Cyber Security

User avatar
Dr. Blue
Posts: 910
Joined: Sat Jan 07, 2012 10:01 am
Occupation: Call the doctor!

Re: Cyber Security

#251

Post by Dr. Blue » Fri Jun 28, 2019 7:57 am

RTH10260 wrote:
Thu Jun 27, 2019 8:22 pm
Is anyone considering the hardening of the election systems?
No worries. Trump told Putin not to meddle, so we're safe....

Trump gives Putin light-hearted warning: 'Don't meddle in the election' (CNN)

User avatar
RVInit
Posts: 8125
Joined: Sat Mar 05, 2016 4:31 pm

Re: Cyber Security

#252

Post by RVInit » Fri Jun 28, 2019 2:43 pm

Dr. Blue wrote:
Fri Jun 28, 2019 7:57 am
RTH10260 wrote:
Thu Jun 27, 2019 8:22 pm
Is anyone considering the hardening of the election systems?
No worries. Trump told Putin not to meddle, so we're safe....

Trump gives Putin light-hearted warning: 'Don't meddle in the election' (CNN)
To which they both laughed their arses off.
"I know that human being and fish can coexist peacefully"
--- George W Bush

ImageImage

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#253

Post by RTH10260 » Tue Jul 09, 2019 9:05 pm

Not to be scared, the hacker would have to "near" a PC with the Unifiying dongle. Public locations are dangerous for this hack.
Logitech wireless USB dongles vulnerable to new hijacking flaws
Vulnerabilities found in Logitech's proprietary Unifying USB dongle technology.

By Catalin Cimpanu for Zero Day | July 9, 2019 -- 09:17 GMT (10:17 BST) | Topic: Security

A security researcher has publicly disclosed new vulnerabilities in the USB dongles (receivers) used by Logitech wireless keyboards, mice, and presentation clickers.

The vulnerabilities allow attackers to sniff on keyboard traffic, but also inject keystrokes (even into dongles not connected to a wireless keyboard) and take over the computer to which a dongle has been connected.

When encryption is used to protect the connection between the dongle and its paired device, the vulnerabilities also allow attackers to recover the encryption key.

Furthermore, if the USB dongle uses a "key blacklist" to prevent the paired device from injecting keystrokes, the vulnerabilities allow the bypassing of this security protection system.

Marcus Mengs, the researcher who discovered these vulnerabilities, said he notified Logitech about his findings, and the vendor plans to patch some of the reported issues, but not all.

According to Mengs, the vulnerabilities impact all Logitech USB dongles that use the company's proprietary "Unifying" 2.4 GHz radio technology to communicate with wireless devices.

Unifying is one of Logitech's standard dongle radio technology, and has been shipping with a wide array of Logitech wireless gear for a decade, since 2009. The dongles are often found with the company's wireless keyboards, mice, presentation clickers, trackballs, and more.



https://www.zdnet.com/article/logitech- ... ing-flaws/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#254

Post by RTH10260 » Tue Jul 09, 2019 9:08 pm

British Airways BA faces £183m fine over passenger data breach
ICO says personal data of 500,000 customers was stolen from website and mobile app

Mark Sweney
Mon 8 Jul 2019 10.29 BST First published on Mon 8 Jul 2019 07.34 BST

British Airways is to be fined more than £183m by the Information Commissioner’s Office after hackers stole the personal data of half a million of the airline’s customers.

The ICO said its extensive investigation found that the incident involved customer details including login, payment card, name, address and travel booking information being harvested after being diverted to a fraudulent website.

The ICO said that data breach, which began in June 2018, occurred because British Airways had “poor security arrangements” in place to protect customer information being accessed.

