What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-26 19:29:45 | US Exchanges Offer a Rich Potential Target for Hackers (lien direct) | Cyberattacks have long been seen as a threat to financial markets, but worries are becoming even more acute following a US pipeline hack that set off a public panic and forced the company to pay a ransom. Financial exchanges that manage daily transactions of tens or hundreds of billions of dollars are an appealing target for hackers. | Hack Threat | ||
 |
2021-05-25 15:00:00 | Anomali Cyber Watch: Bizzaro Trojan Expands to Europe, Fake Call Centers Help Spread BazarLoader Malware, Toshiba Business Reportedly Hit by DarkSide Ransomware and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BazarCall, DarkSide, Data breach, Malware, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Air India passenger data breach reveals SITA hack worse than first thought
(published: May 23, 2021)
Adding to the growing body of knowledge related to the March 2021 breach of SITA, a multinational information technology company providing IT and telecommunication services to the air transport industry, Air India announced over the weekend that the personal information of 4.5 million customers was compromised. According to the airline, the stolen information included passengers’ name, credit card details, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data. The compromise included data for passengers who registered with Indian Airlines between 26 August 2011 and 3 February 2021; nearly a decade. Air India adds to the growing list of SITA clients impacted by their data breach, including Malaysia Airlines, Finnair, Singapore Airlines, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa.
Analyst Comment: Unfortunately, breaches like this are commonplace. While customers have no control over their information being included in such a breach, they can and should take appropriate actions once notified they may be impacted, Those actions can include changing passwords and credit cards associated with the breached accounts, engaging with credit reporting agencies for enhanced credit monitoring or freezing of credit inquiries without permission, and reaching out to companies that have reportedly been breached to learn what protections they may be offering their clients.
Tags: Data Breach, Airline, PII
BazarCall: Call Centers Help Spread BazarLoader Malware
(published: May 19, 2021)
Researchers from PaloAlto’s Unit42 released a breakdown of a new infection method for the BazarLoader malware. Once installed, BazarLoader provides backdoor access to an infected Windows host which criminals can use to scan the environment, send follow-up malware, and exploit other vulnerable hosts on the network. In early February 2021, researchers began to report a “call center” method of distributing BazarLoader. Actors would send phishing emails with trial subscription-based themes encouraging victims to phone a number to unsubscribe. If a victim called, the actor would answer the phone and direct the victim through a process to infect the computer with BazarLoader. Analysts dubbed this method of infection “BazarCall.”
Analyst Comment: This exemplifies social engineering tactics threat actors employ to trick users into installing malware on their machines. All social media users should be cautious when accepting unknown requests to connect, and particularly cautious when receiving communication from unknown users. Even if cal |
Ransomware Data Breach Malware Hack Tool Vulnerability Threat Guideline | ||
 |
2021-05-25 14:08:37 | (Déjà vu) Time HackTheBox Walkthrough (lien direct) | Hello! Everyone and Welcome to yet another CTF challenge from Hack the Box, called 'Time,' which is available online for those who want to increase their skills in penetration testing and Black box testing. Level: Medium Task: Find user.txt and root.txt in the victim's machine Penetration Methodologies Scanning Nmap Enumeration Browsing HTTP | Hack | ★★★★★ | |
|
2021-05-24 18:22:26 | Delivery HackTheBox Walkthrough (lien direct) | Hello! Everyone and Welcome to yet another CTF challenge from Hack the Box, called 'Delivery,' which is available online for those who want to increase their skills in penetration testing and Black box testing. Delivery is a retired vulnerable lab presented by Hack the Box for making online penetration testing | Hack | ||
|
2021-05-24 14:14:26 | Needle in the Haystack: The Inside Story of the Microsoft Exchange Hack (lien direct) | 
|
Hack | ||
|
2021-05-24 13:18:10 | U.S. Government Asks Victims of 2017 EtherDelta Hack to Come Forward (lien direct) | The U.S. government is hoping to obtain additional information on the 2017 hacker attack targeting the EtherDelta cryptocurrency trading platform and it has asked victims of the incident to come forward. | Hack | ||
 |
2021-05-24 11:20:05 | AIs and Fake Comments (lien direct) | This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn't another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy – the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens. This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones... | Hack | ★★★ | |
