Hacking & Cracking

User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#126

Post by RTH10260 » Tue Mar 26, 2019 10:32 am

Operation ShadowHammer hijacks ASUS Live Update
MARCH 25, 2019 FRANK CRAST

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

Security researchers from Kaspersky Lab discovered the sophisticated supply chain attack dubbed “Operation ShadowHammer” in January 2019 and said the attack took place between June and November 2018. The company reported the attacks impacted a large number of users.

According to the newly released report on Monday, the cyber attack “matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques.”

The Kaspersky researchers also attributed part of the reason the attacks went undetected for so long was due to the trojanized updaters were signed with legitimate certificates (e.g., “ASUSTeK Computer Inc.”).


https://www.securezoo.com/2019/03/opera ... ve-update/



User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#127

Post by RTH10260 » Tue Mar 26, 2019 6:08 pm

Big Norwegian Aluminum Producer Suffers Extensive Cyber Attack
By Jonas Cho Walsgard , Elena Mazneva , and Mark Burton
March 19, 2019, 8:41 AM GMT+1 Updated on March 19, 2019, 5:07 PM GMT+1

Company says attack originated in U.S.; some plants halted
Sustained disruption could cut supply of specialized products


Norsk Hydro ASA, one of the world’s biggest aluminum producers, suffered production outages after a cyber attack affected operations across Europe and the U.S.

The company said it was still working to contain the effects of the ransomware, a kind of malicious software that typically blocks computer access unless a ransom is paid, and called the situation “quite severe.” Hydro said it has cyber insurance and plans to restore systems using back-up data.

It couldn’t detail how much output had been impacted, but said it had isolated affected plants. Some plants where metal is fashioned into finished products for use in construction, cars and other manufactured goods were temporarily stopped. The so-called potlines, which process molten aluminum and need to be kept running 24 hours a day, had switched to manual mode where possible.


https://www.bloomberg.com/news/articles ... s-jtfgz6td



User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#128

Post by RTH10260 » Tue Mar 26, 2019 6:11 pm

Norsk Hydro will not pay ransom demand and will restore from backups
Microsoft employees have arrived in Norway to help Norsk Hydro recover after ransomware attack.

By Catalin Cimpanu for Zero Day | March 22, 2019 -- 15:14 GMT (15:14 GMT) | Topic: Security

"Experts from Microsoft and other IT security partners have flown in to aid Hydro in taking all necessary actions in a systematic way to get business critical systems back in normal operation," Jo De Vliegher, Head of Information Systems, said in a press release this week.

The company's Chief Financial Officer (CFO), Eivind Kallevik, also said the company does not intend to pay the hackers' ransom demand and has already started restoring its IT infrastructure from backups.


https://www.zdnet.com/article/norsk-hyd ... m-backups/



User avatar
Dr. Blue
Posts: 889
Joined: Sat Jan 07, 2012 10:01 am
Occupation: Call the doctor!

Re: Hacking & Cracking

#129

Post by Dr. Blue » Wed Mar 27, 2019 8:22 am

RTH10260 wrote:
Tue Mar 26, 2019 10:32 am
Operation ShadowHammer hijacks ASUS Live Update
MARCH 25, 2019 FRANK CRAST

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.
The interesting thing about ShadowHammer, which that article only briefly touches on, is that it is a very targeted attack. There was a list of around 600 MAC addresses hard-coded into the trojaned update, and only those systems had the real payload (backdoor) installed. I haven't seen any information identifying who the targets were, although there are websites where you can check your MAC address to see if you were a target.

Speculation is that this was a government job. Most general malware authors want to backdoor as many systems as they can, and the notion of targeting specific computers doesn't make sense. One of the only other attacks that I know of that had specific targets was Stuxnet, actually, although most security folks are thinking that ShadowHammer was Chinese in origin, not from the U.S.

Now if I were doing this, and had a dozen people I wanted to target, I'd bury them in a list of 600 random MAC addresses so my intentions and the real targets weren't clear. It would be interesting to see if that's the case here too.



User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#130

Post by RTH10260 » Mon Apr 01, 2019 9:35 am

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach
29MAR 19

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.

Some 2.1 million+ credit and debit card accounts stolen from dozens of Earl Enterprises restaurant locations went up for sale on a popular carding forum on Feb. 20, 2019.

In a statement posted to its Web site today, Orlando, Fla. based hospitality firm Earl Enterprises said a data breach involving malware installed on its point-of-sale systems allowed cyber thieves to steal card details from customers between May 23, 2018 and March 18, 2019.

