Security daily (01-09-2020)

No, Michigan voter data wasn’t hacked by the Russians

Michigan’s secretary of state on Tuesday refuted a news report asserting that the state’s voter registration database had been compromised in an example of how election officials are combatting misinformation weeks before the presidential election. The statement came in response to a report in Russian media outlet Kommersant claiming that recently purloined data on American voters was available on a hacking forum. It turns out that data was already publicly available, and it appears to have been repackaged by whoever was advertising it. “Our system has not been hacked,” Michigan Secretary of State Jocelyn Benson’s office said in a statement. “We encourage all Michigan voters to be wary of attempts to ‘hack’ their minds, however, by questioning the sources of information and advertisements they encounter and seeking out trusted sources, including their local election clerk and our office.” “Public voter information in Michigan and elsewhere is accessible to anyone through a […] The post No, Michigan voter data wasn’t hacked by the Russians appeared first on CyberScoop. (CyberScoop)

Norway is investigating a cyberattack on its parliament

Hackers have struck at the Norwegian parliament, compromising a limited number of email accounts of lawmakers and employees, the parliament’s administrator said Tuesday. Attackers downloaded an unspecified amount of data in the breach, Marianne Andreassen, the administrator, said in a statement. Mitigations put in place to counter the digital intrusion had an “immediate effect,” Andreassen said. Among the victims were members of the opposition Labour Party and the Centre Party, Norwegian broadcaster NRK reported. Andreassen did not identify who was responsible. A police and national security investigation is ongoing, and Andreassen said investigators are still gathering a full picture of the impact of the hack. The Norwegian National Security Authority (NSM), a government cybersecurity agency, “has contributed with incident response, analysis and other measures during the cyber incident against the Norwegian parliament,” said Trond Øvstedal, a spokesman for the agency. NSM “will provide technical support in the investigation,” he added. National legislatures are […] The post Norway is investigating a cyberattack on its parliament appeared first on CyberScoop. (CyberScoop)

Russia's IRA used phony news accounts on Facebook to discuss QAnon, coronavirus

Russia’s troll farm again is trying to use Facebook to inflame divisions in the U.S. ahead of a presidential election. Facebook on Tuesday said it removed 13 accounts and two pages, which had 14,000 followers, affiliated with the Internet Research Agency, a Russian organization with a long history of using fake social media accounts to exploit political tension. The accounts impersonated independent news outlets to create discussions about the coronavirus pandemic, Joe Biden’s political candidacy and the right-wing conspiracy QAnon, among other topics. In some cases, IRA members posed as news editors to recruit freelance journalists to post content about contentious political topics. The IRA used an apparent news site called Peace Data, which published anti-Western articles with headlines like “UK Government Creates a Myth of a Migrant Crisis to Distract from Its Failures” and “The gold behind the French presence in Mali.” The Peace Data Facebook page is no […] The post Russia's IRA used phony news accounts on Facebook to discuss QAnon, coronavirus appeared first on CyberScoop. (CyberScoop)

Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit

Unidentified hackers are trying to exploit critical vulnerabilities in router software made by Cisco while the networking giant scrambles to address the issues. The bugs, which Cisco revealed Saturday, could allow an attacker to remotely deny service to a device running the software or exhaust the memory on the device. That, in turn, could destabilize “interior and exterior routing protocols” on an affected network, Cisco said in an advisory. It’s unclear when a patch will be ready; “as soon as possible” is all a Cisco spokesperson would say. The company made recommendations for mitigating the vulnerability until a patch is available. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency encouraged users to check for “indicators of compromise’ or signs of malicious cyber activity. It’s unclear who is attempting to exploit the vulnerability. With the advisory out, cybersecurity incident responders will be watching for any additional hacking. Justin Elze, a principal security […] The post Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit appeared first on CyberScoop. (CyberScoop)

The most popular brand websites that hackers use for typosquatting campaigns

The most imitated websites that credential-stealing, financially-motivated hackers have resorted to mimicking include Wells Fargo, Netflix, Facebook, and Microsoft, according to new Palo Alto Networks research published Tuesday. Some of the other top brands that hackers have mimicked with typosquatting, a technique that relies on victims glancing over typos in website names that appear similar to other popular legitimate sites, also include PayPal, Apple, Royal Bank of Canada, LinkedIn, Google, Apple’s iCloud, Bank of America, Dropbox, Amazon, and Instagram, according to the research, which examines data collected in December 2019. The hackers have been using these malicious domains to distribute malware, reward scams, run phishing campaigns and technical support scams, Palo Alto Networks’ Unit 42 researchers said in a blog post. Of nearly 13,857 squatting domains registered in December, 18.59% are malicious, “often distributing malware or conducting phishing attacks.” Typosquatting has long been a favorite tactic for attackers looking to […] The post The most popular brand websites that hackers use for typosquatting campaigns appeared first on CyberScoop. (CyberScoop)

How to Hack Wi-Fi: Automating Wi-Fi Hacking with Besside-ng

Besside-ng is the hidden gem of the Aircrack-ng suite of Wi-Fi hacking tools. When run with a wireless network adapter capable of packet injection, Besside-ng can harvest WPA handshakes from any network with an active user — and crack WEP passwords outright. Unlike many tools, it requires no special dependencies and can be run via SSH, making it easy to deploy remotely.

In my opinion, it's one of the most powerful Wi-Fi hacking tools currently available. First written in 2010 in C, Besside-ng is an incredibly aggressive and persistent WPA handshake mass-harvester and WEP cracker. It features... more (Null Byte « WonderHowTo)

Hacking Windows 10: How to Bypass VirusTotal & AMSI Detection Signatures with Chimera

Microsoft's built-in antimalware solution does its best to prevent common attacks. Unfortunately for Windows 10 users, evading detection requires almost no effort at all. An attacker armed with this knowledge will easily bypass security software using any number of tools.

As Microsoft's antimalware solution is Windows 10's first line of defense, it's the subject of a lot of excellent security research. This article will provide a brief introduction to how attackers will evade it entirely.

What Is Antimalware Scan Interface (AMSI)?

The backbone of Microsoft's antimalware, introduced in... more (Null Byte « WonderHowTo)

Is Elon Musk Over-Hyping His Brain-Hacking Neuralink Tech?

(News ≈ Packet Storm)

FBI Worried That Ring Doorbells Are Spying On Police

(News ≈ Packet Storm)

Iranian Hackers Are Selling Access To Compromised Companies

(News ≈ Packet Storm)

Remote Code Execution Is Only Worth $1,750 To Slack?

(News ≈ Packet Storm)

Using assert() to Execute Malware in PHP 7 Environments

Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why attackers are creating malware to target environments which leverage it. During a recent investigation, our team stumbled across some malicious code which is used to inject a .user.ini file into a PHP 7 environment and add zend.assertions = 1. Continue reading Using assert() to Execute Malware in PHP 7 Environments at Sucuri Blog. (Sucuri Blog)

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months (825 days).

In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) from their (The Hacker News)

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device.

"An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

"A successful (The Hacker News)

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites. (Threatpost)

U.S. Voter Databases Offered for Free on Dark Web, Report

Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort. (Threatpost)

Magecart Credit-Card Skimmer Adds Telegram as C2 Channel

In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals. (Threatpost)


/security-daily/ 02-09-2020 23:44:23