2 weeks ago

Red Cross, Leading Political and Business Figures Call for End to Cyberattacks on Healthcare and Medical Research Facilities During Pandemic

In a letter published Tuesday and signed by a group of prominent political and business figures, the Red Cross called for an end to cyberattacks on healthcare and medical research facilities during the coronavirus pandemic. Among the 42 leaders who co-signed the letter are Microsoft President Brad Smith and former U.S. Secretary of State Madeleine Albright. The letter was initiated by the non-government CyberPeace Institute whose mission is to prevent the internet from becoming “weaponized.” The appeal for the end to these cyberattacks follows digital assaults in recent weeks against medical facilities, including in the Czech Republic, France, Spain, Thailand, and the United States, international organizations such as the World Health Organization and other health authorities, the letter notes. (Reuters)
2 weeks ago

Hacking Attacks Hit Israeli Research Institutes Working on Coronavirus Vaccines, Goal is Sabotage Not Information Theft, Report

Israeli research institutes working on producing a vaccine for the novel coronavirus were targeted in widespread hacking attacks last week, according to a report from Israel’s News Channel 12. The hackers did not aim to steal information from the research centers, as has been true from other similar attacks against coronavirus researchers around the world, but attempted to sabotage the research process. These attacks follow a seemingly escalating round of recent digital attacks between Israel and Iran that started with a foiled cyber attack against Israel’s water supply, widely attributed to Iran. (Times of Israel)
2 weeks ago

Thousands of Enterprise Servers Believed to Be Infected With Cryptocurrency-Mining Malware Delivered by ‘Blue Mockingbird’ Group

Thousands of public-facing servers running ASP.NET apps that use the Telerik framework for their user interface (UI) component are believed to have been infected with a cryptocurrency-mining malware operated by a group tracked under the codename of Blue Mockingbird, according to cloud security firm Red Canary. The hackers are exploiting a Telerik UI vulnerability to plant a web shell on the attacked server. They then use a version of the Juicy Potato technique to gain admin-level access and modify server settings to obtain (re)boot persistence. After they gain access, they download and install a version of XMRRig, a popular Monero miner.  If the infected servers are connected to a company’s internal systems, the group also attempts to spread internally via weakly-secured RDP (Remote Desktop Protocol) or SMB (Server Message Block) connections. (ZDNet)
2 weeks ago

Hacker Tries to Sell 80,000 Users’ Data Purportedly Stolen From Cryptocurrency Wallets and Shopify, Companies Deny They’ve Been Breached

A hacker with a history of dubious claims is purportedly trying to sell customer information on 80,000 people that stems from companies like Keepkey, Trezor, Ledger, and even the investment platform Bnktothefuture, according to data breach monitoring service Under the Breach. Although passwords aren’t included, the hacker is offering detailed information that was stolen from an alleged Shopify breach like email addresses, home addresses, and phone numbers. The team at Under the Breach says the hacker is the same hacker who breached the Ethereum forum. Ledger and the company that makes Trezor hardware wallets deny their Shopify databases were breached. Shopify said it found no evidence of a breach. (Bitcoin News)
2 weeks ago

Thailand’s Largest Cell Network AIS Pulls Offline Unprotected Database Which Exposed Millions of Users’ DNS Queries and Netflow Data

Thailand’s biggest mobile operator AIS has pulled a database offline that was leaking billions of real-time internet records on millions of Thai internet users after security researcher Justin Paine discovered it unprotected without a password. The database contained DNS queries and Netflow data that could be used to reconstruct a user does in real-time. An AIS spokesperson confirmed and apologized for the security lapse after failing to respond to Paine’s attempts to contact the company and after Paine reported the apparent security lapse to Thailand’s national computer emergency response team, known as ThaiCERT. (TechCrunch)
2 weeks ago

Around 70% of All High Severity Bugs in Chrome Codebase Are Memory Unsafety Problems

Roughly 70% of all high severity security bugs in the Chrome codebase are memory unsafety problems (mistakes with C/C++ pointers), according to an analysis by the Chromium Project of 912 high or critical severity security bugs since 2015. Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome’s inner components. Last year, Microsoft engineers also said that around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. (ZDNet)
2 weeks ago

Maze Ransomware Operators Dump Payment Card Data From Customers of Bank of Costa Rica, Bank Still Denies It Has Been Hacked

Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR) and say they are doing it to invalidate BCR’s repeated denials that they have been hacked. In a post on their “leak” site this week, Maze operators shared a 2GB spreadsheet with payment card numbers from BCR customers. The hackers say they want to draw attention to the bank’s security lapses when it comes to protecting sensitive information. On April 30, Maze ransomware operators claimed to have more than 11 million cards from BCR, with 4 million being unique and 140,000 belonging to “US citizens.” Despite verification of some of the data in the Maze hackers’ dumps, BCR still contends it has not been hacked. (Bleeping Computer)
2 weeks ago

Twenty Percent of GitLab Employees Fell for Phishing Emails, Only Twelve Percent Reported the Emails as Suspicious

