Archive for Hacked

Malware Exploiting Spectre & Meltdown CPU Flaws Appears

Posted in Commentary with tags on February 5, 2018 by itnerd

This is very bad news that has come to light via SecurityWeek:

Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks… On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies… Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. “Most likely, malicious purposes at some point,” he said.

Now I am not shocked by this at all as these two CPU flaws got a ton of coverage in the media. Which meant it was only a matter of time before someone tried to exploit them. That makes the screw ups in trying to patch these holes, along with the non-action by some companies in not patching these holes a big issue. Thus pretty much everyone who runs a computer could be in very deep trouble very soon.


Prince Albert Police Website Defaced By Hackers

Posted in Commentary with tags on November 8, 2017 by itnerd

For the benefit of those outside Canada, Prince Albert is third-largest city in the province of Saskatchewan. It’s also where the website for the local police force was defaced by hackers claiming to be doing this on behalf of the terrorist group known as ISIS:

The website early Wednesday displayed the message “I Love Islamic state” and played an audio track with a man speaking in Arabic. The speech is propaganda for fundamentalist and violent actions, addressed to Muslims and glorifying ISIS fighters.  

A group named Team System Dz claims responsibility for the hacking. The group has been behind other such incidents in Canada. 

Now let me be clear. While defacing a website is technically hacking, it’s the digital equivalent of painting the side of a building with graffiti. While some skill is involved, the people behind this aren’t exactly people with 3l173 h4ck3r 5k1llz (elite hacker skills in leet speak). Now if they used this as a gateway to pull off something like take over the Prince Albert Police network, leak data or something along those lines, then I’d be impressed. But as it stands at present, while this is embarrassing to the Prince Albert Police, the pwnage was not epic. Though I will note that Team System Dz seems to be very good at this since they popped onto the radar in 2014 as they’ve been responsible for doing this sort of thing about 300 times globally from my research. Thus I guess they deserve their notoriety for the scale of their activities if nothing else.

Backdoor in CCleaner Infects Windows Users With Malware

Posted in Commentary with tags on September 18, 2017 by itnerd

Avast has advised users of its CCleaner which is an optimization application for Windows to immediately update their software after discovering a backdoor in the tool. Here’s what Forbes had to say:

The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.

Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.

The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

Now it’s really embarrassing when an anti-virus company has one of its own products be a vehicle for malware. Clearly someone over at Avast was asleep at the switch. If you’re a Windows user who uses this software, I’d be dumping it right now and following these directions to see if you were infected. Then you should install(if you must) to the latest version which is available for download here.

Latest Game Of Thrones Episode Leaked

Posted in Commentary with tags on August 4, 2017 by itnerd

It seems that HBO has a new problem which comes hot off the heels of getting pwned earlier this week by hackers. The upcoming episode of Game Of Thrones has been leaked. It’s apparently a low quality screener copy. But the fact that even that got leaked is what matters because it came from a distribution partner rather than the hack that happened this week. Clearly, they have some issues both inside and outside that they have to deal with. And they likely need to deal with them fast to keep from being in the news for all the wrong reasons.

White House Staffers Pwned By Prankster Via Email

Posted in Commentary with tags on August 1, 2017 by itnerd

Cyber security was supposed to be a top of mind item for the folks running the US right now. But if I had to grade them on their efforts, that grade would be “F” based on the news that White House staffers fell victim to a social engineering attack:

A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited.

“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”

Bossert wrote back: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted).

Bossert did not respond to CNN’s request for comment; the email prankster said he was surprised Bossert responded given his expertise. The emails were shared with CNN by the email prankster.

Now, you’re likely wondering what the big deal is. As famed hacker Kevin Mitnick pointed out in his book The Art Of Deception, all the firewalls and security software in the world won’t save you from someone who leverages people to get the information that they want from computer systems. Thus, if this wasn’t a prankster, but instead it was a nation state looking to pwn the White House, the lack of security awareness by these people could be catastrophic.

It looks like the US Government needs some remedial education when it comes to cyber security.

Game Of Pwns: Hackers Pwn HBO

Posted in Commentary with tags on August 1, 2017 by itnerd

Hackers are clearly fans of HBO as EW is reporting that HBO has been pwned by hackers and info related to the network has been leaked:

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” the network confirmed in a statement. “We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

Hackers claimed to have obtained 1.5 terabytes of data from the company. So far, an upcoming episode of Ballers and Room 104 have apparently been put online. There is also written material that’s allegedly from next week’s fourth episode of Game of Thrones. More is promised to be “coming soon.” 

I guess that winter has come for HBO.

It appears that the hackers are looking for fame and not fortune. At least for now because no ransom demand has been made. But this is part of a trend of movie and TV studios and networks being pwned by hackers to leak content. After all, content is king.

Trump Hotels Get Pwned By Hackers

Posted in Commentary with tags , on July 12, 2017 by itnerd

I wrote a while ago that Trump hotels had poorly secured WiFi that potentially made them easy to pwn by hackers. Now a report has surfaced that 14 Trump properties have been pwned by hackers, and in the process underscoring how insecure Trump properties seem to be from an IT perspective:

Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels.

The latest instance occurred between August 2016 and March 2017, according to a notice on the company’s website, and included guest names, addresses and phone numbers, as well as credit card numbers and expiration dates. The breach took place on the systems of Sabre Hospitality Solutions, a reservation booking service used by Trump Hotels, but did not compromise the Trump Hotels’ systems.

“The privacy and protection of our guests’ information is a matter we take very seriously,” the notice said, adding that Trump Hotels was notified of the breach on June 5. Trump Hotels declined to comment beyond what was posted in the notice.

The story goes on to show that Trump properties have had a long history of epic pwnage by hackers. Not only that, they’ve been slapped by governments like New York State for being so pwnable and not reporting data breaches promptly. Now hotels are a popular target for hackers wishing to swipe credit card data. But it seems that Trump hotels are a really popular target for whatever reason. Thus it might be a good idea to avoid staying in a Trump hotel if you value your credit card data.