 |
2021-05-24 08:44:00 | Air India is latest victim of Sita hack (lien direct) | This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn't another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy – the ability of citizens to express their voice to their political representatives. And it was carried out by generating millions of fake comments and fake emails purporting to come from real citizens. This attack was detected because it was relatively crude. But artificial intelligence technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tidal wave of fake ones... | Hack | ||
 |
2021-05-24 07:46:47 | Damage of SITA data breach still unfolding as Air India compromised (lien direct) | Tech Crunch has reported that a recently found Air India passenger data breach indicates that the SITA hack is worse than first anticipated. Three months after air transport data giant SITA reported its own data breach, the damage is still mounting. Air India said this week that personal data of about 4.5 million passengers had […] | Data Breach Hack | ★★★★★ | |
|
2021-05-23 12:08:41 | India\'s National Carrier Says Hack Leaked Passengers\' Data (lien direct) | Personal data of an unspecified number of travelers has been compromised after a company that serves India's national carrier was hacked, Air India said. The hackers were able to access 10 years' worth of data including names, passport and credit card details from the Atlanta-based SITA Passenger Service System, Air India said in a statement Friday. | Hack | ||
 |
2021-05-21 22:01:08 | Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers (lien direct) | India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year.
The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact |
Data Breach Hack | ||
 |
2021-05-21 14:48:50 | Air India data breach impacts 4.5 million customers (lien direct) | Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. [...] | Data Breach Hack | ||
 |
2021-05-20 10:19:46 | SolarWinds Hack Happened Months Earlier Than Thought (lien direct) | BACKGROUND: The Solar Winds CEO has announced that its infamous hack may have happened months earlier than thought. Sudhakar Ramakrishna suggested that hackers that penetrated 10 U.S. government agencies and… | Hack | ||
 |
2021-05-20 10:00:00 | The Full Story of the Stunning RSA Hack Can Finally Be Told (lien direct) | In 2011, Chinese spies stole the crown jewels of cybersecurity-stripping protections from firms and government agencies worldwide. Here's how it happened. | Hack | ||
|
2021-05-19 14:36:40 | Probe Into Florida Water Plant Hack Led to Discovery of Watering Hole Attack (lien direct) | An investigation conducted by industrial cybersecurity firm Dragos into the recent cyberattack on the water treatment plant in Oldsmar, Florida, led to the discovery of a watering hole attack that initially appeared to be aimed at water utilities. | Hack | ||
|
2021-05-19 12:30:07 | ROUNDTABLE: Experts react to President Biden\'s exec order in the aftermath of Colonial Pipeline hack (lien direct) | As wake up calls go, the Colonial Pipeline ransomware hack was piercing. Related: DHS embarks on 60-day cybersecurity sprints The attackers shut down the largest fuel pipeline in the U.S., compelling Colonial to pay them 75 bitcoins, worth a … (more…) | Ransomware Hack | ||
|
2021-05-19 10:50:14 | Lawmakers Reintroduce \'Pipeline Security Act\' Following Colonial Hack (lien direct) | More than a dozen U.S. lawmakers led by Rep. Emanuel Cleaver (D-MO) have reintroduced the Pipeline Security Act, whose goal is to aid the DHS's efforts to protect pipeline infrastructure against cyberattacks, terrorist attacks and other threats. | Hack | ||
|
2021-05-17 20:44:00 | Cyber Self-Defense Is Not Complicated (lien direct) | Anomali Sr. Director of Cyber Intelligence Strategy A.J. Nash recently penned a column for United States Cybersecurity Magazine about how few people in the modern world are immune to the threat of a cyber-attack. Hence, the importance of cyber self-defense. In “Cyber Self-Defense Is Not Complicated,” A.J. talks about why self-commitment is an increasingly effective way to minimize the risks that certainly lurk. Whether it be texts that include personal content not meant for public consumption, emails, hard drives, cloud storage containing sensitive business information, or the endless supply of finance transaction data that most of us pass across the Internet daily, few people in the modern world are immune to the threat of a cyber-attack. Hence, the importance of cyber self-defense. The most common avenue of attack for cyber actors continues to be phishing. Phishing enables cybercriminals to gain the access needed for a ransomware attack, cyber extortion, or the theft of personally identifiable information (PII) which is used to steal money or identities. While the threat of compromise may be daunting to many who do not see themselves as very technical, even those with limited knowledge can employ a few simple techniques and tools to greatly reduce the potential for being compromised. Before we talk solutions, let us briefly examine the common threats most of us face and nearly all of us can minimize through simple cyber self-defense. 