Cyber Security

User avatar
Addie
Posts: 31471
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#226

Post by Addie » Mon Mar 11, 2019 4:48 pm

Cross-posting

Security Week
Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says

The massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate’s Permanent Subcommittee on Investigations reveals.

The U.S. credit reporting agency announced in September 2017 that it fell victim to a data breach that was later confirmed to have been the result of successful exploitation of a publicly disclosed Apache Struts vulnerability that the company had been warned about but failed to properly patch.

The attack on Equifax started in May, but was only detected in July, despite thousands of queries sent by threat actors to the company’s databases during that time.

A December 2018 report from the House of Representatives’ Oversight and Government Reform Committee Republicans blasted the company for its poor security practices, and the new U.S. Senate report does that once again, while also providing some more details on Equifax’ failures regarding the incident.

According to the report (PDF), Equifax was aware of security weaknesses in its systems for two years, but failed to properly address them. The critical vulnerability that led to the data breach was patched only months after being publicly reported.

After implementing a Patch Management Policy in April 2015, the company conducted a full audit of its systems and discovered various deficiencies in its system controls, including a backlog of over 8,500 vulnerabilities with overdue patches, including more than 1,000 flaws in external-facing systems.

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#227

Post by RTH10260 » Thu Mar 14, 2019 4:57 pm

Marketplace for VPN

Just received a promotion from a VPN provider I use on temporary monthly subscriptions in case someone is looking for shopping VPN services.

3 year subscription for a lump sum of $99. Offer valid thru 03/18/2019.

Ref: https://www.privateinternetaccess.com/p ... 0VRJpr0Tt9

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#228

Post by RTH10260 » Fri Mar 15, 2019 1:48 am

CRITICAL VULNERABILITIES HAVE BEEN IMPACTING WINRAR FOR ALMOST 20 YEARS
ON: FEBRUARY 20, 2019


Over 500 million WinRAR users could have been exposed; update your software as soon as possible

A critical vulnerability in WinRAR, the most popular Windows file compression tool, was recently corrected. According to specialists in network security and ethical hacking from the International Institute of Cyber Security, the flaw would have allowed malicious users to hijack the victim’s system; the only thing needed to complete the attack was to deceive the user into opening a malicious file.

Although the vulnerability was discovered in the course of last month, the researchers say it affects all versions of WinRAR that have been released during the last 19 years.

WinRAR is used by over 500 million people around the world, and yes, all users could be affected, said network security specialists. Although not everything is bad news, as WinRAR released an update patch to correct this vulnerability at the end of January.

A leaked technical report mentions that the vulnerability resides in the UNACEV2.DLL library, which unpacks the ACE format files and is included in all versions of this tool. According to network security specialists, there is a way to create special ACE files that, after being unzipped, use encoding errors in the UNACEV2.DLL library to inject malicious files out of the user-selected decompression path.
:snippity:

As a precaution, users must remain alert and not open any file in ACE format, unless they have the updated version of WinRAR.


https://www.securitynewspaper.com/2019/ ... -20-years/

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#229

Post by RTH10260 » Thu Mar 21, 2019 11:43 am

and yet another way to milk information from Intel processors
SMoTherSpectre: exploiting speculative execution through port contention
Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, Anil Kurmus

(Submitted on 5 Mar 2019)

Spectre, Meltdown, and related attacks have demonstrated that kernels, hypervisors, trusted execution environments, and browsers are prone to information disclosure through micro-architectural weaknesses. However, it remains unclear as to what extent other applications, in particular those that do not load attacker-provided code, may be impacted. It also remains unclear as to what extent these attacks are reliant on cache-based side channels.

We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction. To discover real-world gadgets, we describe a methodology and build a tool that locates SMoTher-gadgets in popular libraries. In an evaluation on glibc, we found more than hundred gadgets that can be used to leak some information. Finally, we demonstrate a proof-of-concept attack against encryption using the OpenSSL library, leaking information about the plaintext through gadgets in libcrypto and glibc.


https://arxiv.org/abs/1903.01843
With a larger writeup worth reading by a blogger at https://nebelwelt.net/blog/20190306-SMoTherSpectre.html

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#230

Post by RTH10260 » Thu Mar 21, 2019 11:56 am

Comment:

These lastest tricks to skim information from CPUs have been found by computer scientists likely working together with electrical / electronics engineers and using some sophisticated lab setups. Not likely that the run of the street hacker would have found them. On the other hand, organizations like the American NSA and their Russian and Chinese counterpart may already have found these, or other still secret access paths, to exploit CPUs and the computers they are driving. Hackers will exploit such flaws in the wild once other hackers start to resell tool packages created around the flaws.

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#231

Post by RTH10260 » Thu Mar 21, 2019 11:59 am

The Possibility Of A Cyber Pearl Harbor Remains Real, Says Former CIA Director
Oracle Jeff Erickson
Brand Contributor

Speaking at the annual RSA Security conference in San Francisco, former CIA director Leon Panetta described the growing number and sophistication of attacks against government and private sector companies as "very dangerous" and called on private-sector users of technology and cloud computing providers to help even the odds.

