What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-05 02:19:16 | Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies (lien direct) | Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months.
According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an |
Hack Threat | ||
 |
2020-11-02 12:00:00 | SecTor 2020, Canada\'s biggest cybersecurity event: Day one (lien direct) |
This blog was written by an independent guest blogger.
I live in Toronto, so I always try my best to get to SecTor, Canada’s most important cybersecurity event, every October. Most years, SecTor has taken place in the Metro Toronto Convention Centre. But because of the unusual circumstances affecting the world in 2020, this year the event took place online exclusively. SecTor organizers hope that conditions improve by October 2021 so they can resume hosting the event in-person. I admit I do miss the parties with delicious catering, and seeing people in our industry offline.
But the talks this year have lived up to the excellent standards set by talks in previous years. This year, the main event took place on Wednesday, October 21st, and Thursday, October 22nd. There was so much to cover, even though it was impossible for me to attend all of the talks. First, I’ll start with the talks I attended on day one. Interestingly enough, they all have to do with threat detection and analysis. Enjoy!
Threat Hunting Intelligently
The first talk I attended was titled “Threat Hunting Intelligently.” It was presented by Ryan Cobb, Senior Information Security Researcher at Secureworks.
Here’s the description of the talk, from SecTor’s web app:
“Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep customers safe through the intersection of technology, tools, and passionate professionals who provide the ultimate advantage over the adversary. Ryan will present how to combine the insights from threat modeling and intelligence to hunt purposefully and effectively without being limited by what third-party intelligence and strategies can provide for your organization.”
Proper threat hunting procedures can identify indications of compromise (IOCs) efficiently and produce intelligence that can help organizations mitigate a threat before it becomes a huge problem. Improper threat hunting wastes time, money, and effort, and misses data that could be leveraged to improve your organization’s defenses. So I paid close attention to what Cobb had to say. Here is an excerpt from his talk:
“(Threat) modelling is going in and out of vogue over the years has a rich history, especially in Academia. It's a collaborative process where we enumerate threats and prioritize mitigations for them. It's basically a way of looking at your business the technologies that you've chosen and what we know about the threat after from a certain perspective, so we can look at a threat model from the perspective of the after what are the steps. They need to complete to accomplish their goals.
What are the systems we are trying to protect and think about ways those assets to be to be attacked. The outcomes are many threat modeling exercise really should be a prioritized list of hypothetical scenarios and we want to organize them by which are the most plausible to actually occur.
And the steps or other mediations? Hunting is the natural complement to threat modelling, hunting is determining whether some modeled threat actually occurred and went undetected, and hunting is largely focused on collecting and analyzing evidence that supports this hypothesis. So there's a significant overlap between what we do a threat hunting.
The ultimate goal of for hunting is not simply finding the threat in the process of investigating the modeled threat. We are gauging the overal |
Malware Hack Threat Guideline | ||
 |
2020-11-02 11:15:01 | (Déjà vu) Three Ways To Hack An Election (lien direct) | Election security is about cybersecurity In 2020, securing elections is chiefly a matter of cybersecurity. Since I founded Data Connectors in 1999, we have been fueling the collaboration of government agencies with cybersecurity professionals and solution providers. As a voter, I set out to see what they know that could help us understand more about … The ISBuzz Post: This Post Three Ways To Hack An Election | Hack | ||
 |
2020-11-02 08:10:05 | SYSDREAM annonce le report de Hack In Paris du 28 juin au 2 juillet (lien direct) | Sysdream organise depuis 9 ans Hack In Paris, un événement international réunissant experts et passionnés de cybersécurité. Au vu du contexte sanitaire actuel et afin de garantir la sécurité de l'ensemble des participants tout en faisant de cette 10ème édition un véritable succès, Sysdream a décidé de décaler le Hack In Paris initialement prévu en février à l'été 2021, du 28 juin au 2 juillet. Le programme et le format de cette 10ème édition restent inchangés. L'événement sera rythmé par trois jours de (...) - Événements | Hack | ||
|
2020-10-30 11:56:33 | Three Ways To Hack An Election: Election Security Is About Cybersecurity (lien direct) | In 2020, securing elections is chiefly a matter of cybersecurity. Since I founded Data Connectors in 1999, we have been fueling the collaboration of government agencies with cybersecurity professionals and solution providers. As a voter, I set out to see what they know that could help us understand more about the security of our electoral … The ISBuzz Post: This Post Three Ways To Hack An Election: Election Security Is About Cybersecurity | Hack | ||
