1 week ago

HackerOne Reaches $100 Million White-Hat Hacker Bug Bounty Payout Milestone

Bug bounty platform HackerOne announced that it has paid out $100,000,000 in rewards to white-hat hackers around the world as of May 26, 2020. Since its first bounty award in 2013, HackerOne bug bounty hunters have found roughly 170,000 security vulnerabilities, according to the company’s CEO Mårten Mickos. (Bleeping Computer)
1 week ago

Researchers Discover 26 New Flaws in USB Driver Stack in Linux, macOS, Windows, FreeBSD Using New Fuzzing Tool USBFuzz

Twenty-six new vulnerabilities in the USB driver stack employed by operating systems such as Linux, macOs, Windows, and FreeBSD were discovered by researchers Hui Peng from Purdue University and Mathias Payer from the Swiss Federal Institute of Technology Lausanne. All the bugs were found with a new tool they created, named USBFuzz. This software-emulated USB device is what is called a “fuzzer” that lets security researchers send large quantities of invalid, unexpected, or random data as inputs to other programs. Although the researchers found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reboot and one freezing the system), and four in Windows 8 and Windows 10 (resulting in Blue Screens of Death), the vast majority, eighteen in total, were found in Linux. Sixteen were memory bugs of high-security impact in various Linux subsystems (USB core, USB sound, and net-work), one bug resided in the Linux USB host controller driver, and the last in a USB camera driver. Of the 18 Linux bugs, the research team said 11 received a patch after they reported the flaws to the Linux kernel team, with the remaining flaws slated to be patched in the near future. (ZDNet)
1 week ago

Pablo Escobar’s Brother Sues Apple for $2.6 Billion, Says He Was Hacked Due to Lax Security on His iPhone

Pablo Escobar’s brother, Roberto, is suing Apple for $2.6 billion over claims his address was compromised because of poor iPhone security. Roberto says his life was threatened because of lax security protocols on his phone and claims he got a “life-threatening letter” from someone called Diego. Diego said he hacked Roberto’s phone via FaceTime. Roberto said that his investigation found his iPhone had been compromised due to a FaceTime vulnerability. To spite Apple, Roberto has also published a website called ripapple.com, where he is selling 24K Gold iPhone 11 Pro models for the astonishing cut price of $499. (iMore)
1 week ago

Attacks on Corporate Cloud Services Soared 630% Early This Year as Cybercriminals Sought to Exploit Remote Working

Cyberattacks targeting corporate cloud services have increased by 630 percent between January and April of this year as cybercriminals look to exploit the rise in remote working to gain access to corporate accounts, McAfee said in its recent Cloud Adoption & Risk Report. In most cases, these attempts at hacking cloud accounts are brute-force attacks, with cybercriminals attempting common or simple passwords in an effort to gain access. The attacks come in two broad categories excessive usage from an anomalous location or what researchers call ‘suspicious superhuman,’ which involves multiple login attempts in a short amount of time from geographically disparate sites. (ZDNet)
1 week ago

Over 26 Million LiveJournal Users’ Data, Including Plain Text Passwords, Available for Free on Hacker Forums

A database containing over 26 million unique LiveJournal user accounts, including plain text passwords, is being shared for free on multiple hacker forums according to posts sharing links to a data dump containing 33,717,787 unique accounts. Several people have also shared the LiveJournal database with Troy Hunt of HaveIBeenPwned. According to various posts regarding the database, it includes email addresses, usernames, profile URLs, and passwords. The passwords were converted to plain text after initially being stored as MD5 hashes. Hunt believes the database reflects a LiveJournal breach that has been rumored about this month. LiveJournal users should check the Have I Been Pwned data breach notification service to see if this data dump affects them. (Bleeping Computer)
1 week ago

Romanian ATM Skimming Group in Mexico Has Been Protected by Senior Government Attorney Complaint Alleges

A group of Romanians operating an ATM company in Mexico suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines has enjoyed legal protection from a senior anti-corruption official in the Mexican attorney general’s office, according to a new complaint filed with the government’s internal affairs division. The complaint centers on Camilo Constantino Rivera, who heads the unit in the Mexican Special Prosecutor’s office responsible for fighting corruption, and alleges that his brother has served as a security escort and lawyer for Floridan Tudor, the reputed boss of a Romanian crime syndicate recently targeted by the FBI for running an ATM skimming and human trafficking network that operates throughout Mexico and the United States. As a side note, a text exchange seems to indicate Tudor’s group contemplated taking a hit on the life Brian Krebs for uncovering their operation in a 2015 investigation. (Krebs on Security)
1 week ago

German Government Warns That Russian State-Backed Hacking Group Berserk Bear Continues to Attack Critical Infrastructure

A hacking group called Berserk Bear, which some analysts believe works on behalf of Russia’s FSB intelligence agency, has continued long-running efforts to target German critical infrastructure companies, according to a confidential German government advisory. The group has been using the supply chain to access the IT systems of German energy, water and power companies, according to the alert from the BSI, BND, and BfV federal agencies. Berserk Bear is best known in the U.S. for a years-long campaign to collect data on U.S. energy companies, which the Trump administration blamed on the Russian government in 2018, (Cyberscoop)
1 week ago

