Top CyberSecurity News For November 20th 2016

  1. Second Chinese Firm in a Week Found Hiding Backdoor in Firmware of Android DevicesFrom Bleeping Computer.

    Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target’s phone with root privileges.

    Mobile experts from Anubis Networks discovered the problem this week. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoo in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd. This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.

Advertisements

Top CyberSecurity News For November 19th 2016

  1. Hacker Breaks into Italian Government Website, 45,000 Users ExposedFrom Softpedia. 

    Hacker Kapustkiy just managed to break into another government website, this time in Italy where the target was the Dipartimento della Funzione Pubblica.

    Specifically, using a simple SQL injection, Kapustkiy got access to a database of no less than 45,000 users, including login credentials for services being handled by Italian cities.

    Kapustkiy took to Pastebin to share part of the database, saying that he decided to leak only 9,000 of the entries in order to give time to the Italian authorities to fix the security flaw.

    The worst thing, however, is that Italian officials have until now ignored the hacker’s emails, and Kapustkiy told us that he already contacted the site’s administrators to tell them about the breach, but all his messages received absolutely no response.

    “I did not get any response from them. I hope that they will look in the database now after this breach and make their security better,” he told us.

    We’ve also reached out to the Italian ministry to ask for more information about the hack, but at the time of publishing this article, an answer is not yet available – we will update the post if an official statement is provided.

Top CyberSecurity News For November 18th 2016

  1. Adobe Fined $1M in Multistate Suit Over 2013 Breach; No Jail for Spamhaus AttackerFrom KrebsOnSecurity. 

    Adobe will pay just $1 million to settle a lawsuit filed by 15 state attorneys general over its huge 2013 data breach that exposed payment records on approximately 38 million people. In other news, the 39-year-old Dutchman responsible for coordinating an epic, weeks-long distributed denial-of-service attack against anti-spam provider Spamhaus in 2013 will avoid any jail time for his crimes thanks to a court ruling in Amsterdam this week.

    On Oct. 3, 2013, KrebsOnSecurity broke the story that Adobe had just suffered a breach in which hackers siphoned usernames, passwords and payment card data on 38 million customers. The intruders also made off with digital truckloads of source code for some of Adobe’s most valuable software properties — including Adobe Acrobat and Reader, Photoshop and ColdFusion.

Top CyberSecurity News For November 17th 2016

  1. This $5 Device Can Hack Your Locked Computer In One MinuteFrom Motherboard. 

    Next time you go out for lunch and leave your computer unattended at the office, be careful. A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks.

    Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there’s a browser open in the background.Kamkar explained how it works in a blog post published on Wednesday.

Top CyberSecurity News for November 16th 2016

  1. CRYPTSETUP VULNERABILITY GRANTS ROOT SHELL ACCESS ON SOME LINUX SYSTEMSFrom ThreatPost.  A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data. Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they’re likely vulnerable.

Top CyberSecurity News for November 15th 2016

  1. Kryptowire Discovered Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent Or DisclosureFrom PR Newswire. 

    WASHINGTON, Nov. 15, 2016 /PRNewswire/ — Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users’ consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by a company named Shanghai Adups Technology Co. Ltd.

    These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.

Top CyberSecurity News for November 14th 2016

  1. The Internet’s Biggest Hacking Forum Removes Its DDoS-for-Hire SectionFrom Softpedia. 

    Omniscient, the administrator of Hack Forums, the Internet’s biggest freely accessible hacking-related forum, announced on Friday, October 26, that he would remove the DDoS-for-Hire section from the forum.

    His decision came after a series of events that have tied his forum to DDoS attacks carried with the Mirai botnet.

    It all started when a Hack Forums user named Anna-Senpai released the source code of the Mirai malware via the forum, which drew a massive and immediate attention from security researchers.

    A person who had taken Mirai’s source code and modified it, had then used it to launch a DDoS attack on the network of Dyn, a managed DNS service, which resulted in a large section of the Internet becoming unavailable.

Top CyberSecurity News for November 13th 2016

  1. Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, and PINsFrom Beeling Computer. 

    The way users move fingers across a phone’s touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.

    This type of attack, nicknamed WindTalker, is only possible when the attacker controls a rogue WiFi access point to collect WiFi signal disturbances.

    Control over the WiFi access point is also imperial since the attacker must also know when to collect WiFi signals from the victim, in order to capture the exact moment when the target enters a PIN or password.

Top CyberSecurity News for November 12th 2016

  1. Study finds malware lurking in Amazon, Google and Groupon cloud servicesFrom SC Magazine. 

    A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites.

    Researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service”.

Top CyberSecurity News for November 11th 2016

  1. Russian banks floored by DDoS attacksFrom The Register. 

    At least five Russian banks weathered days-long DDoS attacks this week.

    A wave of assaults began on Tuesday afternoon and continued over the next two days. Victims include Sberbank and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports.

    The attacks were powered by compromised IoT devices, according to an unnamed Russian Central Bank official. Early indications are that the Mirai IoT botnet which disrupted DNS services for scores of high-profile websites in October 2016 may be behind the latest attacks but this is unconfirmed.

    The last DDOS attack on this scale against Russian banks was in October 2015, when eight major institutions were targeted.