- Bitcoin-linked heist: thieves stolen 600 powerful computers in Iceland
- Over 40 models of low-cost Android devices shipped with Triada banking Trojan
- A flaw in HP Remote Management hardware Integrated Lights-Out 3 leaves expose servers to DoS
- Microsoft released Windows Updates that include Intel’s Spectre microcode patches
Posted: 03 Mar 2018 08:01 AM PST
Thieves steal 600 powerful computers in a huge heist in Iceland with the intent to use them for mining Bitcoin.
Cyber criminal organization continue to show a great interest in cryptocurrencies, the number of crimes against cryptocurrency industry is on the rise.
News of the day is that crooks have stolen 600 powerful computers from data centers in Iceland to use in Bitcoin mining. At the time, the computers, that are worth almost $2 million, have not yet been found.
“Some 600 computers used to "mine" bitcoin and other virtual currencies have been stolen from data centers in Iceland in what police say is the biggest series of thefts ever in the North Atlantic island nation.” reads the post published by The Associated Press.
The thieves have stolen 600 graphics cards, 100 processors, 100 power supplies, 100 motherboards and 100 sets of computer memory to use in the proficuous activity.
The Icelandic media dubbed the crime the "Big Bitcoin Heist," the authorities have arrested 11 people, including a security guard.
A judge at the Reykjanes District Court on Friday ordered two people to remain in custody.
“This is a grand theft on a scale unseen before,” Police Commissioner Olafur Helgi Kjartansson said. “Everything points to this being a highly organized crime.”
The thefts occurred between late December and early January, the members of the gang were identified thank the surveillance cameras used by the server company Advania.
Advania suffered two of the four thefts, the company had been offering its customers access to bitcoin-mining rigs, for this reason, crooks targeted the firm.
The police are searching any evidence to track the thieves, authorities are also tracking energy consumption across Iceland in case they turn on their computers. A spike in the energy consumption could reveal their location if the thieves don’t take measure to avoid being tracked.
“Police tracking the stolen computers are monitoring electric consumption across the country in hopes the thieves will show their hand, according to an industry source who spoke on condition of anonymity because he is not allowed to speak to the media.” concluded the Associated Press.
“Unusually high energy usage might reveal the whereabouts of the illegal bitcoin mine.”
Iceland is a good place where find cheap, renewable energy for crypto mining activities.
(Security Affairs – 600 powerful computers, Bitcoin mining)
The post Bitcoin-linked heist: thieves stolen 600 powerful computers in Iceland appeared first on Security Affairs.
Posted: 03 Mar 2018 05:24 AM PST
Security researchers at Dr.Web have discovered over 40 models of low-cost Android smartphones are shipped with the dreaded Android Triada banking malware.
Security researchers at Antivirus firm Dr.Web have discovered that 42 models of low-cost Android smartphones are shipped with the Android.Triada.231 banking malware.
“In the middle of 2017, Doctor Web analysts discovered a new Trojan Android.Triada.231 in the firmware of some cheap models of Android devices. Since this detection, the list of infected devices has been constantly increasing.” reads the blog post published by Dr-Web. “At the moment, the list contains over 40 models. Doctor Web specialists have monitored the Trojan's activity and now we can publish the results of this investigation.”
The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab that considered it the most advanced mobile threat seen to the date of the discovery.
Triada was designed with the specific intent to implement financial frauds, typically hijacking the financial SMS transactions. The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities.
The only way to remove the threat is to wipe the smartphone and reinstall the OS.
Researchers at Dr.Web discovered the Triada Trojan pre-installed on newly shipped devices several minor brands, including Advan, Cherry Mobile, Doogee, and Leagoo.
This isn’t the first time the company discovered a pre-installed malware on Android device, back in in July 2017 Dr..Web researchers discovered the many smartphone models were shipped with the dreaded Triada trojan such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.
The researchers at Dr.Web who investigated the issue discovered that a software developer from Shanghai was responsible for the infection.
“For example, it was detected on the Leagoo M9 smartphone that was announced in December 2017. Additionally, our analysts' research showed that the Trojan's penetration into firmware happened at request of the Leagoo partner, the software developer from Shanghai.” continues the blog post.
