hackers

now browsing by tag

 
 

#school | #ransomware | Dutch University Pays $220K Ransom to Russian Hackers

Source: National Cyber Security – Produced By Gregory Evans University president says damage from the ransomware attack “can scarcely be conceived.” The University of Maastricht located in the Netherlands experienced a ransomware attack on December 24 and wound up paying the hackers 200,000 euros or $220,000 in bitcoin to unblock its computers, reports Reuters. “The […] View full post on AmIHackerProof.com

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Source: National Cyber Security – Produced By Gregory Evans

microsoft azure hacking

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes.

According to a report researchers shared with The Hacker News, the first security vulnerability (CVE-2019-1234) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn’t matter if they’re running on a shared, dedicated or isolated virtual machines.

According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.

By leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown.

microsoft azure screenshots

Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.

What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.

Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.

Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.

“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.

“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”

Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.

After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.

The Original Source Of This Story: Source link

The post Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers appeared first on National Cyber Security.

View full post on National Cyber Security

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Source: National Cyber Security – Produced By Gregory Evans

Indonesian magecart hacker arrested

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.

Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.

According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access.

Just like most of the other widespread Magecart attacks, the modus operandi behind this series of attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.

Hackers then secretly implanted digital credit card skimming code—also known as web skimming or JS sniffers—on those compromised websites to intercept users’ inputs in real-time and steal their payment card numbers, names, addresses and login details as well.

Though Indonesian police claim these hackers had compromised 12 e-commerce websites, experts at cybersecurity firm Sanguine Security believe the same group is behind the credit card theft at more than 571 online stores.

“These hacks could be attributed because of an odd message that was left in all of the skimming code,” Sanguine Security said.

“http://feedproxy.google.com/”Success gan’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructures.’

The police revealed that the suspects used stolen credit cards to buy electronic goods and other luxury items, and then also attempted to resell some of them at a relatively low price through local e-commerce websites in Indonesia.

js credit card skimmer

On an Indonesian news channel, one of the accused even admitted to hacking e-commerce websites and injecting web skimmers since 2017.

Moreover, experts also observed similar cyberattacks linked to the same online infrastructure even after the arrest of three people, and thus believes that there are more members of this hacking group who are still at large.

The Original Source Of This Story: Source link

The post Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Pwn2Own Miami: Hackers scoop $250,000 in prizes during inaugural ICS security contest

Source: National Cyber Security – Produced By Gregory Evans

Industrial control systems taken to pieces in ‘drama-filled’ live hacking event

The inaugural edition of Pwn2Own Miami closed its doors on Thursday (January 23), with organizers from Trend Micro’s Zero Day Initiative (ZDI) heralding the industrial control systems live hacking event a success.

Taking place as part of the S4 industrial security conference, Pwn2Own Miami took a similar format to ZDI’s established hacking contests in Vancouver and Tokyo, but with a specific focus on industrial control systems (ICS) instead of PCs or mobile devices.

Over the course of the three-day event, more than $250,000 in prizes were handed out, as hackers demonstrated a string of exploits that made short shrift of many leading ICS platforms that are used to run organizations within the manufacturing, heavy industry, and critical infrastructure sectors.

Among the highlights of Pwn2Own Miami, Steven Seeley and Chris Anastasio successfully demonstrated a denial-of-service (DoS) exploit against the Triangle Microworks SCADA Data Gateway.

The hackers went on to achieve remote code execution in both Inductive Automation’s Ignition platform and the Rockwell Automation Studio 5000 design software.

Pwn2Own Miami is the world’s first ICS-focused live hacking event

Operating under the ‘Incite Team’ banner, the pair netted a total of $50,000 and were crowned ‘Masters of Pwn’.

Discussing the reaction to the debut Pwn2Own Miami, Brian Gorenc, director of vulnerability research and head of Trend Micro’s ZDI program, told The Daily Swig: “It has definitely been a successful debut in the ICS world.

“We had tons of interest in the contest as the event approached, and it all played out on the contest floor. We have had over 10 successful entries, several partial wins, and a couple of failures. [It was a] very drama-filled event.”

