Showing posts with label Hack. Show all posts
Showing posts with label Hack. Show all posts

Wednesday, September 16, 2020

Security Director Alert - Information Technology, Government, Healthcare, Financial, Insurance, and Media Sectors

via counterespionage-news.com

Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States.

The threat actor conducts mass scanning and uses tools, such as Nmap, to identify open ports. Once the open ports are identified, the threat actor exploits CVEs related to VPN infrastructure to gain initial access to a targeted network.

After gaining initial access to a targeted network, the threat actor obtains administrator-level credentials and installs web shells allowing further entrenchment. After establishing a foothold, the threat actor’s goals appear to be maintaining persistence and ex-filtrating data. This threat actor has been observed selling access to compromised network infrastructure in an online hacker forum. more


Friday, January 18, 2019

Counterespionage Checklist: How to Be Safe on the Internet

An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go. more  Scott Adams

Wednesday, June 20, 2018

Android Alert: Surveillance Malware Infects Telegram App

A new family of malware capable of comprehensive surveillance is targeting Android devices through the encrypted messaging app Telegram, according to research from antivirus vendor ESET.

The malware – which has mostly been distributed in Iran – ensnares its victims by posing as an application pledging more social media followers, bitcoin, or free Internet connections, according to ESET. Once downloaded, the malware can carry out surveillance tasks ranging from intercepting text messages to recording audio and screen images from devices, ESET researcher Lukas Stefanko explained in a blog post.

Each compromised device is controlled via a bot that the attacker commandeers via Telegram, which recently boasted 200 million monthly users.

Attackers can control victimized devices by simply tapping the buttons available in the version of the malware they are operating,” Stefanko wrote.

Such nefarious programs have been knocking on Google Play’s door in droves: With the help of machine learning, security specialists removed 700,000 malicious apps from the store last year. more

Wednesday, April 25, 2018

Corporate Espionage: Spying on X-Ray Machines

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.

Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Evidence shows that the hackers were focused on collecting data about the infected computers and their networks. DiMaggio speculates this may have been done to learn how to pirate the medical software onboard. more

Digital Assistants: The Eavesdropping Attacks Begin

It's important not to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections.

Then again, putting a mic in your home naturally invites questions over whether it can be used for eavesdropping—which is why researchers at the security firm Checkmarx started fiddling with Alexa, to see if they could turn it into a spy device. They did, with no intensive meddling required.

The attack, which Amazon has since fixed, follows the intended flow of using and programming an Echo. Because an Echo's mic only activates to send sound over the internet when someone says a wake word—usually "Alexa"— the researchers looked to see if they could piggyback on one of those legitimate reactions to listen in. A few clever manipulations later, they'd achieved their goal...

There are clear limitations to this eavesdropping approach. It would only have given attackers transcriptions, not audio recordings, of a target's conversations. more

Our advice to clients, "Keep these things out of offices and conference rooms where confidential discussions are held." ~Kevin

Monday, April 9, 2018

Dutch Treat Espionage Seriously - You Should Too

The Netherlands - The foreign affairs ministry has advised travelers to China to take ’empty’ laptops and mobile phones with them to avoid their data being compromised by the government. 

The advice was contained in a letter circulated to 165 businesses and knowledge institutions accompanying prime minister Mark Rutte on a trade mission this week.

The letter says: ‘The Chinese government will want to know everything about you and your business or organisation. You should presume that all computers and phones that enter China are constantly being monitored to obtain this information.’ 

Sources told the Volkskrant that the cabinet is taking similar precautions for trips to Russia, Iran and Turkey. The last is particularly sensitive because the country is a NATO ally. more

Monday, January 29, 2018

Dutch Treat, or Watching the Spies Spy

According to a report in the Dutch newspaper de Volkskrant, the General Intelligence and Security Service of the Netherlands (AIVD)—the Netherlands' domestic intelligence service—had hacked into the network of a building at a Russian university in Moscow some time in the summer of 2014. The building housed a group running a hacking campaign now known as "Cozy Bear," one of the "threat groups" that would later target the Democratic National Committee.

AIVD's intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. Access to the video cameras in a hallway outside the space where the Russian hacking team worked allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials.

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin. more

So, how do you feel about the security of your security cameras now?

