Google said today that a North Korean government hacking group has targeted members of the cyber-security community engaging in vulnerability research.
The attacks have been spotted by the Google Threat Analysis Group (TAG), a Google security team specialized in hunting advanced persistent threat (APT) groups.
In a report published earlier today, Google said North Korean hackers used multiple profiles on various social networks, such as Twitter, LinkedIn, Telegram, Discord, and Keybase, to reach out to security researchers using fake personas.
Email was also used in some instances, Google said.
“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project,” said Adam Weidemann, a security researcher with Google TAG.
The Mozilla Firefox 85 web browser is now available for download, ahead of its official unveiling on January 26th, for all supported platforms, including GNU/Linux, macOS, and Windows.
Firefox 85 has been in development since mid-November 2020 when it entered the Nightly channel and landed in the beta channel on December 15th, when Mozilla released the Firefox 84 web browser as the last release to ship with support for Adobe’s now deprecated Flash Player plugin.
A well-known hacker has leaked this week the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher.
The dating site’s data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases.
The leaked data, a 1.2 GB file, appears to be a dump of the site’s users database.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.
On January 12, just after 8:15 am local time, computers started to malfunction at the Dalian Train Operation Depot in northeast China. The dispatcher’s browsers weren’t loading train schedule details. Six hours later, dispatchers also lost the ability to print train data from the web app. According to the depot’s account on Weibo and WeChat, and a follow up post a couple of days later, the system flickered on and off for 20 hours before IT staff finally stabilized it. The culprit appears to have been a seismic, but not unforeseen, shift on the internet: the death of Adobe Flash Player.
As 2020 came to a close, Adobe fully ended support for its infamous yet nostalgia-laced multimedia platform. On January 12, Adobe took things a step further, triggering a kill switch it had been distributing in Flash updates for months that blocks content from running in the player—essentially rendering the software inoperable. The company had warned about the transition for years, while browsers like Chrome and Firefox gradually nudged users toward other standards. Apple spent a full decade attempting to wean web developers off of Flash. But organizations like the Dalian Depot didn’t get the memo. Frantic staffers ended up pirating old versions of the software, even modifying them to run on all different versions of Windows to stabilize the system.
Twenty-plus hours of fight. No one complained. No one gave up. In solving the Flash problem, we turned the glimpse of hope into the fuel for advancement, officials wrote in a post mortem, as translated by journalist Tony Lin.
The Dalian Depot incident speaks to the reality that Flash is not really dead yet, and will persist untouched—and sometimes unbeknownst to anyone—in networks around the world. Mainland China is the only region of the world where Flash will still be officially available through a distributor that Adobe partnered with in 2018. But some users have complained about problems with the dedicated Chinese version of the program and have found workarounds to keep using the regular edition.
After decades of abuse by hackers, particularly those running “malvertising” ad schemes, Flash installations—whether forgotten or intentionally maintained—could expose networks for years to come. Versions of the software that haven’t been updated recently don’t have the kill switch inside, after all. And because Adobe isn’t supporting the software anymore, there won’t be security patches for any new Flash vulnerabilities that come to light.
Networking device maker SonicWall said on Friday night that it is investigating a security breach of its internal network after detecting what it described as a coordinated attack.
In a short statement posted on its knowledgebase portal, the company said that highly sophisticated threat actors targeted its internal systems by exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.
The Russian government has issued a security alert on Thursday evening warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.
The Russian government’s response comes after comments made by the new Biden administration earlier in the day.
Answering questions about their plans on the SolarWinds hack, new White House officials said they reserved the right to respond at a time and manner of their choosing to any cyberattack.
Moscow’s response to this comment came hours later in the form of a security bulletin published by the National Coordination Center for Computer Incidents (NKTSKI), a security agency founded by the Russian Federal Security Service (FSB), Russia’s internal security and intelligence agency.
The short statement cited the Biden administration’s comments, interpreted as threats, and provided a list of 15 security best practices that businesses should adhere to in order to remain safe online.
At noon on January 20, 2021, Joseph R. Biden, Jr. was sworn in as the 46th President of the United States, and he and his staff took over the business of running the country.
The tradition of a peaceful transfer of power is as old as the United States itself. But by the time most of us see this transition on January 20th, it is mostly ceremonial. The real work of a transition begins months before, usually even before Election Day, when presidential candidates start thinking about key hires, policy goals, and legislative challenges. After the election, the Presidential Transition Act provides the president-elect’s team with government resources to lay the foundation for the new Administration’s early days in office. Long before the inauguration ceremony, the president-elect’s team also organizes meetings with community leaders, activists, and non-profits like EFF during this time, to hear about our priorities for the incoming Administration.
A home security technician has admitted he repeatedly broke into cameras he installed and viewed customers engaging in sex and other intimate acts.
Telesforo Aviles, a 35-year-old former employee of home and small office security company ADT, said that over a five-year period, he accessed the cameras of roughly 200 customer accounts on more than 9,600 occasions—all without the permission or knowledge of customers. He said he took note of homes with women he found attractive and then viewed their cameras for sexual gratification. He said he watched nude women and couples as they had sex.
Aviles made the admissions Thursday in US District Court for the District of Northern Texas, where he pleaded guilty to one count of computer fraud and one count of invasive visual recording. He faces a maximum of five years in prison.
Aviles told prosecutors that he routinely added his email address to the list of users authorized to access customers’ ADT Pulse accounts, which allow customers to remotely connect to the ADT home security system so they can turn on or off lights, arm or disarm alarms, and view feeds from security cameras. In some cases, he told customers that he had to add himself temporarily so he could test the system. Other times, he added himself without their knowledge.
Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Netscout said in an alert on Tuesday.
Not all RDP servers can be abused, but only systems where RDP authentication is also enabled on UDP port 3389 on top of the standard TCP port 3389.
Netscout said that attackers can send malformed UDP packets to the UDP ports of RDP servers that will be reflected to the target of a DDoS attack, amplified in size, resulting in junk traffic hitting the target’s system.
This is what security researchers call a DDoS amplification factor, and it allows attackers with access to limited resources to launch large-scale DDoS attacks by amplifying junk traffic with the help of internet exposed systems.
In the case of RDP, Netscout said the amplification factor is 85.9, with the attackers sending a few bytes and generating “attack packets” that are “consistently 1,260 bytes in length.”
An 85.9 factor puts RDP in the top echelon of DDoS amplification vectors, with the likes of Jenkins servers (~100), DNS (up to 179), WS-Discovery (300-500), NTP (~550), and Memcached (~50,000).