Earl Enterprises did not respond to requests for specifics about how many customers total may have been impacted by the 10-month breach. The company’s statement directs concerned customers to an online tool that allows one to look up breached locations by city and state.

According to an analysis of that page, it appears the breach impacts virtually all 67 Buca di Beppo locations in the United States; a handful out of the total 31 Earl of Sandwich locations; and Planet Hollywood locations in Las Vegas, New York City and Orlando. Also impacted were Tequila Taqueria in Las Vegas; Chicken Guy! in Disney Springs, Fla.; and Mixology in Los Angeles.



https://krebsonsecurity.com/2019/03/a-m ... ts-breach/



User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#131

Post by RTH10260 » Tue Apr 02, 2019 9:13 am

Hackers trick a Tesla into veering into the wrong lane

Hackers have demonstrated some worrisome ways to manipulate and confuse the various systems on a Tesla Model S. Their most dramatic feat: sending the car careening into the oncoming traffic lane by placing a series of small stickers on the road.

Attack vector: This an example of an “adversarial attack,” a way of manipulating a machine-learning model by feeding in a specially crafted input. Adversarial attacks could become more common as machine learning is used more widely, especially in areas like network security.

Blurred lines: Tesla’s Autopilot is vulnerable because it recognizes lanes using computer vision. In other words, the system relies on camera data, analyzed by a neural network, to tell the vehicle how to keep centered within its lane.

Traffic jamming: This isn’t the first adversarial attack on an autonomous driving system. Dawn Song, a professor at UC Berkeley, has used innocuous-looking stickers to trick a self-driving car into thinking a stop sign was a speed limit for 45 miles per hour. Another study, published in March, demonstrated how medical machine-learning systems can similarly be tricked into giving the wrong diagnoses.

Bug fixes: The researchers behind the lane-recognition hack, from the Keen Security Lab of Chinese tech giant Tencent, used a similar attack to disrupt the vehicle’s automatic windshield wipers. They also hijacked the car’s steering wheel using another method. A Tesla spokesperson told Forbes that the latter vulnerability has been fixed in its most recent software update. The spokesperson said the adversarial attack was unrealistic “given that a driver can easily override Autopilot at any time.”


https://www.technologyreview.com/the-do ... g-traffic/



User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#132

Post by RTH10260 » Tue Apr 16, 2019 9:11 am

it even happens to the biggest
Microsoft admits Outlook.com hackers were able to access emails
The security breach was worse for some than others
By Tom Warren@tomwarren Apr 15, 2019, 6:28am EDT

Microsoft has admitted that its Outlook.com security breach was worse than the company initially revealed. The software maker started notifying some Outlook.com users late on Friday night that a hacker was able to access accounts for months earlier this year. Microsoft’s notification revealed that hackers could have viewed account email addresses, folder names, and subject lines of emails, but in a separate notification to other affected users the company also admitted email contents could have been viewed.

Vice’s Motherboard revealed on Sunday that Microsoft sent a different notification message to around six percent of the affected Outlook.com accounts, and that the company only admitted this when it was presented with screenshot evidence that the breach was far worse for those customers. Microsoft discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019.

Motherboard claims hackers have been able to access some accounts for up to six months, and have used the access to reset iCloud accounts linked to stolen iPhones. A Microsoft spokesperson tells The Verge “the claim of 6 months is inaccurate,” and pointed towards the company’s notification that mentioned access between January 1st and March 28th, 2019. Microsoft also clarified that the vast majority of Outlook.com accounts that were affected received the notification that The Verge published over the weekend.


https://www.theverge.com/2019/4/15/1831 ... se-comment



User avatar
RTH10260
Posts: 19873
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#133

Post by RTH10260 » Wed Apr 17, 2019 12:48 pm

Internet Explorer hack could steal users' data – even if you use Chrome or Firefox
By Harry Domanski

Microsoft reportedly ignored security researcher's warning

Microsoft's much-maligned Internet Explorer web browser has been discovered to be the cause of a new Windows exploit, which could let hackers access and obtain operating system user data.

Security researcher John Page discovered the security flaw, finding that any user with Internet Explorer installed on their system is vulnerable to the exploit, whether or not they're currently using the browser or have even opened it before.

Page reportedly reached out to Microsoft last month, warning them of the exploit and requesting an urgent security fix, but according to ZDnet, the tech giant responded by saying that “a fix for this issue will be considered in a future version of this product or service”.

In response, Page made his findings public, including a YouTube video demonstrating the exploit. (Note: mute the video unless you want to hear some low bit-rate thrash metal).


https://www.techradar.com/news/internet ... or-firefox



Post Reply

Return to “Computers & Internet”