AIVD exposes espionage network in the Netherlands; two Russian intelligence officers forced to leave the country
english.aivd.nl/latest/news/2020/12/10/aivd-exposes-espionage-network-in-the-netherlands-two-russian-intelligence-officers-forced-to-leave-the-country Recently the General Intelligence and Security Service (“Algemene Inlichtingen- en Veiligheidsdienst” AIVD) disrupted the covert activities of an intelligence officer of the Russian civil intelligence agency SVR. The intelligence officer – who worked at the Russian Embassy in The Hague with diplomatic accreditation – engaged in espionage activities in the field of science and technology. He . built a substantial network of sources, all of whom work or used to work within the Dutch high-tech sector.
Uteliaat harrastajat jakavat tietoa Ruotsin sotilaskohteista netissä lehti: kartat ja muut julkiset tiedot auttavat vakoojia ja rikollisiakin
yle.fi/uutiset/3-11690386?origin=rss Kasvavana ongelmana ovat viime aikoina olleet myös sotaharrastajat ja sotilasintoilijat, jotka ovat esimerkiksi kuvanneet ja kartoittaneet salaisia kohteita. Näitä tietoja on jaettu erilaisissa netin harrastajaryhmissä.
Luottokorttirikolliset iskivät Kauneimmat joululaulut – -nettitapahtumaan
yle.fi/uutiset/3-11692046?origin=rss – – Huijarit jakoivat tapahtuman sivulla ja seurakunnan Facebook-sivulla kommenteissa linkkejä ulkopuolisille sivustoille, joilla vaadittiin luottokorttitietoja, jotta suoratoisto voi alkaa. Ainakin muutama henkilö oli päätynyt luottokorttitietojen antamiseen. Tapauksesta kertonutta opastettiin tekemään rikosilmoitus ja sulkemaan kortti, sanoo Tampereen seurakuntien viestintäjohtaja Sami . Kallioinen.
Operation StealthyTrident: corporate software under attack
www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/ ESET researchers discovered that chat software called Able Desktop, part of a business management suite popular in Mongolia and used by 430 government agencies in Mongolia (according to Able), was used to deliver the HyperBro backdoor (commonly used by LuckyMouse), the Korplug RAT (also known as PlugX), and a RAT called Tmanger (which was first documented by NTT Security and was used during . Operation Lagtime IT campaigns attributed to TA428 by Proofpoint). A connection with the ShadowPad backdoor, which is now used by at least five different threat actors, was also found.
‘Fingerprint-Jacking’ Attack Technique Manipulates Android UI
www.darkreading.com/threat-intelligence/fingerprint-jacking-attack-technique-manipulates-android-ui-/d/d-id/1339684 In his Black Hat Europe talk, Wang explained how he was hunting for bugs in a mobile wallet app when he found a tactic to enable “fingerprint-jacking,” which is a user interface-based attack that targets fingerprints in Android apps. The term stems from clickjacking, he said, as this type of attack conceals a malicious application interface beneath a fake covering.
Portable Data exFiltration: XSS for PDFs
portswigger.net/research/portable-data-exfiltration PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP hyperlink can provide a foothold into the inner workings of a PDF? In this paper, you will learn how to use a single link to compromise the contents of a PDF and exfiltrate it to a remote server, just like a blind XSS attack.. Think about PDF injection just like an XSS injection inside a JavaScript function call. In this case, you would need to ensure that your syntax was valid by closing the parentheses before your injection and repairing the parentheses after your injection. The same principle applies to PDF injection, except you are injecting inside a dictionary value, such as a text stream or annotation URI, rather . than a function call.
Fake data breach alerts used to steal Ledger cryptocurrency wallets
www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/ Starting in October 2020, Ledger users began receiving fake emails about a new data breach from Ledger. The email stated that the user was affected by the breach and that they should install the latest version of Ledger Live to secure their assets with a new pin.
Ransomware Threat To Critical Infrastructure Is A New Priority
www.forbes.com/sites/guidehouse/2020/12/11/ransomware-threat-to-critical-infrastructure-is-a-new-priority/ As the government works to combat overarching cybersecurity risks to critical infrastructure, the bottom line is that cybersecurity decisions are business decisions. Businesses cannot wait to invest until after a major incident. Implementing policy and regulation only goes so far, as cyber criminals and foreign adversaries continue to adapt their tactics to meet objectives. The onus is on managers of critical infrastructure to take cybersecurity seriously and to begin taking a holistic approach to securing critical systems and data.
Iso kiltti hakkeri Vuoden Tivi-vaikuttaja on Benjamin Särkkä
www.tivi.fi/uutiset/tv/3e1b058c-f139-4d86-8bf4-bd79edd96227 Valkohattuhakkeri Benjamin Särkkä on iso tatuoitu mies, joka puhuu kiltillä äänellä kiltimmän maailman puolesta. Hän on vuoden Tivi-vaikuttaja 2020. Benjamin Särkkä on valkohatuista tunnetuimpia ja tehnyt vuosikausia pitkäjänteistä työtä hakkerikulttuurin puolesta tietoturvan parantamiseksi. Hän on myös huippusuosituksi kasvaneen Disobey-tapahtuman perustaja. “Disobey on poistanut mystiikkaa hakkeroinnin ympäriltä. Siitä on tullut tärkeä riippumaton ääni tietoturva-asioissa.”
