Hacking News
-
Every now and then a company gets hacked, and some guys request a little money for that.
Latest Big Victim is now German car parts manufacturer Continental. 40 Terabyte of data were "stolen". The original request was 50 million $, currently hackers are down at 40, but the company still refuses to pay.
An article from the FAZ in German (news in English may be available too, but
):
Conti und KPMG spüren den Hackern nach
Mit Hilfe externer Spezialisten analysiert der Autozulieferer das Ausmaß seines Datenlecks. Aufsichtsrat und Behörden machen Druck – und die Angreifer melden sich mit neuen Forderungen.
-
And also the University Essen-Duisburg is offline since the weekend:
Die Universität Duisburg-Essen ist derzeit nach einem Hacker-Angriff nicht erreichbar. Solche Attacken dürften zunehmen.
-
„Überlastete, unterbesetzte IT-Sicherheitsteams machen zwangsläufig Fehler“
I know the solution to that one from my employer!
Actually competent staff is expensive, so instead invest into a pile of highly-paid consultants (medium-cheap price level) and a high-profile new manager of IT security (overpaid relative to their competence level) to come up with some really dumb policies that fix nothing and annoy everybody.
That way, everybody up there can pat themselves on the back for having responded and done things (and they have a fall guy for when shit inevitably goes south, because all the annoying rules cause staff to regularly bypass the rules to get routine work done).
-
@cvi said in Hacking News:
to come up with some really dumb policies that fix nothing and annoy everybody.
Speaking of those, our development environment deploy process recently went from
- start in-house tool by clicking shortcut/double-clicking app icon
- enter ticket identifier
- Hit go.
- Wait.
To
- Log into AWS area, including external 2FA (authenticator app, hardware token, etc).
- Navigate to one particular place.
- Copy environment variables that include a short-expiration token
- Open a new shell.
- Paste in the environment variables
- From that new shell, launch the in-house tool via
open path/to/appBundle.app - enter ticket identifier
- Hit Go.
- Wait.
And that's not the worst thing--if you then later need to tear down an environment or do anything else with them and it's been more than about 10 minutes, instead of just hitting a window in that same in-house tool window you had open, you have to
- close the in-house tool, it's timed out and can't be reused. It won't tell you that, but just will silently fail because the short-lived token is no longer valid.
- Go through the entire flow above (although the logins to AWS last a little longer--you might get a whole day before having to re-auth), including getting all the new environment variables.
And no, you can't just make an alias, because that token is one-use-only. And can only be gotten (for now) by clicking on the site, we don't have it set up for programmatic access.
-
@BernieTheBernie said in Hacking News:
And also the University Essen-Duisburg is offline since the weekend:
Die Universität Duisburg-Essen ist derzeit nach einem Hacker-Angriff nicht erreichbar. Solche Attacken dürften zunehmen.
"After a 
hacker attack"
The usual terminology. Sounds very sophisticated, like North Korean 0day-wielding elite hacking squads had targeted the university and taken it down—when what actually happened is that someone clicked on something they shouldn't have clicked on and that shit hit the fan called Windows+Exchange+AD.It's not like they didn't have experience with this:
Lessons Learned, from TFA:
- Raise awareness
- Give a talk
- We took a series of technical measures, such as improving our Active Directory (the aim is to prevent attackers from taking over the entire system) (yeah, that worked great)
-
@Benjamin-Hall said in Hacking News:
although the logins to AWS last a little longer--you might get a whole day before having to re-auth
I haven't entered password and/or the second factor to the Azure login for, well, since last password change since we still have the anti-security policy of changing password every half a year.
I believe keeping some app that is logged in open in a tab helps (as it can redeem the refresh token periodically; for a while I even had a browser plugin periodically reload web outlook because it refreshed the token when used, but not when left to sit idle; I think they changed that since).
-
Security researchers tried to analyze a botnet. But when they entered a command, they forgot aspacebetween an url and the port:
!bigdata www.bitcoin.com443 / 30 3 3 100
and
the botnet has gone...
Because it lacked a routine for sanitizing user input.
Cmon, that's real software development, we could also say
BEST PRACTICE
l+f: Sicherheitsforscher legen aus Versehen gesamtes Botnet KmsdBot lahm
Wie ein Typo kriminellen Machenschaften das Handwerk legt.
-
-
Wanna get a different car? Just need to know the email address of the current owner. Or read the Vehicle Identification Number. Then send that via the vendor specific app to the car.
