wiredmikey - Slashdot User

Submission + - Twitter to Label Tweets Linking to Russian State Media (securityweek.com)

Submitted by wiredmikey on Monday February 28, 2022 @05:56PM

wiredmikey writes: Twitter will put warnings on tweets sharing links to Russian state-affiliated media, the platform said Monday, as Kremlin-tied outlets are accused of spreading misinformation on Moscow's invasion of Ukraine. The news comes as Russian troops have launched a major assault on Ukraine and while their forces battle in the physical world for control over various cities and regions, a battle is also taking place in cyberspace with attacks and misinformation campaigns.

Submission + - Google: NSO's Zero-Click Exploit 'Most Technically Sophisticated Exploit Ever' (securityweek.com)

Submitted by wiredmikey on Thursday December 16, 2021 @03:05PM

wiredmikey writes: Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations.

If that makes you scratch your head, that was exactly the reaction from Google’s premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group’s Pegasus surveillance tool on iPhones.

“We assess this to be one of the most technically sophisticated exploits we've ever seen,” Google’s Ian Beer and Samuel Groß wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia.

Submission + - GoDaddy Hack Exposes 1.2 Million WordPress Customer Accounts (securityweek.com)

Submitted by wiredmikey on Monday November 22, 2021 @01:48PM

wiredmikey writes: Domain registrar and web hosting giant GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months.

The Tempe, Arizona-based GoDaddy disclosed the breach in an SEC filing and confirmed that millions of users of its managed WordPress hosting service had sensitive data stolen, including database usernames and passwords, email addresses and private SSL keys.

Submission + - Robinhood Hacked, Millions of Names, Emails Stolen (securityweek.com)

Submitted by wiredmikey on Monday November 08, 2021 @06:13PM

wiredmikey writes: Mobile stock trading platform Robinhood on Monday fessed up to a security breach that exposed names and email addresses for millions of users and “extensive account details” for what appeared to be very specific targets.

The Menlo Park., Calif-based company, which claims that about 13 million users trade stocks ETFs, and cryptocurrencies using its mobile app, said the breach happened on November 3 when a hacker stole names, email addresses, dates of birth, zip codes and additional personal information from its customer user data.

Submission + - US Offers $10 Million Bounty for DarkSide Ransomware Operators (securityweek.com)

Submitted by wiredmikey on Thursday November 04, 2021 @08:01PM

wiredmikey writes: The U.S. government wants to find the people responsible for the Colonial Pipeline ransomware attack (and many others) and it’s putting up multi-million rewards for data on the operators behind the DarkSide extortion campaign.

The Department of State on Thursday offered up to $10 million for information leading to the identification or location of senior members of the DarkSide gang that caused major gas disruptions earlier this year. (more)

Submission + - Russia Detains CEO of Cybersecurity Firm Group-IB on Treason Charges (securityweek.com)

Submitted by wiredmikey on Wednesday September 29, 2021 @09:26AM

wiredmikey writes: Russia on Wednesday detained the CEO of Group-IB, one of the country's leading cybersecurity firms on charges of treason, in a move that targets a company collaborating with the West on stemming cyberattacks.

Founded in 2003, the Group-IB group specializes in the detection and prevention of cyberattacks and works with Interpol and several other global institutions.

A Moscow court ordered the group's 35-year-old co-founder and CEO, Ilya Sachkov, to be held in pre-trial custody for two months on treason charges, the court's press service said, but did not provide details of the charges.

Group-IB said Wednesday that its Moscow headquarters had been searched the previous morning.

Submission + - DeadRinger: Chinese Military Hackers Hit Major Telcos (securityweek.com)

Submitted by wiredmikey on Tuesday August 03, 2021 @12:04AM

wiredmikey writes: Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27).

Cybereason released details of a triple-pronged attack by Chinese military-affiliated groups against cellular network providers in southeast Asia. Disturbingly, Yonatan Striem-Amit, CTO and co-founder of Cybereason, told SecurityWeek, “We discovered and have evidence that Chinese advanced groups have been using the Hafnium zero-days since at least 2017.” Cellular networks are a prime target for nation states because they provide an excellent steppingstone to many other types of attack and different targets. “At this point,” said Striem-Amit, “the attacks seem to be a stepping point for a major espionage campaign. We all carry a device in our pocket that knows where we are, where we have been, and who we are with.”

Submission + - U.S., Allies Officially Accuse China of Microsoft Exchange Attacks (securityweek.com)

Submitted by wiredmikey on Monday July 19, 2021 @09:59AM

wiredmikey writes: The United States and several of its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government.

