All about Security, News, Events and Incidents

Backdoor in Chinese routers (Jetstream, Wavelink, Ematic)
Posted on November 24, 2020 by Günter Born

​

A security researcher has come across a hidden back door that is built into Chinese routers from various companies (Wavlink, Jetstream). Not only can the router be controlled via the backdoor, it can also penetrate the network of the device owner behind it. The devices are sold on Amazon, eBay and other platforms as well as at the US retailer Walmart. I don't know how much the routers are being sold in Germany. A quick search on Amazon for Ematic routers (or other device names) brought me hits.

300,000+ Spotify accounts hacked
Posted on November 24, 2020 by Günter Born

​

Customers of the music streaming service Spotify may have a problem. Hackers have used a database of 380 million records of credentials and personal information from various sources to crack Spotify accounts and have arguably succeeded with more than 300,000 users.

 

"Your Computer Isn't Yours"

- On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

- in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.

- This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns.

---

This was first mentioned by @kojack here - http://forum.notebookreview.com/thr...indows-10-should-read-this-macos-nope.834626/ and @Papusan here - http://forum.notebookreview.com/thr...eaves-os-x-behind.833383/page-4#post-11059344 , so Kudos to then.

I didn't realize how much data Apple is collecting on users with their invasive operating system!

https://sneak.berlin/20201112/your-computer-isnt-yours/

 

may as well embrace it and adjust now, while there's still time to do so--while it still feels like a "choice" to accept these things. the day is not far off when there will quite literally be no question of this being not only the norm, but in fact, the precedent to be expected.

sorry to say it, and i know it sounds cynical and pessimistic, but singularity is no theoretical possibility anymore. the great wheel of progress grinds on, and the dusty road is paved with crushed souls and broken dreams. remember when digital currency was a fringe joke, microchip implantation was laughable? as tech buffs, sci-fi fans, nerds, gamers, you know better than any where the road of the future leads. just as we look at jules verne now and are entirely unfazed (not merely "hmm this is reality now!", but actually "yeah...and..? so what?"), soon we will be looking at huxley without blinking either.

the best way forward is make it as bright as we can, even in the face of a society where your number, your credit, and your online presence are inseparable from your humanity

 

Microsoft & Google are abused for phishing
Posted on 2020-12-04 by guenni
Check Point security researchers are currently seeing a sharp increase in phishing emails that use well-known brands to disguise the fraud. Here’s some information I’ve received from Check Point warning against fake emails on behalf of Microsoft and Google.

Here, the main type of fraud is that fake messages ask users to reset or enter their access data for Microsoft accounts, which allows hackers to gain possession of them.

Phishing e-mail for account verification of ‘Microsoft Accounts Team’.

In a video in the series called How to secure your remote workforce, Maya Horowitz, Check Point’s Director of Threat Research and Intelligence, explains the threat. Using a real-life case – the hacker group called Florentine Banker – reported on Check Point in April, she shows what a fake email can actually do. Read all about the investigation of brand abuse in the context of phishing in this blog post.

 

SECURITY, MICROSOFT
Microsoft: New malware can infect over 30K Windows PCs a day bleepingcomputer.com | Today

Microsoft has warned of an ongoing campaign pushing a new browser hijacking and credential-stealing malware dubbed Adrozek which, at its peak, was able to take over more than 30,000 devices every day.


-----------------------------------------------------------

Steam gaming platform with serious security gaps
Posted on December 11, 2020 by Günter Born
The Steam gaming platform has serious weaknesses. Check Point security researchers have found that attackers can exploit the bugs they find to repeatedly crash a player's session. But it is also possible to take over a victim's computer or to infect all other computers connected to a third-party server.

-----------------------------------------------------------

FireEye hacked, Red Team tools stolen
Posted on 2020-12-09 by guenni
[German]It is the absolute disaster for the partly CIA-owned security company FireEye. Suspected state hackers have penetrated their internal networks to search for customer data, but have also stolen their Red Team tools.

FireEye: Sorry, we are hacked
In a statement titled Unauthorized Access of FireEye Red Team Tools, FireEye admitted a hack on December 8, 2020. The message reads:

A sophisticated, state-sponsored adversary stole FireEye Red Team tools. Since we believe that an opponent possesses these tools, and we don’t know if the attacker intends to use the stolen tools himself or to make them public, FireEye is publishing hundreds of countermeasures in this blog post to enable the broader security community to protect themselves against these tools.​

 

US cybersecurity agency warns suspected Russian hacking campaign broader than previously believed - CNNPolitics
US government agencies breached by Russian-linked hackers

US government agencies breached by Russian-linked hackers 01:30
An alarming new alert issued by the Department of Homeland Security's cyber arm Thursday revealed that Russian hackers suspected of a massive, ongoing intrusion campaign into government agencies, private companies and critical infrastructure entities used a variety of unidentified tactics and not just a single compromised software program.


US cybersecurity agency warns of 'grave risk' from massive hack


U.S. Agencies Hit in Brazen Cyber -Attack by Suspected Russian Hackers

 

Microsoft Was Exposed to SolarWinds as Hack Widens

 

SovietWinds?

 

Microsoft president calls SolarWinds hack an “act of recklessness”
Microsoft president calls SolarWinds hack an “act of recklessness” | Ars Technica




Microsoft was breached in SolarWinds cyberattack, in what one exec calls 'a moment of reckoning' - MarketWatch

 

SECURITY
Critical bugs in Dell Wyse ThinOS allow thin client take over bleepingcomputer.com | Dec 21, 2020

Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files...

Thin clients are small form-factor computers used for remote desktop connections to a more powerful system. They are popular with organizations that don't need computers with high processing, storage, and memory on the network.

It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks...

Dell has released ThinOS 9.x to address these issues. However, some of the affected models can no longer be upgraded:

• 
  
  
  • Wyse 3020
  • Wyse 3030 LT
  • Wyse 5010
  • Wyse 5040 AIO
  • Wyse 5060
  • Wyse 7010

CyberMDX recommends that organizations with the models above deployed on their networks disabled the use of FTP for the update procedure and rely on an alternative method for the task.

-------------------------------------------------------------------

2nd backdoor found on infected SolarWinds systems borncity.de posted on 2020-12-22 by guenni
Security researchers and forensic experts have found two other malware variants, Supernova and CosmicGale, in systems infected with the SunBurst Trojan via SolarWinds Orion software. Security researchers suspect that there is a second hacking group at work.