He added: “Some of the most interesting entries involve the researchers chaining numerous vulnerabilities together to gain code execution. One of the teams chained five vulnerabilities together to gain code execution on an HMI target. Quite impressive!”

Looking ahead, Gorenc said ZDI would be looking to make more of an impact on the ICS space.

“[We] plan to continue to bring our unique brand of researcher engagement to this community,” he said.

“Vulnerabilities submitted in these targets will continue to be purchased through the ZDI program throughout the year. We hope the increased exposure with the ICS community will result in more submissions outside of Pwn2Own Miami.”

The team may have to wait a little while to advance their plans in the ICS sector, however, as preparations are already underway for the flagship Pwn2Own live hacking event, scheduled to take place in Canada in March.

“With just eight weeks between contests, the team will be hard at work to ensure the flagship contest is successful,” Gorenc said. “We look forward to seeing what research is demonstrated.”

Check out the ZDI blog for a full list of the exploits that were showcased during Pwn2Own Miami.

READ MORE Project Zero relaxes 90-day vulnerability disclosure deadline to boost patch adoption

Source link

The post #hacking | Pwn2Own Miami: Hackers scoop $250,000 in prizes during inaugural ICS security contest appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Turkish hackers target Greek government websites, stock exchange

Source: National Cyber Security – Produced By Gregory Evans Turkish hackers claimed on Friday to have hijacked for more than 90 minutes the official websites of the Greek parliament, the foreign affairs and economy ministries, as well as the country’s stock exchange. On their Facebook page, the hackers group, Anka Neferler Tim, justified their actions […] View full post on AmIHackerProof.com

#cybersecurity | hacker | APT40 hackers linked to 13 alleged front companies in Hainan, China

Source: National Cyber Security – Produced By Gregory Evans The mysterious research group Intrusion Truth has unleashed a new series of reports claiming that 13 businesses based in the southern island province of Hainan, China are collectively a front for reputed Chinese state-sponsored hacking group APT40. The alleged front companies all purport to be science and […] View full post on AmIHackerProof.com

#hacking | Chinese hackers bypass two-factor authentication | Information Age

Source: National Cyber Security – Produced By Gregory Evans A Chinese government-backed hacking group has found a new way to bypass two-factor authentication, according to a new report. The report by Dutch cybersecurity firm Fox-IT attributes a range of cyber attacks on government entities and managed service providers to APT20, a hacking group linked to […] View full post on AmIHackerProof.com

#school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC.

Source: National Cyber Security – Produced By Gregory Evans

According to a local news report, the Richard Community school in Michigan was hacked over the winter holidays, and the hacker encrypted the school’s sever using ransomware attack. The hackers have demanded $10,000 in bitcoin to restore the server. The School’s IT department revealed that the hack had occurred on December 27.

 

School refuses to pay ransom to hackers.

The Michigan district school’s IT department immediately shut down the server after discovering the hack and made sure the back serves had not been compromised. The school informed the Michigan police and are trying to track down the hacker. The hack had affected the school district’s telephones, copiers, classroom technology, and even the heating system, but no student’s or staff’s personal information was compromised, according to the school. The server is expected to be back up and running before school resumes next week.

 

Increase in ransomware attacks around the world.

The ransomware attack on the Michigan district school was not an isolated incident. There have been several ransomware attack reports from around the world. The most common targets for these hackers are schools, hospitals, and local businesses. Last year three schools alone in New York faced the similar attacks. In November 2019, the Mexican state-owned petroleum company Pemex also suffered a ransomware attack where hackers had demanded $5 million in BTC to decrypt the server.

Source link

The post #school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC. appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Iranian hackers breach US government website in retaliation for airstrike 

Source: National Cyber Security – Produced By Gregory Evans

A website operated by the U.S. government has been hacked by a group claiming to represent the government of Iran.

The website operated by the little-known Federal Depository Library Program, fdlp.gov, was hacked and defaced on Saturday, and has been taken offline.

A message from the hackers left on the website read: ‘in the name of god. >>>>> Hacked By Iran Cyber Security Group HackerS … ;)<<<<<. This is only small part of Iran’s cyber ability ! We’re always ready.’

