• TFlower Ransomware - The Latest Attack Targeting Businesses
    When executed, the ransomware will display a console that shows the activity being performed by the ransomware while it is encrypting a computer. Terminating the outlook.exe process It will then proceed to encrypt the data on the computer, skipping any files in the Windows or Sample Music folders.  When encrypting files, it will not add an extension, but will prepend the *tflower marker and what appears to be the encrypted encryption key for the file as shown below. Encrypted TFlower File When done encrypting a computer, it will send another status update to the C2 in the form of: https://www.domain.com/wp-includes/wp-merge.php?name=[computer_name]&state=success%20[encrypted_file_count],%20retry%20[retried_file_count] TFlower is still being researched, so it is not known at this time if there are any weaknesses in the encryption that could allow a user to get their files back for free. Sorry to inform you but many files of your COMPANY has just been ENCRYPTED with a STRONG key. This simply means that you will not be able to use your files until it is decrypted by the same key used in encrypting it.Read More
  • When PSD2 Opens More Doors: The Risks of Open Banking
    Additionally, banks in the UK are developing a standard called Financial grade API (FAPI), an extra layer of security in the authentication processes between new FinTech companies and banks. Open Banking places customers’ banking information into the hands of more parties, including new FinTech start-ups that may not have the same experience that the traditional banking industry has accumulated through years of addressing fraud. A significant number of banks – including at least two central banks in Europe and one central bank in Asia – were unintendedly exposing sensitive information such as authentication parameters, privacy-sensitive data, and transaction data in the URLs of APIs and (legacy) websites. From a quick survey of these start-ups, they tend to be smaller and have no personnel dedicated to security, and can be subjected to an attacker pretending to be a legitimate bank or banking customer. From a quick survey of these start-ups, they tend to be smaller and have no personnel dedicated to security, and can be subjected to an attacker pretending to be a legitimate bank or banking customer.Read More
  • Webcam Security Snafus Expose 15,000 Devices
    Working for Wizcase, white hat Avishai Efrat located the exposed devices from multiple manufacturers including: AXIS net cameras; Cisco Linksys webcam; IP Camera Logo Server; IP WebCam; IQ Invision web camera; Mega-Pixel IP Camera; Mobotix; WebCamXP 5 and Yawcam. By failing to put in place even cursory protection on the devices, these owners are exposing not only the webcam streams themselves but also, in some cases where admin access is possible, user information and approximate geolocation. “Web cameras manufacturers strive to use technologies which make the device installation as seamless as possible but this sometimes results in open ports with no authentication mechanism set up. Many devices aren’t put behind firewalls, VPNs, or whitelisted IP access – any of which would deny scanners and arbitrary connections,” explained Wizcase web security expert, Chase Williams. Wizcase urged webcam operators to change the default configuration of their device in order to: whitelist specific IP & MAC addresses to access the web camera, add strong password authentication and disable UPnP if P2P networking is being used.Read More
  • With 5G in mind, senators plan big boost for Pentagon cybersecurity
    Lawmakers are proposing to add more than half a billion dollars to the Pentagon’s 2020 budget for cybersecurity measures, in particular asking the department to include security features enabling its weapons and information systems to safely operate on future 5G worldwide wireless networks.Much of that future infrastructure is being developed by China and could become the global standard.Specifically, the Senate Appropriations Committee last week recommended adding $436 million to the Defense Department’s research and development budget for its “5G-XG” program that is intended to develop cybersecurity and other safeguards for future 5G communications.Read More
  • Cyber teams deploying to safeguard national security
    (Photo Credit: U.S. Cyber Command Public Affairs) VIEW ORIGINAL 2 / 2 Show Caption + Hide Caption – Gen. Paul M. Nakasone, commander of the U.S. Cyber Command and National Security Agency, at the Association of the U.S. Army's "Hot Topics" forum on Army cyber and networks in Arlington, Va., Sept. 16, 2019. -- During the midterm elections last year, U.S. Cyber Command had three teams deployed forward in Europe working with partner nations to "hunt and track" adversaries attempting to disrupt U.S. democratic processes, its commander said Monday. Gen. Paul M. Nakasone spoke at the Association of the U.S. Army's "Hot Topics" forum on Army cyber and networks. "This was done exquisitely in the midterm elections," he said, "with three different elements being able to move forward into Europe." He said the command was able to tell partner nations "we know that adversaries are within your network and let's identify them." The small deployed elements were able to fall back on larger capabilities here in the states, he said.Read More
