A collection point
...and some of my own.
Teen Wins Peace Prize for Fighting Cyber-Bullying https://kidsrights.org/news/sadat-rahman-17-from-bangladesh-wins-international-childrens-peace-prize-2020/ Sadat is a 17-year-old boy from Bangladesh. A story about a 15-year-old girl who committed suicide after suffering from cyberbullying moved Sadat so much, that he founded his own organization and created the anti cyberbullying app ‘Cyber Teens’ to give helpless teenagers a place to go for help. One of the major issues around cyberbullying is that young people are afraid to report it to the police or to inform their parents. The app gives young people information about internet safety and gives them the possibility to report cyberbullying. Rahman's Cyber Teens app has been downloaded over 1,800 times and has supported 300 young victims of cyber-bullying. Rahman's win came with $118,000 in prize money that he intends to use to roll out the app across Bangladesh and to other countries. Mississippi Program to Use Door Cameras to Fight Crime https://www.jacksonfreepress.com/news/2020/nov/02/mississippi-program-use-door-cameras-fight-crime/ Jackson Miss. began a pilot program with two technology corporations to provide a platform for the police department to access private surveillance via Ring cameras. “Ultimately, what will happen is residents and businesses will be able to sign a waiver, if they want their camera to be accessed from the Real Time Crime Center,” he said. “It would save (us) from having to buy a camera for every place across the city.” “We’ll be able to get a location, draw a circle around it and pull up every camera within a certain radius to see if someone runs out of a building,” he said. “We can follow and trace them.” The equipment needed to allow the center access to cameras is being provided by corporations Pileum and Fusus: Pileum, an information and technology consulting company founded in 2002, is based in Jackson, according to its website. Fusus, a Georgia-based company, provides cloud services to allow real-time crime centers to extract video information. US gov’s CISO takes leave to help Trump search for election fraud https://arstechnica.com/tech-policy/2020/11/us-govs-ciso-takes-leave-to-help-trump-search-for-election-fraud/ The US government's chief information security officer (CISO) is taking time off from his official duties to help in President Trump's search for election fraud. Camilo Sandoval worked on Trump's 2016 campaign and has been the federal CISO, a position in the White House's Office of Management and Budget, since October of this year. But Sandoval is now spending his days working for the newly formed Voter Integrity Fund, which is reportedly "run by government employees and former Trump campaign staffers who are analyzing voter data in six key states," and will, according to a Trump tweet find evidence that "Radical Left Democrats" are partnering with "the Fake News Media" to "STEAL this Election." In an interview on Friday, Sandoval defended his involvement in the endeavor as appropriate, saying he had taken vacation time from his government position, which he started last month. He said he was not using any government resources, such as his work computer or cellphone, while searching for fraud. Just what anyone would like to do on their vacation time off. Hacked Security Software Used in South Korean Supply-Chain Attack https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/ In this attack the Lazarus Group, notorious for its 2014 Sony Pictures Entertainment hack, exploits security software made by Wizvera. The software, called Wizvera VeraPort, is used by South Korean government websites and requires visitors to use a VeraPort browser plug-in for identity verification. “To understand this novel supply-chain attack, you should be aware that South Korean internet users are often asked to install additional security software when visiting government or internet banking websites.” Once attackers achieve a foothold on a targeted server, malicious binaries that appear to be legitimate and use the stolen digital certificates are planted on a compromised website and pushed automatically to unsuspecting site visitors. The next stage delivers the Lazarus remote access trojan. Commands include operations on the victim’s filesystem and download additional tools from the attacker’s arsenal, researchers wrote. Exposed Database Reveals 100K+ Compromised Facebook Accounts https://threatpost.com/exposed-database-100k-facebook-accounts/161247/ The unsecured Elasticsearch database was 5.5 gigabytes and contained 13,521,774 records of at least 100,000 Facebook users. It was open between June and September of this year; it was discovered on Sept. 21 and closed on Sept. 22. The data in the exposed database included credentials and IP addresses; text outlines for comments the fraudsters would make on Facebook pages (via a hacked account) that directed people to suspicious and fraudulent websites; and personally identifiable information (PII) data such as emails, names and phone numbers of the Bitcoin scam victims. The global scam targeting Facebook users starts with a network of websites owned by fraudsters, which trick Facebook users into providing their credentials by promising they would show targets a list of people who had recently visited their profiles. The website tells victims “There were 32 profile visitors on your page in the last 2 days! Continue to view your list,” and points them to a button that says “Open List!” When the victim clicks on the button, they are sent to a fake Facebook login page, where they are asked to input their login credentials. Campari Staggers following Ransomware Attack https://www.camparigroup.com/sites/default/files/downloads/20201109_Campari%20Group%20Press%20Release_ENG.pdf "Campari Group Press Release Malware attack: update on IT systems recovery Milan, November 9th, 2020-Following the previous communications on the malware attack, Campari Group informs that, in the context of its IT systems recovery plan, selected services have been progressively resumed following their successful sanitization and the installation of extra security measures." Campari was targeted by hackers using the Ragnar Locker ransomware. According to some reports, the malware attack managed to encrypt data on 24 of the company’s servers around the world, and the hackers responsible have demanded a cryptocurrency ransom worth $15 million. In its ransom note, the group claimed it had stolen 2TB worth of files from Campari’s servers, including sensitive information including bank statements, social security numbers, tax forms, contracts, and even passport details. The company has made no statement about whether it would be prepared to pay the ransom or not, but for now it certainly sounds as if it has chosen to attempt to rebuild its services on multiple sites, adding additional security measures in a bid to prevent reinfection. As to the data that was stolen.... That's another story. Let’s Encrypt Warns Some Android Users of Compatibility Issues https://www.securityweek.com/let%E2%80%99s-encrypt-warns-some-android-users-compatibility-issues?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 Let’s Encrypt, which earlier this year announced releasing over one billion certificates since its launch in 2015, initially relied on a cross-signature from IdenTrust. It can take a certificate authority (CA) years to get a new root certificate accepted by browsers and operating systems, and in order to be able to immediately start issuing certificates that are trusted by devices, a CA can get a cross-signature from a trusted CA. Let’s Encrypt’s own root certificate is now mature and the initial certificate, which is set to expire on September 1, 2021, is no longer needed. While this will not impact most users, software that has not been updated since September 2016 and which does not trust Let’s Encrypt’s own root certificate will likely cause problems. The CA believes one of the products most impacted by this will be Android, prior to version 7.1.1. The organization estimates that roughly one-third of Android devices are still running these older versions, which means their users will start getting certificate errors once the cross-signed certificate expires. Major integrators indicated that these users account for roughly 1-5% of their traffic. While the situation might improve until next year when the certificate expires, Let’s Encrypt believes there will still be many impacted devices so it’s trying to raise awareness. Hacked In 300 Seconds: iOS 14, Samsung Galaxy S20, Windows 10 https://www.forbes.com/sites/daveywinder/2020/11/09/hacked-in-300-seconds-ios-14-samsung-galaxy-s20-windows-10/?sh=36cf9c1b4d9c the annual Tianfu Cup is in its third year. Populated by teams from China that used to dominate the Pwn2Own leaderboard until they stopped taking part, supposedly in response to a government directive banning them from doing so, some big names in hardware and software fell this year. And fell quickly: each of the 15 teams were allowed three attempts to show their exploits in a five minute timeframe. 11 targets were successfully exploited by the Chinese hackers. These included: an iPhone 11 Pro running iOS 14, Windows 10 (v2004 April 2020), the Samsung Galaxy S20, Chrome, Firefox, Safari and Adobe PDF Reader. The precise details of the vulnerabilities that the hackers managed to exploit are not known, the Tianfu Cup follows the lead of Pwn2Own and doesn't disclose these details until after the vendors have had the chance to fix them. Prize money awarded was somewhere around US $1.2M. Routers, NAS Devices, TVs Hacked at Pwn2Own Tokyo 2020 https://www.securityweek.com/routers-nas-devices-tvs-hacked-pwn2own-tokyo-2020?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 Organizers offered a wide range of mobile and IoT devices, but participants focused on routers, NAS products and TVs. In total, participants were awarded $136,000 for 23 unique vulnerabilities across six different devices. Impacted vendors have been given 120 days to release patches before details are made public. Black Friday sales? Hackers selling network access to 7500 educational establishments have dropped their asking price. https://www.infosecurity-magazine.com/news/price-educational-rdp/ The threat actor offering the detail, reduced the asking price to BTC 10 (USD 155,300) from BTC 25 (USD 387,000) on November 4. “Educational establishments could be a particularly tantalizing target for research and intellectual property theft, especially if linked to COVID-19 research. Cyber-criminals are economically rational in their behavior and will price their ‘offer’ of credentials to maximize returns, in the shortest time, for the smallest of efforts.” Hotel Booking Firm Leaks Data on Millions of Guests https://www.websiteplanet.com/blog/prestige-soft-breach-report/ The Prestige Software hotel reservation platform has been exposing highly sensitive data from millions of hotel guests worldwide, dating as far back as 2013 and including credit card details for 100,000s of people. Based in Madrid and Barcelona, Prestige Software sells a channel management platform called Cloud Hospitality to hotels that automates their availability on online booking websites like Expedia and Booking.com. The company was storing years of credit card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks. Size: 24.4 GB, totaling 10,000,000+ exposed files Data Storage Format: Misconfigured AWS S3 bucket