• FEC Votes to Use Campaign Funds for Cybersecurity
    The Federal Election Committee (FEC) has voted that lawmakers are allowed to use leftover campaign funds to guard personal email accounts and devices from cyber threats. In a proposed draft of its advisory opinion, the FEC responded to Sen. Ron Wyden’s question: “May a United States Senator use campaign funds to pay for the costs of cybersecurity measures to protect his personal electronic devices and accounts?” “The Commission concludes that you may use campaign funds to pay for the costs of security measures to protect your personal devices and accounts without such payments constituting an impermissible conversion of campaign funds to personal use, under the Act and Commission regulations,” the FEC wrote. In submitting his request to the FEC, Sen. Wyden acknowledged that he had not experienced any personal threats thus far, but he argued that the cyber threats elected officials face include "attacks by sophisticated state-sponsored hackers and intelligence agencies against personal devices and accounts." “The ruling by the FEC allowing leftover campaign funds to purchase additional cybersecurity detection and protection has kept the conversation about election protection going.Read More
  • Malspam Campaign Impersonates UK Businesses to Target Victims With Banking Trojan
    Security researchers discovered a malspam campaign targeting British computer users with the Ursnif/Gozi/ISFB Trojan. According to My Online Security, the campaign lures victims with phony messages supposedly coming from one of the United Kingdom’s largest banks and other companies. Details of the attack first surfaced on Twitter, as security experts posted examples of malicious emails that used social engineering to dupe recipients into downloading the banking Trojan. One message that purported to come from Lloyds Bank, for example, was designed to look like a fraud alert and came with a PDF attachment. Malicious Emails Are More Than Just Their Name Beyond simply imitating well-known organizations, attackers behind the malspam campaign are also playing on the psychology of those who might be worried about their personal finances. Learn From Other Malspam Campaigns to Defend Your Organization Cybercriminals have an obvious interest in email as a platform to distribute banking Trojans and other threats because of how often people use email every day.Read More
  • SQLite bug impacts thousands of apps, including all Chromium-based browsers
    A security vulnerability in the massively popular SQLite database engine puts thousands of desktop and mobile applications at risk. Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps. The bad news, according to Tencent Blade researchers, is that this vulnerability can also be exploited remotely by accessing something as simple as a web page, if the underlying browser support SQLite and the Web SQL API that translates the exploit code into regular SQL syntax. "We successfully exploited Google Home with this vulnerability," the Tencent Blade team said in a security advisory this week. While it does not support Web SQL, Firefox, too, is affected, since it comes with a locally accessible SQLite database, meaning a local attacker could abuse this vulnerability to execute code and more. But even if the SQLite team shipped a fix, many apps are likely to remain vulnerable for years to come.Read More
  • KoffeyMaker Toolkit Used in Black Box ATM Attacks
    In 2017 and 2018, threat actors utilized a toolkit called KoffeyMaker in multiple black box ATM attacks targeting Eastern European financial institutions. When Kaspersky Lab investigated KoffeyMaker in connection with the attacks, researchers discovered that the devices in the campaign consisted of Windows laptops containing ATM dispenser drivers and a patched KDIAG tool. Those behind the attacks secretly opened an ATM at each targeted bank, connected the device to the cash dispenser, closed the ATM and walked away with the device still inside the machine. Returning at a later time, attackers leveraged a USB GPRS modem to gain remote access to the device, run the KDIAG tool and execute a command for the ATM to dispense bank notes before retrieving the laptop — all while another attacker collected the money. ATM Attacks Aren’t New to Europe Attacks like those involving KoffeyMaker aren’t new. How to Defend Against Tools Like KoffeyMaker According to Kaspersky Lab, the only way for banks to defend against black box attacks is to use hardware encryption between an ATM’s computer and dispenser.Read More
  • Facebook exposed up to 6.8 million users’ private photos to developers in latest leak
    Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway). Facebook also says it’ll be working with developers to delete copies of photos they weren’t supposed to access. Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps. All of the impacted users had logged into a third-party app using their Facebook accounts and granted them some degree of access to view their photos. The Cambridge Analytica breach happened because of Facebook’s lax oversight of developers and data sharing; today’s issue happened because of another breakdown in communication between Facebook and developers.Read More