  • Gootkit malware crew left their database exposed online without a password
    The criminal gang behind the Gootkit malware has made the same mistake that thousands of legitimate companies have made before them in the past years -- they left MongoDB databases connected to the internet without a password. Diachenko shared some of this data exclusively with ZDNet, and this article is a result of weeks of looking into samples of data the Gootkit gang gathered from infected hosts. Fox-IT said Gootkit also regularly takes screenshots of the infected user's desktop, gathers everything it can about the host's PC platform, and also collects data on secure hardware connected to a PC. The two servers were both running MongoDB, and based on their content, they appeared to be aggregating data from three Gootkit sub-botnets, and a total of 38,653 infected hosts. In MongoDB collections named "Windowscredentials," the Gootkit malware also logged username and credentials for sites where users had registered an account or had logged in while the malware was active.Read More
  • The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite
    Will Roper, Air Force Roper knows this from experience: The Hack the Air Force initiative, a bug bounty that sprung from a partnership between HackerOne and the Pentagon’s Defense Digital Service, paid out $130,000 to hackers who collectively found over 120 vulnerabilities last December. It was DDS that connected the Air Force to the organizers of Defcon’s Aviation Village, a corner of the hacking conference dedicated to all things aerial that debuted this year. Once the Air Force sees what common security pitfalls plague in its third-party parts, it can start writing stronger security requirements into its contracts. Roper hopes that the Air Force’s involvement can help build that bridge. That group will once again be culled; the Air Force will fly the winners out to Defcon for a live hacking competition.Read More
  • Gamification: A winning strategy for cybersecurity training
    That’s just one example of how companies are bolstering their electronic defenses by using gamification to engage employees around cybersecurity training. Now that so many companies use gamification to assist with onboarding and customer engagement, more organizations are also realizing the benefits that gamification offers for company-wide cybersecurity training. How Companies Are Using Gamification for Cybersecurity Training Price Waterhouse Cooper developed Game of Threats™ to help senior executives and boards of directors test and strengthen their cyber defense skills. The cybersecurity firm Digital Guardian developed its game, DG Data Defender, to help other companies engage every employee in data security. “However, there is a noticeable pattern between gamers and those that show significant skills in the industry.” Strategy Tips for Successful Cybersecurity Gamification For businesses looking to infuse gamification into their cybersecurity training, it can be helpful to understand what makes for the most successful game-based training.Read More
  • AMD Radeon Driver Flaw Leads to VM Escape
    A vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver could be triggered from within a VMware guest to execute code on the host, Cisco Talos warns. What’s more, the issue can only be triggered when running VMWare Workstation 15, Talos’ security researchers have discovered. The security bug was found in the ATIDXX64.DLL driver versions 25.20.15031.5004 and 25.20.15031.9002, and only exists on VMWare Workstation 15 running as guest on a Windows 10 x64 machine. The security researchers explain that an out-of-bounds memory write could be triggered via a specially crafted pixel shader inside the VMware guest OS, to the AMD ATIDXX64.DLL driver. The attacker could trigger the flaw from a VMware guest usermode to potentially execute code on the associated VMware host. “An attacker could exploit this vulnerability by supplying a malformed pixel shared inside the VMware guest operating system to the driver.Read More
  • Robstown police evidence, reports lost during data breach
    CLOSE See a crime? Here's how to use Crime Stoppers to report it. WochitA data breach resulted in the loss of Robstown Police Department evidence and reports in pending investigations from 2018 and 2019. The Nueces County District Attorney's Office announced the breach in a news release Friday afternoon on Facebook. Robstown Police Department. (Photo: Photo Courtesy/Robstown Police Department)"The data was characterized as evidence (photos, videos, etc.) and reports relating to pending investigations," the release reads. "The information we received was that the breach was the result of RPD's servers being hacked and/or compromised by a virus sometime in the last couple of weeks." The release goes on to say the department keeps a written list of cases investigated by detectives.Read More