|
2020-10-29 12:07:36 | (Déjà vu) Security Blueprints Of Many Companies Leaked In Hack Of Swedish Firm Gunnebo – Experts Reaction (lien direct) | In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents … The ISBuzz Post: This Post Security Blueprints Of Many Companies Leaked In Hack Of Swedish Firm Gunnebo – Experts Reaction | Ransomware Hack | ||
 |
2020-10-29 10:57:28 | Iranian attackers hack conference attendees\' emails according to Microsoft (lien direct) | Microsoft has recently revealed that they discovered that Iranian state-sponsored attackers hacked into the emails accounts of a number of high-profile individuals and attendees at the 2020 Munich Security Conference and the Think 20 summit. It is thought that the attackers successfully targetted more than 100 individuals and Microsoft’s Threat Intelligence Center (MSTIC) have linked […] | Hack Threat | ||
|
2020-10-28 11:44:01 | Hackers post pornography in virtual classroom (lien direct) | The New Hartford Central School district is currently trying to discover who is responsible for a hack on their virtual classroom system. Last week a hacker posing as a student entered a health class where they played loud noises across the speakers and posted a pornographic video which all the students in the virtual classroom […] | Hack | ||
 |
2020-10-27 12:03:10 | Hacker was identified after the theft of $24 million from Harvest Finance (lien direct) | A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield(APY) returns. The hack took place earlier today […] | Hack Threat | ||
|
2020-10-26 11:57:01 | 2020 Election Security: Russian Hack And First Voting System Ransomware Attack – Security Expert Comment (lien direct) | News reports last week revealed that US national security officials say Iran and Russia are responsible for sending threatening emails to Democratic voters ahead of next month’s presidential election. According to the news, Russians are breaking into state and local networks and exfiltrating data, while Hall County in Georgia has reported the first known ransomware … The ISBuzz Post: This Post 2020 Election Security: Russian Hack And First Voting System Ransomware Attack – Security Expert Comment | Ransomware Hack | ||
|
2020-10-23 11:10:59 | FBI and CISA joint alert blames Russia\'s Energetic Bear APT for US government networks hack (lien direct) | The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. A joint security advisory published by The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. The Energetic Bear […] | Hack | ||
|
2020-10-22 19:21:47 | EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack (lien direct) | The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The Council of the European Union announced sanctions imposed on Russian military intelligence officers, belonging to the 85th Main Centre for Special Services (GTsSS), for their role in the 2015 attack on the German Federal Parliament (Deutscher […] | Hack | ||
 |
2020-10-22 16:47:00 | EU sanctions Russia over 2015 German Parliament hack (lien direct) | Germany had been asking and pushing EU officials for an official statement and sanctions against Russia since earlier this year. | Hack | ||
 |
2020-10-22 14:43:44 | New York financial watchdog calls for social media cybersecurity regulator after Twitter hack of Biden and Obama accounts (lien direct) | The New York State Department of Financial Services said platforms like Twitter and Facebook are now "systemically important" and need cybersecurity oversight. | Hack | ||
|
2020-10-20 09:46:18 | Twitter Employees Handed Over VPN Credentials That Led To Infamous July Hack (lien direct) | The huge Twitter hack that occurred back in July came about due to stolen VPN credentials, according to TechRadar. It has now been revealed that Twitter employees were tricked into handing over their account details by hackers that had managed to create a site that looked identical to the genuine VPN login page. The hackers pretended … The ISBuzz Post: This Post Twitter Employees Handed Over VPN Credentials That Led To Infamous July Hack | Hack | ||
 |
2020-10-20 04:42:00 | Les Etats-Unis inculpent les responsables russes du hack d\'En Marche (lien direct) | Le ministère américain de la Justice accuse six officiers Russes d'être responsables de cyberattaques majeures menées pour déstabiliser plusieurs pays, dont la France.  |
Hack | ||
 |
2020-10-19 13:26:35 | Albion Online gamers told to change passwords following forum hack (lien direct) | Sandbox Interactive, the developers of the free medieval fantasy video game Albion Online, have warned players that a hacker managed to break into its systems and gain access to its user database. Read more in my article on the Hot for Security blog. | Hack | ||
|
2020-10-16 17:16:59 | Britain\'s information commissioner fines British Airways for 2018 Hack (lien direct) | Britain's information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers. In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. The hackers potentially accessed the personal data of approximately 429,612 customers and staff. Exposed data included names, addresses, […] | Data Breach Hack | ||
|
