Security Archives

'EWDoor' Malware Attacks Thousands of AT&T Internet Subscribers

Andrew Orr · December 1, 2021

Hackers are exploiting a bug from 2017 to attack the EdgeMarc Enterprise Session Border Controller. This device is used by businesses to manage phone calls and video calls.

The vulnerability being exploited to infect the devices is tracked as CVE-2017-6079, a command-injection flaw that penetration tester Spencer Davis reported in 2017 after using it to successfully hack a customer’s network. The vulnerability stemmed from an account in the device that, as Davis learned from this document, had the username and password of “root” and “default.”

News

Hackers Infiltrate Website Belonging to Sealand, Skimming Payment Data

Andrew Orr · November 30, 2021

Hackers have infiltrated a website belonging to the Principality of Sealand, using a web skimmer to steal user data such as payment information.

Link

Intel Stockpiles Legacy Hardware for Security Research at Costa Rica Facility

Andrew Orr · November 30, 2021

The Wall Street Journal reports that Intel has a facility in Costa Rica where it stores legacy hardware for security research.

Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Podcast

Adele's Shuffle Challenge and Apple's Stand on State-Sponsored Spyware, with Jeff Gamet - ACM 562

Bryan Chaffin · November 28, 2021 · Add Comment

Bryan Chaffin and Jeff Gamet talk about Adele’s desire that we not shuffle her albums. They also look at Apple’s public stand against state-sponsored spyware.

VIew all episodes

Podcast

Security Tips for Holiday Visits – TMO Daily Observations 2021-11-24

Kelly Guimont · November 24, 2021 · Add Comment

Andrew Orr joins host Kelly Guimont to discuss security tips for traveling, and some good things to check when you get to your Turkey Day Destination.

VIew all episodes

Link

Digital Marketing Agency 'Cronin' Leaks 92 Million Employee, Client Records

Andrew Orr · November 24, 2021

Security researcher Jeremiah Fowler in cooperation with the WebsitePlanet research team found an unprotected database from Cronin. It exposed 92 million database records from employees and clients.

The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. These records included internal data such as employee and client information. Also included in the dataset was a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from.

News

Apple Sues NSO Group Over Endangering iOS Users With Spyware

Andrew Orr · November 23, 2021

On Tuesday Apple announced it had filed a lawsuit against NSO Group and its parent company. The goal is to hold it accountable for its spyware.

Link

GoDaddy Breach Leaks 1.2 Million Email Addresses of WordPress Customers

Andrew Orr · November 22, 2021

On Monday, web hosting company GoDaddy revealed that it suffered a data breach that was discovered on September 6. It happened by way of a compromised password.

email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorized third-party access.

Podcast

Security Friday: Chip Flaws and Data Breaches – TMO Daily Observations 2021-11-19

Kelly Guimont · November 19, 2021 · Add Comment

Andrew Orr and host Kelly Guimont discuss the abundance of security news this week including some hardware issues and This Week in Data Breaches.

VIew all episodes

Link

Rule Approved: Banks Must Report Cyber Attacks Within 36 Hours

Andrew Orr · November 19, 2021

U.S. regulators have approved a rule to require banks to report major cyber incidents within 36 hours.

The rule, dubbed the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was cemented by the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation. There is currently no specific window that banks must repot such incident to the agencies in question.

Link

Tor Project Offers Rewards for More Servers During Decline

Andrew Orr · November 19, 2021

The Tor Project has seen a decline in relays and bridge servers, and offers rewards for people to help increase the network.

Rewards include the likes of hoodies, t-shirts, and stickers and are meant to provide some sort of meaningful gift to those who help keep the Tor anonymity network alive and resilient to censorship.

More specifically, the rewards will be provided to those who run Tor “bridges,” which serve as entry points into the Tor network for users located in countries that block access to Tor servers.

Link

Data Breach of California Pizza Kitchen Leaks 100,000 Social Security Numbers

Andrew Orr · November 18, 2021

TechCrunch reports that California Pizza Kitchen suffered a data breach in September. The SSNs of over 100,000 employees were leaked as a result.

While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees.

News

Intel Chip Flaw Lets Attackers Install Malicious Firmware to Bypass Security

Andrew Orr · November 18, 2021

A flaw found within certain Intel chips lets an attacker with physical access to the install malicious firmware onto the system.

Link

Teen in Canada Arrested Over $36.5 Million Crypto Theft

Andrew Orr · November 18, 2021

Bloomberg reports on a theft involving a Canadian teen stealing US$36.5 million in cryptocurrency from a victim in the U.S.

Police said the victim was targeted through a cell phone scam known as SIM swapping, in which a scammer hijacks a wireless customer’s phone number to intercept two-factor authentication requests and gain access to the victim’s accounts.

