Mar 22 2021
FCC Boots Chinese Telecom Companies, Citing Security
he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.
The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”
In June 2020, the FCC designated both ZTE and Huawei as national security threats. “… [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services. The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”
ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.
FCC Boots Chinese Telecom Companies, Citing Security
Mar 22 2021
How to stay ahead of the rise of synthetic fraud
There are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.
Synthetic fraud on the rise
Banks around the world have faced difficulty in recognizing this type of complex fraud. Synthetic identity fraudsters are expert cybercriminals. They make use of the dark web to acquire legitimate personal information which they then blend with falsified information. They will then use this newly formed identity to establish a positive credit report and spend or borrow until they’ve maxed out their spending abilities.
They will often have multiple synthetic identities in play simultaneously to maximize the impact of their efforts. And it is hard to detect because these synthetic identities even have genuine profiles with the credit bureaus which the fraudsters creatively engineer.
An economic environment primed for fraud
Due to the economic toll the coronavirus pandemic has taken on the world, global GDP is expected to be negative this year. As a result, there has been and will continue to be an increase in the size of the banks’ loan portfolios, as businesses that are struggling to manage working capital requirements in a challenging commercial climate seek new lines of credit. The same demand for additional credit is similarly anticipated for retail customers.
As such, it will be easier to hide fraud within an environment where there is more lending activity, a larger portfolio to monitor and more losses to recover. This environment allows criminals to hide inside the noise of economic turmoil, while financial institutions struggle to cope with the sheer volume of applications, overwhelmed with the amount of identity checking they have to undertake.
It will also become harder to differentiate between delinquencies and defaults from genuine customers in distress and deliberate attacks from fraudsters as these loans come due for repayment.
Further, more individuals may be tempted to turn to fraud to maintain their lifestyles in an environment where they’ve lost jobs, financial security and are dealing with other economic difficulties.
How to stay ahead of the rise of synthetic fraud
Feb 26 2021
Microsoft releases open-source CodeQL queries to assess Solorigate compromise
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack
In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.
The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.
The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor, likely Russian in origin.
According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert the Sunburst backdoor into the supply chain of the SolarWinds Orion monitoring product.
Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released the source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated with Solorigate.
“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.” reads the blog post published by Microsoft. “We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.”
Microsoft releases open-source CodeQL queries to assess Solorigate compromise
Feb 20 2021
How safe is our water supply from cyberattacks?
Our sister station WFLA in Tampa Florida reported earlier this month that a hacker altered the levels of chemicals in the water supply of a Florida city to ‘potentially damaging’ levels. A plant operator at a water treatment facility in Oldsmar, Florida noticed someone had remotely accessed the computer system he was monitoring and increased the sodium hydroxide levels in the city’s water substantially.
The hack was caught before anyone was hurt by it, but KX wanted to know: how safe is our local water supply from cybersecurity threats? So, we went to the Bismarck Water Treatment Plant to find out.
“We’re well aware of what happened in Florida, it definitely reached the news nationwide and it really is relevant for drinking water systems. Our drinking water system, it would not be possible to do the same type of activity.”
Feb 19 2021
Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets.
The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip.
The discovery suggests threat actors are tailoring their malware to target the latest generation of Mac devices using the own processors.
Wardle discovered a Safari adware extension, tracked as GoSearch22, that was initially developed to run on Intel x86 chips, and now it was adapted to run on M1 chips.
“What we do know is as this binary was detected in the wild (and submitted by a user via an Objective-See tool) …so whether it was notarized or not, macOS users were infected.” reads the analysis published by Wardle. “Looking at the (current) detection results (via the anti-virus engines on VirusTotal), it appears the GoSearch22.app is an instance of the prevalent, yet rather insidious, ‘Pirrit’ adware:”
Feb 15 2021
Chinese Supply-Chain Attack on Computer Systems
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret:
China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter. That included an FBI counterintelligence investigation that began around 2012, when agents started monitoring the communications of a small group of Supermicro workers, using warrants obtained under the Foreign Intelligence Surveillance Act, or FISA, according to five of the officials.
There’s lots of detail in the article, and I recommend that you read it through.
Jan 20 2021
Sophisticated Watering Hole Attack
Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android:
Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors’ devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android
The use of zero-days and complex infrastructure isn’t in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code — which chained together multiple exploits in an efficient manner — the campaign demonstrates it was carried out by a “highly sophisticated actor.”