“This company provided Leagoo with one of its applications to be included into an image of the mobile operating system, as well as with an instruction to add third-party code into the system libraries before their compilation. Unfortunately, this controversial request did not evoke any suspicions from the manufacturer. Ultimately, Android.Triada.231 got to the smartphones without any obstacles.”
The infected app found on the device was developed by a Chinese firm, the experts highlighted that the code was signed with the same certificate that was observed in 2016 infections.
“The analysis of this application showed it is signed with the same certificate as Android.MulDrop.924. Doctor Web previously wrote about this Trojan in 2016. We can presume the developer that requested adding the additional program into the mobile operating system image can be connected expressly or implicitly with the distribution of Android.Triada.231.” continues Dr.Web.
At the moment, the experts confirmed to have detected the Android.Triada.231 in the firmware of the following Android device models:
Unfortunately, the number of infected smartphones models could be much bigger.
(Security Affairs – Android, Triada Trojan)
The post Over 40 models of low-cost Android devices shipped with Triada banking Trojan appeared first on Security Affairs.
Posted: 03 Mar 2018 03:22 AM PST
Hewlett Packard Enterprise issued a security patch to address a vulnerability (CVE-2017-8987) in HP remote management hardware Integrated Lights-Out 3.
Hewlett Packard Enterprise has issued a security patch to address a vulnerability (CVE-2017-8987) in its remote management hardware Integrated Lights-Out 3 that equip the family of HP ProLiant servers.
The Hewlett-Packard iLO is composed of a physical card with a separate network connection that is used for the remote management of the device.
The vulnerability could be exploited by a remote attacker to power a denial of service attack that could cause severe problems to datacenters under some conditions.
The vulnerability in the HP remote management hardware Integrated Lights-Out 3 was discovered by the researchers at Rapid7 researchers in September, the issue is rated "high severity" and it has received a CVSS base score of 8.6.
“This post describes CVE-2017-8987, an unauthenticated remote Denial of Service vulnerability in HPE iLO3 firmware version 1.88. This vulnerability can be exploited by several HTTP methods; once triggered, it lasts for approximately 10 minutes until the watchdog service performs a restart of the iLO3 device. CVE-2017-8987 is categorized as CWE-400 (Resource Exhaustion) and has a CVSSv3 base score of 8.6.” states Rapid7.
Once an attacker has compromised a network he can lock out an admin to restore the operations causing severe problems to a data center.
“Several HTTP request methods cause iLO3 devices running firmware v1.88 to stop responding in several ways for 10 minutes:
” continues Rapid 7.
HPE publicly disclosed the vulnerability on Feb. 22.
“A security vulnerability in HPE Integrated Lights-Out 3 (iLO 3) allows remote Denial of Service (DoS).” reads the security advisory published by HPE.
“HPE has provided the following instructions to resolve the vulnerability in HPE Integrated Lights-Out 3 (iLO 3) version 1.88: Please upgrade to HPE Integrated Lights-Out 3 (iLO 3) 1.89 which is available on HPE Support Center:
HPE said that affected version is v1.88 firmware for HPE Integrated Lights-Out 3 (iLO3), newer versions of the firmware (1.8, 1.82, 1.85, and 1.87) along with firmware for iLO4 (v2.55) are not impacted.
According to Rapid7 iLO5 devices were not tested, the experts also observed that requests calling the following four methods, will also trigger the Denial of Service:
Below the disclosure timeline:
(Security Affairs – HP Remote Management, hacking)
The post A flaw in HP Remote Management hardware Integrated Lights-Out 3 leaves expose servers to DoS appeared first on Security Affairs.
Posted: 03 Mar 2018 01:00 AM PST
“This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core).” read the advisory published by Microsoft. “This update also includes Intel microcode updates that were already released for these Operating Systems at the time of Release To Manufacturing (RTM). We will offer additional microcode updates from Intel thru this KB Article for these Operating Systems as they become available to Microsoft.”
Microsoft confirmed that almost any Window devices now have compatible security products installed and all problems with patches have been fixed.
“We have also been working closely with our anti-virus (AV) partners on compatibility with Windows updates, resulting in the vast majority of Windows devices now having compatible AV software installed.” wrote John Cable, Director of Program Management, Windows Servicing and Delivery
The post Microsoft released Windows Updates that include Intel’s Spectre microcode patches appeared first on Security Affairs.
|You are subscribed to email updates from Security Affairs. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|