This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties.
Here's a few more bits of news.
Singapore sting
Any large-scale data breach is bad news, but one that results in the
loss of the health information of a quarter of the population is
downright disastrous.
Such was the case in Singapore, where an estimated 1.5 million people
(about 25 per cent of the population) had their records lifted from the
health and information ministries' database.
Any Singaporeans worried this will get swept under the rug can rest
easy(ish): Prime Minister Lee Hsien Loong was among those whose data got
lifted in the heist. In fact, the nation's Cyber Security Agency
believes that it was Loong who was the original target of the attack.
Authorities have yet to find any of the pilfered information online, so
it's not clear whether this was the work of a nation-state sponsored
operation or just an effort by cybercriminals to harvest valuable
records.
Dear Uncle Sam, please come to your census
The US Census is coming up in just two years, and given the importance
of the data for things like congressional seats and public assistance,
getting the population data right is critical.
That's why a group of former government security experts are pressing
the Census Bureau to assess and report just how it plans to secure the
census and prevent outside groups from manipulating the data. They've
issued an open letter [PDF] requesting a security report.
"Our country’s elected representatives and, indeed, the American people
deserve to understand the technical protocols and systems being utilized
by the Census Bureau to ensure that the electronic collection and
storage of information about millions of Americans will be handled as
securely as possible," the letter reads.
"This is especially important in an age in which new types and sources of cybersecurity threats seem to emerge almost weekly."
The group claims they've already tried to get the data from the Census
Bureau, but have thus far been ignored. Hence the decision to issue an
open letter.
EXIF-iltration
Malware writers are now sullying the good name of Google (stop laughing) to infect users via image files.
Researchers with Sucuri explained how hackers have been using sites like
Google+ or Blogger to upload image files that contain EXIF data within
the "usercomment" data section. That EXIF code is where the magic
happens, executing the script that actually attempts to infect the user
with malware.
"In previous cases, hackers used EXIF data within images to hide
malicious code inside files that are rarely scanned for malware," Sucuri
explains.
"In this specific case, we see that the main goal is to host malicious
scripts on a reliable and trusted server so that they are always
available for downloading from any compromised sites."
DNS rebinding reloads for enterprise attacks
Last month we were alerted to the return of DNS rebinding attacks on
consumer devices. Now, we're hearing that enterprise hardware could also
be vulnerable to a flaw that has been known about for more than a
decade.
Researchers with security outfit Armis say that as many as half a
billion pieces of kit in use by just about every enterprise could also
be remotely hijacked and added to botnets via the same DNS rebinding
techniques.
Armis argues that things like printers and VoIP handsets are just as
vulnerable as your Roku or home router when it comes to vulnerabilities,
and if admins don't keep a close eye on all their hardware, those
unattended items could become cogs in a massive new botnet.
"Armis has found that the issue impacts hundreds of millions of IoT and
other unmanaged devices used inside almost every enterprise," notes
Armis VP of research Ben Seri.
"From smart TVs to printers, digital assistants to IP phones and more,
the exposure leaves organizations vulnerable to compromise, data
exfiltration, and to devices getting hijacked for another Mirai-like
attack."
18,000 routers pwned in a day
We knew it was easier than ever to build a botnet, but who knew it was this easy?
Researcher Ankit Anubhav discovered and tracked down the creator of an
18,000 strong botnet made up entirely of vulnerable Huawei network
routers. As it turns out, the person behind the botnet was able to put
it together in under 24 hours and used just one exploit, for a flaw that
has been known for more than half a year.
Let this be yet another reminder: make sure you regularly patch
everything on your network regularly. Firmware updates for routers or
printers can be an easy thing to forget, but if they get compromised
things could get ugly very quickly.
LabCorp says 'it was ransomware what knocked over our network'
Earlier this week we shared the story of how a mystery attack had briefly taken down much of LabCorp's medical testing network.
At the time, there was no official word on what had caused the
diagnostics service to go dark, and there were fears that the company
might have lost some of the millions of medical records it keeps from
its lab test facilities around the country.
As it turns out, the culprit was in fact a ransomware infection. El Reg
received an update from LabCorp that contained the following
clarification:
"The activity was subsequently determined to be a new variant of ransomware," the statement reads.
"LabCorp promptly took certain systems offline as part of its
comprehensive response to contain and remove the ransomware from its
system."
The good news is no data was taken, and your medical records are safe.
LabCorp says it is working with authorities to investigate the incident.
Get VLC 3.0.3 ...Like right now
You will want to make sure your copy of VLC is up to date, after a
high-severity security flaw was adapted for a popular metasploit exploit
tool.
CVE-2018-11529 is a bug that can be exploited to allow remote code execution. It was discovered by Eugene Ng.
While a working Metasploit module ups the danger, there's a simple and
very practical solution for this one: update your copy of VLC to version
3.0.3 and you'll have the bug all patched up.
File under: Good luck with that
The family of Silk Road boss Ross Ulbricht is still at it. The darknet
drug market supremo was jailed for life without parole back in 2015, and
while it's highly unlikely that the American judiciary and prosecution
would backtrack on its decision, Ross' mother, isn't giving up the fight
to have her son released from lockup in this lifetime.
A Change.org petition seeks a clemency grant for Ulbricht.
"Ross is condemned to die in prison, not for dealing drugs himself but
for a website where others did. This is far harsher than the punishment
for many murderers, pedophiles, rapists and other violent people,"
writes mother Ulbricht.
"Ross’s investigation, trial and sentencing were rife with abuse. This
includes corrupt federal investigators (now in prison) who were hidden
from the jury, as well as prosecutorial misconduct, constitutional
violations and reliance on unproven allegations at sentencing. Ross did
not get a fair trial and his sentence was draconian."
Right now, the petition has more than 18,000 signatures. Unfortunately,
the petitions have no legal sway, and it's unlikely US Attorney General
Jeff Sessions nor President Donald Trump will be moved to reverse their
"tough on crime" stance for Ulbricht.
https://www.geezgo.com/sps/31652
Comments
Post a Comment