New Bluetooth hack can unlock your Tesla—and all kinds of other devices

arstechnica.com/information-te

[The] attack uses custom software and about $100 worth of equipment... It works against the Tesla Model 3 and Model Y and Kevo smart locks marketed under the Kwikset and Weiser brand names. But...virtually any BLE device that authenticates solely on proximity—as opposed to also requiring user interaction, geolocation querying, or something else—is vulnerable.

Don't copy-paste commands from webpages — you can get hacked

bleepingcomputer.com/news/secu

"It isn't unusual to copy commonly used commands from a webpage and paste them into applications, a Windows command prompt or a Linux terminal.

"But a webpage could be covertly replacing the contents of what goes on your clipboard, and what actually ends up being copied to your clipboard would be vastly different from what you had intended to copy."

Log4Shell: RCE 0-day exploit found in "log4j2," a popular Java logging package

lunasec.io/docs/blog/log4j-zer

"A 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string.

"Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe."

‘Whole of society’ effort must fight misinformation

apnews.com/article/climate-tec

" is jeopardizing efforts to solve some of humanity’s greatest challenges ... according to a new report from the Aspen Institute that’s backed by prominent voices in and .

"Recommendations ... call for new regulations on social media platforms; stronger, more consistent rules for misinformation 'superspreaders' ... and new investments in authoritative journalism."

Malicious Life Podcast: In Defense of the NSA

cybereason.com/blog/malicious-

"The National Security Agency is one of the world's most formidable and powerful intelligence agencies. Some people fear that the NSA’s advanced capabilities could one day be directed inwards instead of outwards.

"Are those fears justified? Is the NSA more dangerous than it is useful? We spoke at length with Ira Winkler, CISO, Skyline Technology Solutions, who started his career at the NSA."

Facebook catches Iranian spies catfishing US military targets

arstechnica.com/information-te

"[They] pretended to work in the hospitality or medical industries, in journalism, or at NGOs or airlines ... across several different social media platforms. And unlike some previous cases ... that have focused on Iran's neighbors, this latest campaign appears to have largely targeted Americans, and to a lesser extent UK and European victims."

The FBI's seizing one bitcoin wallet won't stop ransomware — but it's a start

nbcnews.com/tech/security/fbis

"[T]he method wasn't restricted to criminals committing the major error of using a U.S. cryptocurrency service when moving around their money. 'Overseas is not an issue for this technique,' [FBI] said.... While actually arresting ransomware hackers would be the best deterrent, stopping their money flow is a big help."

Could A Ban On Ransom Payments Have Stopped The Colonial Pipeline Attack?

npr.org/2021/05/13/996299367/h

"[The] attack is focusing new attention on a potentially radical proposal to stem the growing threat posed by : making it illegal for targets to pay their attackers."

"In what is likely a first, the global insurance company Axa announced last week that it would stop offering policies in France that reimburse customers for extortion payments made to cybercriminals."

Major US pipeline halts operations after ransomware attack

apnews.com/article/ga-state-wi

"The operator of a major pipeline system that transports fuel across the [US] East Coast said Saturday it had been victimized by a ransomware attack and had halted all pipeline operations to deal with the threat.... [The victim] did not say what was demanded or who made the demand. Ransomware attacks are typically carried out by [criminals]."

Facebook says Chinese hackers used platform to hack Uyghurs abroad

nbcnews.com/tech/security/face

"[Crackers] based in used [Facebook] as part of a campaign to hack and spy on diasporas of , the minority group the country has been accused of putting in 're-education' camps.

"[They] used to identify, track and send malicious links to activists, dissidents and journalists living in the U.S., Australia, Canada and Turkey, among other countries...."

Introduces Total Cookie Protection

blog.mozilla.org/security/2021

"Total Cookie Protection works by maintaining a separate 'cookie jar' for each website you visit. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website... thereby eliminating the most pervasive cross-site tracking technique."

Why hot new social app Clubhouse spells nothing but trouble

theguardian.com/commentisfree/

"Clubhouse makes unencrypted recordings of the conversations.... Agora, the company that supplies back-end infrastructure to the Clubhouse app, is based in Shanghai. This means...'a user’s unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government.'"

Yandex said it caught an employee selling access to users' inboxes

zdnet.com/article/yandex-said-

"The Russian company said the employee sold access to 4,887 user email accounts ... for personal gains.

"The company, which did not disclose the employee's name, said the person was 'one of three system administrators with the necessary access rights to provide technical support' for its Yandex.Mail service."

Hackers ′manipulated′ stolen COVID vaccine papers

m.dw.com/en/hackers-manipulate

"Documents and emails about the BioNTech-Pfizer and Moderna vaccines were taken in a cyberattack on the [European Medicines Agency] in December 2020.

"Some of the correspondence had been 'manipulated in a way which could undermine trust in vaccines,' the Netherlands-based agency said."

SolarWinds [crackers] accessed Microsoft source code, the company says

reuters.com/article/BigStory12

"Microsoft said ... one of the accounts 'had been used to view source code in a number of ... repositories.' It added that the account had no ability to modify the code."

"It is not clear how many or specifically which source code repositories the hackers were able to access or how long the hackers were lurking in Microsoft’s systems."

Cybersecurity firm FireEye says it was hacked by a nation state

apnews.com/article/business-ca

"The stolen 'red team' tools — which amount to real-world malware — could be dangerous in the wrong hands. FireEye said there’s no indication they have been used maliciously. But cybersecurity experts say sophisticated nation-state hackers could modify them for future use probing vulnerabilities."

Exploit code for wormable flaw on unpatched Windows devices published online

arstechnica.com/information-te

"Like the flaw exploited by WannaCry and NotPetya.... [it] can be remotely exploited simply by sending maliciously crafted packets to a SMB port connected to the Internet.”

"Independent researcher Troy Mursch said he has been seeing “opportunistic mass scanning” for the vulnerability, an indication that attackers have been scoping out vulnerable networks."

Russian crackers are exploiting bug that gives control of mail servers

arstechnica.com/information-te

"In an advisory published on Thursday, the NSA said that the Sandworm group was actively exploiting a vulnerability in Exim, an open-source mail transfer agent for Unix-based operating systems. Tracked as CVE-2019-10149, the critical bug makes it possible for an unauthenticated remote attacker to send specially crafted emails that execute commands with root privileges."

Germany confronts Russian ambassador over cyberattack

apnews.com/fabe13acc73789b39df

"Germany said Thursday it is seeking EU sanctions against a Russian man over his alleged role in the hacking of the German parliament at a time when evidence shows he was working for Russian intelligence.... [He] was already being sought by U.S. authorities and is believed to be part of the [cracker] group known as APT28, or Fancy Bear."

Hackers infect multiple game developers with advanced malware 

arstechnica.com/information-te

"Based on the people and organizations Winnti targets, researchers have tied the group to the Chinese government. Often, the hackers target Internet services and software and game developers with the objective of using any data stolen to better attack the ultimate targets."

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.