Panetta recalled early meetings as director of the CIA—where he served from 2009 to 2011, before becoming Secretary of Defense—when he learned that the US agency was targeted by 100,000 cyberattacks a day. Panetta suspects that that number has doubled or tripled since. It was “a constant barrage of attacks trying to find a way to penetrate and get sensitive information,” he said, in a conversation at the RSA conference with Edward Screven, the chief architect at Oracle, where Panetta is also a member of the board of directors.


https://www.forbes.com/sites/oracle/201 ... -director/

User avatar
Addie
Posts: 31471
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#232

Post by Addie » Thu Mar 21, 2019 9:09 pm

Cross-posting

CBS News
Facebook stored millions of unencrypted passwords on its computer servers

Facebook on Thursday said it had for years stored millions of user passwords in plain text, a significant oversight for a company that remains in the spotlight for failing to protect users' privacy. A Facebook executive said in a post that the un-encrypted passwords were stored on internal servers and were not accessible to outsiders.

Despite such reassurances, privacy experts were quick to express concern: "Security rule 101 dictates that under no circumstances passwords should be stored in plain text, and at all times must be encrypted," said cybersecurity expert Andrei Barysevich of Recorded Future. "There is no valid reason why anyone in an organization, especially the size of Facebook, needs to have access to users' passwords in plain text."

The security blog KrebsOnSecurity said some 600 million Facebook users may have had their passwords stored in plain text. Facebook said it would likely notify "hundreds of millions" of Facebook Lite users, millions of Facebook users and tens of thousands of Instagram users of the issue.

Facebook said it discovered the problem in January. But according to Krebs, in some cases the passwords had been stored in plain text since 2012. Facebook Lite launched in 2015 and Facebook bought Instagram in 2012.
Adding:
The Guardian: Facebook knew of Cambridge Analytica data misuse earlier than reported – court filing

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#233

Post by RTH10260 » Tue Apr 09, 2019 11:44 am

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
Last updated by UpGuard on April 3, 2019

The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.

A separate backup from a Facebook-integrated app titled “At the Pool” was also found exposed to the public internet via an Amazon S3 bucket. This database backup contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more. The passwords are presumably for the “At the Pool” app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts.

The At the Pool discovery is not as large as the Cultura Colectiva dataset, but it contains plaintext (i.e. unprotected) passwords for 22,000 users. At the Pool ceased operation in 2014 (last non-redirect web archived capture here), and even the parent company’s website is currently returning a 404 error notice. This should offer little consolation to the app’s end users whose names, passwords, email addresses, Facebook IDs, and other details were openly exposed for an unknown period of time.



https://www.upguard.com/breaches/facebo ... -data-leak

User avatar
Addie
Posts: 31471
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Cyber Security

#234

Post by Addie » Sat Apr 13, 2019 11:08 am

NPR: As China Hacked, U.S. Businesses Turned A Blind Eye
TechCrunch: Hackers publish personal data on thousands of US police and federal agents

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#235

Post by RTH10260 » Wed Apr 24, 2019 1:37 pm

The wave of domain hijackings besetting the Internet is worse than we thought
Despite widespread attention since January, DNS campaign shows no signs of abating.
DAN GOODIN - 4/17/2019, 5:00 PM

The wave of domain hijacking attacks besetting the Internet over the past few months is worse than previously thought, according to a new report that says state-sponsored actors have continued to brazenly target key infrastructure despite growing awareness of the operation [state-sponsored "Sea Turtle" hacking campaign].

The report was published Wednesday by Cisco’s Talos security group. It indicates that three weeks ago, the highjacking campaign targeted the domain of Sweden-based consulting firm Cafax. Cafax’s only listed consultant is Lars-Johan Liman, who is a senior systems specialist at Netnod, a Swedish DNS provider. Netnod is also the operator of i.root, one of the Internet’s foundational 13 DNS root servers. Liman is listed as being responsible for the i-root. As KrebsOnSecurity reported previously, Netnod domains were hijacked in December and January in a campaign aimed at capturing credentials. The Cisco report assessed with high confidence that Cafax was targeted in an attempt to re-establish access to Netnod infrastructure.

Reverse DNS records show that in late March nsd.cafax.com resolved to a malicious IP address controlled by the attackers. NSD is often used to abbreviate name server demon, an open-source app for managing DNS servers. It looks unlikely that the attackers succeeded in actually compromising Cafax, although it wasn't possible to rule out the possibility.


https://arstechnica.com/information-tec ... countries/

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#236

Post by RTH10260 » Wed Apr 24, 2019 8:35 pm

Want to join the French government?
Bug in French government’s WhatsApp replacement let anyone join Élysée chats
Researcher found bug in email validation that let him log in and join "rooms" in Tchap app.
SEAN GALLAGHER - 4/22/2019, 11:55 PM

On April 17, the French government introduced an Android application meant to be used by government employees as an internal secure channel for communications. Called Tchap, it was touted as a replacement for WhatsApp and Telegram, providing (in theory) both group and private messaging channels to which only people with government email addresses could join.

