Categories
security

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet | WIRED

The storytelling here is fantastic. It reads like drama, but it actually happened in real life. This is the story of the hacker who stopped WannaCry. It’s a long article but definitely worth reading till the end.

At 22, Marcus Hutchins put a stop to the worst cyberattack the world had ever seen. Then he was arrested by the FBI. This is his untold story.

Source: The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet | WIRED

Categories
privacy security

The problem with Zoom

The rise of Zoom is undeniable in today’s climate. Work, school, communities, etc. are all adopting Zoom and other video messaging platform as a primary means of communication. However, Zoom – the company – has some questionable practices, which leads to Zoom – the product – having many security and privacy issues. Here is an entire article devoted to problems with Zoom:

Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself
https://tidbits.com/2020/04/03/every-zoom-security-and-privacy-flaw-so-far-and-what-you-can-do-to-protect-yourself

The problems with Zoom extend beyond its recent troubles. More articles related to Zoom issues:

2020-04-09
MOE suspends use of Zoom in home-based learning following breaches involving obscene images
https://www.channelnewsasia.com/news/singapore/moe-suspends-zoom-home-based-learning-obscene-images-12626534

Who has banned Zoom? Google, NASA, and more
https://www.techrepublic.com/article/who-has-banned-zoom-google-nasa-and-more/

‘Zoombombing’ City Hall: Online Harassment Surges As Public Meetings Go Virtual
https://www.npr.org/2020/04/09/829265445/zoombombing-city-hall-the-struggle-to-keep-public-meetings-going-virtually

2020-04-08
Google Told Its Workers That They Can’t Use Zoom On Their Laptops Anymore
https://www.buzzfeednews.com/article/pranavdixit/google-bans-zoom

2020-04-03
Zoom admits some calls were routed through China by mistake
https://techcrunch.com/2020/04/03/zoom-calls-routed-china/

Security and Privacy Implications of Zoom
https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html

Thousands of Zoom video calls left exposed on open Web
https://www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/

A Quick Look at the Confidentiality of Zoom Meetings
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

2020-04-02
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
https://thehackernews.com/2020/04/zoom-windows-password.html

2020-04-01
Zoom is Leaking Peoples’ Email Addresses and Photos to Strangers
https://www.vice.com/en_us/article/k7e95m/zoom-leaking-email-addresses-photos

2020-03-26
Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account

2019-07-15
The Zoom Desktop App Lets Any Website Take Over Your Mac’s Camera. Here’s What To Do About It.
https://www.buzzfeednews.com/article/nicolenguyen/zoom-webcam-hacker-watching-you-vulnerability

2019-07-11
Apple has pushed a silent Mac update to remove hidden Zoom web server
https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/

Categories
network security

Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 FlawSecurity Affairs

A severe vulnerability is discovered in one of the core components of Windows. Microsoft has since released an urgent out-of-band patch to all affected machines.

“Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.” reads the advisory published by Microsoft.

Source: Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 FlawSecurity Affairs

Categories
privacy security

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

This vulnerability affects WhatsApp desktop – which I didn’t know exists – for Mac and Windows. It does so by exploiting unpatched bugs in the older version of Electron that WhatsApp desktop uses.

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

Source: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access

Categories
security

Inside ‘Evil Corp,’ a $100M Cybercrime Menace — Krebs on Security

An inside look into the workings of a cybercrime organization. For an organization that purportedly develops sophisticated malware to steal banking credentials, the lack of basic cyber hygiene led to much info being extracted about their dealings. The irony.

The $5 million reward is being offered for 32 year-old Maksim V. Yakubets, who the government says went by the nicknames “aqua,” and “aquamo,” among others. The feds allege Aqua led an elite cybercrime ring with at least 16 others who used advanced, custom-made strains of malware known as “JabberZeus” and “Bugat” (a.k.a. “Dridex“) to steal banking credentials from employees at hundreds of small- to mid-sized companies in the United States and Europe.

Source: Inside ‘Evil Corp,’ a $100M Cybercrime Menace — Krebs on Security

Categories
security

How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

This is a simple but brilliantly executed heist. Pretend to be the sender by sending from a similar looking domain.

One of the domains was a look-alike of the Chinese investment company’s domain; the other was a spoof of the Israeli firm’s domain. In both instances, the threat actors simply added an “s” to the end of the original domain name.

The next phase of the scam involved the attackers sending two emails with the same subject header as the original email thread about the planned seed funding.

Money meant to fund an Israeli startup wound up directly deposited to the scammers.

Source: How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

Categories
privacy security

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

Another data leak, this time involving, let’s see, 1.2 billion people. This was found by security researchers in an unsecured ElasticSearch server – the server is now down. According to analysis, the data most likely comes from data enrichment companies.

A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history. The leaked data contained names, email addresses, phone numbers, LinkedIN and Facebook profile information.

For a very low price, data enrichment companies allow you to take a single piece of information on a person (such as a name or email address), and expand (or enrich) that user profile to include hundreds of additional new data points of information.

Source: 1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook

Categories
security

Indian nuclear power plant’s network was hacked, officials confirm

Worryingly, attacks on critical infrastructure is becoming more and more common.

After initial denial, company says report of “malware in system” is correct.

Source: Indian nuclear power plant’s network was hacked, officials confirm

Categories
security

Samy Kamkar: PoisonTap – exploiting locked computers over USB

This is brilliant and scary at the same time. I’m always impressed by what Samy can think of. This particular hack makes your computer think a plugged-in Raspberry Pi is an Ethernet device and takes over all your Internet traffic, at the same time poisoning your browser with hijacked copies of Javascripts. This works even on a machine with screen locked.

It is reminiscent of the days of CD-ROM attacks, when your computer will auto-run the contents of a CD-ROM, even when the account is locked.

Source: Samy Kamkar: PoisonTap – exploiting locked computers over USB

Categories
security

US City Rejects $5.3 Million Ransom Demand and Restores Encrypted Files from Backup (SecAlerts)

This is the right strategy against ransomware. Backup, backup and backup. At the first sign of any ransomware attack it is important to isolate affected machines immediately and contact a cybersecurity professional to mitigate and prevent further infection.

The US city of New Bedford, Massachusetts, rejected a ransom demand of $5.3 million and came back with a counter-offer of $400,000, while restoring encrypted data from backup.

Source: US City Rejects $5.3 Million Ransom Demand and Restores Encrypted Files from Backup (SecAlerts)