Zicutake [Audio]

USAComment.com
Zicutake USA Comment | Search Articles










Zicutake Formation University:

USAComment.com | Search Articles of Onion.to
Search Articles of Onion.to:

Shorten that long URL into a tiny URL:
Example, enter the url: http://zicutake.usacomment.com = Tinyurl.com/hox5dyn


USAComment.com | TALK

 
Tweets by Zicutake


SEND YOUR HISTORY:

Contact Us

Sunday, December 3, 2017

#Security

#Security


PayPal-owned company TIO Networks data breach affects 1.6 million customers

Posted: 03 Dec 2017 08:25 AM PST

PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, that affected 1.6 million customers.

PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, hackers have accessed servers that stored information for 1.6 million customers.

The company TIO Networks was recently acquired by PayPal for $238 million, it is a Canadian firm that runs a network of over 60,000 utility and bills payment kiosks across North America.

On November 10, PayPal suspended the operations of TIO’s network due to the discovery of "security vulnerabilities” affecting the TIO platform and issues with TIO's data security programme that does not follow PayPal's security standards.

"While we apologise for any inconvenience this suspension of services may cause, the security of TIO's systems and the protection of TIO's customers are our highest priorities.” said TIO Networks. 

“We are working with the appropriate authorities to safeguard TIO customers.”

"The PayPal platform is not impacted by this situation in any way and PayPal's customers' data remains secure.

“Our investigation is ongoing. We will communicate with TIO customers and merchant partners directly as soon as we have more details. Customer updates will also be posted at www.tio.com."

The Canadian firm disclosed the data breach, but did not provide any other details.

PayPal TIO Networks data breach

On Friday, December 1, PayPal published a press release that includes more details on the hack.

“PayPal Holdings, Inc. (Nasdaq: PYPL) today announced an update on the suspension of operations of TIO Networks (TIO), a publicly traded payment processor PayPal acquired in July 2017. A review of TIO's network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.” reads the press release.

“The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal's customers' data remains secure.”

TIO systems are completely separate from the PayPal network, this means that PayPal's customers' data were not affected by the incident.

PayPal confirmed that the attackers stole the personal information of both TIO customers and customers of TIO billers, but it avoided to disclose what type of information the hackers compromised.

Likely attackers accessed personally-identifiable information (PII) and financial details.

PayPal is notifying affected customers of the data breach and is offering free credit monitoring memberships.

The customers of TIO Networks can visit the TIO Networks website for more information on the data breach.

“TIO has also begun working with the companies it services to notify potentially affected individuals, and PayPal is working with a consumer credit reporting agency to provide free credit monitoring memberships. Individuals who are affected will be contacted directly and receive instructions to sign up for monitoring.” continue the Press Release.

Pierluigi Paganini 

(Security Affairs – TIO Networks, data breach)

The post PayPal-owned company TIO Networks data breach affects 1.6 million customers appeared first on Security Affairs.

Security Affairs newsletter Round 139 – News of the week

Posted: 03 Dec 2017 05:38 AM PST

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Once again thank you!

·      A new Mirai variant is rapidly spreading, around 100,000 IPs running the scans in the past 60 hours
·      Security Affairs newsletter Round 138 – News of the week
·      The Cobalt group is exploiting the CVE-2017-11882 Microsoft Office flaw in targeted attacks
·      A Verge specific node wallets hacked, crooks stole $655,000 from CoinPouch XVG Verge wallets
·      Researcher found a vulnerability in Facebook polls that allowed removal of any photo
·      The energy used to mine Bitcoin this year is bigger than the annual usage of almost 160 countries
·      Unix mailer Exim is affected by RCE, DoS vulnerabilities. Apply the workaround asap
·      Bulletproof 360 website was hacked. Personal and financial data exposed
·      Google detects Android Tizi Spyware that spies on popular apps like WhatsApp and Telegram
·      Hackers can easily target container ships by hacking load plans due to its vulnerable messaging system
·      Op In Our Sites – Europol and other agencies seize over 20,500 domains for selling counterfeit products
·      Top Secret US Army and NSA documents left exposed on Amazon S3 bucket
·      US indicts Chinese hackers belonging to APT3 for espionage on Siemens and Moodys
·      A bug in macOS High Sierra allows Root access with no password
·      Bitcoin Gold (BTG) dev team warns its users about a security breach
·      Kazakhstan-born Canadian citizen pleads guilty to 2014 Yahoo hack, he admits helping Russian Intelligence
·      Recently Patched Dnsmasq still affect Siemens Industrial devices
·      24 hours later, Apple fixes the bug in macOS High Sierra that allowed Root access with no password
·      New variants of the UBoatRAT RAT hits targets in East Asia
·      The Shipping Giant Clarkson has suffered a security breach
·      US Judge Orders Coinbase to hand over details of 14,355 US citizens to the IRS
·      Cryptocurrency Miners hidden in websites now run even after users close the browser
·      Google Chrome will block code injection from third-party software within 14 months
·      Reading the NTT 2017 Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report
·      Researchers discover a vulnerability in the DIRTY COW original patch
·      Russian cybercriminal Roman Seleznev gets another prison sentence
·      Anonymous launch Brazilian Corrupt Public Sector Entities Data Leak
·      At least six thousand Lantronix Serial-To-Ethernet devices are leaking Telnet passwords
·      Europol and law enforcement agencies dismantled a criminal ring specialized in ATM attacks and payment Card Fraud
·      Kaspersky case – Now we know who is the NSA hacker who kept Agencys cyber weapons at home

 

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 139 – News of the week appeared first on Security Affairs.