The arrest was the result of a joint investigation with the Federal Bureau of Investigation and the U.S. Secret Service Electronic Crimes Task Force, the Hamilton Police Service said in a statement. The investigation was launched last year in March.

If you haven’t already done so it’s a good idea to lock your SIM card with a PIN.

News

New 'CyberD TV' Aims to Train General Public in Cybersecurity

Andrew Orr · November 17, 2021

There’s a new streaming service in town and it’s called CyberD TV. It aims to help the public stay safe online with cybersecurity training.

Link

US Issues Joint Advisory Warning Companies of Iranian Ransomware

Andrew Orr · November 17, 2021

In a joint advisory issued on Wednesday, the U.S. is warning that Iranian state-backed hackers are targeting infrastructure companies with ransomware.

The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors.

Link

GitHub Fixes NPM Bugs That Leaked Private Package Names

Andrew Orr · November 16, 2021

GitHub has fixed several flaws with npm packages that leaked private names and let attackers publish new versions of a package they didn’t have rights to.

The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. Although, GitHub does warn that despite this, the replicate.npmjs.com service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.”

Link

New 'BotenaGo' Targets Routers and Smart Home Devices in Devastating Attack

Andrew Orr · November 15, 2021

AT&T Alien Labs discovered malware it dubs BotenaGo. It affects millions of routers and Internet of Things devices found with smart homes. The “devastating” part comes from the fact that it uses over 30 separate exploits due to insecure devices.

The BotenaGo malware starts by initializing global infection counters that will be printed to the screen, informing the hacker about total successful infections. It then looks for the ‘dlrs’ folder in which to load shell scripts files. A loaded script will be concatenated as ‘echo -ne %s >> ‘. If the ‘dlrs’ folder is missing, the malware will stop and exit at this point. For the last and most important preparation, the malware calls the function ‘scannerInitExploits’, which initiates the malware attack surface by mapping all offensive functions with its relevant string that represent the targeted system.

Link

Researchers Uncover Serious Flaws Within DRAM Chips

Andrew Orr · November 15, 2021

ETH Zurich reports that researchers from the Vrije Universiteit Amsterdam and Qualcomm Technologies found flaws within DRAM chips. The article I’m linking to is more of an announcement; ETH Zurich tells me the full results will be presented at IEEE in 2022.

It means that by repeatedly activating – or “hammering” – a memory row (the “aggressor”), an attacker can induce bit errors in a neighbouring row, also called the “victim” row. That bit error can then, in principle, be exploited to gain access to restricted areas inside the computer system – without relying on any software vulnerability.

Link

FBI Says Data Was Not Compromised After Hackers Took Over Email Server

Andrew Orr · November 15, 2021

Hackers took over an FBI server over the weekend, sending thousands of fake cyberattack warnings. The agency says no personal information or data was affected.

The agency said it has fixed the software vulnerability that allowed the attack.

The fake emails originated from an FBI-operated server, which was dedicated to pushing notifications to the Law Enforcement Enterprise Portal (LEEP), which the FBI uses to communicate with state and local agencies. The compromised server was not part of the FBI’s corporate email service, the FBI added.

Podcast

Security Friday: News and Precise Locations – TMO Daily Observations 2021-11-12

Kelly Guimont · November 12, 2021 · Add Comment

Andrew Orr and Jeff Butts join host Kelly Guimont to discuss security news, This Week in Data Breaches, and new uses for Precise Location data.

VIew all episodes

Link

Newly Discovered 'OSX.CDDS' Implant Targets Visitors to Hong Kong Websites

Andrew Orr · November 12, 2021

Google’s Threat Analysis Group discovered a new macOS implant that security researcher Patrick Wardle dubbed OSX.CDDS. It targets “visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group.”

Notable features for this backdoor include: victim device fingerprinting, screen capture, file download/upload, executing terminal commands, audio recording, keylogging.

Link

How Thieves are Stealing Apple ID Credentials for Stolen iPhones

Andrew Orr · November 11, 2021

A report from India Today shares the story of how thieves tricked an Apple user to steal his credentials in order to unlock the iPhone they stole.

Vedant narrated his ordeal on Twitter and urged users to be aware of the types of attacks that can be used to extract sensitive information from users. He revealed that the first thing he did after losing his phone was log in to the Find My app with his Apple ID using his MacBook and try to get the phone’s exact location through the Find My app.

Classic phishing attack.

Link

Robinhood Data Breach Leaked Email Addresses From Social Engineering

Andrew Orr · November 9, 2021

Robinhood suffered a data breach recently through a social engineering attack on a customer support agent.

At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.