4 Common Threats Faced in Cyberspace Phishing: Someone poses as a legitimate institution or individual in an email or text to lure victims into providing sensitive data such as PII, banking and credit card details, and passwords. Ransomware: Malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. Theft of PII: The theft of data that may include a Social Security number, date of birth, driver’s license number, bank account and financial information, as well as a passport number. All this data can be assembled into a full financial record file (AKA, “fullz”) for identity theft. These reportedly sell for as little as $8/each on cybercriminal markets across the Dark Web. Cyber Extortion/Blackmail: A crime in which a threat actor demands payment to prevent the release of potentially embarrassing or damaging information. In most cases involving individual victims (not companies), a threat actor pretends to have compromised a victim’s computer or an account tied to something embarrassing. By quoting credentials usually gathered from a previously published breach, the threat actor quotes those credentials as “evidence” of access to the more embarrassing data. Because people commonly use the same credentials for multiple accounts, this bluff often works, leading to the victim being forced to provide more embarrassing content for extortion, pay money, or both. Cyber Self-Defense Practices: Safely Using Wi-Fi and Bluetooth Wireless connectivity to the Internet and other devices is one of the most convenient inventions in recent memory. Unfortunately, these technologies also come with risks many users fail to recognize or mitigate. Thankfully, it only takes a few simple changes to greatly reduce the risk of personal compromise and practice cyber self-defense. Keep Wi-Fi and Bluetooth features turned off on mobile phones and la | Malware Hack Threat Guideline | ||
|
2021-05-14 17:35:22 | DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills? (lien direct) | The criminal gang behind the disruptive Colonial Pipeline ransomware hack says it is shutting down operations, but threat hunters believe the group will reemerge with a new name and new ransomware variants. | Ransomware Hack Threat | ||
 |
2021-05-13 19:15:08 | CVE-2021-29510 (lien direct) | Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic. | Hack | ★★★★ | |
 |
2021-05-12 16:50:43 | Gig Workers Paid $500 for Payroll Passwords (lien direct) | Argyle is paying workers to help hack payroll providers, researchers suspect. | Hack | ||
 |
2021-05-12 16:32:21 | FragAttacks vulnerabilities expose all WiFi devices to hack (lien direct) | Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked as FragAttacks, that affect WiFi devices exposed them to remote attacks. Some the flaws discovered by the experts date back as […] | Hack | ||
|
2021-05-11 12:11:31 | RSAC insights: SolarWinds hack illustrates why software builds need scrutiny - at deployment (lien direct) | By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as … (more…) | Hack | ||
|
2021-05-10 21:03:03 | Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet (lien direct) | Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never notified affected users. | Hack | ||
|
2021-05-10 14:07:12 | Twilio, HashiCorp Among Codecov Supply Chain Hack Victims (lien direct) | The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets. | Hack | ||
|
2021-05-08 21:33:57 | The Colonial Pipeline Hack Is a New Extreme for Ransomware (lien direct) | An attack has crippled the company's operations-and cut off a large portion of the East Coast's fuel supply-in an ominous development for critical infrastructure. | Ransomware Hack | ||
|
2021-05-07 20:28:41 | iPhone Hack Allegedly Used to Spy on China\'s Uyghurs (lien direct) | U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem. | Hack | ||
 |
2021-05-06 10:00:00 | Password security tips and best practices for enterprises (lien direct) | In honor of World Password Day, we’re doing our part to help keep your business secure by discussing the good, the bad, the ugly and the critical about passwords. Let’s face it: between all the logins we need for work and all the accounts we use in our personal lives, there are too many passwords to remember. So many of us do what seems natural—use the same password for multiple accounts. After all, especially with corporate password policies, most employees use strong passwords with a mix of numbers, lowercase and uppercase letters, and special characters. Still, what about all those sticky notes we have “secretly” hidden in locations probably not far away from our devices? That security risk is only the tip of the iceberg. Because according to a 2019 Lastpass survey, US employees working in mid-sized corporate businesses must manage approximately 75 passwords for work. Unsurprisingly, employees recycle passwords 13 times on average. In other words, employees