  • Malaysian government targeted with mash-up espionage toolkit
    In a presentation at AVAR 2018, ESET’s Tomáš Gardoň and Filip Kafka uncovered their research of a previously undocumented espionage toolkit, used in targeted attacks against the Malaysian government in mid-2018. What made the attacks unusual, according to the researchers, was that they relied on malware almost entirely made up of leaked source code of well-known malware, and publicly available tools. We sat down with Tomáš and Filip and asked them a few questions about this ‘mash-up’ toolkit, as they referred to it in their presentation, and the attacks utilizing it. Tomáš: Well, for a start, the infamous remote access tools Gh0st RAT and NetBot Attacker were used as main backdoors. For less skilled attackers, or in more banal attacks, such code reuse is a common practice. Filip: Even if unsuccessful, these repeated detection evasion efforts show that the attack wasn’t just a random incident, but organized espionage against the Malaysian government.Read More
  • ZipRecruiter user email addresses exposed to unauthorised accounts
    On October 5th, we discovered that certain employer user accounts that were not intended to have access to the CV Database were able to obtain access to information including the first name, last name and email addresses of some job seekers who had submitted their CVs to our CV database. The problem is with the part of ZipRecruiter's site that allows an employer with permission to access the database of CVs to contact a candidate. To that end, ZipRecruiter provides a contact form, helpfully populated with the name and email address of the hopeful individual. It appears that the Email Candidate form can also be accessed by users who have not ponied up the cash for access to the CV library. But thanks to the permissions whoopsie, that unauthorised user could also potentially get to the candidate's full name and email address. ZipRecruiter professed itself "not certain of the purpose of the unauthorised access" but speculated with breathtaking insight that the information "could be utilised to send you spam or phishing emails".Read More
  • Cyberattack knocks Schenectady County website offline
    Home > News Schenectady County, N.Y. had to shut down its government website as it tries to dig out from a cyberattack. TheDaily Gazette reported some operations were not affected by the malware, including 911 central dispatching center, the Glendale Nursing Home, Board of Elections, public health senior and long-term care, department of social services and the county library system. The attack was noticed by county employees on Wednesday and restoring the county’s network is expected to take about a week, during which time the website will be kept offline. A county official told The Daily Gazette there is no indication so far of a data breach. Please login or register first to view this content. Login RegisterRead More
  • Samsung Galaxy S8 getting December 2018 security patch update in Germany
    Following the security updates for 2018 flagships, Samsung has now reportedly started pushing the latest Android security patch update for Samsung Galaxy S8 smartphones in Germany. The South Korean company recently rolled out December 2018 security patch to Galaxy S9 and Galaxy S9+ smartphones in some markets with fix for over 40 vulnerabilities. Now according to Sammobile, the December 2018 security patch reaches Galaxy S8 devices in Germany to start with, and it also fixes as many as 40 vulnerabilities in Samsung’s software. Samsung isn’t showing any signs of slowing when it comes to security updates, even when the company is busy working on the next version Android 9 Pie. Watch Video: Samsung Galaxy Note 9 First Look The overlay bump of current Experience UI, the Samsung OneUI, is all about design improvements that are meant to make usability easier. But unfortunately for Samsung Galaxy S8/S8+ users, the OneUI update is not coming.Read More
  • Siemens Patches Several Critical Flaws in SINUMERIK Controllers
    Siemens informed customers this week that its SINUMERIK controllers are affected by denial-of-service (DoS), privilege escalation and code execution vulnerabilities, including several flaws that have been classified as “critical.” The most serious of the flaws, based on its CVSS score of 10, is CVE-2018-11466, which allows an attacker on the network to cause a DoS condition on the integrated software firewall or execute arbitrary code in the context of the firewall by sending specially crafted packets to TCP port 102. Another critical flaw, CVE-2018-11457, affects the integrated web server and it can be exploited by a network attacker with access to TCP port 4842 to execute code with elevated privileges by sending specially crafted packets. The integrated VNC server is also affected by a critical vulnerability that allows arbitrary code execution with elevated privileges via specially crafted network packets, this time on port 5900. Siemens also said its controllers are impacted by three high-severity flaws that allow local code execution, and three medium-severity bugs that can be exploited for privilege escalation and DoS attacks.Read More