2020-10-16 10:52:28 | Dickey\'s hack leaks information of 3 million customers (lien direct) | One of the biggest BBQ chain restaurants in America, Dickey’s has suffered a huge breach, leaking the card details of more than 3 million customers. This information was posted on Joker’s Stash, a carding and fraud forum. A cybersecurity firm called Gemini Advisory, who track financial fraud made the initial discovery of the breach. The […] | Hack | ||
|
2020-10-15 19:04:10 | Experts Insight On Barnes & Noble Hack (lien direct) | It has been reported that Barnes & Noble revealed that that its corporate systems fell victim to a cyber attack and that the hackers may have gotten away with some important information about B&N's customers, potentially including their addresses. No financial information or payment details were pilfered during the attack. These are, Barnes & Noble explains, always encrypted and tokenized. It … The ISBuzz Post: This Post Experts Insight On Barnes & Noble Hack | Hack | ||
 |
2020-10-15 15:45:00 | Twitter Hack Analysis Drives Calls for Greater Security Regulation (lien direct) | New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach. | Hack | ★★★★★ | |
 |
2020-10-14 19:34:25 | Yes, we can validate leaked emails (lien direct) | When emails leak, we can know whether they are authenticate or forged. It's the first question we should ask of today's leak of emails of Hunter Biden. It has a definitive answer.Today's emails have "cryptographic signatures" inside the metadata. Such signatures have been common for the past decade as one way of controlling spam, to verify the sender is who they claim to be. These signatures verify not only the sender, but also that the contents have not been altered. In other words, it authenticates the document, who sent it, and when it was sent.Crypto works. The only way to bypass these signatures is to hack into the servers. In other words, when we see a 6 year old message with a valid Gmail signature, we know either (a) it's valid or (b) they hacked into Gmail to steal the signing key. Since (b) is extremely unlikely, and if they could hack Google, they could a ton more important stuff with the information, we have to assume (a).Your email client normally hides this metadata from you, because it's boring and humans rarely want to see it. But it's still there in the original email document. An email message is simply a text document consisting of metadata followed by the message contents.It takes no special skills to see metadata. If the person has enough skill to export the email to a PDF document, they have enough skill to export the email source. If they can upload the PDF to Scribd (as in the story), they can upload the email source. I show how to below.To show how this works, I send an email using Gmail to my private email server (from gmail.com to robertgraham.com).The NYPost story shows the email printed as a PDF document. Thus, I do the same thing when the email arrives on my MacBook, using the Apple "Mail" app. It looks like the following: The "raw" form originally sent from my Gmail account is simply a text document that looked like the following: This is rather simple. Client's insert details like a "Message-ID" that humans don't care about. There's also internal formatting details, like the fact that this is a "plain text" message rather than an "HTML" email.But this raw document was the one sent by the Gmail web client. It then passed through Gmail's servers, then was passed across the Internet to my private server, where I finally retrieved it using my MacBook.As email messages pass through servers, the servers add their own metadata.When it arrived, the "raw" document looked like the following. None of the important bits changed, but a lot more metadata was added: |
Hack Guideline | ||
|
2020-10-13 11:00:00 | What is search engine clickbait and how do hackers trick Google\'s crawlers? (lien direct) | This blog was written by an independent guest blogger. Search engine optimization (SEO) works with algorithms to ensure that the most relevant and most popular webpages show up first in an internet search. SEO makes sure that the best websites get the biggest boost. However, SEO has a lesser-known, evil twin called black hat SEO. This term refers to a common trick of cybercriminals. Black hat SEO is meant to circumvent algorithms, exploit weaknesses, and create fraudulent links. The goal of these actions is to push malware-laden websites and other nefarious web pages on to unexpecting users. In this article, I will discuss the top ways cybercriminals hijack search engines and some examples of successful black hat SEO attempts. Understanding how cybercriminals operate and spotting their tricks can be an effective way to protect remote workforces and keep casual users safe. Stealing SEO Hackers want to catch users off guard when they are browsing the internet. They want you to click on their links and download their files so they can install malware, ransomware or other viruses on your computer. One way they can achieve this is by piggybacking off the popularity of well-established websites. This rudimentary technique can be used by even the most novice hacker. For example, some websites allow users to post comments or upload files on their webpage. Hackers can post a link to their malware or upload a file that