Category: Security Threats

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks

Cyber-criminal gangs are believed to have stolen tens of millions of dollars from at least eight banks in Eastern Europe using tactics usually seen only in Hollywood movies. These “hacks” consisted of cyber-criminals entering bank offices to inspect and then leave malicious devices connected to the bank’s network.

Russian cyber-security firm Kaspersky Lab, which was called to investigate some of these mysterious cyber-heists, says it found three types of devices at offices at the eight banks it reviewed: cheap laptops, Raspberry Pi boards and malicious USB thumb drives known as Bash Bunnies.

Read more about the Hollywood-style hacks on European banks on ZDNet.

Trump’s Cybersecurity Advisor Rudy Giuliani Thinks His Twitter Was Hacked Because Someone Took Advantage of His Typo

Rudy Giuliani, who was named President Trump’s cybersecurity advisor last year, has demonstrated that he does not understand how Twitter works…or hyperlinks…or domain registration. Giuliani tweeted that Twitter had allowed someone to “invade” a tweet he sent, because that tweet linked to a website with the words “Donald J. Trump is a traitor to our country.”

However, the reason the text linked to the site was due to a typo in a hyperlink in Giuliani’s original tweet. Shortly after, an anonymous (and quick-thinking) user bought the domain erroneously referred to in the tweet.

Read more about this bizarre story on Motherboard.

Unprotected MongoDB Exposes Scraped Profile Data of 66 Million

Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone’s reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles. The cache includes personal details that can identify users and could help adversaries create phishing attacks that are more difficult to recognize.

According to Bob Diachenko, Director of Cyber Risk Research at Hacken, the trove was exposed via a MongoDB instance that could be accessed without authentication. He found 66,147,856 unique records containing full name, personal or professional email address, user’s location details skills, phone number, employment history and a link to the individual’s LinkedIn profile.

Read more about the massive data leak on BleepingComputer.

‘Good for the world’? Facebook emails reveal what really drives the site

The central mythos of Facebook is that what’s good for Facebook is good for the world. More sharing, more friends and more connection will “make the world more open and connected” and “bring the world closer together”, Mark Zuckerberg has argued, even as his company has been engulfed by scandal.

But confidential emails, released by the British Parliament, reveal the hardheaded business calculations that lurked beneath the feel-good image projected by Zuckerberg and Facebook. “That may be good for the world, but it’s not good for us,” Zuckerberg wrote in a 2012 email about the possibility that developers would build applications that used data about Facebook users and their friends, but not provide any data back to Facebook.

Read more about this developing story on The Guardian.

Quora says 100 million users hit by ‘malicious’ data breach

Question-and-answer website Quora warned that hackers gained access to the personal data of as many as 100 million of its users. Quora discovered on Friday that one of its systems had been hacked by “a malicious third party,” CEO Adam D’Angelo said in a blog post.

The compromised information includes users’ names, email addresses and encrypted passwords as well as data from social networks like Facebook (FB) and Twitter (TWTR) if people chose to link them to their Quora accounts. The hackers also obtained details about users’ activity on Quora, such as questions, answers, upvotes and downvotes. But anonymously written questions and answers were not affected by the breach.

Read more about the massive Quora data breach on CNN.

Researchers discover SplitSpectre, a new Spectre-like CPU attack

Researchers have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code. This new CPU vulnerability is, too, a design flaw in the microarchitecture of modern processors that can be exploited by attacking the process of “speculative execution,” an optimization technique used to improve CPU performance.

The vulnerability, which researchers codenamed SplitSpectre, is a variation of the original Spectre v1 vulnerability discovered last year. The difference in SplitSpectre is not in what parts of a CPU’s microarchitecture the flaw targets, but how the attack is carried out.

Read more about the SplitSpectre CPU attack on ZDNet.

Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements

Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements.

The flaws were identified by SEC Consult in SDS1000X-E series super phosphor oscilloscopes, one of the latest products launched by Siglent, a China-based company that specializes in measurement products. The impacted product costs roughly $400 and it has been named by at least one website the best oscilloscope in its price range.

Read more about the major flaws in the digital oscilloscope on SecurityWeek.

Phishing Campaign Delivers FlawedAmmyy, RMS RATs

A new campaign delivering various remote access Trojans (RATs) is likely the work of a known Dridex/Locky operator, Morphisec security researchers warn. Dubbed Pied Piper, the campaign targets users in multiple countries and is likely operated by TA505, the threat group known to have orchestrated large Dridex and Locky attacks in the past. Observed starting last week, the phishing attempts use documents with malicious macros for malware delivery.

The campaign is multi-staged and still ongoing, with a version delivering the FlawedAmmyy RAT, while another variant dropping the Remote Manipulator (RMS) RAT. Earlier this year, TA505 was observed exploiting an Office zero-day to deliver the FlawedAmmyy RAT.

Read more about the new campaign by TA505 on SecurityWeek.

The Kubernetes privilege escalation flaw

Red Hat has issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes, the most popular cloud container orchestration system. Kubernetes makes it possible to orchestrate containerized applications together, enabling composite services comprised of hundreds, or even thousands, of “simpler” services.

The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes cluster. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall. All Kubernetes-based services and products are affected.

Read more about the critical Kubernetes flaw on Red Hat.

Industry reactions to the enormous Marriott data breach

On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States. The company now believes that information on up to approximately 500 million guests who made a reservation at a Starwood property may have been compromised.

For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

Read more about the massive data breach, including industry reactions, on Help Net Security.