Countries Affected: Worldwide Customer Data Exposed PII data: Full names, email addresses, national ID numbers, and phone numbers of hotel guests Credit card details: card number, cardholder’s name, CVV, and expiration date Payment details: total cost of hotel reservations Reservation details: Reservation number, dates of a stay, the price paid per night, any additional requests made by guests, number of people, guest names, and much more. Mashable Customer Data Leaked Online https://www.infosecurity-magazine.com/news/mashable-customer-data-leaked/ "This past Wednesday evening, November 4th, we learned that a hacker known for targeting websites and apps had posted a copy of a Mashable database to the internet," said Mashable. "Based on our review, the database related to a feature that, in the past, had allowed readers to use their social media account sign-in (such as Facebook or Twitter) to make sharing content from Mashable easier." Information leaked included first and last names, location data, email addresses, gender, date of registration, IP addresses, links to social media profiles, expired OAuth tokens, and the days and months on which users' birthdays fall. As Businesses Go Remote, Hackers Find New Security Gaps https://www.darkreading.com/threat-intelligence/as-businesses-go-remote-hackers-find-new-security-gaps/d/d-id/1339336?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple The increase in server-side request forgery (SSRF) vulnerabilities is a trend HackerOne noticed last year but has increased, Rice says. It's a trend somewhat related to the pandemic but more broadly driven by the broad migration to cloud environments. "These vulnerabilities aren't very exploitable in on-prem or local environments but have massive impacts when redeployed to shared multi-tenant cloud environments. … We're seeing the impact of them spike pretty dramatically," he says. Was Hunter Biden’s laptop password really “Hunter02”? https://grahamcluley.com/hunter-biden-laptop-password/ The headline (which in Daily Mail tradition is typically wordy) reads: “EXCLUSIVE: National security nightmare of Hunter Biden’s abandoned laptop containing phone numbers for the Clintons, Secret Service officers and most of the Obama cabinet plus his sex and drug addictions – all secured by the password Hunter02” It’s the bit about the password which interests me the most. Obviously, if true, “Hunter02” is a very poor choice of password. Particularly for somebody called Hunter. But what’s bizarre is that there has been a meme all about having “hunter2” as a password, for the best part of 20 years. Is it possible that somebody is having a joke at the media’s expense, and has duped some non-tech savvy journalists into believing that the son of US Presidential candidate Joe Biden might have used a joke password like “hunter02”? And if that password makes us raise a doubtful eyebrow, might we be wise to be similarly cautious about other claims made in the article – especially with a contentious US election due to take place today? We loved this write in comment about Graham Cluley's article: "I would be cautious about anything in the Daily Mail. They told us Eric Idle would be the new Doctor Who." U.S. Says Iranian Hackers Accessed Voter Information https://www.securityweek.com/us-says-iranian-hackers-accessed-voter-information?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 “CISA and the FBI assess this actor is responsible for the mass dissemination of voter intimidation emails to U.S. citizens and the dissemination of U.S. election-related disinformation in mid-October 2020. Further evaluation by CISA and the FBI has identified the targeting of U.S. state election websites was an intentional effort to influence and interfere with the 2020 U.S. presidential election,” the alert reads. Between September 29 and October 17, the adversary launched attacks on U.S. state websites, including election websites, to access voter information, CISA and the FBI say. Observed activity includes exploitation of known vulnerabilities, the use of web shells, and the abuse of web application bugs. “CISA and the FBI can confirm that the actor successfully obtained voter registration data in at least one state. The access of voter registration data appeared to involve the abuse of website misconfigurations and a scripted process using the cURL tool to iterate through voter records,” CISA and the FBI say. JM Bullion Discloses Months-Long Payment Card Breach https://www.securityweek.com/gold-dealer-jm-bullion-discloses-months-long-payment-card-breach?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 Texas-based precious metals dealer JM Bullion has informed some customers that their payment card information may have been stolen by cybercriminals, but the disclosure came months after the breach was discovered. The investigation found that someone hacked into JM Bullion’s website and planted malicious code that was present on the site between February 18 and July 17, 2020. The malicious code was apparently designed to harvest customer information entered on the website — this is known as a skimming or Magecart attack. Some customers who discussed the incident on Reddit seem disappointed that it took the company five months to discover the breach and another three months to alert impacted individuals. Others expressed concern that the exposure of physical addresses is serious as someone could use the information to target the homes of people who acquired precious metals. Securing your home network: https://www.darkreading.com/edge/theedge/how-can-i-help-my-remote-workers-secure-their-home-routers/b/d-id/1339346?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
|
Linking the world
Sharing is caring Archives
May 2024
Categories |