Search Results for “ZDNet”


May 29, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
GitHub Warns of New Malware Strain ‘Octopus Scanner’ Spread on the Site via Boobytrapped Java Projects

GitHub issued a security alert on warning about a new malware strain, which GitHub’s security team has named Octopus Scanner, that’s been spreading on its site via boobytrapped Java projects. The malware has been found in 26 repositories managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications. GitHub says that when other users would download any of the 26 projects, the malware would behave like a self-spreading virus and infect their local computers. When fully executed, the malware would allow the Octopus Scanner operator to rummage through an infected victim’s computer, looking for sensitive information. Although GitHub found only 26 infected projects, it believes many other projects were infected.

June 9, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Severe ‘Call Stranger’ Vulnerability in IoT Core Protocol UPnP Allows Attackers to Hijack Devices for DDoS, Security Bypass Attacks

A severe vulnerability called Call Stranger resides in a core protocol, UPnP, or Universal Plug and Play,  which is found in almost all internet of things (IoT) devices, according to security researcher Yunus Çad?rc?, Cyber Security Senior Manager at EY Turkey. It allows attackers to hijack smart devices for distributed denial of service (DDoS) attacks, but also for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network. This bypass effectively grants attackers access to areas where they usually wouldn’t be able to reach.

May 29, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Japanese Telecom and Tech Giant NTT Says Hackers Gained Access to It Internal Network and Stole Data on 621 Customers

Japanese telecommunications and technology giant Nippon Telegraph & Telephone (NTT) disclosed a security breach in which hackers gained access to its internal network and stole information on 621 customers from its communications subsidiary, NTT Communications. The hack, which originated from an NTT base in Singapore, took place on May 7. NTT says it became aware of the intrusion on May 11. The hackers breached several layers of its IT infrastructure and reached an internal Active Directory (AD in the graph below) to steal and upload data to a remote server. NTT says it took down the hacked systems as soon as it learned of the incident and is now upgrading its infrastructure.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Used Vulnerability in Cisco SaltStack Software Package to Compromise Servers, Patches Issued

Cisco has revealed a breach saying that hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers: us-1.virl.info, us-2.virl.info, us-3.virl.info, us-4.virl.info, vsm-us-1.virl.info, vsm-us-2.virl.info. The servers provide the backend infrastructure for VIRL-PE (Internet Routing Lab Personal Edition), a Cisco service that lets users model and create virtual network architectures to test network setups before deploying equipment in real situations. Cisco patched and remediated all hacked VIRL-PE servers on May 7, when it deployed updates for the SaltStack software. However, Cisco says that two of its commercial products, Cisco VIRL-PE, and Cisco Modeling Labs Corporate Edition (CML), also bundle the SaltStack software package as part of their firmware. Cisco also released patches for these products as well.

July 2, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
A Hacker Has Left Ransom Notes on Nearly 23,000 or Nearly Half of MongoDB Databases Accessible Online

A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, Victor Gevers, a security researcher with the GDI Foundation, has confirmed. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment. The hacker threatens to leak the victims’ stolen data within two days if no payment is made and threatens to contact the victim’s local General Data Protection Regulation (GDPR) enforcement authority to report their data leak.

May 28, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Windows 10 2004 Starts Rolling Out to Users With a Host of Security Improvements in Windows Sandbox, WiFi Communications, and More

The Windows 10 May 2020 update, also known as Windows 10 2004, is starting to roll out to users, complete with new features on the security front. Among the improvements are new features that make it easier to automate Windows Sandbox in enterprise testing environments. Windows 10 v2004 now supports the latest versions of the WiFi wireless communications standard and WPA, the protocol used to authenticate WiFi connections., which include protection against a series of attacks, such as DragonBlood, KRACK, and more. Other enhancements include improved System Guard Secure, that checks for secure firmware loading, new security baselines that ensure basic security features are enabled, and much more.

Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Indian Hack-for-Hire Firms Sought to Exploit Coronavirus Crisis With High-End Phishing Campaigns Targeting Business Leaders

Many “hack-for-hire” firms based in India that have been creating Gmail account spoofing the WHO were significantly responsible for one of the most common trends among nation-state and high-end cybercrime operators in Q1 2020, according to the inaugural quarterly report of the Google Threat Analysis Group (TAG). The spoofed accounts sought to exploit the coronavirus crisis by running phishing campaigns that mostly targeted business leaders in financial services, consulting, and healthcare corporations within numerous countries, including the US, Slovenia, Canada, India, Bahrain, Cyprus, and the UK. The TAG report also noted the rising number of political influence operations carried out by governments across the world since many of these operations are now taking place on Google’s network of sites, such as YouTube, the Play Store, AdSense, and the rest of its advertising platforms. TAG said it tracked seven influence operations in Q1 2020.

Related: Cyberscoop, Google Threat Analysis Group, Reuters, Reddit – cybersecurity

Tweets:@cyberscoopnews @camillefrancois @virusbtn


April 14, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Who Breached San Francisco Airport Websites Believed to Be Part of Russian Threat Group Energetic Bear

Cybersecurity firm ESET said that hackers believed to be operating on behalf of the Russian government as part of a threat group known as Energetic Bear (also known as DragonFly) were responsible for hacking two websites operated by the San Francisco International Airport (SFO), SFOConnect.com and SFOConstruction.com. Although San Francisco officials said that the hackers implanted code to steal login credentials, in a series of tweets, ESET said that “the targeted information was NOT the visitor’s credentials to the compromised websites, but rather the visitor’s own Windows credentials.” The goal was to steal NTLM hashes (usernames and passwords) that can be cracked to obtain a cleartext version of a user’s Windows password, ESET said. SFO changed its password after the website hacks, which is enough to prevent the hackers from using the stolen hashes.

Related: BleepingComputer.com, The Daily Swig, CISO MAG, Infosecurity Magazine, Homeland Security Today, Data Breach Today

Tweets:@ESETresearch


April 16, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Personal Data and Hashed Passwords for Four Million Quidd Users Found Circulating in Underground Forums

Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, with the details of around four million Quidd users now circulating in underground forums, according to Risk Based Security. The data contains Quidd usernames, email addresses, and hashed account passwords. A hacker known as ProTag was the one who took credit for the breach and first put the Quidd data for sale, according to two different sources, with one source saying that the Quidd information has been trading privately among high-level groups for months.

July 4, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Like TikTok, LinkedIn Was Spotted Accessing Shared Clipboard Feature in Upcoming iOS 14 Beta Feature

A bug in LinkedIn’s new beta version of iOS 14 allowed the app to read the clipboard content after every user keypress, even accessing the shared clipboard feature that enables iOS apps to read content from a user’s macOS clipboard, a user discovered. For the new iOS 14 coming in the fall, Apple has added a new privacy feature that shows a quick popup that lets users know when an app has read content from their clipboard. Using the new mechanism, users discovered last week that TikTok was likewise reading users’ content from their clipboards. LinkedIn said the spotted behavior was a bug and not an intended feature and plans to issue a fix.

Related: Privacy Online News, AppleInsider, HackRead, Exploit One, Reddit – cybersecurity, The Verge, Privacy Online News, Trusted Reviews, 9to5Mac, Slashdot

Tweets:@DonCubed @eberger45