Categories
security

O.MG Cable – * to USB-A

This is incredible. It’s essentially a covert computer inside a USB cable.

To get a cable like this, you used to need a million dollar budget or to find a guy named MG at DEFCON. But Hak5 teamed up with MG to allow more people access to this previously clandestine attack hardware. Every O.MG Cable is hand made and tailored to look and feel exactly like the cable your target already has in their possession. You won’t need a million dollar budget for this cable, but the power and capabilities are extensive.It is packed with a web server, 802.11 radio, and way more memory and processing power than the type of cable you would want for just doing demos. But the flexibility makes demos easy.The O.MG Cable is built for covert field-use, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly change your tooling on the

Source: O.MG Cable – * to USB-A

Categories
cloud IoT security

“I’m totally screwed.” WD My Book Live users wake up to find their data deleted

This is like the worse case scenario that security researchers have been warning about. Someone exploited an old vulnerability for some WD devices and wiped out all the data in those devices that are exposed in the internet.

WD advises customers to immediately unplug their My Book Live and My Book Live Duo from the internet.

“I have a WD mybook live connected to my home LAN and worked fine for years,” the person who started the thread wrote. “I have just found that somehow all the data on it is gone today, while the directories seem there but empty. Previously the 2T volume was almost full but now it shows full capacity.”

It’s too easy to blame IoT device manufacturers, but this is a very tough problem. The following comment from HN says it best.

There’s really no winning with this.

You can release patches 6 years after your device is EoL but there will forever be more security issues and people using your ancient product (think how long it takes some versions of Windows to truly reach less than 100k active machines. Hell I wonder if Windows 3.1 has really reached that number or not. The long tail is going to be loooong). Not to mention you’ve created a precedent that the device is still getting patches and can be used by users, only making the lifecycle issue worse.

You can release a version which severely limits the capability of the product or effectively disables it but this is just a guaranteed way of getting bad press and even more customers will be mad at you for killing a device early.

You can turn the device over to the community (if you can managed to get it through legal and 3rd party agreements) but that isn’t actually going to solve anything as it’s not a product for extremely tech savvy users, at best it buys deflection in the news report in exchange for the effort of doing this (if you can at all).

You can claim the lifecycle is over and years later and be technically correct but still get the bad press and user feedback anyways.

Source: “I’m totally screwed.” WD My Book Live users wake up to find their data deleted

Categories
internet IoT security

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

This is serious. If you have Ubiquiti equipment do change your credentials immediately and check for signs of compromise.

Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.

Source: Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

Categories
IoT security

‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s water system, sheriff says

This is why you should secure your endpoints, especially if you are operating a critical infrastructure. This seems to be one of those supervisory interface that is exposed over the internet. Thank goodness no real harm was done.

And this time, Gualtieri says, the hacker did more than just remote in. According to the sheriff, the hacker spent up to five minutes in the system and adjusted the amount of sodium hydroxide in the water from 100 parts per million to 11,100.

“This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners,” Gualtieri added.

Source: ‘This is dangerous stuff’: Hacker increased chemical level at Oldsmar’s water system, sheriff says

Categories
security

Google discloses spearphishing targeting security researchers | SC Media

We are all familiar with spearphishing attacks against high value targets. But this is bold. A group of hackers are apparently targetting cyber security researchers, whose main job is to study them (the hackers) and their works. It’s like the thief stealing from the police. And the thief succeeded – in some cases.

Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.

Source: Google discloses spearphishing targeting security researchers | SC Media

Categories
security

FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

One of the world’s leading cyber security companies was breached, likely through a state-sponsored attack. One of the side effects of this attack is that FireEye’s own red-team tools will now be effectively “useless” for pentesting.

FireEye was recently attacked by a nation-state adversary and here are the actions we are taking to protect the community.

Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly.

Source: FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

Update (2020-12-10): FireEye shares (NASDAQ: FEYE) is down more than 13% after news broke.

Categories
privacy security

Samy Kamkar – NAT Slipstreaming

Another impressive hack from Samy. In this article, he introduces a novel technique to gain remote connection to any TCP/UDP service on your machine simply by having you visit a malicious website (with some conditions). To be clear, this isn’t remote code execution or remote shell – the exploit is at the networking level – but it could serve as a first step towards that. For example, the hacker could connect to the victim’s RDP port and start password brute-forcing.

exploit NAT/firewalls to access TCP/UDP services bound on a victim machine

Source: Samy Kamkar – NAT Slipstreaming

Categories
privacy security

Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica

Yet another data leak incident due to service misconfiguration. The usual suspects include Elasticsearch, MongoDB, AWS S3.

No need to breach any systems when the vendor gives the data away for free.

Source: Private data gone public: Razer leaks 100,000+ gamers’ personal info | Ars Technica

Categories
cloud security

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

A worm has been going around destroying unsecured databases. The intention of the attacker is not clear, but it could be similar to that of BrickerBot.

Dozens of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that wipes data without any explanation.

Source: New ‘Meow’ attack has deleted almost 4,000 unsecured databases

Categories
security

Garmin global outage caused by ransomware attack, sources say | TechCrunch

Presumably a company like Garmin would have BCP in place, and yet the outage is still ongoing. A post-mortem will be interesting to see.

The WastedLocker ransomware, used by a notorious Russian hacking group, is said to be to blame.

Source: Garmin global outage caused by ransomware attack, sources say | TechCrunch