UK National Cyber Security Centre (NCSC)’s letter warns against software made in hostile states, specifically Russia

Posted: 03 Dec 2017 04:52 AM PST

The UK National Cyber Security Centre (NCSC) warns of supply chain risk in cloud-based products, including antivirus (AV) software developed by Russia.

We have a long debated the ban of the Russian security software from US Government offices, now part of the UK intelligence is adopting the same strategy.

Last week the CEO of the UK National Cyber Security Centre (NCSC), Ciaran Martin, wrote to permanent secretaries regarding the issue of supply chain risk in cloud-based products, including anti-virus (AV) software.

The NCSC is a branch of the UK Government Communications Headquarters (GCHQ), the UK intelligence and security agency.

The letter warns against software made in hostile states, specifically Russia, as the Prime Minister's Guildhall speech set out, the Government of Moscow is acting against the UK's national interest in cyberspace.

The Letter provides an advice to the Government agencies and offices, but isn’t a ban for specific solutions.

The letter highlights the intrusive nature of antivirus software that is necessary to detect malicious code, it is important to remain vigilant to the risk that AV products developed by a hostile actor could person a wide range of malicious activities.

“The job of AV is to detect malware in a network and get rid of it.  So to do its job properly, an AV product must (a) be highly intrusive within a network so it can find malware, and (b) be able to communicate back to the vendor so it knows what it is looking for and what needs to be done to defeat the infiltration.  It is therefore obvious why this matters in terms of national security.  We need to be vigilant to the risk that an AV product under the control of a hostile actor could extract sensitive data from that network, or indeed cause damage to the network itself.” reads the letter.

“That's why the country of origin matters.  It isn't everything, and nor is it a simple matter of flags – there are Western companies who have non-Western contributors to their supply chain, including from hostile states.  But in the national security space there are some obvious risks around foreign ownership.”

“The specific country we are highlighting in this package of guidance is Russia.” 

The official warns of the risk of exposure of classified information to the Russian state that would be a risk to national security, for this reason a Russia-based AV company should not be chosen. It is an obvious reference to the Kaspersky case.

NCSC letter

The Letter suggests banning the software developed by Russia-based companies from any system processing information classified SECRET and above.

“To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen.  In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used.” continues the Letter.

“This will also apply to some Official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information.”

Martin confirmed that the NCSC is currently discussing with Kaspersky Lab about whether the UK Government can develop a framework that can be independently verified giving the Government assurance about the security of the involvement of the Russian firm in the wider UK market.

“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state.  We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.” continues the Letter.

In response to the current situation, Kaspersky launched the Transparency Initiative in late October that allows government agencies to review the its security software for backdoors.

Pierluigi Paganini 

(Security Affairs – NCSC, Cyber espionage)

The post UK National Cyber Security Centre (NCSC)’s letter warns against software made in hostile states, specifically Russia appeared first on Security Affairs.

Halloware Ransomware, a new malware offered for sale on the Dark Web for Only $40

Posted: 03 Dec 2017 12:33 AM PST

The Halloware ransomware is a new malware offered for sale in the dark web, the author that goes online with the moniker Luc1F3R is selling it for just $40.

According to the experts at Bleeping Computer, Luc1F3R started selling the Halloware this week through a dedicated portal on the Dark web. Luc1F3R claims to be a 17-year-old college student from Northeast India.

“Currently, the malware dev is selling and/or advertising his ransomware on a dedicated Dark Web portal, on Dark Web forums, two sites hosted on the public Internet, and via videos hosted on YouTube.” reported Bleeping Computer.

“The sites are offering a lifetime license for the Halloware ransomware for only $40.”

The low price has made the researchers suspicious, so they decided to investigate the case suspecting a scam.

Operational mistakes in the websites used by to Luc1F3R to sell the ransomware allowed the expert from Bleeping Computer to track down a web page where Luc1F3R was hosting the index of Halloware files, The page included weaponized documents used to deliver the malware.

Halloware ransomware

One of the files in the list, hmavpncreck.exe, had the same SHA256 hash for which Luc1F3R included NoDistribute scan results in Halloware’s ad, confirming that it was the malware binary the experts were looking for.

Another file named ran.py seems to be Halloware’s source code.

“While the file was protected, Bleeping Computer managed to extract its source code, which will end up in the hands of other security researchers to create decrypters, in case someone buys this ransomware and uses it to infect real users.” continues the analysis from Bleeping Computer.

The researchers highlighted that Halloware is a working ransomware that encrypts files using a hardcoded AES-256 key and prepends the “(Lucifer)” string to encrypted file names. For example, once encrypted a file named image.png, it will appear as (Lucifer)image.png.

Once the Halloware ransomware has completed the encryption process it pops up a window showing a creepy clown with a ransom message containing the instruction to pay the ransom and decrypt the data. The victim’s desktop wallpaper, also displays a similar message, but experts noticed that Halloware ransomware does not drop text files with ransom notes on the infected PCs.

Halloware ransomware

Wannabe criminals that buy the ransomware can generate their own install by changing two images and adding  their customized payment site URL.

Anyway the experts noticed that the ransomware uses a hardcoded AES key and does not save any information on a remote server, this characteristic makes the malware not useful for the criminal underground.

According to Bleeping Computer Luc1F3R is a novice without particular skills. His tutorials published on YouTube describe basic hacking techniques or promote unsophisticated malware.

Some of the video tutorials include a Luc1F3R’s GitHub account that hosts four malware strains:
  • A Batch-based ransomware.
  • A Windows keylogger.
  • A Linux keylogger.
  • A bulk spoofed email sender.

Further details, including IoCs are available on the Bleeping Computer website.

Pierluigi Paganini

(Security Affairs – Halloware Ransomware, Dark Web)

The post Halloware Ransomware, a new malware offered for sale on the Dark Web for Only $40 appeared first on Security Affairs.