Code repository management firm GitLab decided to phish their employees to see what would happen with one in five employees falling for the fake emails. The team designed the phony phishing attack to mimic a basic attack concentrating on primary authentication credentials via a fake login page. The GitLab team set up everything to look legitimate after purchasing the domain name gitlab.company. Seventeen of fifty employees tested fell for an email that asked them to click on a link to accept an upgrade. Only six employees who received the fake phishing email reported the email as suspicious to GitLab’s security operations team. The link led to a counterfeit credentials sign-in page. (Silicon Angle)
2 weeks ago

Boris Johnson Seeks to Reduce Huawei’s Involvement in 5G Network Down to Zero by 2023

UK Prime Minister Boris Johnson plans to reduce Huawei’s involvement in Britain’s 5G network in the wake of the coronavirus outbreak and has instructed officials to draw up plans that would see China’s participation in the UK’s infrastructure scaled down to zero by 2023, compared to initial plans to reduce the company’s involvement to 35% by then. The move follows a significant push by the U.S. to force the UK to eliminate Huawei gear from its 5G network based on supply chain threat fears that Beijing can order its tech suppliers to build in backdoors or spying capability into their wares. (Telegraph)
2 weeks ago

Dogfood Build of Google Messages Version 6.2 Shows Google Incorporating End-to-End Encryption for RCS

An internal “dogfood” build of Google Messages version 6.2 obtained by APKMirror shows that Google is contemplating the incorporation of end-to-end encryption for RCS (rich communication service) messaging. Some see RCS as the true successor to SMS and MMS messages and an open competitor to Apple’s iMessage. To date, Google has suffered a competitive disadvantage because iMessage has the benefit of end-to-end encryption, while its Google Messages have not. According to the dogfood build which Google employees are using, users will be able to set whether other Android apps that have permission to see your messages can also read their encrypted messages. They will also be reminded that your messages are encrypted when sharing your location. (9to5Google)
2 weeks ago

Just-Released iOS Jailbreak Is Based on Zero-Day Flaw and Works on All Recent Versions, Apple Will Likely Take Weeks to Issue Fix

The jailbreaking team Unc0ver released a tool that will jailbreak all versions of iOS from 11 to 13.5. It is a jailbreak built on the first zero-day vulnerability in years, and Unc0ver did not disclose its findings to Apple in advance, meaning that there’s no patch coming in the next few days that will block the jailbreak. Security researchers who have tested say it’s stable. The flaw resides in iOS’s kernel.  Unc0ver’s lead developer Pwn20wnd and independent iOS security researchers estimate that it will take Apple two to three weeks minimum to prepare a fix unless they have already found the bug independently. (Wired)
2 weeks ago

Very Early Leaked Version of iOS 14 Came From Development Phone, Gives Hackers and Jailbreakers Huge Lead, Sources

Security researchers and hackers have had access to a leaked early version of iOS 14, the iPhone’s next operating system, since at least February, eight months earlier than the new iOS is usually published. Sources in the jailbreaking community familiar with the leak told us they think that someone obtained a development iPhone 11 running a version of iOS 14 dated December 2019, which was made to be used only by Apple developers. Sources say the person paid Chinese developers thousands of dollars for the development phone and then extracted the iOS in the jailbreaking community. Although the final iOS likely will look different, iPhone hackers and researchers now have substantial lead time in which they’re able to probe iOS 14 to look for vulnerabilities in whatever is eventually released to the public. (Motherboard)
2 weeks ago

Data on 2.3 Million Voters’ Private Information Posted on Hacking Forum, Hacker Threatens to Release Data on 200 Million People

Indonesia’s General Election Commission (KPU) is investigating the release of 2.3 million voters’ private information on a hacker website along with a threat to release of the data of about 200 million people. The electoral data from the world’s fourth most-populous nation was posted anonymously on the hacking forum raidforums. KPU said it is looking for the source of the data but denied the leak had originated from the commission’s servers, saying the same data had been shared with political parties and presidential candidates, in line with the law. The leak was first reported by the data breach monitoring firm Under the Breach. (Reuters)
2 weeks ago

Coronavirus Tracing App Developed for North and South Dakota Sends Location Data to Third Parties

Care 19, a coronavirus tracing app developed for both North and South Dakota, which launched in April sends location data to Foursquare, along with something called an Advertising Identifier (commonly referred to as an IDFA), to third parties including Google and data intelligence company Foursquare privacy research firm Jumbo discovered. Foursquare said the Care 19 app data is promptly deleted. The app is also sending data to a company called Bugfender, which said the data doesn’t correlate any information to the user. The developer of the app, a company called ProudCrowd, admitted it provides the users’ data to third parties but said it does not do so for commercial purposes. (Washington Post)
2 weeks ago

Hackers Switched Up Tactics After Sophos Fixed Vulnerability In Firewall Product, Tried to Deploy Ransomware Instead of Stealing Data

UK cybersecurity company Sophos said that following fixes it applied after a series of attacks aimed to exploit a zero-day vulnerability in its XG firewall product, the attackers panicked and modified their attack routine. They switched up tactics and replaced their original data-stealing payload and tried to deploy ransomware on corporate networks protected by Sophos firewalls. The initial attacks occurred on April 22 and April 26. The new attacks, which failed, included a payload chain encompassing EternalBlue, DoublePulsar and Ragnarok exploits, implants, and malware. (ZDNet)