Auto-Diebstahl: Sicherheitsforschern genügt E-Mail-Adresse als Zündschlüssel
Hyundai, Toyota, Nissan: Wegen Schwachstellen in Auto-Apps und einer Smart-Vehicle-Plattform könnten Diebe Autos mehrerer Marken knacken.
Actually ...
@BernieTheBernie said in Internet of shit:Gretaest Ideas of Our Era #7: App Connected Cars
Top: "Thanks to this app, I can move the new Forpel out of its parking slot."
Bottom: "Unfortunately, it's not my car."
-
And now some schools in Karlsruhe got hacked. Ransomware. About 2 Bitcoin ($40k) per school requested:
(in German)
Cyberattacken auf sieben Schulen in Karlsruhe
Unbekannte Angreifer konnten IT-Systeme von mehreren Schulen in Karlsruhe mit Malware infizieren.
-
@BernieTheBernie said in Hacking News:
. About 2 Bitcoin
If they wait for an opportune time, they might just get away with minimal spend!
-
Dish is offline:
https://www.bleepingcomputer.com/news/security/dish-network-goes-offline-after-likely-cyberattack-employees-cut-off/
My dishwasher does not connect to the internetz anyway. And after washing, dish are not hung on a line for drying. So, an american problem only.
-
@BernieTheBernie oh, man...we had them for a while back before FiOS showed up. Good times.
-
Some news from a Hacking Contest. Have fun with it!
https://www.bleepingcomputer.com/news/security/windows-11-tesla-ubuntu-and-macos-hacked-at-pwn2own-2023/
-
@BernieTheBernie said in Hacking News:
win ... a Tesla Model 3.
Aren't these guys white-hats? Why are they being punished like that?
-
@HardwareGeek a good battery pack is hard to come by.
-
@Gustav Just using it as a UPS would be hilarious.
-
@cvi the point of UPS is to increase reliability. Adding a Tesla to the system can only decrease it.
-
@Gustav said in Hacking News:
@cvi the point of UPS is to increase reliability. Adding a Tesla to the system can only decrease it.
Unless it's the UPS that's delivering stuff. A Tesla is insignificant next to the power of the Delivery Distortion Force.
-
@BernieTheBernie said in Hacking News:
Some news from a Hacking Contest. Have fun with it!
https://www.bleepingcomputer.com/news/security/windows-11-tesla-ubuntu-and-macos-hacked-at-pwn2own-2023/The first to fall was Adobe Reader in the enterprise applications category
-
article @Bernie The Bernie said in Hacking News:
Some news from a Hacking Contest. Have fun with it!
https://www.bleepingcomputer.com/news/security/windows-11-tesla-ubuntu-and-macos-hacked-at-pwn2own-2023/successfully hacked Ubuntu Desktop with a previously known exploit
am I reading this wrong or are they saying there's money to be made in hacking unpatched systems?
-
Yes. Some people pay money when you show them you can break their stuff.
So you're potentially a millionaire.
-
@Zerosquare said in Hacking News:
potentially
Now to get the right people to recognize and award this potential...
-
Evil haxx0rgangztaz have cybered our Critical Infrastructuresâ„¢!
Not.
-
@LaoC said in Hacking News:
Evil haxx0rgangztaz have cybered our Critical Infrastructuresâ„¢!
Not.GWKB's LawHanlon's Razor is undefeated
-
The next victim: NCR.
https://www.bleepingcomputer.com/news/security/ncr-suffers-aloha-pos-outage-after-blackcat-ransomware-attack/
-
@BernieTheBernie said in Hacking News:
The next victim: NCR.
https://www.bleepingcomputer.com/news/security/ncr-suffers-aloha-pos-outage-after-blackcat-ransomware-attack/Ransomware in the data center
POS alright.
But our ATMs are secure!!!!
-
Anyone using the MyCloud service here?
https://twitter.com/AlvieriD/status/1652173436888784896?cxt=HHwWgIC90Ze_2e0tAAAA
WD got hacked for the umpteenth time. This time, not only did "Black Cat" copy 10 TB of customer data including their SAP DB, they also infiltrated the crisis meeting
-
German IT service provider Bitmarck - which provides services for public health care insurances - got hacked.
IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack
German IT services giant Bitmarck has taken customer and internal systems offline following a cyberattack.
Oh, btw, it was quite some effort to find an English article on it (my poor
!), but that search turned out articles on another hack back in January:
BITMARCK Faces Data Breach, German Insurer Information at Risk
German-managed IT service provider BITMARCK has been listed on a dark web data leak forum. A threat actor has shared sensitive data online.
They seem to be a valuable victim.
-
421 million downloads: what an achievement for the SpinOk Marketing SDK - which actually is a malware (
?).