The FDLP is a program created to make federal government publications available to the public at no cost. 

The image above appeared on fdlp.gov on Saturday before the website was taken offline

The hackers in their message made reference to the death of Qassem Soleimani, and depicted President Donald Trump being beaten by a fist with the Revolutionary Guard insignia

The hackers in their message made reference to the death of Qassem Soleimani, and depicted President Donald Trump being beaten by a fist with the Revolutionary Guard insignia

Current Google results show the defaced page title text of the fdlp.gov website

Current Google results show the defaced page title text of the fdlp.gov website

It followed the similar hacking of websites for a number of obscure, non-governmental entities, including the Sierra Leone Commercial Bank, the Taiwan Lung Meng Technology Company, and the Human Rights Protection Association of India.

The website for a British company called Bigways was also struck in the cyber attacks.

Security experts have already warned that cyber attacks could be part of Iran’s retaliation for the U.S. airstrike on Friday that killed Revolutionary Guard General Qassem Soleimani, a top official in Iran and beloved there. 

Iran’s state-backed hackers are already among the world’s most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.

Potential targets include manufacturing facilities, oil and gas plants and transit systems. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.

The websites of several obscure, non-government entities were also defaced on Saturday

The websites of several obscure, non-government entities were also defaced on Saturday

In 2012 and 2013, in response to U.S. sanctions, Iranian state-backed hackers carried out a series of disruptive denial-of-service attacks that knocked offline the websites of major U.S. banks including Bank of America as well as the New York Stock Exchange and NASDAQ. 

Two years later, they wiped servers at the Sands Casino in Las Vegas, crippling hotel and gambling operations.

The destructive attacks on U.S. targets ebbed when Tehran reached a nuclear deal with the Obama administration in 2015. 

The killing early Friday in Iraq of Quds Force commander Soleimani – long after Trump scrapped the nuclear deal – completely alters the equation.

‘Our concern is essentially that things are going to go back to the way they were before the agreement,’ said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye. ‘There are opportunities for them to cause real disruption and destruction.’

Iran has been doing a lot of probing of critical U.S. industrial systems in recent years – trying to gain access – but has limited its destructive attacks to targets in the Middle East, experts say.

It’s not known whether Iranian cyberagents have planted destructive payloads in U.S. infrastructure that could now be triggered.

‘It’s certainly possible,’ Hultquist said. ‘But we haven´t actually seen it.’

Member of the Iranian Basij paramilitary militia, affiliated to the Revolutionary Guard, mourn Gen. Qassem Soleimani, in Tehran, Iran on Saturday

Member of the Iranian Basij paramilitary militia, affiliated to the Revolutionary Guard, mourn Gen. Qassem Soleimani, in Tehran, Iran on Saturday

Iranians take part in an anti-US rally in Tehran, Iran on Saturday

Iranians take part in an anti-US rally in Tehran, Iran on Saturday

Robert M. Lee, chief executive of Dragos Inc., which specializes in industrial control system security, said Iranian hackers have been very aggressive in trying to gain access to utilities, factories, and oil and gas facilities. 

That doesn’t mean they’ve succeeded, however. In one case in 2013 where they did break into the control system of a U.S. dam – garnering significant media attention – Lee said they probably didn’t know the compromised target was a small flood control structure 20 miles north of New York City.

Iran has been increasing its cyber capabilities but is not in the same league as China or Russia – which have proved most adept at sabotaging critical infrastructure, witnessed in attacks on Ukraine´s power grid and elections, experts agree.

And while the U.S. power grid is among the most secure and resilient in the world, plenty of private companies and local governments haven’t made adequate investments in cybersecurity and are highly vulnerable, experts say.

‘My worst-case scenario is a municipality or a cooperative-type attack where power is lost to a city or a couple of neighborhoods,’ Lee said.

Consider the havoc an epidemic of ransomware attacks has caused U.S. local governments, crippling services as vital as tax collection. While there´s no evidence of coordinated Iranian involvement, imagine if the aggressor – instead of scrambling data and demanding ransoms – simply wiped hard drives clean, said Hultquist.

