InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.
Officials provided two examples of past incidents:
“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.
“This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.”
Pwn2Own Tokyo 2020 hacking competition is started, bug bounty hunters already hacked a NETGEAR router and a Western Digital NAS devices.
The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, Canada, and white hat hackers taking part in the competition have to demonstrate their ability to find and exploit vulnerabilities in a broad range of devices.
On the day one of the competition, bug bounty hunters have successfully hacked a vulnerability in the NETGEAR Nighthawk R7800 router. The participants were the Team Black Coffee, Team Flashback, and teams from cybersecurity firms Starlabs and Trapa Security, and the Team Flashback earned $20,000 for a remote code execution exploit that resulting from the chaining of two bugs in the WAN interface.
“The team combined an auth bypass bug and a command injection bug to gain root on the system. They win $20,000 and 2 points towards Master of Pwn.” reads the post on the official site of the Pwn2Own Tokyo 2020.
The Trapa team successfully chained a pair of bugs to gain code execution on the LAN interface of the router, the experts earned $5,000 and 1 point towards Master of Pwn.
The STARLabs team earned the same amount after using a command injection flaw to take control of the device.
The Western Digital My Cloud Pro series PR4100 NSA device was targeted by The Trapa Security team also earned $20,000 for a working exploit for the Western Digital My Cloud Pro series PR4100 NSA device.
The exploit code chained an authentication bypass bug and a command injection vulnerability to gain root on the device.
Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.
An unnamed U.S. federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday.
While many details of the hack weren’t revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.
The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.
Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers’ bank card information as they enter their details to order stuff online.
Sansec, a software company focused on these so-called “digital skimming” attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks’ card info.
“This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015,” it said in a statement on Monday. “The previous record was 962 hacked stores in a single day in July last year.”
The security biz estimated attackers have stolen personal data from “tens of thousands customers” so far. The intrusions can be traced back to a Magneto 1 zero-day exploit being sold by a Russian-speaking hacker going by the name “z3r0day” on a shady online forum.
For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site’s files so that the code is run when a customer goes to a payment page on the hijacked site. No authentication is required. The hacker promised not to sell the exploit to more than 10 people to keep it under wraps and valuable.
Unfortunately, the vulnerability isn’t easy to patch as the Adobe-owned Magento has ended support for the software. The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg. “Ideally they should upgrade to Magento 2, but we understand that merchants may need more time. Meanwhile, we recommend having server-side malware monitoring set up and to contract an alternative vendor for critical security patches.”
Techies at Sansec have studied two servers with IP addresses in the US and France that were targeted by crooks armed with z3r0day’s exploit. The payment details appear to have been funnelled through to a website hosted in Moscow. “We are not at liberty to disclose affected merchants. However, we have shared all relevant data with law enforcement today,” the Sansec spokesperson told us. ®
Chinese Hackers Working w/ Ministry of State Security Charged w/ Global Computer Intrusion Campaign
httpv://www.youtube.com/watch?v=b8zhLOnXDdY&ab_channel=TheJusticeDepartment
The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.
As the title of this post suggests we’ve sourced what we believe to be the best DEF CON presentations from 1993 to the present day. For those that don’t know, DEF CON is literally the ‘poster-child’
A large scale hacking campaign is targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.
Some of the sites targeted in this campaign belong to government sites for San Diego, Colorado, Minnesota, as well as sites for UNESCO, the National Institutes of Health (nih.gov), National Cancer Institute (cancer.gov), Rutgers, University of Washington, Arizona State University, Rochester Institute of Technology, University of Iowa, Maryland University, and University of Michigan,
From the samples observed by BleepingComputer, the threat actors exploit vulnerabilities in CMS platforms to insert their own hosted articles. One of the common methods we saw was to exploit Drupal’s Webform component to upload PDFs with links to the fake hacking tools.
Demirkapi shows how drivers can be misused for deep pwnage
DEF CON Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days.
Alternatively, write your own malicious driver, sign it with a stolen or leaked certificate or your own paid-for cert so that Windows trusts it, and load it.
This is according to undergraduate bug-hunter Bill Demirkapi in a talk he gave at the now-virtual DEF CON hacking conference, which you can watch below. He told the web audience on Thursday many common Windows drivers provide the conduit rootkit writers need to compromise PCs at a level most antivirus can’t or won’t reach.
A rootkit is a type of malware that, once it has gained all-controlling kernel-level access on a machine, modifies the system to ensure it retains that power while remaining out of sight of users, and ideally the operating system and any installed antivirus. Thus any subsequent malicious code launched by the rootkit inherits its high privileges, allowing it to snoop on the PC, steal passwords, and so on.
The trick to pulling this off is gaining code execution at an administrator or kernel level – and leveraging that to hook into the OS and stay out of sight. One way of doing this is by exploiting security flaws in drivers that wind up granting normal applications that level of access, or by exploiting the dozens of elevation-of-privilege flaws Microsoft patches every month in its software.
“There are a lot of publicly available vulnerable drivers out there,” said Demirkapi, “and with some reversing knowledge, finding your own zero-day [vulnerability] in one of these drivers can be trivial.”
Demirkapi gave the infamous Capcom driver as an example of insecure kernel-level software that can be tricked into granting any application-level code complete control over a machine. Some of these buggy driver APIs require administrator privileges to exploit, though. The holy grail is one that grants, on x86 machines, unprivileged ring-3 code unhindered ring-0 code execution.
Another way into the kernel is to write your own malicious driver, sign it with a stolen or leaked code-signing certificate or a paid-for one, and load it. Antivirus tools pretty much leave kernel drivers alone and focus on application-level software, and the operating system is rather lax in checking certs are legit. If you use a certificate you’ve paid for, the rootkit can be traced back to you, if or when it’s discovered.
Using a signed malicious driver is a more stable route into the heart of Windows, as exploiting vulnerable drivers requires tailoring your exploit code for particular versions and conditions.
However you manage it, from there it’s just a matter of opening a stealthy connection to a remote command’n’control server and phoning home for instructions, if necessary, while blending in with the noise on the system and hooking into the OS to intercept operations, such as file access. The rootkit should also ensure it runs all the time so that it doesn’t lose control of the box, and blocks attempts by security tools to uncover it.
It’s not impossible for antivirus to detect these sorts of rootkits, we’re told, though it will involve monitoring all the points where the the malware can insert its tentacles into the operating system. “It’s going to be pretty expensive, because an antivirus would need to replicate our hooking procedure,” the Trend Micro driver botherer said.
A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.
These special ‘research’ iPhones will come with specific, custom-built iOS software with features that ordinary iPhones don’t have. Starting today, the company will start loaning these special research iPhones to skilled and vetted researchers that meet the program’s eligibility.
The list was shared by the operator of a DDoS booter service. the list was compiled by scanning the entire internet for devices that were exposing their Telnet? port (23). Telnet sends password as plain text. we are still using clear text protocols in 2020? The hacker then may try using factory default usernames and passwords, as well easy-to-guess password combinations.
According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.
MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020
httpv://www.youtube.com/watch?v=vlPE-4Tjnrc
Protect Your Organization Against Massive Data Breaches and Their Consequences
