Categories
Engadget

Hackers briefly swap out a page on the Trump campaign site

With less than a week to go before the US presidential election, election security is a hot-button topic, and hackers have already struck. TechCrunch and the New York Times report that the About page on DonaldJTrump.com was briefly replaced by an unknown party. Gabriel Lorenzo Greschler grabbed a screenshot and video of the hacked page. Here’s a video of it. This is when you click on the “coalitions” tab. pic.twitter.com/iqLgxNezsO — Gabriel Lorenzo Greschler (@ggreschler) October 27, 2020 In a message, it threatened to “discredit” Trump as president and said the attackers would choose to share or keep secret their incriminating data based on which option received more votes in the form of cryptocurrency sent to their accounts, as well as a supposed encryption key to verify their identity. It’s unclear how they pulled off the attack, or the seriousness of the threat, but the page was apparently up for about thirty minutes. Source linkContinue readingHackers briefly swap out a page on the Trump campaign site

Categories
Wired

The Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure

In 2017, Symantec discovered the same hackers carrying out a more targeted set of attacks against US energy sector targets. At the time, the security researchers described it as a “handful” of victims, but Thakur now says they numbered in the dozens, ranging from coal mining operations to electric utilities. In some cases, Symantec found, the hackers had gone so far as to screenshot control panels of circuit breakers, a sign that their reconnaissance efforts had gone deep enough that they could have started “flipping switches” at will—likely enough to cause some sort of disruption if not necessarily a sustained blackout. But again, the hackers appear not to have taken full advantage. “We did not see them turning off the lights anywhere,” he says. Six months later, in February of 2018, the FBI and DHS would warn that the hacking campaign—which they named Palmetto Fusion—had been carried out by Russian state-sponsored hackers, and also confirmed reports that the hackers’ victims had included at least one nuclear power generation facility. The hackers had gained access only to the utility’s IT network, though, not its far more sensitive industrial control systems. Going Berserk Today Berserk Bear is widely suspected of working in the service of Russia’s FSB internal intelligence agency, the successor to the Soviet-era KGB. CrowdStrike’s Meyers says the company’s analysts have come to that conclusion with “pretty decent confidence,” due in part to evidence that aside from its foreign infrastructure hacking, Berserk Bear has also periodically targeted domestic Russian entities…Continue readingThe Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure

Categories
The Verge

Google says Chinese hackers who targeted Biden campaign are faking McAfee software

Google said in a new blog post that hackers linked to the Chinese government have been impersonating antivirus software McAfee to try to infect victims’ machines with malware. And, Google says, the hackers appear to be the same group that unsuccessfully targeted the presidential campaign of former Vice President Joe Biden with a phishing attack earlier this year. A similar group of hackers based in Iran had tried to target President Trump’s campaign, but also was unsuccessful. The group, which Google refers to as APT 31 (short for Advanced Persistent Threat), would email links to users which would download malware hosted on GitHub, allowing the attacker to upload and download files and execute commands. Since the group used services like GitHub and Dropbox to carry out the attacks, it made it more difficult to track them. “Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,” the head of Google’s Threat Analysis Group Shane Huntley wrote in the blog post. Google In the McAfee impersonation scam, the recipient of the email would be prompted to install a legitimate version of McAfee software from GitHub, while at the same time malware was installed without the user being aware. Huntley noted that whenever Google detects that a user has been the victim of a government-backed attack, it sends them a warning. The blog post doesn’t mention who was affected by APT-31’s latest attacks, but said there had been “increased…Continue readingGoogle says Chinese hackers who targeted Biden campaign are faking McAfee software