are using the same passwords over and over. And in many cases, especially for corporate applications and resources that lack strong password requirements, some passwords just aren’t strong enough. Cybercriminals know this, and it’s why breaches happen. If hackers get access to your trusted data, the ramifications can be dire. The costs of a data breach go well beyond financial, and include damage to your company’s brand, trust and reputation. Why do we need stronger and longer passwords? As malware, phishing, and ransomware continue to skyrocket, we must understand that the password is the primary method for attackers to gain access to corporate systems. Phishing passwords may be the easiest method, but passwords can also be cracked. The stronger the password, the harder it is for cybercriminals to decode. In a typical attack—the brute force password attack—attackers will use software that quickly attempts every possible password combination of numbers, letters, and symbols. These software programs get better as computing power increases. For example, an eight-character strong password was not long ago considered secure and difficult to crack. Today, it can be cracked in eight hours. But if we tack on two more characters to make it ten-character, cracking the password can take approximately five years. Why do we need unique passwords for every login? As mentioned above, phishing is one of the simplest ways for hackers to steal our passwords. If you think your company has been victimized by phishing, malware, or ransomware, perhaps you’ve taken steps to reset those passwords. But the security risk here is if employees are using the same passwords for different apps, sites or resources. Have you heard about credential stuffing? With credential stuffing, attackers take username and password combinations they already know (which have been stolen or paid for on the dark web) and try them everywhere they can. Use of credential stuffing is escalating, and businesses of all sizes should take note. This type of attack is only successful if and when employees use the same password for different logins. What about password managers? Managing all those passwords doesn’t have to be complicated. A password management system is software that keeps an up-to-date list of all your passwords and logins, using a master password to access the password “vault”. That master password is the only one you need to remember. What if a hacker accesses your vault? Isn’t that riskier? Sure, there is undoubtedly an element of risk, but it’s critical to think in terms of relative safety. As a general rule, using some type of password | Ransomware Data Breach Hack | LastPass | |
|
2021-05-03 11:42:05 | Pulse Secure fixes VPN zero-day used to hack high-value targets (lien direct) | Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. [...] | Hack Vulnerability | ||
|
2021-05-02 11:05:41 | Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle (lien direct) | A security duo has demonstrated how to hack a Tesla Model X's and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. The scenario is disconcerting, hackers could use a drone to fly on your Tesla Model X and open the doors, a couple of researchers demonstrated. The researchers Kunnamon, […] | Hack | ||
|
2021-04-30 17:03:51 | Is the SolarWinds Hack Really a Seismic Shift? (lien direct) | Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals. | Hack | ||
 |
2021-04-30 07:00:00 | Cellebrite : et si l\'outil de la police avait perdu toute son utilité depuis son hack par le créateur de Signal ? (lien direct) | Le hack du créateur de Signal commence à désorganiser les procédures pénales qui reposent sur l'intégrité des données extraites par les appareils de Cellebrite.  |
Hack | ||
|
2021-04-29 16:53:26 | An issue in the Linux Kernel could allow the hack of your system (lien direct) | An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address Space Layout Randomization bypass (KASLR). The Kernel Address space layout randomization (KASLR) is a computer security technique designed to prevent […] | Hack | ||
 |
2021-04-29 15:46:03 | Home Is Where the Hack Is (lien direct) | One of Social-Engineer's services is Open-Source Intelligence Gathering (OSINT). It's a discipline that sees us gather publicly available information that can be accessed without any real special skills or tools. It can also include sources only available to subscribers, such as newspaper content behind a paywall, or subscription journals. As OSINT investigators, we employ countless […] | Hack | ★★★★★ | |
|
2021-04-29 11:00:00 | How Pixar Uses Hyper-Colors to Hack Your Brain (lien direct) | The animation studio's artists are masters at tweaking light and color to trigger deep emotional responses. Coming soon: effects you'll only see inside your head. | Hack | ||
|
2021-04-29 01:39:41 | US Government Taking Creative Steps to Counter Cyberthreats (lien direct) | An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it | Hack Tool | ||
|
2021-04-26 11:06:27 | When AIs Start Hacking (lien direct) | If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage... | Hack | ★★★★ | |