The White House has also attributed — “with a high degree of confidence” — the initial Microsoft Exchange attacks to hackers affiliated with China’s Ministry of State Security (MSS). The NSA, FBI and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Monday released an advisory detailing more than 50 tactics, techniques and procedures (TTPs) used by Chinese state-sponsored threat actors in their attacks.

Submission + - New Law Helps Chinese Government Stockpile Zero-Days (securityweek.com) 6

Submitted by wiredmikey on Wednesday July 14, 2021 @08:16AM

wiredmikey writes: Starting on September 1, 2021, the Chinese government will require that any Chinese citizen who finds a zero-day vulnerability to pass the details to the Chinese government and must not sell or give the knowledge to any third-party outside of China. Under the new rule, Chinese APTs are likely to acquire a greater stockpile of zero-days than they already have.

The most obvious assumption of the new law is that Chinese found zero-days will be funneled into the Chinese APT groups, and will not be made available for purchase by the NSA or Russian state actors.

Submission + - Poisoned Installers Found in SolarWinds Hackers Toolkit (securityweek.com)

Submitted by wiredmikey on Tuesday June 01, 2021 @07:12PM

wiredmikey writes: The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks. According to a new report, the latest wave of attacks being attributed to APT29/Nobelium threat actor includes a custom downloader that is part of a “poisoned update installer” for electronic keys used by the Ukrainian government. SentinelOne principal threat researcher Juan Andrés Guerrero-Saade documented the latest finding in a blog post that advances previous investigations from Microsoft and Volexity. “At this time, the means of distribution [for the poisoned update installer] are unknown. It’s possible that these update archives are being used as part of a regionally-specific supply chain attack,” Guerrero-Saade said.

Submission + - SolarWinds Hackers Impersonating U.S. Gov Agency in New Attacks (securityweek.com)

Submitted by wiredmikey on Friday May 28, 2021 @08:28AM

wiredmikey writes: The Russia-linked threat group believed to be behind the SolarWinds attack has been observed launching a new cyberattack campaign this week. The attacks have targeted the United States and other countries, and involve a legitimate mass mailing service and impersonation of a government agency.

The latest attacks were analyzed by Microsoft, which tracks the threat actor as Nobelium, and by incident response firm Volexity, which has found some links to APT29, a notorious cyberspy group previously linked to Russia.

Targeted organizations include government agencies, think tanks, NGOs, and consultants. Microsoft said at least a quarter of the targets are involved in human rights and international development work. Both Microsoft and Volexity have made available indicators of compromise (IoC) that organizations can use to detect attacks.

Submission + - Tech Audit of Colonial Pipeline Found 'Glaring' Problems (securityweek.com)

Submitted by wiredmikey on Wednesday May 12, 2021 @09:12PM

wiredmikey writes: An outside audit three years ago of the Colonial Pipelinefound “atrocious” information management practices and “a patchwork of poorly connected and secured systems,” its author said. “We found glaring deficiencies and big problems,” said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. “I mean an eighth-grader could have hacked into that system.”

Colonial said it initiated the restart of pipeline operations on Wednesday afternoon and that it would take several days for supply delivery to return to normal.

Submission + - Cyberattack Forces Shutdown of Major U.S. Pipeline (securityweek.com)

Submitted by wiredmikey on Saturday May 08, 2021 @10:18AM

wiredmikey writes: A cyberattack has forced an operational shutdown of the Colonial Pipeline, the largest refined products pipeline in the United States. The Colonial Pipeline Company said late Friday that it was the victim of a cyberattack, sparking the company to proactively take certain systems offline and temporarily halt all pipeline operations. The company said the attack had impacted some of its IT systems, but did not say if any of its operational technology (OT) systems were directly impacted. It's unclear if the incident involved ransomware, or was another form or malware or breach. The Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily through a pipeline system that spans more than 5,500 miles

Submission + - Tesla Car Hacked Remotely From Drone (securityweek.com)

Submitted by wiredmikey on Monday May 03, 2021 @08:57AM

wiredmikey writes: Security researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction from a drone. This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. A hacker who exploits the vulnerabilities can perform any task that a regular user could from the infotainment system. That includes opening doors, changing seat positions, playing music, controlling the air conditioning, and modifying steering and acceleration modes. They showed how an attacker could use a drone to launch an attack via Wi-Fi to hack a parked car and open its doors from a distance of up to 100 meters (roughly 300 feet). They claimed the exploit worked against Tesla S, 3, X and Y models.

Submission + - Google Chrome Hit in Another Mysterious Zero-Day Attack (securityweek.com)

Submitted by wiredmikey on Tuesday April 20, 2021 @08:42PM

wiredmikey writes: Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” the company said, with no additional details.

Slashdot Top Deals