contains a virus on a popular webpage. They know that the website has a large audience, so chances are someone will click on it. A hack like this recently happened on the UNESCO website and a Cuban government website, among a few others. A user under the moniker m1gh7yh4ck3r uploaded PDF files offering help in hacking into online accounts. When users clicked on the links, it led to a variety of scam websites that urged visitors to download files in exchange for the program. All the websites used an outdated Drupal CMS system tied to a Webform module that had vulnerabilities in the file share function. Modern websites can avoid having these glaring vulnerabilities by using SAST (Static Application Security Testing) to automatically scan written code for weaknesses. Coronavirus clickbait This particular hacking technique takes advantage of the coronavirus global health crisis. This technique exploits the fact that so many people around the world rely on the internet to provide them with information. This hack is very similar to the hack that was successfully used on the UNESCO website. It doesn’t take extensive Cybersecurity IQ training to understand. Researchers recently discovered fraudulent, online drugstores using credible health websites with coronavirus-related headlines to gain web traffic. The cybercriminals visited high-profile health websites with comments sections or forums and used bots to post a multitude of messages linking to their website. Of course, most of the messages enticed users by claiming to have cures for coronavirus, or by promising those who click easy access to illicit drugs. An additional benefit for the bad actors is that websites with many coronavirus-related keywords will rank higher on a Google search due to high public interest. The bad actors with the dangerous links gain SEO credibility by the increased traf | Ransomware Malware Hack Vulnerability | ||
 |
2020-10-13 10:45:33 | London\'s Hackney Borough Council hit by hack attack (lien direct) | Many details have yet to be shared, but mayor admits some services may be unavailable for some time. | Hack | ||
|
2020-10-11 09:21:25 | Security Affairs newsletter Round 285 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. HP Device Manager flaws expose Windows systems to hack Visa shares details for two attacks on North American hospitality merchants Australian social news platform leaks 80,000 user records Experts warn […] | Hack | ||
|
2020-10-09 13:32:54 | Wisepay: School Payments Service Hit By Cyber-Attack (lien direct) | As reported by BBC News, parents who made payments to UK schools in recent days via the Wisepay service have been warned their card details have been compromised. Wisepay said a hack of its website meant an attacker was able to harvest payment details between 2 and 5 October via a spoof page. Attempted payments to … The ISBuzz Post: This Post Wisepay: School Payments Service Hit By Cyber-Attack | Hack | ||
|
2020-10-08 15:56:26 | Cellmate chastity gadget hack thwarted by screwdriver trick (lien direct) | The maker of a male chastity toy says it can be prised open, after researchers find a security flaw. | Hack | ||
|
2020-10-06 14:56:04 | Cellmate: Male chastity gadget hack could lock users in (lien direct) | The Chinese maker of the toy has updated the app involved, but some users remain at risk. | Hack | ||
|
2020-10-06 11:31:16 | Hacker infiltrates $15 million deal (lien direct) | A cybercriminal managed to infiltrate a commercial transaction, hiding long enough to get the final amount of $15 million. The fraudster carefully executed an email compromise that lasted for 2 months. When they gained access to the email chain they placed themselves in the transaction to diverted the money. Investigators have linked the hack to […] | Hack | ||
|
2020-10-05 10:56:00 | Hacker leaves literal fingerprints at the crime scene (lien direct) | Darktrace has potentially been experienced the dumbest hack of all time, where the criminal purposely left their fingerprints at the crime scene. The AI company had installed fingerprint scanners at their warehouse to reduce the risk of attacks like these. The hacker began to delete fingerprints on the system in order to add theirs in […] | Hack | ||
|
2020-10-04 08:27:09 | HP Device Manager flaws expose Windows systems to hack (lien direct) | HP published details of three vulnerabilities in the HP Device Manager that could be exploited by attackers to take over Windows systems. HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. The IT giant revealed that an attacker could […] | Hack | ||
|
2020-10-01 11:57:36 | Flaws in leading industrial remote access systems allow disruption of operations (lien direct) | Experts found critical security flaws in two popular industrial remote access systems that could be exploited by threat actors for malicious purposes. Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper […] | Hack Threat Guideline | ||
|
2020-10-01 11:30:44 | Blackbaud: Bank details and passwords at risk in giant charities hack (lien direct) | Millions of people were affected by breach, which firm previously said did not involve bank details. | Hack | ||
|
2020-10-01 01:29:08 | Critical Flaws Discovered in Popular Industrial Remote Access Systems (lien direct) | Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets.