Categories
The Next Web

Norway blames Russian hackers for parliament email breach

Norway is the latest country to accuse Russia of infiltrating its systems. Government officials claim Russian state-sponsored hackers were behind a breach of its parliament‘s email system which was disclosed back in August. “This is a very serious incident, affecting our most important democratic institution,” said Norway Foreign Affairs Minister Ine Eriksen Søreide. “Based on the information the government has, it is our view that Russia is responsible for these activities.” The Russian Embassy in Washington, DC hasn’t yet addressed the allegations, but the Embassy in Oslo has downplayed the claims as “unacceptable” and “destructive for bilateral relations,” CyberScoop notes. Although Norway‘s allegations didn’t come with any technical evidence, the country is part of the North Atlantic Treaty Organization, a security bloc which Vladimir Putin has previously described as a threat to Russia. Details about the hacking incident remain scarce, with Norway‘s security and intelligence services still investigating the breach, according to Søreide. The accusation escalates an already tense relationship between the two countries. Back in August, Norway expelled a Russian diplomat because of his alleged connection to an espionage case. In return, Russian expelled a Norwegian diplomat a few days later. Russian has often been suspected in attempting to infiltrate various governments across the globe. In 2016, the US accused the country of hacking its Democratic National Committee and interfering in its elections. More recently, government officials from the US, the UK, and Canada alleged Russian state-sponsored hackers were trying to steal valuable private information about coronavirus vaccine trials. Source linkContinue readingNorway blames Russian hackers for parliament email breach

Categories
Engadget

Russian state hackers appear to have breached a federal agency

Security expert Costin Raiu added that an apparent copy of the malware uploaded to a research reposityory also appeared to be a unique combination of existing hacking tools that had no obvious connections to known hacking teams. While that doesn’t definitively link the malware to Fancy Bear, it suggests the attack was relatively sophisticated. The intruders used compromised logins to plant malware and get “persistent” access to systems on the agency’s network, using that to steal files. US officials haven’t responded to requests for comment. While it wouldn’t be shocking if Russia was behind the breach, it would still be worrying. It would indicate that Russia was not only launching an assault on US government systems, but managed to grab substantial data. It’s just a question of whether or not the damage was severe enough to significantly hamper operations. Source linkContinue readingRussian state hackers appear to have breached a federal agency

Categories
Engadget

Iranian hackers’ Android malware spies on dissidents by stealing 2FA codes

It’s no secret that some countries have spied on their citizens through innocuous-looking apps, but one effort is more extensive than usual. Check Point Research has discovered (via ZDNet) that Rampant Kitten, an Iranian hacker group that has targeted the country’s political opponents for years, has developed Android malware focused on stealing two-factor authentication codes. It isn’t just focused on any one service, either — it targets Google, Telegram, and other major internet or social services. The attackers first use a phishing trojan to collect login details, and then try those with the real site. If the victim has two-factor authentication turned on, the newly-reported malware intercepts the incoming SMS messages and quietly sends copies to the intruders. Source linkContinue readingIranian hackers’ Android malware spies on dissidents by stealing 2FA codes

Categories
Tech Radar

New vulnerabilities allow hackers to bypass MFA for Microsoft 365

Critical vulnerabilities in multi-factor authentication (MFA) implementation in cloud environments where WS-Trust is enabled could allow attackers to bypass MFA and access cloud applications such as Microsoft 365 which use the protocol according to new research from Proofpoint. As a result of the way Microsoft 365 session login is designed, an attacker could gain full access to a target’s account including their mail, files, contacts, data and more. At the same time though, these vulnerabilities could also be leveraged to gain access to other cloud services from Microsoft including production and development environments such as Azure and Visual Studio. Proofpoint first disclosed the these vulnerabilities publicly at its virtual user conference Proofpoint Protect but they have like existed for years. The firm’s researchers tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues. Microsoft is well-aware that the WS-Trust protocol is “inherently insecure” and in a support document, the company said that it will retire the protocol for all new tenants in October of this year, for all new environments within a tenant in April of 2021 and for all new and existing environments within a tenant in April of 2022. In some cases, an attacker can spoof their IP address to bypass MFA using a simple request header manipulation while in others altering the user-agent header caused the IDP to misidentify the protocol and believe it was using Modern Authentication. According to Proofpoint, in all cases Microsoft logs the connection as “Modern Authentication”…Continue readingNew vulnerabilities allow hackers to bypass MFA for Microsoft 365

