A malicious group known as the “Inception attackers” has been using a year-old Office exploit and a new backdoor in recent attacks, Palo Alto Networks security researchers warn. Active since at least 2014, the group has used custom malware and against targets spanning various industries worldwide, with a special interest in Russia.
In October 2018, the threat actor was observed hitting various European targets in attacks employing an exploit for a vulnerability (CVE-2017-11882) that Microsoft patched in November 2017. Furthermore, the hackers were using a new PowerShell backdoor dubbed POWERSHOWER, which revealed high attention to detail in terms of cleaning up after infection.
Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident. Employee credentials were compromised, enabling unauthorized third parties to gain access to certain company websites containing personal data on policyholders and applicants, the insurer says.
The incident, which was reported by Bankers Life’s parent company, CNO Financial Group, to the Department of Health and Human Services as an “unauthorized access/disclosure” breach, is the fifth largest incident added to the HIPAA Breach Reporting Tool website so far this year. Commonly called the “wall of shame,” the HHS website lists health data breaches impacting 500 or more individuals.
Hackers have breached StatCounter, one of the internet’s largest web analytics platforms, and have inserted malicious code inside the company’s main site-tracking script. According to Matthieu Faou, the researcher who discovered the hack, this malicious code hijacks any Bitcoin transactions made through the web interface of the Gate.io cryptocurrency exchange.
Faou says the malicious code was first added to this StatCounter script over the weekend, on Saturday, November 3. The code was still live at the time of this article’s publication. According to a PublicWWW search, there are over 688,000 websites that currently appear to load the company’s tracking script.
Read more about the StatCounter breach affecting Gate.io on ZDNet.
Hackers have been targeting Iranian users of Telegram and Instagram with fake login pages, app clones and BGP hijacking in attacks that have been ongoing since 2017, Cisco Talos reveals. Banned in Iran, Telegram is a popular target for greyware, software that provides the expected functionality but also suspicious enough to be considered a potentially unwanted program (PUP).
Attacks on Iranian users differ in complexity, based on resources and methods, and those analyzed by Cisco were aimed at stealing personal and login information. As part of these attacks, users were tricked into installing Telegram clones that can access a mobile device’s full contact lists and messages. In addition, fake Instagram apps were designed to send full session data to the attackers, who would then gain full control of the account in use.
Read more about the campaign targeting users in Iran on SecurityWeek.
Toss around accusations of a failed attempt to hack a state’s voter registration system — without actually providing any proof — that’s one way to really stir things up right before the midterm elections.
That is what Brian Kemp, Georgia’s current secretary of state — who is also the Republican candidate for governor — did on Sunday. With the midterm elections just a few days away, Kemp accused the Democratic Party of Georgia of hacking the state’s voter registration system. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters.
Huawei has denied that it assisted the Chinese government in infiltrating a foreign network to gain information, following reports over the weekend to the contrary. “Huawei categorically denies it has ever provided, or been asked to provide, customer information for any government or organisation,” a Huawei spokesperson told ZDNet.
“These baseless accusations are made without any evidence whatsoever.” The denial followed reports by The Australian that it had “confirmed from a national security source” that Huawei staffers were used by Chinese intelligence to “get access codes to infiltrate a foreign network”, including providing password and network details.
Hackers have published what they claim are private messages from at least 81,000 Facebook accounts – and they say the trove contains a fraction of the details they have from a larger cadre of 120 million accounts. In an English-language Dark Web advertisement (now taken down), the perpetrators offered the messages for 10 cents per account.
The BBC Russian Service investigated the supposed heist along with cybersecurity firm Digital Shadows. The team found that within the 81,000 Facebook users in the sample posting, those in the Ukraine and Russia are the main targets (although some others were also impacted. The BBC found evidence that the leaked portion of the archive is real.
Read more about the new Facebook data breach on Threatpost.
Eurostar, the rail high-speed railway service connecting London with cities in France, Belgium and the Netherlands, has reset its customers’ login passwords after detecting attempts to break into an unspecified number of accounts. The company said it had notified those whose accounts had been targeted. Other passengers will be told they have been blocked the next time they try to log in and will be asked to reset their details.
The firm declined to say whether any of the hack attacks were successful but said payment details were not affected. The railway service said the attacks had taken place between 15 and 19 October and involved a “small number” of internet protocol (IP) addresses. It is not disclosing whether their origin has been traced.
Read more about the cyber attack targeting Eurostar on BBC.
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service. North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo. Cryptocurrency has emerged as an alternative source of money for the cash-strapped North Korean regime amid tightening international sanctions.
Read more about the North Korean cryptojacking campaigns on UPI.
On both sides of the political aisle, at every level of government, and throughout the tech industry, the United States is grappling with fundamental cybersecurity threats to its elections. The country is also planning for how to react when things go wrong, both during this crucial midterm election and in the 2020 general election.
Understanding modern election security means coming to grips with a daunting reality: especially in the United States, the infrastructure is too fragmented, outdated, and vulnerable to be completely secured. There are also far too many different types of attacks across the threat landscape to ever stop them all.
Read more about the cybersecurity threats to US elections on PC Magazine.