow Attackers to Remotely Hijack and Control It

Two vulnerabilities in a widely used hospital infusion pump, the Alaris Gateway Workstation developed by medical device maker Becton Dickinson, could allow the medical devices to be remotely hijacked and controlled by attackers, researchers at CyberMDX discovered. The researchers found that an attacker could install malicious firmware on a pump’s onboard computer, which runs on Windows CE and powers, monitors and controls the infusion pumps. The flaw, CVE-2019-10959, earned a rare maximum score of 10.0 on the industry standard common vulnerability scoring system, according to Homeland Security’s advisory. A second vulnerability, scored at a lesser 7.3 out of 10.0, could allow an attacker to gain access to the workstation’s monitoring and configuration interfaces through the web browser. Becton Dickinson said device owners should update to the latest firmware, which contains fixes for the vulnerabilities.

2 days ago
Shaun Nichols / The Register

Yubico Recalls FIPS Series of YubiKey Widgets Due to Flaw That Could Make Crypto Operations Easier to Crack

Hardware authentication company Yubico said it is recalling one of its YubiKey lines after the authentication devices were found to have a security weakness. Firmware in the FIPS Series of YubiKey widgets, aimed mainly at US government use, were prone to a reduced-randomness condition that could make their cryptographic operations easier to crack in some cases, particularly when the USB-based token is first powered up. The issue affects YubiKey FIPS Series devices, versions 4.4.2 and 4.4.4 (there is no released firmware version 4.4.3). The recall covers the YubiKey FIPS, Nano FIPS, C FIPS, and C Nano FIPS models. Yubuico said that a majority of affected YubiKey FIPS Series devices have been replaced, or are in process of replacement with updated, fixed versions of the devices.

2 days ago
Sergiu Gatlan / Bleeping Computer

Now-Patched Major Vulnerability in Evernote Web Clipper for Chrome Could Allow Attackers to Steal Data From User-Visited Third-Party Websites

A critical vulnerability in Evernote Web Clipper for Chrome could allow attackers to break domain-isolation mechanisms and execute code on behalf of the user,  granting access to sensitive user information not limited to Evernote’s domain, including third-party websites, researchers at Guardio report. The problem is a Universal Cross-site Scripting (UXSS) (aka Universal XSS) tracked as CVE-2019-12592 and stemming from an Evernote Web Clipper logical coding error that made it possible to “bypass the browser’s same origin policy, granting the attacker code execution privileges in Iframes beyond Evernote’s domain.” Evernote has fully patched the vulnerability in under a week after receiving Guardio’s and rolled out the fix to all users on May 31, with the patch being confirmed as fully functional on June 4.

3 days ago
Catalin Cimpanu / ZDNet

One of The Top Suppliers of Airplane Parts, ASCO, Has Shut Down Production in Four Countries Due to Ransomware Infection

One of the world’s largest suppliers of airplane parts, ASCO, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium, placing 1,000 people on technical unemployment. The shutdown is anticipated to last for the entire week and through the weekend. The attack reportedly occurred last Friday. ASCO counts among its customer base some of the biggest names in the airline transportation and military sectors, such as Airbus, Boeing, Bombardier, and Lockheed Martin.

3 days ago
Zack Whittaker / TechCrunch

Google Now Allows iPhone and iPad Owners to Use Android Security Keys to Verify Sign-Ins

Google announced it will now allow iPhone and iPad owners to use their Android security key to verify sign-ins using a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for two-factor authentication. The security key technology is also FIDO2 compliant, meaning that it complies with a new standard that allows for passwordless authentication across devices. For the iPhone and iPad to work, users need the Google Smart Lock app installed.

3 days ago
Mary Hui / Quartz

Protestors in Hong Kong Opted for Cash-Only Single Use Subway Cards Rather Than Cheaper, More Convenient Octopus Cards to Dodge Police Surveillance

As protestors in Hong Kong gathered outside the local government offices to protest a controversial proposed extradition bill that would make it possible to extradite people from Hong Kong to mainland China to face charges, many did not use their usual rechargeable Octopus smart cards on the subway. Instead, they opted for cash-only, one-time use cards in order to dodge surveillance. The single-use cards are inconvenient and more expensive than the Octopus cards, which are tied to travelers bank accounts, but the protestors were afraid of having their card data traced back to them and used as proof that they were at the protest should arrests occur. As early as 2010, police in Hong Kong have used Octopus card data to track down criminals.

3 days ago
Yanan Wang / Associated Press

Telegram CEO Says DDoS Attack Against Messaging App Came Mostly From China and Was Timed to Hit During Hong Kong Protests

Encrypted messaging app Telegram was hit by a powerful DDoS attack from China as thousands of protestors surrounded Hong Kong government headquarters on Wednesday to protest legislation that would allow people to be extradited to mainland China to stand trial. The IP addresses of the attacker came mostly from China, Telegram CEO Pavel Durov said in a tweet. “Historically, all state actor-sized (attacks) we experienced coincided in time with protests in Hong Kong,” Durov said. “This case was not an exception.” Activists in Hong Kong and mainland China use Telegram to organize protests due to their belief in the encrypted, secure nature of the messaging service.