British Airways fine shows GDPR has given watchdogs teeth

“People’s personal data is just that – personal,” said the information commissioner, Elizabeth Denham. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. The law is clear, when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The £183.4m fine, the first the ICO has proposed under the new General Data Protection Regulation (GDPR), amounts to about 1.5% of British Airways’ £11.6bn worldwide turnover last year.


https://www.theguardian.com/business/20 ... sh-airways

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#255

Post by RTH10260 » Wed Jul 10, 2019 10:07 am

Many Popular Android Apps Leak Sensitive Data, Leaving Millions Of Consumers At Risk
AJ Dellinger Contributor Consumer Tech
Jun 7, 2019, 08:00am

Most of us operate under the assumption that the apps on our phones are safe and that we can use them to do the tasks they were designed for without putting us at risk. New research conducted by mobile app security firm NowSecure suggests that isn't the case. The company tested 250 of the most popular Android apps available in the Google Play Store and found that 70 percent of them suffered from vulnerabilities that could leave sensitive user data exposed. The findings suggest that millions of Android users could be at risk.

The findings show that vulnerabilities are widespread across nearly every category of application. However, online and brick and mortar retail apps are among the most vulnerable. Ninety-two percent of all online retail apps and more than four in five brick and mortar store apps are actively leaking sensitive customer information, according to NowSecure. Troublingly, one in six of the apps suffer from what the security company classifies as "high-risk" vulnerabilities.


https://www.forbes.com/sites/ajdellinge ... f35e2f521e

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#256

Post by RTH10260 » Wed Jul 10, 2019 10:28 am

This is for Apple users who tinkered with the ZOOM app
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Jonathan Leitschuh
Jul 8

CVE-Numbers
DOS Vulnerability — Fixed in Client version 4.4.2 — CVE-2019–13449
Information Disclosure (Webcam) — Unpatched —CVE-2019–13450

UPDATE — July 9th (am)
As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system.

UPDATE — July 9th (pm)
According to Zoom, they will have a fix shipped by midnight tonight pacific time removing the hidden web server; hopefully this patches the most glaring parts of this vulnerability. The Zoom CEO has also assured us that they will be updating their application to further protect users privacy.

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

Yep, no joke.

This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link (for example https://zoom.us/j/492468757) and when they open that link in their browser their Zoom client is magically opened on their local machine. I was curious about how this amazing bit of functionality was implemented and how it had been implemented securely. Come to find out, it really hadn’t been implemented securely. Nor can I figure out a good way to do this that doesn’t require an additional bit of user interaction to be secure.


https:// www.medium.com/bugbountywriteup/zoom-ze ... 75c83f4ef5

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#257

Post by RTH10260 » Wed Jul 10, 2019 10:33 am

Who’s Behind the GandCrab Ransomware?
The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

Krebs on Security

Like most ransomware strains, the GandCrab ransomware-as-a-service offering held files on infected systems hostage unless and until victims agreed to pay the demanded sum. But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses.

In the 15-month span of the GandCrab affiliate enterprise beginning in January 2018, its curators shipped five major revisions to the code, each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malware.

“In one year, people who worked with us have earned over US $2 billion,” read the farewell post by the eponymous GandCrab identity on the cybercrime forum Exploit[.]in, where the group recruited many of its distributors. “Our name became a generic term for ransomware in the underground. The average weekly income of the project was equal to US $2.5 million.”


https://krebsonsecurity.com/2019/07/who ... ansomware/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#258

Post by RTH10260 » Wed Jul 10, 2019 10:42 am

adding to the leaking Anroid apps report above
More than 1,000 Android apps harvest data even after you deny permissions
The apps gather information such as location, even after owners explicitly say no. Google says a fix won’t come until Android Q.

ALFRED NG
JULY 8, 2019 5:00 AM PDT

Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don't want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back.

The discovery highlights how difficult it is to stay private online, particularly if you're attached to your phones and mobile apps. Tech companies have mountains of personal data on millions of people, including where they've been, who they're friends with and what they're interested in.

Lawmakers are attempting to reel that in with privacy regulation, and app permissions are supposed to control what data you give up. Apple and Google have released new features to improve people's privacy, but apps continue to find hidden ways to get around these protections.

Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.

"Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it," Egelman said at the conference. "If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless."


https://www.cnet.com/news/more-than-100 ... rmissions/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#259

Post by RTH10260 » Wed Jul 10, 2019 10:44 am

Top VPNs secretly owned by Chinese firms
Nearly a third of top VPNs are secretly owned by Chinese companies, while other owners are based in countries with weak or no privacy laws, potentially putting users at risk, security researchers warn

Warwick Ashford Security Editor
03 Jul 2019 12:15

Almost a third (30%) of the world’s top virtual private network (VPN) providers are secretly owned by six Chinese companies, according to a study by privacy and security research firm VPNpro.

The study shows that the top 97 VPNs are run by just 23 parent companies, many of which are based in countries with lax privacy laws.

Six of these companies are based in China and collectively offer 29 VPN services, but in many cases, information on the parent company is hidden to consumers.

Researchers at VPNpro have pieced together ownership information through company listings, geolocation data, the CVs of employees and other documentation.

In some instances, ownership of different VPNs is split amongst a number of subsidiaries. For example, Chinese company Innovative Connecting owns three separate businesses that produce VPN apps: Autumn Breeze 2018, Lemon Cove and All Connected. In total, Innovative Connecting produces 10 seemingly unconnected VPN products, the study shows.

Although the ownership of a number of VPN services by one company is not unusual, VPNpro is concerned that so many are based in countries with lax or non-existence privacy laws.

For example, seven of the top VPN services are owned by Gaditek, based in Pakistan. This means the Pakistani government can legally access any data without a warrant and data can also be freely handed over to foreign institutions, according to VPNpro.


https://www.computerweekly.com/news/252 ... nese-firms

User avatar
neonzx
Posts: 6112
Joined: Tue Mar 10, 2009 9:27 am

Re: Cyber Security

#260

Post by neonzx » Wed Jul 10, 2019 10:47 am

RTH10260 wrote:
Wed Jul 10, 2019 10:33 am
Who’s Behind the GandCrab Ransomware?
“In one year, people who worked with us have earned over US $2 billion,” read the farewell post by the eponymous GandCrab identity on the cybercrime forum Exploit[.]in, where the group recruited many of its distributors. “Our name became a generic term for ransomware in the underground. The average weekly income of the project was equal to US $2.5 million.”
They are gloating? Calling it "earned" and "income"? Did they pay taxes on it?
They are just criminals, plain and simple.
To which Trump replied, Fuck the law. I don't give a fuck about the law. I want my fucking money.

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#261

Post by RTH10260 » Fri Jul 19, 2019 10:04 am

New FinSpy iOS and Android implants revealed ITW
By GReAT, AMR on July 10, 2019. 10:00 am

FinSpy is spyware made by the German company Gamma Group. Through its UK-based subsidiary Gamma International Gamma Group sells FinSpy to government and law enforcement organizations all over the world. FinSpy is used to collect a variety of private user information on various platforms. Its implants for desktop devices were first described in 2011 by Wikileaks and mobile implants were discovered in 2012. Since then Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019. Late in 2018, experts at Kaspersky looked at the functionally latest versions of FinSpy implants for iOS and Android, built in mid-2018. Mobile implants for iOS and Android have almost the same functionality. They are capable of collecting personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data from the most popular messengers


https://securelist.com/new-finspy-ios-a ... itw/91685/
Note that data gathering is also possible from those encrpted services thought to be safe by the phone users.

Note that to install the malware the phones need to have root access (Android) or have been jail-broken (Apple), or the bad guys need physical access to the phone.

Related prior version known as FinFIsher.

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#262

Post by RTH10260 » Tue Jul 23, 2019 3:44 pm

Keep your VLC Media Player at v3.0.6 and don't upgrade to 3.0.7.1
VLC player has 'critical' security flaw
By Mike Moore

Researchers warn on significant vulnerability in popular media player

Popular media software VLC Media Player has a critical software vulnerability that could put millions of users at risk, security researchers have warned.