Viranomaiset iskivät Tor-verkon suomenkieliseen huumekauppaan palvelin ja bitcoineja takavarikkoon
www.tivi.fi/uutiset/tv/8d1f8c85-578c-4e20-8913-190f82b89b8d Suomen tulli tiedottaa takavarikoineensa Tor-verkossa toimineen Sipulimarket-kauppapaikan verkkopalvelimen ja kaiken sen sisällön. Viranomaisten mukaan Sipulimarketin kautta on myyty suuria määriä huumausaineita sekä muuta laitonta tavaraa. Tullin tiedote:
Vastaamon ex-pomo väittää, että murto pimitettiin häneltä yksi suuri kysymys auki
www.is.fi/digitoday/tietoturva/art-2000007675634.html Wired-lehdelle puhunut Vastaamon entinen toimitusjohtaja Ville Tapio sanoo, että murrot huomattiin todennäköisesti jo keväällä 2019, mutta hänelle ei kerrottu asiasta. – Pitäisi olla aika selvää, että se ei ole 300 hengen yrityksen toimitusjohtajan tehtävä, Tapio sanoo Wiredille.
Wormable code-execution flaw in Cisco Jabber has a severity rating of 9.9 out of 10
arstechnica.com/information-technology/2020/12/wormable-zero-click-vulnerability-in-cisco-jabber-gets-patched-a-second-time/ Cisco has patched its Jabber conferencing and messaging application against a critical vulnerability that made it possible for attackers to execute malicious code that would spread from computer to computer with no user interaction required. Again. also:
www.watchcom.no/nyheter/nyhetsarkiv/cisco-jabber-vulnerabilities-resurface/
Facebook links APT32, Vietnam’s primary hacking group, to local IT firm
www.zdnet.com/article/facebook-doxes-apt32-links-vietnams-primary-hacking-group-to-local-it-firm/ In a surprising and unexpected announcement on Thursday, the Facebook security team has revealed the real identity of APT32, one of today’s most active state-sponsored hacking group, believed to be linked to the Vietnamese government. “Our investigation linked this activity to CyberOne Group [archived website, archived Facebook page], an IT company in Vietnam (also known as CyberOne Security, CyberOne Technologies, Hành Tinh Company Limited, Planet and Diacauso), ” said Nathaniel Gleicher, Head of Security Policy at Facebook, and Mike Dvilyanski, Cyber Threat Intelligence Manager. FB:
about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/
MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
blogs.blackberry.com/en/2020/12/mountlocker-ransomware-as-a-service-offers-double-extortion-capabilities-to-affiliates Since mid-October 2020, the BlackBerry Incident Response Team have been actively tracking MountLocker affiliate campaigns as part of ongoing investigations. The affiliates are typically responsible for the initial compromise, distribution of MountLocker ransomware, and exfiltration of sensitive client data during a breach. In coordination with the BlackBerry Research and Intelligence Team, our researchers and investigators have produced the following wide-ranging report on MountLocker. It covers this threat’s operators, affiliates, ransomware, decryptor, and associated tactics, techniques, and procedures (TTPs).
Massive Subway UK phishing attack is pushing TrickBot malware
www.bleepingcomputer.com/news/security/massive-subway-uk-phishing-attack-is-pushing-trickbot-malware/ A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware.
Ex-Cisco engineer who nuked 16k WebEx accounts sent to prison
www.bleepingcomputer.com/news/security/ex-cisco-engineer-who-nuked-16k-webex-accounts-sent-to-prison/ Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15, 000 fine for shutting down more than 16, 000 WebEx Teams accounts and over 450 virtual machines in 2018
Update now: Researchers warn of security vulnerabilities in these widely used point-of-sale terminals
www.zdnet.com/article/update-now-researchers-warn-of-security-vulnerabilities-in-widely-used-point-of-sale-terminals/ Security researchers disclose vulnerabilities including default passwords in two of the largest PoS manufacturers in the world. The vulnerabilities in Verifone and Ingenico products – which are used in millions of stores around the world – have been detailed by independent researcher Aleksei Stennikov and Timur Yunusov, head of offensive security research at Cyber R&D Lab during a presentation Black Hat Europe 2020. One of the key vulnerabilities in both brands of device is the use of default passwords which could provider attackers with access to a service menu and the ability to manipulate or change the code on the machines in order to run malicious commands. also:
Exclusive: Israeli Surveillance Companies Are Siphoning Masses Of Location Data From Smartphone Apps
www.forbes.com/sites/thomasbrewster/2020/12/11/exclusive-israeli-surveillance-companies-are-siphoning-masses-of-location-data-from-smartphone-apps/ This year has seen a rush amongst government snoops for a new and sometimes contentious data set: location data grabbed by smartphone popular apps. Customs and Border, the FBI, the U.S. military and other federal agencies have been keen buyers, though it’s caused a furor amongst privacy and human rights watchdogs. The outcry this week led Apple and Google to kick apps containing location-grabbing code from Reston, Virginia-based provider X-Mode out of their respective app stores.
Cyberpunk 2020: The hacker’s Netrunner’s arsenal
www.kaspersky.com/blog/cyberpunk-2020-netrunner-arsenal/37988/ If we are to believe the science-fiction of the last century, the hackers of 2020 should have access to a rather curious toolkit.