‘You could see many cities and hospitals targeted at once with ransomware that encrypts data to make it unusable, but there is no way to decrypt it by paying a ransom,’ said cybersecurity veteran Chris Wysopal, the chief technical officer of Veracode.

Members of Iran-backed Iraqi Shiite armed groups popular mobilization forces carry the coffin of slain Abu Mahdi al-Muhandis during a funeral procession in Karbala city, southern Baghdad

Members of Iran-backed Iraqi Shiite armed groups popular mobilization forces carry the coffin of slain Abu Mahdi al-Muhandis during a funeral procession in Karbala city, southern Baghdad

The only known cybersecurity survey of U.S. local governments, county and municipal, found that the networks of 28% were being attacked at least hourly – and that nearly the same percentage said they didn´t even know how frequently they were being attacked. Although the study was done in 2016, the authors at the University of Maryland-Baltimore County don´t believe the situation has improved since.

The top cybersecurity official at the Department of Homeland Security, Christopher Krebs, urged companies and government agencies to refresh their knowledge of Iranian state-backed hackers’ past exploits and methods after Soleimani’s death was announced. ‘Pay close attention to your critical systems,’ he tweeted.

In June, Krebs warned of a rise in malicious Iranian cyberactivity, particularly attacks using common methods like spear-phishing that could erase entire networks: ‘What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you´ve lost your whole network.’

Wysopal said the Iranians are apt to have learned a lot from the 2017 NotPetya attack, which the U.S. and Britain have attributed to state-backed Russian hackers and which caused at least $10 billion in damage globally. The worst cyberattack to date, it exploited unpatched software after being delivered through an unwitting Ukrainian tax software provider and spread on networks without human intervention.

When then-Director of National Intelligence James Clapper blamed Iran for the Sands Casino attack, it was one of the first cases of American intelligence agencies identifying a specific country as hacking for political reasons: The casino´s owner, Sheldon Adelson, is a big Israel backer. Clapper also noted the value of hacking for collecting intelligence. North Korea´s hack of Sony Pictures in retaliation for a movie that mocked its leader followed.

The vast majority of the nearly 100 Iranian targets leaked online last year by a person or group known as Lab Dookhtegan – a defector, perhaps – were in the Middle East, said Charity Wright, a former National Security Agency analyst at the threat intelligence firm InSights. She said it´s highly likely Iran will focus its retaliation on U.S. targets in the region as well as in Israel and the U.S.

Iran is widely believed to have been behind a devastating 2012 attack on Aramco, the Saudi oil company, that wiped the data from more than 30,000 computers. It was also a victim of the Stuxnet computer virus. First uncovered in 2010, it destroyed thousands of centrifuges involved in Iran’s contested nuclear program and is widely reported to have been a U.S.-Israeli invention. 

Source link

The post #hacking | Iranian hackers breach US government website in retaliation for airstrike  appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Chinese Hackers Have Reportedly Managed To Bypass Two-Factor Authentication

Source: National Cyber Security – Produced By Gregory Evans

Two-factor authentication is something that many companies are recommending that users use. This is because it is a lot more secure compared to the traditional username and login combo, where an additional one-time password/code is generated to authenticate the user, meaning that even if your password is compromised, hackers still can’t get into your account.

This is because usually the one-time generated password is sent to the owner’s phone or a special dongle. However, according to a report from ZDNet, it appears that a hacking group from China known as APT20 has apparently managed to bypass two-factor authentication where they have managed to hack various systems spanning as many as 10 countries.

According to security company, Fox-IT, “We have identified victims of this actor in 10 countries, in government entities, managed service providers and across a wide variety of industries, including Energy, Health Care and High-Tech.” The affected countries include Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States.

That being said, it is unclear how the hacking group managed to bypass 2FA. Bypassing 2FA is not completely unheard of, but it is a rather sophisticated attack, which Fox-IT believes could have been done through “legitimate” channels such as VPNs.

Filed in General. Read more about China, Hack and Security. Source: zdnet

Source link

The post #hacking | Chinese Hackers Have Reportedly Managed To Bypass Two-Factor Authentication appeared first on National Cyber Security.

View full post on National Cyber Security