Tuesday, January 2, 2018

Stop Your Apps from Spying on Your TV Viewing

That innocent-looking mobile game you just downloaded might just have an ulterior motive. Behind the scenes, hundreds of different apps could be using your smartphone's microphone to figure out what you watch on TV, a new report from The New York Times reveals...

Basically, a bunch of apps with innocuous names like "Pocket Bowling 3D" include extra software that's designed to listen for recognizable audio from your TV, including specific shows and commercials...

All of these apps need to get your permission before they can record in the background. So the easiest way is just to deny that permission. However, it's possible that you might approved the request without realising it, or your kid might do it while playing with your phone. In that case, switching it off is pretty easy...

Just head into Settings on your device and check the permissions for the app in question. If the app has microphone access when it doesn't need to (why would a bowling game need to use your microphone?), just toggle that permission off. more

Sunday, December 24, 2017

Espionage Backdoor Installs via Printer-Spoofing Campaign

For many large organizations, emails from corporate printers and scanners are commonplace, and cyber-criminals are finding this vector to be a lucrative host to launch cyber-attacks.

Barracuda Networks has tracked an uptick in attacks through Canon, HP and Epson printer and scanner email attachments of late: Since late November, cyber-criminals have made millions of attempts to infect unsuspecting users by sending impersonated or spoofed emails from these common printer and scanner brands, with attachments that contain malware.

Once unpacked, the malware installs a backdoor on the machine that offers unauthorized access to a victim PC and cyber-espionage capabilities...

Further, indicating a ramsomware-ready aspect, attackers also can change the victim’s wallpaper to display a message of their choice.

Workers should use common sense to avoid the threat: 
  • double-check with the sender if one didn’t know a scanned document was coming; 
  • hovering the mouse over every hyperlink to make sure it’s legitimate; 
  • and simply not clicking if there’s any doubt whatsoever.  more
Example of a fake email.

Tuesday, December 19, 2017

Hollywood Has Always Played by a Different Set of Rules

Terry Crews is alleging that he and his family are the victims of a plot to "track" and "possibly bug" them, the actor and Time Magazine Silence Breaker posted on Twitter.

"My assailant Adam Venit is the founding partner at @WME, a corporation worth over $8 billion. I believe my family is being tracked and possibly bugged," he wrote as part of a series of tweets.

Crews also claims that someone possibly hacked into his son's computer. more

Wednesday, September 6, 2017

"So, we created a picture of our suspect from DNA sweat found on the bugging device."

Damn interesting...
Identification of Individuals by Trait Prediction Using Whole-genome Sequencing Data

Researchers from Human Longevity, Inc. (HLI) have published a study in which individual faces and other physical traits were predicted using whole genome sequencing data and machine learning. This work, from lead author Christoph Lippert, Ph.D. and senior author J. Craig Venter, Ph.D., was published in the journal Proceedings of the National Academy of Sciences (PNAS).
Click to enlarge.
The authors believe that, while the study offers novel approaches for forensics, the work has serious implications for data privacy, deidentification and adequately informed consent. The team concludes that much more public deliberation is needed as more and more genomes are generated and placed in public databases. more

Tuesday, August 22, 2017

Spying Using Acoustic Imaging Via Smart Devices

A team of student hackers have demonstrated a method for using music to turn smart devices into tools for spying. The system is based on sonar, and embeds an inaudible signal into songs played on a smartphone or TV. The system can then use the device’s microphone to listen to how the signal bounces, and track the movements of anyone near the audio source.

The University of Washington research team behind the technology, known as CovertBand, tested it using a 42-inch Sharp TV in five different Seattle homes.

They found that the method is able to track the physical movements of multiple people to within 18 centimeters of accuracy, and even differentiate between particular gestures and motions. The tech can also track people, though less accurately, through walls.

They also demonstrated that listeners couldn’t distinguish between songs containing the hidden sonar signals, and those without it. ...and all CovertBand needs to work is a speaker and a microphone. more

Smartphone Replacement Parts as Spies

If cracking your smartphone’s touchscreen wasn’t bad enough, researchers have found out a new security threat that might emerge out following the replacement of your touch screen as it has been found out that the replaced units might contain hardware that could hijack a device. 

A paper presented by researchers at Ben-Gurion University of Negev, Israel, at the 2017 Usenix Workshop on Offensive Technologies, shows how smartphone replacement units can be a security risk for the user.