Researchers from German firm CERT-Bund say they have detected a major safety flaw in the video player, which has been downloaded billions of times across the world, which could allow hackers access to compromise users' devices.

According to CERT-Bund, the flaw enables remote code execution (RCE), unauthorised modification and disclosure of data/files, and overall disruption of service, meaning users could see their devices hijacked and made to run malicious code of software.

Known as CVE-2019-13615, the vulnerability is found in the latest edition of the software, VLC Media Player version 3.0.7.1, and is rated at 9.8 in NIST's National Vulnerability Database, meaning it can be labelled as 'critical'.

The issue has been detected in the Windows, Linux and UNIX versions of VLC, however the macOS version appears to be unaffected.


https://www.techradar.com/news/vlc-play ... urity-flaw

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#263

Post by RTH10260 » Tue Jul 23, 2019 4:05 pm

Israeli Spyware Firm Accused Of Hacking Apple, Facebook And Google Responds (Updated)

Zak Doffman Contributor Cybersecurity

Israeli spyware from NSO has made plenty of headlines this year, most recently back in May when it was exposed as the culprit in a high-profile WhatsApp hack that had enabled nation-states to target specific phones, installing spyware through voice calls on both iPhone and Android devices whether or not a user answered an infected call.

That hack was first reported by the Financial Times, and the same newspaper has continued to investigate, publishing a report today (July 19) that exposes sales claims being made by NSO that "its [Pegasus] technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft." According to the FT, NSO "did not specifically deny that it had developed the capability," described in documents seen by the newspaper.

After the report was published, an NSO spokesperson told me that "the Financial Times got it wrong. NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure suggested in this article."

The FT suggested that an infected phone provides NSO's software with the authentication keys for cloud services—including Google Drive, Facebook Messenger and iCloud—accessed by that device. And given that smartphones have now become the individual entry points into our cloud-based world, the implications of this will raise serious concerns. The FT cites one of the sales documents it has seen, claiming this is done without "prompting 2-step verification or warning email on a target device."

The NSO spokesperson said that "increasingly sophisticated terrorists and criminals are taking advantage of encrypted technologies to plan and conceal their crimes, leaving intelligence and law enforcement agencies in the dark and putting public safety and national security at risk. NSO’s lawful interception products are designed to confront this challenge."


https://www.forbes.com/sites/zakdoffman ... es-report/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#264

Post by RTH10260 » Tue Jul 23, 2019 4:07 pm

Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully
July 19, 2019Mohit Kumar

If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you're not alone.

The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in order to regain access to the Internet services.

The root certificate in question, labeled as "trusted certificate" or "national security certificate," if installed, allows ISPs to intercept and monitor users' encrypted HTTPS and TLS connections, helping the government spy on its citizens and censor content.

In other words, the government is essentially launching a "man in the middle" attack on every resident of the country.


https://thehackernews.com/2019/07/kazak ... icate.html

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#265

Post by RTH10260 » Tue Jul 23, 2019 4:12 pm

Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
July 16, 2019Mohit Kumar

If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again.
Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts.

Dubbed "Media File Jacking," the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device.

https://thehackernews.com/2019/07/media ... egram.html

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#266

Post by RTH10260 » Thu Jul 25, 2019 4:53 pm

RTH10260 wrote:
Tue Jul 23, 2019 3:44 pm
Keep your VLC Media Player at v3.0.6 and don't upgrade to 3.0.7.1
VLC player has 'critical' security flaw
By Mike Moore

Researchers warn on significant vulnerability in popular media player
:snippity:
https://www.techradar.com/news/vlc-play ... urity-flaw
Call off the alarm. Followup by the developers shows that VLC is all fine even in the mentioned 3.0.7 version. The problem lies in a library module that gets usedby this app. The library is not neessarily part of the distribution, eg Windows gets it. BUt Linux has the module as part of the installation. It turns out that the testers used a machine with an old flawed version of the module. Hint: keep your Linux distribution up to date, the module had been corrected over a year ago.

