Document-signing service Docsketch discloses security breach

ZDNet

Image: Docsketch website

Electronic document-signing service Docsketch is notifying customers about a security breach that took place over the past summer.

In an email sent to customers and seen by ZDNet, the company said that an unauthorized third-party gained access to a copy of its database in early August this year.

The database file contained a snapshot of the Docsketch service dated July 9, 2020, the company said.

Full article

Chinese hacker group spotted using a UEFI bootkit in the wild

ZDNet

Image: Soviet Artefacts, ZDNet

A Chinese-speaking hacking group has been observed using a UEFI bootkit to download and install additional malware on targeted computers.

UEFI firmware it is a crucial component for every computer. This crucial firmware inside a flash memory bolted to the motherboard and controls all the computer’s hardware components and helps boot the actual user-facing OS (such as Windows, Linux, macOS, etc.).

Attacks on UEFI firmware are the Holy Grail of every hacker group, as planting malicious code here allows it to survive OS reinstalls.

Nonetheless, despite these benefits, UEFI firmware attacks are rare because tampering with this component is particularly hard as attackers either need physical access to the device or they need to compromise targets via complex supply chain attacks where the UEFI firmware or tools that work with UEFI firmware are modified to insert malicious code.

Full article

Twitter removes 130 Iranian accounts for trying to disrupt the US Presidential Debate

ZDNet

Image via CBS News YouTube channel

Social networking giant Twitter said today that it removed around 130 Iranian Twitter accounts for attempting to disrupt the public conversation during last night’s first Presidential Debate for the US 2020 Presidential Election.

Twitter said it learned of the accounts following a tip from the US Federal Bureau of Investigations.

We identified these accounts quickly, removed them from Twitter, and shared full details with our peers, as standard, the social network said today.

They [the accounts] had very low engagement and did not make an impact on the public conversation, it added.

Full article

North Korea has tried to hack 11 officials of the UN Security Council

ZDNet

Image: Llyass Seddoug

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.

The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.

UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).

Full article

Pastebin adds ‘Burn After Read’ and ‘Password Protected Pastes’ to the dismay of the infosec community

ZDNet

Image: Pastebin

Pastebin, the most popular website where users can share small snippets of text, has added two new features today that cyber-security researchers believe are going to be widely and wildly abused by malware operators.

Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password.

None of the two features are original, as they have been present on many paste sites for years.

However, they are new to Pastebin, which is, by far, today’s most popular pastes portal, being ranked in the Alexa Top 2,000 most popular sites on the internet.

Full article

Twitter prepares for US election with new security training, penetration tests

ZDNet

Image via Yucel Moran

Twitter said today it’s been working over the past months to bolster its internal security by requiring staff to go through additional security training, engaging in penetration tests, and by deploying hardware security keys to all employees.

The measures announced today are part of Twitter efforts to prevent a repeat of the July 2020 hack during the US presidential election later this fall.

In July this year, hackers phished Twitter staffers, gained access to its internal platform, and then tweeted a cryptocurrency scam via high-profile and verified accounts. Some of the defaced accounts belonged to political figures, including presidential candidate Joe Biden.

Twitter learned a hard lesson in July, but in a blog post today authored by Parag Agrawal, Twitter Chief Technical Officer, and Damien Kieran, Twitter Data Protection Officer, the company said it learned its lesson and has taken corrective actions.

Full article

Microsoft secures backend server that leaked Bing data

ZDNet

Microsoft has suffered a rare cyber-security lapse earlier this month when the company’s IT staff accidentally left one of Bing’s backend servers exposed online.

The server was discovered by Ata Hakcil, a security researcher at WizCase, who exclusively shared his findings with ZDNet last week.

According to Hakcil’s investigation, the server is believed to have exposed more than 6.5 TB of log files containing 13 billion records originating from the Bing search engine.

The Wizcase researcher was able to verify his findings by locating search queries he performed in the Bing Android app in the server’s logs.

Full article

FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers

ZDNet

The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia’s military hackers.

The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks.

Based on the evidence the two agencies have collected, FBI and NSA officials claim the malware is the work of APT28 (Fancy Bear, Sednit), a codename given to the hackers operating out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS).

Through their joint alert, the two agencies hope to raise awareness in the US private and public sectors so IT administrators can quickly deploy detection rules and prevention measures.

Full article

Microsoft out of race to purchase TikTok as US ban draws near

ZDNet

The owner of controversial video-sharing app TikTok has a September 15 deadline to either sell to a US company or see the service banned from the US market, following President Donald Trump’s executive order that labelled the platform as a national emergency.

Microsoft threw its hat in the ring prior to the official announcement from the president, saying it wanted to scoop up TikTok and add world-class security, privacy, and digital safety protections to the app if it did.

It soon reportedly joined forces with Walmart to co-bid for the Chinese company’s US, Canadian, Australian, and New Zealand operations.

Microsoft officials had characterised the discussions as preliminary, noting it was not intending to provide any further updates on the discussions until there was a definitive outcome.

But in approaching the deadline, ByteDance said it would not include TikTok’s algorithm as part of the sale, according to a South China Morning Post report. The Chinese company has also told Microsoft it would not be its new owner.

Full article