3 days ago
Sergiu Gatlan / Bleeping Computer

Two Microsoft NTLM Flaws Leave All Unpatched Windows Machines Vulnerable to Remote Code Execution Attacks

Windows machines that don’t have the latest security patches installed are vulnerable to remote code execution (RCE) attacks as the result of two critical flaws affecting Windows NTLM (short for NT LAN Manager) Authentication Protocol, according to researchers at Preempt. NTLM is used for client/server authentication purposes to authenticate remote users and to provide session security when requested by application protocols. Although Microsoft provides mitigations to block NTLM relay attacks, several flaws in those mitigations could be exploited by hackers. Microsoft issued security advisories and patches for the two flaws, the CVE-2019-1040 Windows NTLM Tampering Vulnerability and the CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability as part of this months Patch Tuesday fixes.

3 days ago
Sam Biddle, Matthew Cole / The Intercept

Controversial Cybersecurity Firm DarkMatter Reportedly Targeted The Intercept, Discussed Breaching Publication’s Computers in Retaliation for Negative Coverage of UAE

Controversial cybersecurity firm DarkMatter working on behalf of the United Arab Emirates (UAE) discussed targeting The Intercept and breaching the computers of its employees in retaliation for negative mentions of the Emirati government, according to two sources. Reuters earlier this year revealed that DarkMatter hired ex-National Security Agency hackers and other U.S. intelligence and military veterans together with Emirati analysts to compromise the computers of political dissidents at home and abroad, including American citizens in a project code-named Project Raven, having first poached the team from Maryland-based cybersecurity firm CyberPoint. It is not clear if an attack against The Intercept was ever carried out. DarkMatter denies that it targeted The Intercept.

3 days ago
Kim Zetter / Politico

Senators Wyden and Klobuchar Seek Answers From FBI About Whether Russia Hacked Election Software Company VR Systems During 2016 Presidential Campaign

Senators Ron Wyden (D-OR) and Amy Klobuchar (D-MN) are hoping to extract answers from the FBI about whether Russians hacked a Florida maker of election-related software VR Systems in the run-up to the 2016 presidential elections. VR Systems admits that Russians targeted the company with phishing emails in 2016 but deny that malware was implanted on its network, as Special Counsel Robert Mueller’s report on Russian interference in the 2016 election seems to indicate. Wyden and Klobuchar sent a letter to the FBI asking what steps it took in 2016, if any, to examine VR Systems servers for evidence of a breach and whether its agents ever reviewed the findings of a forensic investigation report produced by FireEye, which VR Systems hired in 2017 to determine if the Russian spearphishing campaign the previous year succeeded. The FBI did visit VR Systems in 2016 after VR Systems reported the phishing campaign, according to sources.

3 days ago

Crowdstrike Skyrockets in Its IPO, Closes First Day of Trading Up 71% for a Valuation of $11.4 Billion

Cybersecurity giant Crowdstrike soared in its trading debut Wednesday after raising $612 million in the fourth largest initial public offering for a cybersecurity company. Crowdstrike shares opened at $63.50 and rose as high as $67, 97%  over its IPO price, to close the day up 71% at $58, giving the company an $11.4 billion valuation, almost quadruple its $3 billion valuation a year ago. CrowdStrike’s IPO was led by Goldman Sachs Group Inc., JPMorgan Chase & Co., Bank of America Corp. and Barclays. The company’s shares trade on the Nasdaq Global Select Market under the symbol CRWD.

3 days ago
John D. McKinnon, Emily Glazer, Deepa Seetharaman and Jeff Horwitz / Wall Street Journal

Leaked Facebook Emails Suggest Mark Zuckerberg Knew About, Displayed Indifference to Privacy Issues Even After Company’s 2012 FTC Consent Decree

As part of an ongoing investigation into whether Facebook violated a 2012 consent decree with the Federal Trade Commission (FTC), the company has uncovered emails that appear to connect CEO Mark Zuckerberg with problematic privacy practices. The FTC investigation began its investigation a year after the personal data of tens of millions of Facebook users were compromised by Donald Trump’s political consulting firm Cambridge Analytica. Facebook has been eager to strike a deal with the FTC and sources say the incriminating emails may be one impetus to the company’s pursuit of a speedy resolution. In one email exchange that occurred after the consent decree, Zuckerberg asked employees about an app that claimed to have built a database stocked with information about tens of millions of Facebook users that could display users’ information without their permission. He did not, however, suggest a follow-up investigation as to whether this app or similar apps violated the consent decree.

3 days ago
Oscar Gonzalez / CNET

Telegram Went Down for Many Users Due to DDoS Attack, Company Explained the Situation Using Fast Food Metaphors

Secure messaging app Telegram suffered from a DDoS attack today, forcing it to go down for many users across the globe, but particularly in the Americas. Telegram took to Twitter to announce the attack using playful and often mixed fast food restaurant metaphors. The company described a DDoS attack as a situation that occurs when “your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests.” They then tweeted “Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper.”