|
2021-04-26 10:27:00 | French legal challenge over EncroChat cryptophone hack could hit UK prosecutions (lien direct) | If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay out in a report I just published, artificial intelligence will eventually find vulnerabilities in all sorts of social, economic, and political systems, and then exploit them at unprecedented speed, scale, and scope. After hacking humanity, AI systems will then hack other AI systems, and humans will be little more than collateral damage... | Hack | ||
|
2021-04-26 10:00:00 | The 5 most crucial Cybersecurity updates for businesses in 2021 (lien direct) | This blog was written by an independent guest blogger. For as long as businesses have used computers, cybersecurity has been crucial. Now, as modern business and data are becoming inseparable, it’s an absolute necessity. As companies start to recover from 2020 losses, they should consider investing in security updates. Cybercrime reached new heights in the past year, with internet crime reports rising 69.4% and costing more than $4.2 billion. Now that more companies are embracing digital services after the pandemic, this trend will likely continue. All businesses, regardless of size or industry, must revisit their cybersecurity. Here are the five most important cybersecurity updates for this year. 1. Implementing a Zero-Trust framework The single most crucial cybersecurity upgrade for businesses this year is adopting a zero-trust security framework. These systems, which rely on network segmentation and thorough user verification, aren’t new but are increasingly crucial. In light of rising cyberthreats, companies can’t afford to trust anything inside or outside their networks without proof. A 2020 survey found that 82% of company leaders plan to let their employees work remotely at least part time after the pandemic. That many people accessing data remotely raises security concerns. Hackers could pose as remote workers to gain access or install spyware, and IT teams wouldn’t know it. Zero-trust models mitigate these threats. Verifying user identity at every step helps guarantee only employees can access mission-critical data. Segmentation ensures that only those who need access can get it, and if a breach occurs, it won’t impact the entire network. 2. Securing machine learning training data Machine learning algorithms are becoming increasingly common among companies in various industries. These models take considerable amounts of data to train, which presents an enticing opportunity for cybercriminals. As more companies rely on machine learning, more threat actors will likely try to poison the training data. By injecting incorrect or corrupt data into the training pool, cybercriminals could manipulate a machine learning system. If companies don’t catch the problem before it’s too late, the algorithms they rely on could influence poor or even harmful business decisions. Given this threat, securing machine learning training data is a must. Businesses should carefully inspect the information they use to train machine learning models. They should also enact stricter access controls over training pools, including activity monitoring. 3. Verifying third-party and partner security Businesses should also look outward when improving their cybersecurity. The growing public awareness of cyberthreats is changing expectations about visibility, and that’s a good thing. It’s no longer sufficient to trust that a business partner or third party has robust data security. Companies must verify it. Third-party data breaches in 2020 exposed millions of records, and major events like the SolarWinds hack have revealed how fragile some systems are. In light of these risks, businesses must ask all potential partners to prove | Data Breach Hack Threat Guideline | ||
|
2021-04-23 07:45:44 | Evil Maid Attack – Vacuum Hack (lien direct) | Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady is also doing her job nearby, but you […] | Hack | ||
 |
2021-04-22 13:08:16 | SolarWinds hack analysis reveals 56% boost in command server footprint (lien direct) | Researchers say newly identified targets are likely. | Hack | ||
 |
2021-04-21 17:27:21 | Ethics: University of Minnesota\'s hostile patches (lien direct) | The University of Minnesota (UMN) got into trouble this week for doing a study where they have submitted deliberately vulnerable patches into open-source projects, in order to test whether hostile actors can do this to hack things. After a UMN researcher submitted a crappy patch to the Linux Kernel, kernel maintainers decided to rip out all recent UMN patches.Both things can be true:Their study was an important contribution to the field of cybersecurity.Their study was unethical.It's like Nazi medical research on victims in concentration camps, or U.S. military research on unwitting soldiers. The research can simultaneously be wildly unethical but at the same time produce useful knowledge.I'd agree that their paper is useful. I would not be able to immediately recognize their