Microsoft Bans Trend Micro Driver After Code Appears to Cheat Its QA Tests

Microsoft blocked a Trend Micro driver from running on Windows 10, and Trend Micro has withdrawn downloads of its rootkit detector called Rootkit Buster that uses the driver after the code appeared to cheat Redmond’s QA tests, Windows internals guru Alex Ionescu discovered. Ionescu discovered the blockade while investigating research by 18-year-old computer security undergrad Bill Demirkapi that revealed not only shortcomings in the driver’s code but also an effort to detect Microsoft’s QA test suite. The kernel at the heart of Rootkit Buster, tmcomm.sys, alters the way it allocates memory to pass Microsoft’s Windows Hardware Quality Labs (WHQL) certification tests, Demirkapi found. The Register verified Demirkapi’s findings, but Trend Micro has ignored repeated requests for an explanation, although it denied trying to cheat quality assurance tests. Trend Micro did say it has removed Rootkit Buster for another unknown vulnerability. (The Register)
1 week ago

DoubleGuns Trojan Is Largest Malware Botnet Targeting Chinese Users, Qihoo 360 and Baidu Aim to Disrupt Its Operations

For the past three years, the DoubleGuns trojan, which targets Windows devices, has become one of China’s largest malware botnets, according to Chinese antivirus vendor Qihoo 360. DoubleGuns is exclusively found in China and is believed to have infected hundreds of thousands of Chinese users. Distributed primarily via boobytrapped apps shared on Chinese websites, primarily infects users with MBR and VBR bootkits, installs various malicious drivers, and then steals credentials from local apps, with a focus on Steam accounts. It also acts as an adware and spamming module. Qihoo 360 says it recently teamed up with fellow Chinese tech giant Baidu to disrupt the botnet’s operations. (ZDNet)
1 week ago

Ukrainian Member of Prolific Financial Hacking Group Fin7 Arrested and Extradited From Thailand

U.S. authorities recently obtained the arrest of an alleged member of the prolific financial-hacking group known as Fin7. Their victims include Chipotle and other fast-food restaurants, casinos, and credit unions, according to newly unsealed court records. Authorities arrested Ukrainian national Denys Iarmak, also known as GakTus, who allegedly broke into victims’ systems without their knowledge and was extradited from Thailand. In chat logs dating from 2017 appended to the arrest complaint, Iarmak provided another member of Fin7 with user credentials for a compromised U.S. business as well as internal system information from a target. (Motherboard)
1 week ago

Strandhogg 2.0 Vulnerability Imitates Legit Apps to Steal Passwords, Sensitive Data and Affects Almost Every Version of Android

Security researchers have found a significant vulnerability, dubbed Strandhogg 2.0, in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data. The “evil twin” to an earlier bug of the same name, according to Norwegian security firm Promon, which discovered both vulnerabilities six months apart, Strandhogg 2.0 tricks a victim into thinking they’re entering their passwords on a legitimate app while instead interacting with a malicious overlay. It can also hijack other app permissions to siphon off sensitive user data, like contacts, photos, and track a victim’s real-time location. Promon and Google say they’ve found no evidence of Strandhogg 2.0’s exploitation. Promon said updating Android devices with the latest security updates will fix the vulnerability. (TechCrunch)
1 week ago

Samsung Debuts Second-Generation Security Chip to Protect Mobile Payments and Cryptocurrency Wallets, Secure Booting Process

Samsung introduced its second-gen security chip (S3FV9RR) for smartphones, which is akin to Apple‘s T2 and Google’s Titan M chips and is designed to secure the booting process, parts of storage, and mobile-based payments. The new chip is certified with Common Criteria (CC) EAL 6+ security standard, one of the most secure mobile solutions used for such items as e-passports and hardware cryptocurrency wallets. (The Next Web)
2 weeks ago

New Attacks by Russian State-Sponsored Hacking Group Turla Uses Updated Version of ComRAT Malware Capable of Exfiltrating Antivirus Logs, Controlling Malware Using Arbitrary Gmail Inbox

New attacks carried out by Turla, one of Russia’s most advanced state-sponsored hacking groups, targeted a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe, researchers at ESET report. The attacks took place in January 2020 and represent the continuation of attacks by the group against diplomatic and military entities. The attacks stand out because they used updated versions of ComRAT malware, also known as Agent.BTZ, one of Turla’s oldest weapons.  This updated version of what is known as ComRAT v4 includes two new features, such as the ability to exfiltrate antivirus logs and the ability to control the malware using attachments sent to an arbitrary Gmail inbox. Despite the changes, the malware is still primarily used as a second-stage payload on already infected hosts. (ZDNet)
2 weeks ago

Demand for Virtual Private Networks in Hong Kong Soars As Fears of Beijing Surveillance and Censorship Rise

Demand for virtual private networks in Hong Kong jumped more than six-fold last Thursday as Beijing proposed stringent new national security laws for the financial hub, VPN provider Atlas VPN said. VPN installations surged again on Friday, up more than three-fold from the previous day, while search interest in the keyword term “VPN” rocketed 1,680% on May 21 from a day earlier, the company said. Unlike mainland China, which governs Hong Kong, residents in Hong Kong are allowed unrestricted Internet access. But Beijing said it plans to enact national security laws there sparking fears that increased surveillance and censorship are on the way. (Reuters)
2 weeks ago

EasyJet Hit With $2.2 Billion Class-Action Lawsuit Under GDPR Over Massive Data Breach

Law firm PGMBM has issued a class-action claim against EasyJet over its widescale data breach in the High Court of London with a potential liability of £18 billion, or around $2.2 billion. The claim contends that although the airline had announced the breach on May 19, it occurred four months earlier in January, leaving those at risk potentially open to attack for months. The firm is taking action under Article 82 of Europe’s General Data Protection Regulation (GDPR), which gives customers the right to compensation for inconvenience, distress, annoyance, and loss of control of their data. (ITPro)