T-Mobile discloses data breach after SIM swapping attacks
www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/ The attackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, BleepingComputer has learned. The information accessed by the hackers might have included customers’ full names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of . birth, plan information, and the number of lines subscribed to their accounts.
Chinese businessman charged with plotting with GE insider to steal transistor tech secrets
www.theregister.com/2021/03/01/china_mosfet_theft/ The FBI alleges that between March 2017 and January 2018, Ng and at least one co-conspirator a GE engineer of more than seven years plotted to swipe the blueprints for the transistor, which are electronic components typically found in industrial equipment and vehicles that regulate the flow of electricity. The duo planned to use the stolen trade secrets to set up a competitor in . China, it’s claimed.
Is Your Browser Extension a Botnet Backdoor?
krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/ A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.. Infatica seeks out authors with extensions that have at least 50,000 users. An extension maker who agrees to incorporate Infaticas computer code can earn anywhere from $15 to $45 each month for every 1,000 active users.
World’s leading dairy group Lactalis hit by cyberattack
www.bleepingcomputer.com/news/security/worlds-leading-dairy-group-lactalis-hit-by-cyberattack/ Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world.. In a press release published on Friday, Lactalis says that only a limited number of computers on its network were compromised during the attack.
Spectre exploits in the “wild”
dustri.org/b/spectre-exploits-in-the-wild.html Someone was silly enough to upload a working spectre (CVE-2017-5753) exploit for Linux (there is also a Windows one with symbols that I didn’t look at.) on VirusTotal last month, so here is my quick Sunday afternoon lazy analysis.. In my lab, on a vulnerable Fedora, the exploit is successfully dumping /etc/shadow in a couple of minutes. Interestingly, there are checks to detect SMAP and abort if it’s present. I didn’t manage to understand why the exploit was failing in its presence.. Also
therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/ “But while Voisin did not want to name the exploit author, several people were not as shy. Security experts on both Twitter and news aggregation service HackerNews were quick to spot that the new Spectre exploit might be a module for CANVAS, a penetration testing tool developed by Immunity Inc.
Jailbreaking app gets update to support iOS 14.3 and iPhone 12
www.theregister.com/2021/03/01/jailbreaking_app_gets_update_to/ Launched in the early hours of Sunday morning, the latest version of unc0ver exploits a race condition in the Mach voucher system (CVE-2021-1782) that allows it to run code with elevated privileges. Apple patched this bug with the release of iOS 14.4, and has since stopped cryptographically signing iOS 14.3, thus preventing users from downgrading.
Free cybersecurity tool aims to help smaller businesses stay safer online
www.zdnet.com/article/free-cybersecurity-tool-aims-to-help-smaller-businesses-stay-safer-online/ The NCSC’s Cyber Action Plan tool aims to help small businesses improve their resilience to cyber attacks via the aid of a short questionnaire about their current cybersecurity strategy and provides customised advice on how the business could be better protected against cyber crime.
National Security Risks of Late-Stage Capitalism
www.schneier.com/blog/archives/2021/03/national-security-risks-of-late-stage-capitalism.html In todays underregulated markets, its just too easy for software companies like SolarWinds to save money by skimping on security and to hope for the best. Thats a rational decision in todays free-market world, and the only way to change that is to change the economic incentives.
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
www.crowdstrike.com/blog/carbon-spider-sprite-spider-target-esxi-servers-with-ransomware/ By deploying ransomware on these ESXi hosts, adversaries were able to quickly increase the scope of affected systems within the victim environments, resulting in additional pressure on victims to pay a ransom demand. This is a new BGH tactic CrowdStrike refers to as Hypervisor Jackpotting.
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
www.recordedfuture.com/redecho-targeting-indian-power-sector/ In this research, we outlined a series of suspected targeted intrusions against Indias power sector that were observed beginning in mid-2020. The intrusions were conducted by a China-linked activity group we track as RedEcho. The group made heavy use of AXIOMATICASYMPTOTE a term we use to track infrastructure that comprises ShadowPad C2s, which is shared between several Chinese threat . activity groups, including APT41/Barium, Tonto team, the Icefog cluster, KeyBoy, and Tick.. Report at
Chinese hackers target Indian vaccine makers SII, Bharat Biotech, says security firm
www.reuters.com/article/health-coronavirus-india-china-idUSL2N2KZ13L A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the countrys immunisation campaign, cyber intelligence firm Cyfirma told Reuters.
One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/ A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services SuperVPN, GeckoVPN, and ChatVPN with 21 million user records being sold in total.