patches as adding a vulnerability -- and I'm an expert at such things.In addition, the sorts of bugs it exploits shows a way forward in the evolution of programming languages. It's not clear that a "safe" language like Rust would be the answer. Linux kernel programming requires tracking resources in ways that Rust would consider inherently "unsafe". Instead, the C language needs to evolve with better safety features and better static analysis. Specifically, we need to be able to annotate the parameters and return statements from functions. For example, if a pointer can't be NULL, then it needs to be documented as a non-nullable pointer. (Imagine if pointers could be signed and unsigned, meaning, can sometimes be NULL or never be NULL).So I'm glad this paper exists. As a researcher, I'll likely cite it in the future. As a programmer, I'll be more vigilant in the future. In my own open-source projects, I should probably review some previous pull requests that I've accepted, since many of them have been the same crappy quality of simply adding a (probably) unnecessary NULL-pointer check.The next question is whether this is ethical. Well, the paper claims to have sign-off from their university's IRB -- their Institutional Review Board that reviews the ethics of experiments. Universities created IRBs to deal with the fact that many medical experiments were done on either unwilling or unwitting subjects, such as the Tuskegee Syphilis Study. All medical research must have IRB sign-off these days.However, I think IRB sign-off for computer security research is stupid. Things like masscanning of the entire Internet are undecidable with traditional ethics. I regularly scan every device on the IPv4 Internet, including your own home router. If you paid attention to the packets your firewall drops, some of them would be from me. Some consider this a gross violation of basic ethics and get very upset that I'm scanning their computer. Others consider this to be the expected consequence of the end-to-end nature of the public Internet, that there's an inherent social contract that you must be prepared to receive any packet from anywhere. Kerckhoff's Principle from the 1800s suggests that core ethic of cybersecurity is exposure to such things rather than trying to cover them up.The point isn't to argue whether masscanning is ethical. The point is to argue that it's undecided, and that your IRB isn't going to be able to answer the question better than anybody else.But here's the thing about masscanning: I'm honest and transparent about it. My very first scan of the entire Internet came with a tweet "BTW, this is me scanning the entire Internet".A lot of ethical questions in other fields comes down to honesty. If you have to lie about it or cover it up, then th | Hack Vulnerability | ||
|
2021-04-21 13:12:46 | REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack (lien direct) | The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant from its business partner. REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta […] | Ransomware Hack | ||
|
2021-04-21 09:45:24 | Codecov breach impacted \'hundreds\' of customer networks: report (lien direct) | Reports suggest the initial hack may have led to a more extensive supply chain attack. | Hack | ★★ | |
|
2021-04-21 05:38:01 | China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors (lien direct) | At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. According to coordinated reports published by FireEye and Pulse Secure, two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors […] | Hack Vulnerability | ||
|
2021-04-20 19:50:57 | Hacking a X-RAY Machine with WHIDelite & EvilCrowRF (lien direct) | The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs and hardware implants. The first thing striked my curiosity, even before purchasing it, was its remote. […] | Hack | ||
|
2021-04-20 11:03:06 | Pulse Secure VPN zero-day used to hack defense firms, govt orgs (lien direct) | Pulse Secure has shared mitigation measures for an actively exploited zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance. [...] | Hack | ||
|
2021-04-19 21:49:23 | Experts demonstrated how to hack a utility and take over a smart meter (lien direct) | Researchers from the FireEye's Mandiant team have breached the network of a North American utility and turn off one of its smart meters. Over the years, the number of attacks against ICS/SCADA systems used by industrial organizations worldwide has rapidly increased. Many security firms highlighted the risks related to attacks targeting OT networks used in […] | Hack | ||
 |
2021-04-19 15:46:19 | Six million male members may have been exposed after hack of gay dating service (lien direct) | Manhunt, a popular gay dating service, has suffered a data breach which may have put members at risk of exposure. | Data Breach Hack | ||
 |
2021-04-19 13:52:46 | Naked Security Live – To hack or not to hack? (lien direct) | Latest video - watch now! We look at the recent FBI "webshell hacking" controversy from both sides. | Hack |
To see everything:
Our RSS (filtrered)