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#267

Post by RTH10260 » Wed Aug 07, 2019 2:03 pm

Silent Windows update patched side channel that leaked data from Intel CPUs
It took a year, but the patch fixes a new speculative-execution flaw found by Bitdefender.
DAN GOODIN - 8/7/2019, 12:48 AM

Microsoft last month pushed a silent update that mitigated a serious vulnerability in all CPUs Intel has introduced since 2012, researchers who discovered the flaw said Tuesday.

The vulnerability—discovered and privately reported to Intel 12 months ago—resided in every CPU Intel has introduced since at least its Ivy Bridge line of processors and possibly earlier, a researcher from security firm Bitdefender told Ars. By abusing a performance capability known as speculative execution, attackers could open a side channel that leaks encryption keys, passwords, private conversations, and other secrets that are normally off limits.

The attack demonstrated in a research paper published by Bitdefender is similar to those disclosed in January 2018 under the names Spectre and Meltdown. Patches Microsoft released around the same time largely blunted those attacks. Microsoft's advisory described the flaw occurring "when certain central processing units (CPU) speculatively access memory," without mentioning Intel or any other chip maker. Bitdefender researchers, meanwhile, said they tested two AMD chips and found no evidence either was affected.

Bitdefender's researchers found that a chip instruction known as SWAPGS made it possible to revive the side channel, even on systems that had the earlier mitigations installed. SWAPGS gets called when a computing event switches from a less-trusted userland function to a more sensitive kernel one. Proof-of-concept exploits developed by Bitdefender invoked the instruction to siphon contents normally restricted to kernel memory into user memory.

"What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could... carry out a side-channel attack," Bogdan Botezatu, Bitdefender's director of threat research and reporting, told Ars. "By doing that, we are going to leak kernel memory into the user space even if there are security measures that should prevent us from doing that."


https://arstechnica.com/information-tec ... ntel-cpus/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#268

Post by RTH10260 » Sat Aug 10, 2019 12:11 pm

Twitter Apologies After Admitting to User Data leak
August 7, 2019

Ryan Sanders

Twitter post an apology message after a user data leak. They have admitted that there is no bad intention behind the data leak, it been unintentionally done. Twitter shared data with the Advertising companies and third-party partners of the company.

twitter-downtwitter-down
Twitter has posted fresh blog with data leak apology. it is published the blog post where they wrote that Blog Post contains, they added that without user’s permission data has been shared with the third parties and other advertising companies. They have shared people’s country code, detail about the user’s engagement and information about the ads. These are the basic need for Advertising companies.

In the Blog Post, Twitter Said that “The data involved stayed within Twitter and did not contain things like passwords, email accounts, etc, ” Further included, “We know you will want to know if you were personally affected, and how many people in total were involved. We are still conducting our investigation to determine who may have been impacted.”


https://asapland.com/twitter-apologies- ... leak/1083/

User avatar
ZekeB
Posts: 15917
Joined: Mon Oct 12, 2009 10:07 pm
Location: Northwest part of Semi Blue State

Re: Cyber Security

#269

Post by ZekeB » Sat Aug 10, 2019 1:59 pm

Do you mean to tell me they've found the source of those White House leaks?
Trump: Er hat eine größere Ente als ich.

Putin: Du bist kleiner als ich.

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#270

Post by RTH10260 » Thu Aug 15, 2019 6:28 am

Major breach found in biometrics system used by banks, UK police and defence firms
Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database

Josh Taylor
Wed 14 Aug 2019 08.11 BST Last modified on Wed 14 Aug 2019 23.22 BST

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Last month, Suprema announced its Biostar 2 platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police.

The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches.

