• Chinese hacking against U.S. on the rise: U.S. intelligence official
    NEW YORK (Reuters) - A senior U.S. intelligence official warned on Tuesday that Chinese cyber activity in the United States had risen in recent months, and the targeting of critical infrastructure in such operations suggested an attempt to lay the groundwork for future disruptive attacks. “You worry they are prepositioning against critical infrastructure and trying to be able to do the types of disruptive operations that would be the most concern,” National Security Agency official Rob Joyce said in response to a question about Chinese hacking at a Wall Street Journal conference. Joyce, a former White House cyber advisor for President Donald Trump, did not elaborate or provide an explanation of what he meant by critical infrastructure, a term the U.S. government uses to describe industries from energy and chemicals to financial services and manufacturing. In the past, the U.S. government has openly blamed hackers from Iran, Russia or North Korea for disruptive cyber attacks against U.S. companies, but not China.Read More
  • Israeli company, Argentina sign deal on cyber protection system of 5 mln USD
    Source: Xinhua| 2018-12-11 21:48:12|Editor: xuxin Video PlayerClose JERUSALEM, Dec. 11 (Xinhua) -- Israel's Rafael Advanced Defense Systems sold Argentina's government a cyber protection system for five million U.S. dollars, the daily newspaper Yedioth Ahronoth reported Tuesday. The system can monitor Internet activity, including Darknet, the hidden and isolated part of the network that is often used for criminal and subversive activity, for drug and weapons trafficking. Israeli defense industries have entered this field over the years by setting up cyber units like Rafael and IAI (Israel Aerospace Industries), or by acquiring existing companies. The system sold to Argentina is capable of monitoring network and communications activities, protecting digital arrays and equipment that is operated and connected to the network. KEY WORDS: Israel MORE PHOTOSRead More
  • Defusing a hostage situation: The fight against ransomware in healthcare
    Hackers have deployed a ransomware attack on the hospital and will only release their hold on its data if executives pay out thousands of dollars in bitcoin. If the software used in the attack had been malware, rather than ransomware, the hospital might have paid the hackers in good faith and found their data irrevocably damaged anyway. Think of ransomware hackers as morally-bankrupt entrepreneurs, and extortion attacks as a business model. However, by paying off their attackers, hospitals and practices effectively "buy into" the ransomware model and reassure the hackers that they can continue to make money by holding data hostage. By taking a reactive approach, leaders continue feeding into the ransomware machine, rather than genuinely subverting the power hackers hold over their organizations. Hospitals can't stop hackers from attacking.Read More
  • Grammarly Takes Bug Bounty Program Public
    Grammarly Takes Bug Bounty Program Public The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne. Grammarly, which provides writing assistance through its online editor, is taking its bug bounty program public with HackerOne, the two companies confirmed today. As part of its efforts to secure 15 million users' data, Grammarly has been running a private bug bounty program on HackerOne for over a year. The invite-only program has nearly 1,500 participants, it says, and the company is ready to build on its success with a public launch. Xavier says the bug bounty program is one part of Grammarly's overall security strategy, which also includes regular penetration tests, recruiting security experts, and increasing awareness.Read More
  • Super Micro says no evidence of spy chips found in its hardware
    Super Micro said it wasn't surprised by results of a third-party investigation. James Martin/CNET Super Micro on Tuesday said an investigations firm found "absolutely no evidence" of malicious hardware on its motherboards.In a letter sent to customers, the California hardware maker said a third-party investigations firm tested its current and older-model motherboards for evidence malicious chips or other hardware had been inserted into its products. Super Micro said it wasn't surprised by the results.The investigation follows an October report from Bloomberg Businessweek that alleged Chinese surveillance chips had been inserted in Super Micro hardware in order to spy on its clients, including Apple and Amazon Web Services.Apple and Amazon have denied the allegations made in Bloomberg's report. In a statement issued on Oct. 4, the day the story published, a spokesperson said:"Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. We also published three companies' full statements, as well as a statement from China's Ministry of Foreign Affairs.Read More
  • China's cyber-espionage against U.S. is 'more audacious,' NSA official says amid Huawei flap
    Written by Jeff Stone Dec 11, 2018 | CYBERSCOOP The U.S. government again is concerned about Chinese cyber-operations, a senior National Security Agency official said Tuesday amid ongoing news about possible vulnerabilities in widely used technology. “We have to worry about national security,” Rob Joyce, a senior adviser for cybersecurity strategy at NSA, said Tuesday at a Wall Street Journal event in New York. “We’ve been strong and consistent in saying we have some specific concerns about supply chain risks and ways nations may take advantage of that.” Joyce was referring to heightened international scrutiny around the Chinese technology giant Huawei. Officials in the U.S., U.K., Australia and elsewhere have warned that Huawei’s ties with the Chinese government, combined with widespread adoption of the company’s technology, could result in espionage opportunities for Beijing. “We do have concerns,” Joyce said Tuesday.Read More
  • Data scraping treasure trove found in the wild
    We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. What is data scraping? It also typically relies on the person being scraped to have provided much of the grabbable data upfront. Scrape all the things Three large databases were found by security researchers, containing a combined tally of 66,147,856 unique records. This related to job search aggregation data, and this included IP, name, email, and potential job locations. Given that the data was (mostly) freely given online in terms of the Linkedin profile information, it’s all about personal choice.Read More
  • phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!
    Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The phpMyAdmin project last Sunday gave an early heads-up about the latest security update through its blog, probably the first time, as an experiment to find if pre-announcements can help website admins, hosting providers and package managers better prepare for the security release. Almost every web hosting service pre-installs phpMyAdmin with their control panels to help webmasters easily manage their databases for websites, including WordPress, Joomla, and many other content management platforms. Besides many bug fixes, there are primarily three critical security vulnerabilities that affect phpMyAdmin versions before release 4.8.4, phpMyAdmin revealed in its latest advisory.Read More
  • Researchers: Hackers increasingly able to breach cloud services
    Hackers are becoming increasingly able to access and take advantage of vulnerabilities in cloud services, according to a new report published Tuesday. Palo Alto Networks’s threat research team Unit 42 found that 29 percent of vendors it worked with had potential account compromises in their cloud services. And 32 percent of the groups had set up their networks in a way that publicly exposed at least one cloud storage system, according to the research team. Researchers said there is a slowing trend for publicly exposed systems, but they also determined that firms weren’t using best practices like encryption to protect their clouds. The researchers also found that 23 percent of the firms were missing critical patches for their clouds. That means exposed vulnerabilities hadn’t been fixed, potentially allowing hackers to more easily access the service.Read More
  • First threats in a post-phishing world emerge
    According to Gofman, by performing a phishing campaign, the attacker can gain system access to a user's workstation and can control the installed mail client and all related communication. In this way, attackers are able to manipulate all mail hyperlinks shared by the compromised workstations or users, to redirect the recipients to an internal watering hole Web site, bypassing many of the link detection and firewall application control mechanisms. A less common attack technique used by adversaries is to move laterally within the network through a technique called File Share Hooking (FSH), says Gofman. "A network share is typically made accessible to other users by marking any folder or file as shared, or by changing the file system permissions or access rights in the properties of the folder. When a user's workstation is compromised, the attacker gains total control over email communications and can inject malicious code into legitimate office files, he explains. "These malicious files are now shared over a legitimate mail channel, which means that the adversaries use actual email correspondence instead of faking and acting on behalf of the user.Read More