The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect |
Hack | ||
|
2020-09-30 19:50:00 | North Korea has tried to hack 11 officials of the UN Security Council (lien direct) | New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year. | Hack | ||
|
2020-09-29 12:56:50 | FBI and CISA warn of disinformation campaigns about the hack of voter systems (lien direct) | The FBI and the US CISA issued a joint public service announcement about the threat of disinformation campaigns targeting the 2020 US election. The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service announcement to warn of the threat of disinformation campaigns targeting the upcoming 2020 […] | Hack Threat | ||
|
2020-09-25 14:39:55 | Fortinet VPN with default certificate exposes 200,000 businesses to hack (lien direct) | According to SAM Seamless Network, over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes. The configuration of the VPN […] | Hack | ||
|
2020-09-24 03:11:10 | Major Instagram App Bug Could\'ve Given Hackers Remote Access to Your Phone (lien direct) | Ever wonder how hackers can hack your smartphone remotely?
In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image.
What's more worrisome is that the flaw not only lets attackers |
Hack | ||
|
2020-09-22 12:05:26 | 10 Raspberry Pi alternatives for you to try out (lien direct) | Working on a DIY hardware hack but don't like the taste of Raspberry Pi? Don't fret: here are 10 great alternatives for you to try. | Hack | ||
 |
2020-09-22 10:00:00 | Get Lost With a Signal-Blocking Smartphone Pouch (lien direct) | It's not hard for bad actors to track or hack your phone. But put it inside a Faraday pouch and you can drop off the digital map. | Hack | ★★ | |
|
2020-09-21 19:06:56 | Experts On Major Activision Hack Reportedly Compromises Over 500k CoD Accounts (lien direct) | Over 500,000 Activision accounts have reportedly been hacked in a new Activision data breach on September 20, leaving Call of Duty players in limbo. All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo. As of the time of publishing, over 500,000 Activision accounts … The ISBuzz Post: This Post Experts On Major Activision Hack Reportedly Compromises Over 500k CoD Accounts | Data Breach Hack | ||
|
2020-09-18 10:45:31 | Police launch homicide inquiry after German hospital hack (lien direct) | Woman dies being transferred from German hospital which is hit by hackers. | Hack | ||
|
2020-09-16 23:09:15 | Smashing Security podcast #196: Smart guns, smart cars, and smart street lights – oh my! (lien direct) | Kalashnikov unveils its “smart” shotgun, San Diego struggles with its street lights, and a researcher reveals how he found a way to hack every Tesla on the planet. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined … Continue reading "Smashing Security podcast #196: Smart guns, smart cars, and smart street lights – oh my!" | Hack | ||
|
2020-09-16 11:10:05 | French law enforcement deploy malware to hack into organised crime networks (lien direct) | French law enforcement have deployed malware to Encrochat devices in the effort to infiltrate criminal networks. Encrochat is largely used on Andriod phones using an encrypted network for communication, hence its popularity within organised crime including drug trafficking. The malware deployed has the ability to harvest all the data sorted on the phone from messages […] | Malware Hack | ||
|
2020-09-10 08:57:19 | (Déjà vu) Hackers stole $5.4 million from cryptocurrency exchange ETERBASE (lien direct) | Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 million. Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million. The company disclosed the hack on Thursday, threat actors have stolen various cryptocurrencies from its hot wallets, it […] | Hack Threat | ||
|
2020-09-10 01:05:03 | Slovak cryptocurrency exchange ETERBASE discloses $5.4 million hack (lien direct) | Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets were stolen in the hack. | Hack | ||
 |