Categories
Wired

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

As the presidential election looms, Microsoft said on Thursday that Russia’s military intelligence hackers, often called Fancy Bear or APT28, have targeted more than 200 organizations since September 2019, many of them election-adjacent. The revelation is the latest indication that nation-state hacking groups like Fancy Bear, which also sowed chaos during the 2016 US presidential election, remain a very real threat. Which makes the whistle-blower complaint of former senior Department of Homeland Security intelligence official Brian Murphy, made public this week, all the more troubling. Murphy alleges that DHS leadership minimized intelligence findings and manipulated reports about Russia’s threat to the 2020 election and other topics, allegedly to align with President Donald Trump’s political agenda. On the topic of inappropriate politicization in US law enforcement and intelligence agencies during the 2016 election, former FBI agent Peter Strzok told WIRED this week, “Everything the FBI did that fall hurt Hillary and helped Trump.” On Monday, Wikileaks founder Julian Assange began his defense against extradition to the US, which hinges in part on psychiatric assessments that he is at risk for self-harm. And smartwatches for kids are still a total security mess, even after years of warnings from researchers. If you’re looking this weekend for some easy ways to guard your digital privacy, shore up your WhatsApp settings and consider these privacy-conscious alternatives to Google Maps. And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should…Continue readingHackers Target Porn Site Visitors Using Flash and Internet Explorer

Categories
Wired

Russia’s Fancy Bear Hackers Are Hitting US Campaign Targets Again

The Russian military intelligence hackers known as Fancy Bear or APT28 wreaked havoc on the 2016 election, breaking into the Democratic National Committee and Hillary Clinton’s campaign to publicly leak their secrets. Ever since, the cybersecurity community has been waiting for the day they would return to sow more chaos. Just in time for the 2020 election, that day has come. According to Microsoft, Fancy Bear has been ramping up its election-targeted attacks for the past full year. On Thursday, Microsoft published a blog post revealing that it has seen Russia’s Fancy Bear hackers, which Microsoft calls Strontium, targeting more than 200 organizations since September 2019. The targets include many election-adjacent organizations, according to researchers at Microsoft’s Threat Intelligence Center, including political campaigns, advocacy groups, think tanks, political parties, and political consultants serving both Republicans and Democrats. Microsoft named the German Marshall Fund of the United States and the European People’s Party as two of the hackers’ targets. The company otherwise declined to publicly name victims or say how many of the attempted intrusions had been successful, though it said that its security measures had prevented the majority of attacks. “The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” Microsoft’s blog post reads. “Microsoft has been monitoring these attacks and notifying targeted customers for several months, but only recently reached a point in our investigation where we can attribute the activity to Strontium with…Continue readingRussia’s Fancy Bear Hackers Are Hitting US Campaign Targets Again

Categories
Mashable

Hackers can now clone your keys just by listening to them with a smartphone

Every time you unlock your front door, your key whispers a small, but audible, secret. Hackers finally learned how to listen.  Researchers at the National University of Singapore published a paper earlier this year detailing how, using only a smartphone microphone and a program they designed, a hacker can clone your key. What’s more, if a thief was able to install malware on your smartphone, smartwatch, or smart doorbell to record the audio from afar, they wouldn’t even need to be physically nearby to pull off the attack.  The key (ahem) to the attack, dubbed SpiKey, is the sound made by the lock pins as they move over a typical key’s ridges. “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone,” describes the paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han. With that recording, the thief is able to use the time between the audible clicks to determine distance between the ridges along the key. Using this information, a bad actor could then compute and then produce a series of likely keys.  “[On] average, SpiKey is able to provide 5.10 candidate keys guaranteeing inclusion of the correct victim key from a total of 330,424 keys, with 3 candidate keys being the most frequent case,” reads the study.  In other words, instead of fooling around with lock-picking tools, a thief could simply try a few pre-made keys and then stroll right through the victim’s door.  Of course,…Continue readingHackers can now clone your keys just by listening to them with a smartphone