Android apps containing SpinOk module with spyware features installed over 421,000,000 times
Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance...
-
I said I want off! Stop the train, fuckers!
If you've got a modern Gigabyte motherboard there's a BIOS setting you need to disable to avoid PC's latest security calamity
Gigabyte is also in the process of uploading beta BIOS fixes which should mitigate the issue.
The whole thing takes place during the Windows startup process where the Gigabyte updater, without any input from the user, can go off and download and then execute payloads from different locations on the internet.
But wait... there's more!
The fact that one of those locations is on an insecure HTTP address makes it easily compromised by a so-called Machine-in-the-middle attack. Though Eclypsium also notes that even on the HTTPS locations the actual remote certificate validation (the part that should theoretically make it more secure) isn't implemented properly, which makes them vulnerable to the same sort of attack, too.
(https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/)
-
@BernieTheBernie said in Hacking News:
SpinOk Marketing SDK - which actually is a malware (
?).That's implied by the name
-
-
@Gustav Bigot.
-
@Gustav said in Hacking News:
@Applied-Mediocrity said in Hacking News:
a so-called Machine-in-the-middle attack
cringe
and you don't want to piss of the girl-in-the-middle by misgendering her 
-
A new way of infecting iPhones has been detected by Kaspersky.
https://usa.kaspersky.com/blog/triangulation-attack-on-ios/28444/
-
@Gustav said in Hacking News:
@Applied-Mediocrity said in Hacking News:
a so-called Machine-in-the-middle attack
cringe
Yes. No. Maybe. I don't know. Can you repeat the question?
-
@BernieTheBernie said in Hacking News:
421 million downloads: what an achievement for the SpinOk Marketing SDK - which actually is a malware (
?).
Android apps containing SpinOk module with spyware features installed over 421,000,000 times
Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance...
Upon initialization, this trojan SDK connects to a C&C server
Who doesn't love a bit of Command & Conquer?
-
@Atazhaia said in Hacking News:
Command & Conquer
Did you spell that correctly?
I mean,command and con queerwon't be such an odd choice on WTDWTF.
-
@Atazhaia said in Hacking News:
@BernieTheBernie said in Hacking News:
421 million downloads: what an achievement for the SpinOk Marketing SDK - which actually is a malware (
?).
Android apps containing SpinOk module with spyware features installed over 421,000,000 times
Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance...
Upon initialization, this trojan SDK connects to a C&C server
Who doesn't love a bit of Command & Conquer?
Nobody here but us trees!
-
@LaoC said in Hacking News:
@Gustav said in Hacking News:
@Applied-Mediocrity said in Hacking News:
a so-called Machine-in-the-middle attack
cringe
and you don't want to piss of the girl-in-the-middle by misgendering her Now that I think about it, the actor doing the MitM is usually called Eve.Wrong. Eve only eavesdrops. MitM is done by Mallory.
-
-
Next victim: Deutsche Leasing, the leasing company of the Sparkasse group of banks.
I could not find an english article about that, so translate the news from heise.de:
Cyber-Angriff: IT der Deutsche Leasing seit Samstag offline
Bei Deutsche Leasing, einer großen Leasinggesellschaft zahlreicher Sparkassen, kam es am Samstag zu einem Cyber-Angriff. Die IT-Systeme wurden abgeschaltet.
-
@BernieTheBernie I recognise the word "offline" in the embed. For the rest:
-
@Zecc
Something Saturday offline. "Deutsche Leasing's IT offline since Saturday"?"Deutsche Leasing, a large—" ... oh, now you're just making up words.
-
@Watson I recognise gesellschaft, in there so… large “leasing companyâ€.
C’mon, we can crowdsource the translation, distributed fashion!
-
I recognize Angriff, so... "cyberattack"
Filed under: Der Angriff Steiners war ein Befehl!
-
@Applied-Mediocrity said in Hacking News:
I recognize Angriff, so... "cyberattack"
Filed under: Der Angriff Steiners war ein Befehl!
-
@LaoC Skriptstaffeln
-
Next victim: a service provider of Barmer health insurance. Data leaked contain full name, bank account number, health insurance number, premiums gained.
Article in German:
eHealth-Datenleck: Barmer-Kundendaten bei externem Dienstleister erbeutet
Ein IT-Dienstleister der Krankenkasse Barmer muss ein Sicherheitsleck eingestehen. Kundendaten aus dem Bonusprogramm sind dadurch in unbefugte Hände gelangt.
Interview: How the University of Duisburg-Essen (UDE) prevented a ransomware attack - GÉANT Security