2020-09-09 03:00:23 | Learn Ghidra From Home at SecTor 2020 (lien direct) | Running the IoT Hack Lab at SecTor has been a highlight of my year since 2015. Although we won't be back this year to fill our corner of the MTCC, I'm happy to be teaching A Beginner's Guide to Reversing with Ghidra as part of the SecTor 2020 virtual conference October 19-20. Ghidra is an […]… Read More | Hack | ||
|
2020-09-08 15:12:12 | Expert found multiple critical issues in MoFi routers (lien direct) | Researchers found multiple vulnerabilities in MoFi Network routers, including critical flaws that can be exploited to remotely hack a device. The researchers Rich Mirch from CRITICALSTART discovered ten vulnerabilities MOFI4500 MoFi Network routers. The expert reported the issues to the vendor in May but some of the flaws have yet to be patched. Most of […] | Hack | ||
 |
2020-09-03 11:11:10 | The FBI Intrusion Notification Program (lien direct) | The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post in her story U.S. notified 3,000 companies in 2013 about cyberattacks. The story noted the following:"Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions...About 2,000 of the notifications were made in person or by phone by the FBI, which has 1,000 people dedicated to cybersecurity investigations among 56 field offices and its headquarters. Some of the notifications were made to the same company for separate intrusions, officials said. Although in-person visits are preferred, resource constraints limit the bureau's ability to do them all that way, former officials said...Officials with the Secret Service, an agency of the Department of Homeland Security that investigates financially motivated cybercrimes, said that they notified companies in 590 criminal cases opened last year, officials said. Some cases involved more than one company."The reason this program is so important is that it shattered the delusion that some executives used to reassure themselves. When the FBI visits your headquarters to tell you that you are compromised, you can't pretend that intrusions are "someone else's problem."It may be difficult for some readers to appreciate how prevalent this mindset was, from the beginnings of IT to about the year 2010.I do not know exactly when the FBI began notifying victims, but I believe the mid-2000's is a safe date. I can personally attest to the program around that time.I was reminded of the importance of this program by Andy Greenberg's new story The FBI Botched Its DNC Hack Warning in 2016-but Says It Won't Next Time. I strongly disagree with this "botched" characterization. Andy writes:"[S]omehow this breach [of the Democratic National Committee] had come as a terrible surprise-despite an FBI agent's warning to [IT staffer Yared] Tamene of potential Russian hacking over a series of phone calls that had begun fully nine months earlier.The FBI agent's warnings had 'never used alarming language,' Tamene would tell the Senate committee, and never reached higher than the DNC's IT director, who dismissed them after a cursory search of the network for signs of foul play."As with all intrusions, criminal responsibility lies with the intruder. However, I do not see why the FBI is supposed to carry the blame for how this intrusion unfolded. According to investigatory documents and this Crowdstrike blog post on their involvement, at least seven months passed from the time the FBI notified the DNC (sometime in September 2015) and when they contacted Crowdstrike (30 April 2015). That is ridiculous. If I received a call from the FBI even hinting at a Russian presence in my network, I would be on the phone with a professional incident response firm right after I briefed the CEO about the call.I'm glad the FBI continues to improve its victim notification procedures, but it doesn't make much of a difference if the individuals running IT and the organization are negligent, either through incompetence or inaction.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and w | Hack | ||
|
2020-09-02 15:56:16 | The FBI Botched Its DNC Hack Warning in 2016-but Says It Won\'t Next Time (lien direct) | Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims. | Ransomware Hack |
To see everything:
Our RSS (filtrered)