Nov 08 2020
FBI: Hackers stole source code from US government agencies and private companies
FBI blames intrusions on improperly configured SonarQube source code management tools.
FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.
Officials provided two examples of past incidents:
“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.
“This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.”
Source: FBI: Hackers stole source code from US government agencies and private companies | ZDNet
Oct 01 2020
List of data breaches and cyber attacks in September 2020 – 267 million records breached
Take a look at the top data breaches and cyber attacks in September, as well as our full list of 102 incidents.
- Data Breaches: Crisis and Opportunity
Jul 03 2020
Alleged cyber attacks caused explosions at facilities in Iran
The root cause of a series of explosions at important Iranian facilities may be cyberattacks allegedly launched by Israel.
Source: Alleged cyber attacks caused explosions at facilities in Iran
Stuxnet 2? Iran Hints Nuclear Site Explosion Could Be A Cyberattack
How Israel Rules The World Of Cyber Security | VICE on HBO
httpv://www.youtube.com/watch?v=ca-C3voZwpM
Israel said to be behind cyber attack on Iranian port
httpv://www.youtube.com/watch?v=9XVIrXHtpeg
Explore the subject of Cyber Attack
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jun 21 2020
Digital Downfall: Technology, Cyberattacks and the End of the American Republic
Digital Downfall: Technology, Cyberattacks and the End of the American Republic…
Source: Digital Downfall: Technology, Cyberattacks and the End of the American Republic:
Is America on the brink of civil war?
Could foreign cyber plots turn Americans against one another and cause a disastrous domestic conflict?
What would happen if the lights went out and the technology we rely upon to run American life is no longer available?
The present dangers are real. The US is more vulnerable to destructive foreign interference today than it has been in over a century. As Russia and China realize they can’t win shooting wars against the US, they have devised new and cunning ways to destabilize American politics and cripple the US economy. Cyber meddling in elections, disinformation campaigns, abuse of social media to widen racial and political divides, and the theft of military data are just some of the malicious acts threatening the Republic. Digital Downfall examines the potential effects of such attacks, with a look at:
- The vulnerability of the US to cyber attack
- American technological weaknesses that could be exploited by our enemies
- How the US military could be affected by cyberwar
- The possibility that the American Republic we know could be destroyed
- America’s relationship with racism
- What the future may hold
And more…The dangers posed by external sources can only be real when the internal politics of the United States is in a fragile state. The past four years bear testimony to this political decline as does every passing day of the Trump presidency.The perfect storm of external interference, a rampant and deadly pandemic, and a culture of racism that will no longer be tolerated is upon us.Who knows where it will lead to, or what will be left at the end.
Digital security – threats, risks and how to protect yourself
httpv://www.youtube.com/watch?v=QbyAVsbtGh0
How to protect your online privacy in 2020 | Tutorial
httpv://www.youtube.com/watch?v=jxeeKKfjb5o
Take an awareness quiz to test your basic cybersecurity knowledge
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 16 2020
Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found
The publication of ‘Vault 7’ cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.
The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.
Wikileaks Vault 7: What’s in the CIA Hacking Toolbox?
httpv://www.youtube.com/watch?v=X45Bb8O-gMI
CIA Hacking Tools Released in Wikileaks Vault 7 – Threat Wire
httpv://www.youtube.com/watch?v=5LYSjLwkAo4
Download a Security Risk Assessment steps paper!
Take an awareness quiz to test your basic cybersecurity knowledge
Subscribe to DISC InfoSec blog by Email
Jun 24 2019
OpenSSH introduces a security feature to prevent Side-Channel Attacks
OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution.
Source: OpenSSH introduces a security feature to prevent Side-Channel Attacks
May 29 2019
Flipboard says hackers stole user details | ZDNet
Extent of the hack is unknown, but Flipboard said hackers had access to its systems for almost nine months.
Source: Flipboard says hackers stole user details | ZDNet
Flipboard confirms database hack, resets all user passwords
May 26 2019
Uncovering Linux based cyberattack using Azure Security Center
Azure Security Center, Microsoft’s cloud-based cyber solution helps customers safeguard their cloud workloads as well as protect them from these threats.
Source: Uncovering Linux based cyberattack using Azure Security Center
« Previous Page