Click to enlarge.
According to the researchers, devices with cracked touchscreens or even other damaged components are prone to security risks as the replaced parts installed by a repair shop might contain additional hardware that can hijack the device and track usage, log keystrokes, install other malicious apps, access files and more. more

So You Named Your Robot Bedmate, Mata Hari. Cute.

At the Hack in the Box security conference later this week in Singapore,

Argentinian security researchers Lucas Apa and Cesar Cerrudo plan to demonstrate hacker attacks they developed against three popular robots: the humanoid domestic robots known as the Alpha2 and NAO, as well as a larger, industrial-focused robotic arm sold by Universal Robots.

The duo plan to show that they can hack those machines to either change critical safety settings or, in the case of the two smaller bots, send them whatever commands they choose, turning them into surveillance devices that silently transmit audio and video to a remote spy.

"They can move, they can hear, they can see," says Cesar Cerrudo, the chief technology officer of IOActive, where both of the researchers work. Those features could soon make robots at least as tempting a target for spies and saboteurs as traditional computers or smartphones, he argues. "If you hack one of these things, the threat is bigger."...

Privacy invasion presents a more realistic worry... domestic robots contain mobile cameras and microphones whose data a spy could not only intercept, but manipulate and move at will around a target's house.  more

Wednesday, August 16, 2017

Security Director Alert #857 - Coordinated Hotel Wi-Fi Spying

Mention this to your traveling executives. Reinforce VPN usage.
 
Russian hackers who infiltrated the computer systems of the Democratic National Committee in the US are now focusing on the wifi networks of European hotels to spy on guests in a “chilling” cyberoperation.

The state-sponsored Fancy Bear group infected the networks of luxury hotels in at least seven European countries and one Middle Eastern country last month, researchers say. FireEye, the US cybersecurity company that discovered the attacks, said the hotels were in capital cities and belonged to international chains that diplomats, business leaders and wealthy travelers would use. more

Tuesday, August 15, 2017

This Month in the Internet Disaster Incidents of Things (IDIoT)

Instant Lockdown...
Hundreds of Internet-connected locks became inoperable last week after a faulty software update caused them to experience a fatal system error, manufacturer LockState said. The incident is the latest reminder that the so-called Internet of Things—in which locks, thermostats, and other everyday appliances are embedded with small Internet-connected computers—often provide as many annoyances as they do conveniences. more
---
Fish Tank Phishing...
The hackers attempted to acquire data from a North American casino by using an Internet-connected fish tank, according to a report released Thursday by cybersecurity firm Darktrace.

The fish tank had sensors connected to a PC that regulated the temperature, food and cleanliness of the tank.“Somebody got into the fish tank and used it to move around into other areas (of the network) and sent out data,” said Justin Fier, Darktrace’s director of cyber intelligence. more
--- 
Flatline Surfing
Over a third of IoT medical device organizations suffer security incidents... Many medical devices are not built with cybersecurity in mind, yet a survey by Deloitte Cyber Risk Services of over 370 professionals organizations operating in the medical device/IoT arena shows that 36.5 percent have suffered a cyber security incident in the past year. more
---
Wait! What? You mean they are not secure!?!?
The Department of Homeland Security (DHS) has announced a $750k investment to develop a solution which bolsters the security of IoT disaster sensors. more
---
This Really Sucks
iRobot, the company that makes the adorable Roomba robots that trundle around your home sucking up everything in their path, has revealed its plans to sell maps of living rooms to the world's biggest tech companies. more
---
Car Wash Crazies
A group of security researchers have exposed the vulnerabilities in automatic car washes and proved just how easy it can be for hackers to target an internet-connected, drive-through car wash and damage vehicles. Their findings showed an attacker could easily manipulate bay doors to trap or strike vehicles in the car wash. Their findings showed an attacker could easily manipulate bay doors to trap or strike vehicles in the car wash. Hackers could also potentially control the mechanical arms inside the car wash, releasing powerful streams of water at a vehicle’s doors to prevent passengers from leaving. more
---
IoT Army MIA
In a competition between 24 skilled cyber amateurs, IoT connected soldiers were hit by a sophisticated mock cyber attack. ...designed to secretly intercept and control communications, resulting in a loss of contact with the unit of soldiers. more
---
Security Camera Insecurity times Millions
A flaw in a widely-used code library known as gSOAP has exposed millions of IoT devices, such as security cameras, to a remote attack. Researchers at IoT security firm Senrio discovered the Devil's Ivy flaw, a stack buffer overflow bug, while probing the remote configuration services of the M3004 dome camera from Axis Communications... Axis Communications confirmed that 249 of its 251 surveillance camera models were affected by the flaw. more
---
Alexa. My Wife Never Listens. Will You?
Every good paranoiac sees an always-listening device like an Amazon Echo as a potential spy sitting in plain sight. Now one security researcher has shown exactly how fine the line is between countertop computer and surveillance tool. With just a few minutes of hands-on time, a hacker could turn an Echo into a personal eavesdropping microphone without leaving any physical trace. more
---
FutureWatch - Soon ALL organizations will need a good Technical Security Consultant on-call. Periodically checking for new unintentional (and intentional) security vulnerabilities is their specialty. ~Kevin