3 days ago
Dan Goodin / Ars Technica

New Side Channel Attack RAMBleed Uses Rowhammer to Not Only Alter Sensitive Data but Also Extract It from Memory, Researchers

A new side channel attack called RAMBleed is based on a previous side channel attack called RowHammer and exploits DRAM chips that store data a computer needs to carry out various tasks to not only alter sensitive data as Rowhammer does but also extract sensitive data stored in memory regions that are off-limits to attackers, researchers at the University of Michigan, Graz University of Technology, the University of Adelaide and Data 61 discovered. The attack also introduces new ways unprivileged exploit code can cause cryptographic keys or other secret data to load into the select DRAM rows that are susceptible to extraction.  By employing memory massaging techniques with this new side-channel attack, the researchers were able to extract an RSA 2048-bit signing key from an OpenSSH server using only user-level permissions. Although hardware and software engineers will be forced to protect against RAMBleed, RAMBleed requires a fair amount of overhead and some luck to be successfully exploited and won’t have much of a real-world impact for now.

3 days ago
Natasha Lomas / TechCrunch

Football Division La Liga Fined $280,000 by Spain’s Data Protection Watchdog for Using Microphones, GPS of Fans’ Phones to Record Their Surroundings

Spanish football’s premier league division, La Liga, has been ordered by Spain’s data protection watchdog, the AEPD, to pay a €250,000 (around $280,000) fine for privacy violations of Europe’s General Data Protection Regulation (GDPR) related to its official app. The fine stems from the finding that La Liga was using the microphone and GPS of fans’ phones to record their surroundings in an effort to identify bars which are unofficially streaming games instead of paying for broadcasting rights. The app was ostensibly designed to allow users to receive minute-by-minute commentary of football matches. AEPD concluded that La Liga failed to be adequately clear about how the app recorded audio, violating Article 5.1 of the GDPR, which requires that personal data be processed lawfully, fairly and in a transparent manner.


2 days ago
ISC StormCast

#Exim Flaw Exploited; @YubiCo Recall; #Telegram Vuln; #Ghidra; VoWifi @sans_edu @0xAmit

Johannes Ullrich talks about Exim Flaw Exploited, Yubico Recalling FIPS Certified Yubikeys, Vulnerable Infusion Pumps, Telegram DDoS Attack, Ghidra Tips for IDA Users: Function Call Graphs, Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems.

2 days ago

BlueKeep: It’s Not Just About The Worm

Matt Stephenson rounded up a cast of experts, including cybersecurity author and Kip Boyle, Automox’s Richard Melick and BlackBerry|Cylance’s Scott Scheferman, to take a good hard look at BlueKeep. What is it? Where did it come from? Can it be stopped? Maybe a better question is… can it be prevented? After WannaCry and Petya/NotPetya… why is this happening again?

2 days ago
The Security Ledger

Episode 149: How Real is the Huawei Risk?

Priscilla Moriuchi of the firm Recorded Future, which released a report this week analyzing the security risks posed by Huawei, talks about the Chinese telecommunications and technology giant.

2 days ago
CYBER / Motherboard

What Happens When a US Border Protection Contractor Gets Hacked?

Joseph Cox and Motherboard EIC Jason Koebler discuss the breach of a Customs and Border Protection contractor that exposed pictures of drivers in Pennsylvania, and the implications for the future of data retention. This story comes on the cusp of groundbreaking attempts by the CBP to use facial recognition software along the border and collecting visitors social media information.

2 days ago

Hackers Demanding Ransoms Paralyze City Computer Systems In The U.S.

NY Times cybersecurity correspondent Nicole Perlroth says hacking tools developed by the NSA were stolen, posted online and are now being used in cyberattacks, including one on the city of Baltimore.

3 days ago
Defense in Depth

Camry Security

The Camry is not the fastest car, nor is it the sexiest. But, it is one of the most popular cars because it delivers the best value. When CISOs are looking for security products, are they also shopping for Camry’s instead of “best of breed” Cadillacs? The guest for this episode is Lee Vorthman, Senior Director, global security engineering and architecture, Pearson.


Cybersecurity Events

June 10-14TyphoonConSeoulSouth Korea
June 14SthackBordeauxFrance
June 15-15SummerconBrooklyn, NYUSA
June 17-18OffzoneMoscowRussia
June 17-19Hi Tech & Digital Investigations ConferenceAustin, TXUSA
June 19-20Research Innovation to Implementation in Forensic Science Symposium (RI2I)Gaithersburg, MDUSA
June 21-22BSides ClevelandCleveland, OHUSA
June 28BSides PittsburghPittsburgh, PAUSA
June 29BSides LiverpoolLiverpoolUK
June 30-July 1Nuit du HackParisFrance
July 6-7LeHackParisFrance
July 12-13SteelConSheffieldUK
July 12-13BSides Chicago 2019Chicago, ILUSA
July 22-28SANS Pen Test Hackfest Europe Summit & Training 2019BerlinGermany

Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!

Support Us!

Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.