Zicutake USA Comment | Search Articles

#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington



Bitcoin-linked heist: thieves stolen 600 powerful computers in Iceland

Posted: 03 Mar 2018 08:01 AM PST

Thieves steal 600 powerful computers in a huge heist in Iceland with the intent to use them for mining Bitcoin.

Cyber criminal organization continue to show a great interest in cryptocurrencies, the number of crimes against cryptocurrency industry is on the rise.

News of the day is that crooks have stolen 600 powerful computers from data centers in Iceland to use in Bitcoin mining. At the time, the computers, that are worth almost $2 million, have not yet been found.

“Some 600 computers used to "mine" bitcoin and other virtual currencies have been stolen from data centers in Iceland in what police say is the biggest series of thefts ever in the North Atlantic island nation.” reads the post published by The Associated Press.

The thieves have stolen 600 graphics cards, 100 processors, 100 power supplies, 100 motherboards and 100 sets of computer memory to use in the proficuous activity.

The Icelandic media dubbed the crime the "Big Bitcoin Heist," the authorities have arrested 11 people, including a security guard.

A judge at the Reykjanes District Court on Friday ordered two people to remain in custody.

“This is a grand theft on a scale unseen before,” Police Commissioner Olafur Helgi Kjartansson said. “Everything points to this being a highly organized crime.”

The thefts occurred between late December and early January, the members of the gang were identified thank the surveillance cameras used by the server company Advania.

Advania suffered two of the four thefts, the company had been offering its customers access to bitcoin-mining rigs, for this reason, crooks targeted the firm.

The police are searching any evidence to track the thieves, authorities are also tracking energy consumption across Iceland in case they turn on their computers. A spike in the energy consumption could reveal their location if the thieves don’t take measure to avoid being tracked.

“Police tracking the stolen computers are monitoring electric consumption across the country in hopes the thieves will show their hand, according to an industry source who spoke on condition of anonymity because he is not allowed to speak to the media.” concluded the Associated Press.

“Unusually high energy usage might reveal the whereabouts of the illegal bitcoin mine.”

Iceland is a good place where find cheap, renewable energy for crypto mining activities.

Pierluigi Paganini

(Security Affairs – 600 powerful computers, Bitcoin mining)

The post Bitcoin-linked heist: thieves stolen 600 powerful computers in Iceland appeared first on Security Affairs.

Over 40 models of low-cost Android devices shipped with Triada banking Trojan

Posted: 03 Mar 2018 05:24 AM PST

Security researchers at Dr.Web have discovered over 40 models of low-cost Android smartphones are shipped with the dreaded Android Triada banking malware.

Security researchers at Antivirus firm Dr.Web have discovered that 42 models of low-cost Android smartphones are shipped with the Android.Triada.231 banking malware.

“In the middle of 2017, Doctor Web analysts discovered a new Trojan Android.Triada.231 in the firmware of some cheap models of Android devices. Since this detection, the list of infected devices has been constantly increasing.” reads the blog post published by Dr-Web. “At the moment, the list contains over 40 models. Doctor Web specialists have monitored the Trojan's activity and now we can publish the results of this investigation.”

The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab that considered it the most advanced mobile threat seen to the date of the discovery.

Triada was designed with the specific intent to implement financial frauds, typically hijacking the financial SMS transactions. The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities.

The Triada Trojan makes use of the Zygote parent process to implement its code in the context of all software on the device, this means that the threat is able to run in each application.

The only way to remove the threat is to wipe the smartphone and reinstall the OS.

Researchers at Dr.Web discovered the Triada Trojan pre-installed on newly shipped devices several minor brands, including Advan, Cherry Mobile, Doogee, and Leagoo.

This isn’t the first time the company discovered a pre-installed malware on Android device, back in in July 2017 Dr..Web researchers discovered the many smartphone models were shipped with the dreaded Triada trojan such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

Triada Trojan Android pre-installed malware

The researchers at Dr.Web who investigated the issue discovered that a software developer from Shanghai was responsible for the infection.

“For example, it was detected on the Leagoo M9 smartphone that was announced in December 2017. Additionally, our analysts' research showed that the Trojan's penetration into firmware happened at request of the Leagoo partner, the software developer from Shanghai.” continues the blog post.

“This company provided Leagoo with one of its applications to be included into an image of the mobile operating system, as well as with an instruction to add third-party code into the system libraries before their compilation. Unfortunately, this controversial request did not evoke any suspicions from the manufacturer. Ultimately, Android.Triada.231 got to the smartphones without any obstacles.”

The infected app found on the device was developed by a Chinese firm, the experts highlighted that the code was signed with the same certificate that was observed in 2016 infections.

“The analysis of this application showed it is signed with the same certificate as Android.MulDrop.924. Doctor Web previously wrote about this Trojan in 2016. We can presume the developer that requested adding the additional program into the mobile operating system image can be connected expressly or implicitly with the distribution of Android.Triada.231.” continues Dr.Web.

At the moment, the experts confirmed to have detected the Android.Triada.231 in the firmware of the following Android device models:

Leagoo M5
Leagoo M5 Plus
Leagoo M5 Edge
Leagoo M8
Leagoo M8 Pro
Leagoo Z5C
Leagoo T1 Plus
Leagoo Z3C
Leagoo Z1C
Leagoo M9
ARK Benefit M8
Zopo Speed 7 Plus
Doogee X5 Max
Doogee X5 Max Pro
Doogee Shoot 1
Doogee Shoot 2
Tecno W2
Homtom HT16
Umi London
Kiano Elegance 5.1
iLife Fivo Lite
Mito A39
Vertex Impress InTouch 4G
Vertex Impress Genius
myPhone Hammer Energy
Advan S5E NXT
Advan S4Z
Advan i5E
Tesla SP6.2
Cubot Rainbow
Haier T51
Cherry Mobile Flare S5
Cherry Mobile Flare J2S
Cherry Mobile Flare P1
Pelitt T1 PLUS
Prestigio Grace M5 LTE
BQ 5510

Unfortunately, the number of infected smartphones models could be much bigger.

