Search Results for “Shaun Nichols”


August 22, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
More Than 70% of Newly Registered Domains Are Suspicious, Not Safe for Work or Malicious, Admins Should Ban Access to Domains Less Than Month Old, Palo Alto’s Unit 42

More than 70 percent of newly registered domains (NRDs) fall under the classification of “suspicious,” “not safe for work,” or “malicious” according to a study by Palo Alto Network’s Unit 42. The security company says these findings justify their recommendation that admins banning access to any web domain less than a month old. At the minimum, if access to NRDs is allowed, then alerts should be set up for additional visibility, the company says. In its study of new domains created on 1,530 different top-level domains (TLDs) from March to May of this year, the company says just 8.4 percent of NRDs could be confirmed as hosting only benign pages, 2.32 percent were confirmed not safe for work, while 1.27 percent of the domains were classified as malicious. The solid majority of NRDs, 69.73 percent, fell under the label of “suspicious.

August 21, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Rapidly Growing Russian Hacking Crew Silence Now Operates in More Than 30 Countries, Has Stolen at Least $4.2 Million From ATMs Around the World

The rapidly growing and increasingly sophisticated Russian hacking crew dubbed Silence, active since 2016, is now operating in more than 30 countries and has so far been able to infiltrate banks’ computer networks to siphon at least $4.2m from compromised cash machines around the world, researchers at Group-IB report. Since July, Silence has sent out more than 170,000 emails to banks around the world, with a focus on Asia, where 80,000 booby-traped, malware-laden messages were sent. Once Silence penetrates the banks’ networks, they gain control of the servers managing the cash machines and card processing systems and then direct money mules to specific ATMs to collect the cash.

September 13, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Fraud Ring That Made Bulk Purchases of Tickets Offered on Groupon Left Database of Thousands of Fake Accounts Exposed Online

A fraud ticket ring that likely used an army of as many as 20,000 fake accounts and stolen credit card numbers to make bulk purchases of tickets being offered at a discount on Groupon left a database exposed online that contained details on scores of accounts on ticket purchasing sites, according to researchers at VPNMentor. Groupon had been tracking a similar fraud ring since 2016 but the company is unsure if the two sets of scammers are the same. Groupon said the exposed databases consisted of nothing more than marketing emails and that no more than 673 purchases had been made by the crooks.

September 14, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Apple’s Upcoming iOS 13 Has Reappearance of Lock-Screen Bypass That Gives Attackers Access to Contact List

Apple’s upcoming iOS 13, slated for release on September 19, appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware security researcher Jose Rodriguez has demonstrated in a video. The bypass involves receiving a call and opting to respond with a text message and then changing the “to” field of the message, which can be accomplished via voice-over.  The “to” field pulls up the owner’s contacts list, giving an unauthorized miscreant the ability to crawl through the address book without ever needing to actually unlock the phone. Apple refused to give Rodriguez a bug bounty for discovering this flaw because researchers can’t claim bug rewards on beta builds of the operating system the company says.

April 3, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Network Intruders Are Covering Tracks More, Staying on Victims’ Networks Longer, and Using ‘Island Hopping’ Supply Chain Attacks to Move Across Multiple Networks, Carbon Black

Network intruders are doing more to cover their tracks in hopes of staying on the victim’s network for longer periods of time, according to security company Carbon Black, which analyzed various incident reports from about 40 of its enterprise customers. The company said it logged a five percent jump (ten percent in the last six months) in reports of hackers using measures to hit back at security tools and administrators, such as deleting logs and disabling antivirus, from 46 percent in Q3 2018 to 56 percent in Q1 2019. Fueling this growth is the rise of attacks from China and Russia targeting intellectual property, which was cited as the motivation for 22 percent of the attacks last quarter, up from only 5% during the preceding quarter.  Another factor fueling the growth was the rise of “island hopping,” when attackers work their way from one compromised network to that of another company further up the supply chain. Half of the attacks during the last quarter were carried out as part of an “island hopping” operation that originated at a supply chain member or other partner company.