In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.



https://www.theguardian.com/technology/ ... ence-firms

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#271

Post by RTH10260 » Thu Aug 15, 2019 6:29 am

same
Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds
Biostar 2 goes supernova after Israeli duo's probings
By Gareth Corfield 14 Aug 2019 at 12:34 48 Reg comments

Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with plaintext admin credentials for the Suprema Biostar 2 system they were associated with.

The database powering South Korean company Suprema Inc's Biostar 2 biometric access control system - which controls entry and exit to secure areas in buildings around the globe, including "1.5 million installations worldwide" - was "unprotected and mostly unencrypted", according to a internet privacy researchers who found the flaws.



https://www.theregister.co.uk/2019/08/1 ... m_records/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#272

Post by RTH10260 » Tue Aug 20, 2019 7:39 am

WHATSAPP FLAW LETS HACKERS 'WREAK HAVOC' WITH YOUR PICTURES AND VIDEOS
Security vulnerability, which also affects Telegram, allows malicious actors to misuse and manipulate sensitive information

Anthony Cuthbertson
Tuesday 16 July 2019 11:24

A major security flaw with WhatsApp and Telegram could allow hackers to view and manipulate people’s private photos, videos and voice memos.

Researchers from cyber security firm Symantec uncovered the ‘Media File Jacking’ vulnerability, which they claim affects the Android versions of the popular messaging apps.

If exploited, attackers could “misuse and manipulate sensitive information” from a person’s WhatsApp or Telegram, the researchers warned, either “for personal gain or to wreak havoc”.

Both messaging apps offer security to their users end-to-end encryption, which is designed to protect the identity of the sender and prevent hackers from intercepting the content of messages.

While this works to a certain extent, the Symantec researchers said it actually gave users a false sense of security when using WhatsApp and Telegram.


https://www.independent.co.uk/life-styl ... 06371.html

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#273

Post by RTH10260 » Tue Sep 17, 2019 11:37 pm

Database leaks data on most of Ecuador's citizens, including 6.7 million children
Elasticsearch server leaks personal data on Ecuador's citizens, their family trees, and children, but also some users' financial records and car registration information.

By Catalin Cimpanu for Zero Day | September 16, 2019 -- 08:00 GMT (09:00 BST) | Topic: Security

The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned.

The database, an Elasticsearch server, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner.

The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens.

20.8 MILLION USER RECORDS

The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.

The data was spread across different Elasticsearch indexes. These indexes contained different information, supposedly obtained from different sources. They stored details such as names, information on family members/trees, civil registration data, financial and work information, but also data on car ownership.


https://www.zdnet.com/article/database- ... -children/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#274

Post by RTH10260 » Tue Sep 17, 2019 11:38 pm

Arrest made in Ecuador's massive data breach
Ecuador police arrest director of data analytics firm that leaked the personal records of most of Ecuador's population.

By Catalin Cimpanu for Zero Day | September 17, 2019 -- 16:11 GMT (17:11 BST) | Topic: Security

Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador's population exposed online on an internet server.

The arrest is part of an official investigation that Ecuadorian officials got underway after ZDNet and vpnMentor published articles yesterday, exposing the massive breach, the biggest in the country's history.


https://www.zdnet.com/article/arrest-ma ... ta-breach/

User avatar
RTH10260
Posts: 21749
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Cyber Security

#275

Post by RTH10260 » Wed Sep 18, 2019 9:31 am

Millions of medical scans and records lying unprotected on the internet, claim researchers
Medical details of around 24 million patients are freely accessible on the internet, warn researchers
Millions of medical scans and records lying unprotected on internet
Anyone can view millions of these online if they want from hundreds of unsecured PACS servers

:snippity:


https://www.computing.co.uk/ctg/news/30 ... -unsecured
This will have huge repercussions in Europe considering their data protection legislation. Reportedly Swiss sites are also among the leaky ones.

Post Reply

Return to “Computers & Internet”