Pierluigi Paganini

(Security Affairs – Android, Triada Trojan)

The post Over 40 models of low-cost Android devices shipped with Triada banking Trojan appeared first on Security Affairs.

A flaw in HP Remote Management hardware Integrated Lights-Out 3 leaves expose servers to DoS

Posted: 03 Mar 2018 03:22 AM PST

Hewlett Packard Enterprise issued a security patch to address a vulnerability (CVE-2017-8987) in HP remote management hardware Integrated Lights-Out 3.

Hewlett Packard Enterprise has issued a security patch to address a vulnerability (CVE-2017-8987) in its remote management hardware Integrated Lights-Out 3 that equip the family of HP ProLiant servers.

The Hewlett-Packard iLO is composed of a physical card with a separate network connection that is used for the remote management of the device.

HP Remote Management

The vulnerability could be exploited by a remote attacker to power a denial of service attack that could cause severe problems to datacenters under some conditions.

The vulnerability in the HP remote management hardware Integrated Lights-Out 3 was discovered by the researchers at Rapid7 researchers in September, the issue is rated "high severity" and it has received a CVSS base score of 8.6.

“This post describes CVE-2017-8987, an unauthenticated remote Denial of Service vulnerability in HPE iLO3 firmware version 1.88. This vulnerability can be exploited by several HTTP methods; once triggered, it lasts for approximately 10 minutes until the watchdog service performs a restart of the iLO3 device. CVE-2017-8987 is categorized as CWE-400 (Resource Exhaustion) and has a CVSSv3 base score of 8.6.” states Rapid7.

Once an attacker has compromised a network he can lock out an admin to restore the operations causing severe problems to a data center.

“Several HTTP request methods cause iLO3 devices running firmware v1.88 to stop responding in several ways for 10 minutes:

  • SSH: open sessions will become unresponsive; new SSH sessions will not be established
  • Web portal: users cannot log in to the web portal; the login page will not successfully load

” continues Rapid 7.

HPE publicly disclosed the vulnerability on Feb. 22.

“A security vulnerability in HPE Integrated Lights-Out 3 (iLO 3) allows remote Denial of Service (DoS).” reads the security advisory published by HPE.

“HPE has provided the following instructions to resolve the vulnerability in HPE Integrated Lights-Out 3 (iLO 3) version 1.88: Please upgrade to HPE Integrated Lights-Out 3 (iLO 3) 1.89 which is available on HPE Support Center:


HPE said that affected version is v1.88 firmware for HPE Integrated Lights-Out 3 (iLO3), newer versions of the firmware (1.8, 1.82, 1.85, and 1.87) along with firmware for iLO4 (v2.55) are not impacted.

According to Rapid7 iLO5 devices were not tested, the experts also observed that requests calling the following four methods, will also trigger the Denial of Service:

curl -X OPTIONS hp-ilo-3.testing.your-org.com  curl -X PROPFIND hp-ilo-3.testing.your-org.com  curl -X PUT hp-ilo-3.testing.your-org.com  curl -X TRACE hp-ilo-3.testing.your-org.com

Below the disclosure timeline:

  • Sept 2017: Issue discovered
  • Thurs, Oct 19, 2017: Vendor released v1.89 update to iLO3, which addresses CVE-2017-8987
  • Mon, Nov 6, 2017: Vendor notified; vendor assigned PSRT110615 to this vulnerability
  • Wed, Nov 15, 2017: Additional details sent to vendor
  • Wed, Jan 10, 2018: Disclosed to CERT/CC
  • Wed, Jan 31, 2018: Vendor reported that v1.89 is not vulnerable to R7-2017-27; Rapid7 confirmed this finding.
  • Thurs, Feb 22, 2018: Public disclosure; vendor published security bulletin and assigned CVE-2017-8987
  • Thurs, Mar 1, 2018: Rapid7 published this post

Pierluigi Paganini

(Security Affairs – HP Remote Management, hacking)

The post A flaw in HP Remote Management hardware Integrated Lights-Out 3 leaves expose servers to DoS appeared first on Security Affairs.

Microsoft released Windows Updates that include Intel’s Spectre microcode patches

Posted: 03 Mar 2018 01:00 AM PST

Last week Intel released microcode to address the CVE-2017-5715Spectre vulnerability for many of its chips, let's this time the security updates will not cause further problems.

The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser's memory.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

Problems such as frequent reboots were related to the fix for the CVE-2017-5715 Spectre flaw (Spectre Variant 2) and affected almost any platform, including systems running on Broadwell Haswell CPUs, as well as Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms.

“This update is a standalone update available through the Microsoft Update Catalog and targeted for Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core).” read the advisory published by Microsoft. “This update also includes Intel microcode updates that were already released for these Operating Systems at the time of Release To Manufacturing (RTM). We will offer additional microcode updates from Intel thru this KB Article for these Operating Systems as they become available to Microsoft.”

Spectre patches

Microsoft confirmed that almost any Window devices now have compatible security products installed and all problems with patches have been fixed.

“We have also been working closely with our anti-virus (AV) partners on compatibility with Windows updates, resulting in the vast majority of Windows devices now having compatible AV software installed.” wrote John Cable, Director of Program Management, Windows Servicing and Delivery

The post Microsoft released Windows Updates that include Intel’s Spectre microcode patches appeared first on Security Affairs.