A collection point
...and some of my own.
FBI warns US companies about backdoors in Chinese tax software Catalin Cimpanu: The US Federal Bureau of Investigation has sent an alert on Thursday warning US companies about backdoor malware that is silently being installed on the networks of foreign companies operating in China via government-mandated tax software. The backdoors allow threat actors to execute unauthorized code, infiltrate networks, and steal proprietary data from branches operating in China. Making matters worse, the FBI says that all foreign companies are required by local Chinese laws to install this particular piece of software in order to handle value-added tax (VAT) payments to the Chinese tax authority. "In July 2018, an employee of a US pharmaceutical company with business interests in China downloaded the Baiwang Tax Control Invoicing software program from baiwang.com. Since at least March 2019, Baiwang released software updates which installed a driver automatically along with the main tax program. In April 2019, employees of the pharmaceutical company discovered that the software contained malware that created a backdoor on the company's network," the FBI said -- describing what later security firm Trustwave identified as the GoldenHelper malware. "In June 2020, a private cybersecurity firm reported that Intelligence Tax, a tax software from Aisino Corporation that is required by a Chinese bank under the same VAT system, likely contained malware that installed a hidden backdoor to the networks of organizations using the tax software," the FBI also said -- describing what Trustwave identified as the GoldenSpy backdoor, believed to be a second and improved iteration of the original GoldenHelper malware. The FBI warns US companies that the backdoor malware installed on their systems has dangerous capabilities that may allow "cyber actors to preposition to conduct remote code execution and exfiltration activities on the victim's network." FBI officials said they believed US companies in the healthcare, chemical, and finance sectors operating in China are in particular danger, based on China's historical interest in these sectors. While the FBI alert didn't point the finger at the Chinese government directly, the alert said that both Baiwang and Aisino operate their VAT software under the management and oversight of NISEC (National Information Security Engineering Center), a state-owned private enterprise, with "foundational links" to China's People Liberation Army, suggesting to a well-orchestrated nation-state intelligence gathering operation. Four years on from launch, the No More Ransom initiative has helped over 4 million victims of ransomware attacks retrieve their files for free. Over four million victims of ransomware attacks have now avoided paying over £600 million in extortion demands to cyber criminals in the first four years of Europol's No More Ransom initiative. First launched in 2016 with four founding members, No More Ransom provides free decryption tools for ransomware and has been growing ever since, now consisting of 163 partners across cybersecurity, law enforcement bodies, financial services and more. Together, they've released free decryption tools for over 140 families of ransomware which have been downloaded a combined total of over 4.2 million times – something which Europol estimates has prevented $632 million from being paid out to cyber criminals. Among the top contributors to the project are Emisisoft, which has provided 54 decryption tools for 45 ransomware families, founding member Kaspersky, which has provided five tools for 32 ransomware families and Trend Micro, which has provided two decryption tools for 27 ransomware families. Preventative steps recommended by Europol include backing up important files offline, so that in the event of an attack, files can be immediately retrieved, no matter if a decryption tool is available or not. Europol also recommends that users don't download programs from suspicious sources or open attachments from unknown senders, so as to avoid falling victim to email-based attack. Smartwatch Maker Garmin Shuts Down Services After Ransomware Attack By Larry Dignan: As of Monday morning, Garmin said that Garmin Connect has returned with limited functionality. Simply put, Garmin has had a rough week. Here's the timeline: Garmin services and production go down after ransomware attack. July 24 Garmin's outage, ransomware attack response lacking as earnings loom Garmin Fenix smartwatches hit with GPS, run and activity saving glitch amid outage Specifically, Garmin Connect can now July 27th display activity details and uploads, register devices, show the dashboard, produce reports and segments. The company noted on its status page: July 27th.: We are happy to report that Garmin Connect recovery is underway. We'd like to thank you for your understanding and patience as we restore normal operations. Limited functionality remains for daily summary, courses, Garmin Coach, third party sync and Strava. On Strava, Strava Beacon integration is working, but segments, routes and uploaded activities are being queued to sync. Researchers Reveal New Security Flaw Affecting China's DJI Drones Ravie Lakshmanan: Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM, found that DJI's Go 4 Android app not only asks for extensive permissions and collects personal data (IMSI, IMEI, the serial number of the SIM card), it makes of anti-debug and encryption techniques to thwart security analysis. "This mechanism is very similar to command and control servers encountered with malware," Synacktiv said. "Given the wide permissions required by DJI GO 4 — contacts, microphone, camera, location, storage, change network connectivity — the DJI or Weibo Chinese servers have almost full control over the user's phone." Reverse engineering the app, Synacktiv said it uncovered the existence of a URL ("hxxps://service-adhoc.dji.com/app/upgrade/public/check") that it uses to download an application update and prompt the user to grant permission to "Install Unknown Apps." "We modified this request to trigger a forced update to an arbitrary application, which prompted the user first for allowing the installation of untrusted applications, then blocking him from using the application until the update was installed," the researchers said. Even more concerning, the app continues to run in the background even after it's closed and leverages a Weibo SDK ("com.sina.weibo.sdk") to install an arbitrarily downloaded app, triggering the feature for users who have opted to live stream the drone video feed via Weibo. GRIMM said it didn't find any evidence that it was exploited to target individuals with malicious application installations. Besides this, the researchers found that the app takes advantage of MobTech SDK to hoover metadata about the phone, including screen size, brightness, WLAN address, MAC address, BSSIDs, Bluetooth addresses, IMEI and IMSI numbers, carrier name, SIM serial Number, SD card information, OS language and kernel version, and location information. Last May, the US Department of Homeland Security had warned companies that their data may be at risk if they use commercial drones manufactured in China and that they "contain components that can compromise your data and share your information on a server accessed beyond the company itself." This is proof. Dave data breach affects 7.5 million users, leaked on hacker forum Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums. Dave is a fintech company that allows users to link their bank accounts and receive cash advances for upcoming bills to avoid overdraft fees. Subscribers who need extra money to pay a bill can get a payday loan up to $100, but cannot receive another loan until it is repaid. A threat actor released a database containing 7,516,691 users records for free on a hacker forum on Friday. After reaching out to Dave regarding their database being leaked, Dave disclosed the incident as a data breach a day later. In a statement sent to BleepingComputer Saturday, Dave says their database was breached after Waydev, a former third-party service provider used by the company was breached. "The stolen information included some personal user information including names, emails, birth dates, physical addresses and phone numbers. Importantly, this did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers. Be sure to change your password at any other sites where you used the same password as in the Dave app. Leave a Reply. |
Linking the world
Sharing is caring Archives
May 2024
Categories |