Security Archives

Co-Founder of Swiss SMS Giant 'Mitto AG' Accused of Government Surveillance

Andrew Orr · 12:40 PM EST, Dec 7th, 2021 · 1 Comment

Swiss tech company Mitto AG is trusted by companies such as Twitter and Google to deliver SMS security codes to users, appointment reminders, sales promotions, and more. It’s co-founder and COO Ilja Gorelik has been accused of selling access to Mitto’s networks for surveillance.

The existence of the alternate service was only known to a small number of people within the company, these former employees said. Gorelik sold the service to surveillance companies which in turn contracted with government agencies, according to the employees.

Link

Microsoft Seizes Domains From Chinese Group 'NICKEL' Used to Attack Governments

Andrew Orr · 9:41 AM EST, Dec 7th, 2021 · Add Comment

NICKEL is a China-based threat actor that targets governments, diplomatic entities, and NGOs around the world. Microsoft’s Digital Crimes Unit has disrupted their operation.

MSTIC has observed NICKEL actors using exploits against unpatched systems to compromise remote access services and appliances. Upon successful intrusion, they have used credential dumpers or stealers to obtain legitimate credentials, which they used to gain access to victim accounts. NICKEL actors created and deployed custom malware that allowed them to maintain persistence on victim networks over extended periods of time.

Link

Hundreds of Tor Servers From 'KAX17' Threaten to Deanonymize Users

Andrew Orr · 11:17 AM EST, Dec 6th, 2021 · Add Comment

Security researcher ‘Nusenu’ has uncovered hundreds of Tor servers belonging to an entity tracked as KAX17.

Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.

KAX17’s focus on Tor entry and middle relays led Nusenu to believe that the group, which he described as “non-amateur level and persistent,” is trying to collect information on users connecting to the Tor network and attempting to map their routes inside it.

Podcast

Security Friday: Smarthome Security, Breaches, and Grand Theft AirTag – TMO Daily Observations 2021-12-03

Kelly Guimont · 2:48 PM EST, Dec 3rd, 2021 · Add Comment

Andrew Orr joins host Kelly Guimont to discuss Security Friday news and introduce a rating system for how worried to be about certain stories.

VIew all episodes

Cool Stuff Found

Link

Cuba Ransomware Gang Made $43.9 Million in Ransom Payments

Andrew Orr · 2:46 PM EST, Dec 3rd, 2021 · Add Comment

The FBI also said it traced attacks with Cuba ransomware to systems infected with Hancitor. This is a malware operation to access Windows machines.

It is also worth mentioning that Cuba is also one of the ransomware groups that gather and steal sensitive files from compromised companies before encrypting their files. If companies don’t pay, the Cuba group will threaten to dump sensitive files on a website they have been operating on the dark web since January this year.

Link

Ubiquiti Developer Arrested and Charged With Extortion

Andrew Orr · 11:50 AM EST, Dec 3rd, 2021 · Add Comment

Former Ubiquiti employee Nickolas Sharp has been arrested and charged with data theft and extortion.

As alleged, Nickolas Sharp exploited his access as a trusted insider to steal gigabytes of confidential data from his employer, then, posing as an anonymous hacker, sent the company a nearly $2 million ransom demand.

Link

Hackers Steal $119 Million From Web3 Project 'BadgerDAO'

Andrew Orr · 10:02 AM EST, Dec 3rd, 2021 · Add Comment

BadgerDAO reported on Wednesday that it lost about 2,100 bitcoin and 151 ether in a hacking attack.

Kryptobi, who said he is on the BadgerDAO support team and has been looking into the hack, told Motherboard that it appears someone injected a malicious script into BadgerDAO’s frontend after compromising an API key for BadgerDAO’s Cloudflare account. Cloudflare is a web infrastructure, content delivery network, and website security company, which is used by millions of sites on the internet.

Link

Planned Parenthood Hack Leaked Data for 400,000 Patients

Andrew Orr · 12:48 PM EST, Dec 2nd, 2021 · 1 Comment

In October, a Planned Parenthood facility in Los Angeles suffered a data breach. It affected about 400,000 patients.

Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

Podcasts

News

South Korean Hack Shows Need for Better Smart Home Security

Jeff Butts · 7:58 AM EST, Dec 2nd, 2021 · Add Comment

A recent string of hacks on South Korean apartment complexes makes the need for better smart home security crystal clear.

Link

Qualcomm's New Snapdragon Chip Aims to Defeat Cops and Robbers

Andrew Orr · 10:32 AM EST, Dec 1st, 2021 · Add Comment

A report from PCMag today discusses Qualcomm’s latest chip, the Snapdragon 8 Gen 1. It has anti-spoofing technology to protect against Stingrays.

Spoof cell sites can now be run on small, widely available boxes that pass bad data and phishing messages, Qualcomm said at its Snapdragon Summit today. Otherwise known as “Stingrays,” these faux cells can be run by criminals, law enforcement, or security agencies to collect your personal data without your permission.

Link

'EWDoor' Malware Attacks Thousands of AT&T Internet Subscribers

Andrew Orr · 9:06 AM EST, Dec 1st, 2021 · Add Comment

Hackers are exploiting a bug from 2017 to attack the EdgeMarc Enterprise Session Border Controller. This device is used by businesses to manage phone calls and video calls.

The vulnerability being exploited to infect the devices is tracked as CVE-2017-6079, a command-injection flaw that penetration tester Spencer Davis reported in 2017 after using it to successfully hack a customer’s network. The vulnerability stemmed from an account in the device that, as Davis learned from this document, had the username and password of “root” and “default.”

News

Hackers Infiltrate Website Belonging to Sealand, Skimming Payment Data

Andrew Orr · 11:06 AM EST, Nov 30th, 2021 · Add Comment

Hackers have infiltrated a website belonging to the Principality of Sealand, using a web skimmer to steal user data such as payment information.

Link

Intel Stockpiles Legacy Hardware for Security Research at Costa Rica Facility

Andrew Orr · 9:00 AM EST, Nov 30th, 2021 · Add Comment

The Wall Street Journal reports that Intel has a facility in Costa Rica where it stores legacy hardware for security research.

Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Podcast

Adele's Shuffle Challenge and Apple's Stand on State-Sponsored Spyware, with Jeff Gamet - ACM 562

Bryan Chaffin · 11:30 PM EST, Nov 28th, 2021 November 29, 2021 · Add Comment

Bryan Chaffin and Jeff Gamet talk about Adele’s desire that we not shuffle her albums. They also look at Apple’s public stand against state-sponsored spyware.

VIew all episodes

Podcast

Security Tips for Holiday Visits – TMO Daily Observations 2021-11-24

Kelly Guimont · 2:00 PM EST, Nov 24th, 2021 · Add Comment

Andrew Orr joins host Kelly Guimont to discuss security tips for traveling, and some good things to check when you get to your Turkey Day Destination.

VIew all episodes

Link

Digital Marketing Agency 'Cronin' Leaks 92 Million Employee, Client Records

Andrew Orr · 10:51 AM EST, Nov 24th, 2021 · 1 Comment

Security researcher Jeremiah Fowler in cooperation with the WebsitePlanet research team found an unprotected database from Cronin. It exposed 92 million database records from employees and clients.

The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. These records included internal data such as employee and client information. Also included in the dataset was a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from.

News

Apple Sues NSO Group Over Endangering iOS Users With Spyware

Andrew Orr · 1:18 PM EST, Nov 23rd, 2021 · 1 Comment

On Tuesday Apple announced it had filed a lawsuit against NSO Group and its parent company. The goal is to hold it accountable for its spyware.

Link

GoDaddy Breach Leaks 1.2 Million Email Addresses of WordPress Customers

Andrew Orr · 10:41 AM EST, Nov 22nd, 2021 · Add Comment

On Monday, web hosting company GoDaddy revealed that it suffered a data breach that was discovered on September 6. It happened by way of a compromised password.

email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorized third-party access.

Podcast

Security Friday: Chip Flaws and Data Breaches – TMO Daily Observations 2021-11-19

Kelly Guimont · 2:29 PM EST, Nov 19th, 2021 · Add Comment

Andrew Orr and host Kelly Guimont discuss the abundance of security news this week including some hardware issues and This Week in Data Breaches.

VIew all episodes