Friday, August 11, 2017

Security Director Alert # 522 - Spying USB Power Plugs & Charging Cables

Freely for sale on Amazon's marketplace, and plenty of other online stores, are USB and iPhone cables that can be used to listen to your phone calls and track your location.

When these cables are connected to a power source they can use a SIM card to connect to a mobile network. The hardware is unsophisticated but can send both audio and very coarse location data to a third-party...

A more worrying feature is the ability of the cable to detect sound over a certain threshold and then call a pre-programmed number. Once it has done this is relays the sound near it, be that a phone call or conversation, and allows a third-party to listen in.

Not only are there cables that do this, there are also USB power adaptors for your wall outlet that have the same SIM functionality.

Cables and power adapters like this should also be something of a worry to firms that need their security too, they may well not be noticed by security checks and could be responsible for a lot of sensitive information walking out the front door. more

Best Practice: Include the inspection of cables and charging blocks as part of your TSCM inspections.

Tuesday, August 1, 2017

Security Researchers: Amazon Echo Can be Turned Into a Spying Device

Security researchers have recently shown that the popular Amazon Echo speaker can be hacked to eavesdrop on conversations without permission.

Security firm MWR InfoSecurity claims it was able to exploit a vulnerability which turns the Alexa-fueled device into a “wiretap” without altering its standard functionalities.

But before you get all alarmed, let us tell you the vulnerability was found to affect only 2015 and 2016 versions of the Amazon Echo. On top of that, in order to successfully hack the speaker, a hacker would need to have physical access to it. So you might want to lock your Amazon Echo away when your computer wiz cousin comes over for a visit. more

Monday, June 12, 2017

Early Radio Head Gear

According to an August 1930 issue of Modern Mechanix, a Berlin engineer invented the hat, which allowed its wearer to “listen to the Sunday sermon while motoring or playing golf, get the stock market returns at the ball game, or get the benefit of the daily dozen while on the way to work by merely tuning in.”



This was not, however, the first radio hat. The technology appears to date back to the early 1920s; a Library of Congress photo taken “between 1921 and 1924” features a man with a radio hat similar to Pathetone Weekly’s. Ultimately, neither hat seems to have made much of a splash among the public—but a radio hat designed two decades later certainly did.

In 1949, a Brooklyn novelty store introduced what they called “The Man From Mars Radio Hat.” A flurry of articles promoting it followed, and as did a temporary buying frenzy.

In one article, LIFE Magazine called the Man From Mars Radio Hat “the latest and silliest contribution to listeners who feel compelled to hear everything on the air.” more

Wednesday, April 19, 2017

Printer Wi-Fi Security - Your Network's Achilles Heel

Ben Vivoda, director of printing systems for HP, has warned that the threat to a business via a printer is more important than ever...

In 2016, over 70 percent of successful hacking events started with an endpoint device, Vivoda said, noting that endpoint devices are no longer restricted to PCs and notebooks...

"Typically, we're seeing the printer gets left out and overlooked and left exposed. Businesses can no longer afford to overlook print when it comes to their overall IT cybersecurity strategy." more

Spybuster Tip #523 - If the printer can be accessed without Wi-Fi, turn that feature off. If you need the Wi-Fi connection, turn the encryption feature on. If you can't tell if it is on or off, or you have too many printers to check one-by-one, call a TSCM specialist. They can quickly conduct a Wi-Fi Security and Compliance Analysis for you.