Tchap is not intended to be a classified communications system—it runs on regular Android phones and uses the public Internet. But as the DINSIC, the French inter-ministry directorate for information systems that runs Tchap put it, Tchap "is an instant messenger allowing government employees to exchange real-time information on everyday professional issues, ensuring that the conversations remain hosted on the national territory." In other words, it's to keep official government business off of Facebook's and Telegram's servers outside France.


https://arstechnica.com/information-tec ... outsiders/

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#237

Post by RTH10260 » Mon May 06, 2019 12:14 pm

big name does not ensure safety
Cisco's warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
Cisco alerts customers to a 9.8/10 flaw among a number of security bugs affecting Nexus 9000 fabric switches.

By Liam Tung | May 2, 2019 -- 11:12 GMT (12:12 BST) | Topic: Security

The company disclosed the bug on Tuesday and has given it a severity rating of 9.8 out of 10.

The issue stems from SSH key management in the Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software. Cisco mistakenly put a default SSH key pair in the devices that an attacker could grab by connecting to the device over IPv6.

"An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user," Cisco explains, noting it can't be exploited over IPv4.

The bug was found by external security researcher Oliver Matula from ERNW Enno Rey Netzwerke.


https://www.zdnet.com/article/ciscos-wa ... -switches/

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#238

Post by RTH10260 » Tue May 14, 2019 3:42 pm

Over 275 Million Records Exposed by Unsecured MongoDB Database
By Sergiu Gatlan
May 8, 2019 06:35 PM 0

A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks.

Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019.

As he found out after further investigation, the exposed data included information such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records.

While the unprotected MongoDB database leaked the sensitive information of hundreds of millions of Indians, Diachenko did not find any information that would link it to a specific owner.

Additionally, the names of the data collections stored within the database suggested that the entire cache of resumes was collected "as part of a massive scraping operation" for unknown purposes.

The researcher "immediately notified Indian CERT team on the incident, however, database remained open and searchable until today, May 8th, when it got dropped by hackers known as ‘Unistellar’ group."

After the database got dropped by the hackers, Diachenko discovered the following message left behind after deleting all the data: [image]

Diachenko found multiple other unsecured databases and servers, unearthing a publicly accessible 140+ GB MongoDB database containing a huge collection of 808,539,939 email records during Early-March and another one with over 200 million records with resumes from Chinese job seekers in January.

He was also the one who discovered the personal information of more than 66 million individuals left out in the open on the Internet during December and an extra 11 million records during September, with all of them being stored in misconfigured and passwordless MongoDB instances.


https://www.bleepingcomputer.com/news/s ... -database/

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#239

Post by RTH10260 » Thu May 16, 2019 9:14 am

'Zombieload' Flaw Lets Hackers Crack Almost Every Intel Chip Back to 2011. Why's It Being Downplayed?

By ALYSSA NEWCOMB May 15, 2019

Intel disclosed a new secret-leaking chip security flaw called Zombieload this week, which uses an attack similar to the one used in the Meltdown and Spectre exploits that were disclosed last year.

While Intel classified the threat as “medium,” security researchers have said Zombieload is far more serious. The vulnerability affects almost every Intel computer chip since 2011 and highlights how hackers could become savvier at targeting the security holes in Intel’s computer chips.

“On a scale of 1 to 10, this is ’10’ serious,” says Robert Siciliano, CEO of security awareness training firm Safr.me.

The Zombieload attack takes advantage of a design flaw in most Intel chips, allowing hackers to grab any data that was recently been accessed by the processor. The attack’s name is a reference to “zombie load,” which is when a computer processor can’t properly process a load of data and needs to ask for help in order to prevent a crash.
:snippity:

“This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says. Microsoft, Apple, and Google have released patches. However, since it’s a hardware exploit, he adds, the problem will never completely be eliminated.


http://fortune.com/2019/05/15/zombieloa ... ownplayed/

User avatar
RTH10260
Posts: 20314
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#240

Post by RTH10260 » Wed May 22, 2019 11:02 am

for the record, but already a year old, another very specialized CPU problem on certain advanced Intel chips

Category: Super Geek Level
"Foreshadow"

At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine’s private attestation key. Making things worse, due to SGX’s privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.
and its partner
"Foreshadow – Next Generation (NG")

While investigating the vulnerability that causes Foreshadow, which Intel refers to as "L1 Terminal Fault", Intel identified two related attacks, which we call Foreshadow-NG. These attacks can potentially be used to read any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System's Kernel, or Hypervisor. Perhaps most devastating, Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. Finally, in some cases, Foreshadow-NG might bypass previous mitigations against speculative execution attacks, including countermeasures for Meltdown and Spectre.
https://foreshadowattack.eu/

Post Reply

Return to “Computers & Internet”