June 7, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Democratic Senators Want Answers From Quest Diagnostics, LabCorp on Security Practices Following AMCA Breach, Two New Firms, OPKO Health and BioReference, Also Compromised

Two Democratic Senators from New Jersey, Robert Menendez and Cory Booker, sent a letter seeking some basic information on blood-testing outfit Quest Diagnostics’ security practices and how it plans to handle the massive security fail by its debt collection business partner American Medical Collections Agency (AMCA). Data records on nearly 12 million of Quest’s customers were exposed after hackers broke into AMCA’s databases. The senators want to know how the hack was not noticed by Quest nor AMCA for eight months, and whether Quest performed any tests or audits on the security both its internal records and the data it entrusted to outside partners. The letter to Quest follows a similar letter the Senators sent to rival testing firm LabCorp, which had 7.7 million patient records stored in a hacked AMCA database, 200,000 of which contained credit card or bank account info that was siphoned off by the intruders. Meanwhile, it has emerged that two other firms were implicated in the AMCA breach: OPKO Health, which had records of 422,600 people compromised, and BioReference Laboratories, which has acknowledged that the breach may have exposed data on more than 20 million patients.

June 13, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Yubico Recalls FIPS Series of YubiKey Widgets Due to Flaw That Could Make Crypto Operations Easier to Crack

Hardware authentication company Yubico said it is recalling one of its YubiKey lines after the authentication devices were found to have a security weakness. Firmware in the FIPS Series of YubiKey widgets, aimed mainly at US government use, were prone to a reduced-randomness condition that could make their cryptographic operations easier to crack in some cases, particularly when the USB-based token is first powered up. The issue affects YubiKey FIPS Series devices, versions 4.4.2 and 4.4.4 (there is no released firmware version 4.4.3). The recall covers the YubiKey FIPS, Nano FIPS, C FIPS, and C Nano FIPS models. Yubuico said that a majority of affected YubiKey FIPS Series devices have been replaced, or are in process of replacement with updated, fixed versions of the devices.

June 19, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Collection Agency Behind Breach of 20 Million Medical Testing Patient Records Seeks Chapter 11 Bankruptcy

Retrieval Masters Creditors Bureau, also know as American Medical Collection Agency (AMCA), told the Southern New York US District Court this week that it is seeking Chapter 11 bankruptcy protection after AMCA’s patient databases, which stored personal and banking details of millions of people, including medical testing companies, were attacked by hackers. Breached atient data for medical testing companies Quest Diagnostics (12 million records exposed), LabCorp (8 million), BioReference Laboratories (423,000), Carecentrix (500,000), and Sunrise Laboratories, added up to more than 20 million records.

July 11, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
New Invasive Variant of Notorious Surveillance Malware FinSpy Found Targeting iOS and Android Users in Myanmar, Capable of Collecting Data From Wide Range of Applications

A new variant of the notorious commercial spyware FinSpy, also known as FinFisher, developed by Gamma Group and used by oppressive regimes around the world, has been found targeting iOS and Android users in Myanmar, researchers at Kaspersky report. This latest version is particularly invasive in its ability to collect user chats, physical movements, and stored files from a wide range of applications. Kaspersky notes that the mobile implants are capable of collecting personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data from the most popular messengers. Getting the malware onto a device require spies to either have direct access to the handheld or use an exploit from a third-party.

Related: The Hacker News, fossBytes, Security AffairsSecurelist, Forbes, ZDNet, IT Wire

Tweets:@virqdroid @fs0c131y


July 16, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Flaw in Amadeus Flight Reservation System Could Have Allowed Attackers to View Travelers’ Boarding Passes

A now-patched vulnerability in the Amadeus flight reservation system used by major airlines around the world could, or may, have been exploited by miscreants to view strangers’ boarding passes, David Stubley, CEO at UK security consultancy 7 Elements discovered. The flaw, a classic insecure direct object reference (IDOR) vulnerability affecting half the world’s major carriers, was in Amadeus’ check-in app used by the airlines. It allowed an attacker to switch the ID number on a URL sent when travelers went to view their boarding passes. Amadeus patched the bug after Stubley notified them. This gaffe is the second major security problem afflicting Amadeus, which earlier this year patched a problem that allowed strangers to access and edit travelers’ reservation pages and name records.