Tag Archive for: compromised
3CX Hackers Also Compromised Critical Infrastructure Firms
A supply chain attack which targeted 3CX en route to its customers also compromised two energy firms and two financial traders, according to Symantec.
The security vendor explained the news in a blog post the day after Mandiant revealed that the original 3CX supply chain attack was enabled by a previous compromise of futures trading software.
As reported by Infosecurity, suspected North Korean threat actors trojanized the “X_Trader” software produced by Trading Technologies. Once installed on the computer of a 3CX employee, that app subsequently provided the hackers with a backdoor into the firm’s network.
However, Symantec claimed that the same Trojan also infected two critical infrastructure organizations in the energy sector – one in the US and one based in Europe. A further pair of organizations working in the financial trading sector were also breached, it said.
“It appears likely that the X_Trader supply chain attack is financially motivated, since Trading Technologies, the developer of X_Trader, facilitates futures trading, including energy futures,” the blog noted.
“Nevertheless, the compromise of critical infrastructure targets is a source of concern. North Korean-sponsored actors are known to engage in both espionage and financially motivated attacks and it cannot be ruled out that strategically important organizations breached during a financial campaign are targeted for further exploitation.”
Symantec said that once the legitimate X_Trader executable is installed, it side-loads two malicious DLLs. The first, “winscard.dll,” contains code to load and execute a payload from the second, “msvcr100.dll,” which is a modular backdoor called “VeiledSignal.”
The security vendor claimed that the process for installing the final payload is almost the same as that used with the Trojanized 3CX app: two side-loaded DLLs being used to extract a payload from an encrypted blob.
“The discovery that 3CX was breached by another, earlier supply chain attack made it highly likely that further organizations would be impacted by this…
Private medical information may have been compromised in Chippewa County security breach
Medical history and other private information about Chippewa County residents may have been compromised in a security breach of a Chippewa County employee’s computer.
The breach began Feb. 28 and continued on March 1, according to office of the Chippewa County Administrator.
On Tuesday, Feb. 28, a remotely controlled application was accidentally downloaded by a Chippewa County employee.
“The County cannot confirm how this occurred, but we believe it was by accidentally clicking on an internet pop-up or malicious link in error that downloaded the application,” County Administrator Randy Scholz said in a press release.
Then, on Wednesday, March 1 the employee was working on their office computer and someone else started to use the remote-control application and began typing.
People are also reading…
“That person gained access to the computer for approximately five minutes until the Information Technology Department was able to stop the access,” the press release states.
The department was able to confirm that 25 to 35 megabytes of data was sent through the application between 9:20 and 9:25 a.m. March 1.
“The County believes the data that was obtained was most likely documents that had been saved on the employee’s desktop,” Scholz said.
There were seven total documents saved on the employee’s desk top that contained private medical information.
A letter notifying people who may have been impacted was mailed to them today.
There are several names on one spreadsheet that the county no longer has addresses for because those people have not been clients of the county in over 10 years and no longer reside at the addresses the county has on file.
This spreadsheet contained a medical history number, client name, drug prescribed, date signed and doctor’s initials.
No Social Security numbers were included on any of the documents potentially breached, the release said.
…
Over 40 lakh mobile users at hacking risk from compromised Shopify API keys, Telecom News, ET Telecom
New Delhi: Over 40 lakh mobile phone users’ sensitive data is at hacking risk after cyber security researchers on Friday uncovered a critical security flaw in Shopify application programming interface (API) keys/tokens.
Cyber-security company CloudSEK‘s BeVigil, a security search engine for mobile apps, uncovered the vulnerability that puts over 40 lakh mobile customers’ sensitive data at risk.
From the millions of Android apps, 21 e-commerce apps were identified to have 22 hardcoded Shopify API keys/tokens, exposing personally identifiable information (PII) to potential threats.
By hardcoding the API key, the key becomes visible to anyone who has access to the code, including attackers or unauthorised users.
If an attacker gains access to the hardcoded key, they can use it to access sensitive data or perform actions on behalf of the program, even if they are not authorised to do so, said security researchers.
“The recent discovery of hardcoded Shopify keys in numerous Android apps is just another example of the lack of proper API security in the industry. This type of vulnerability exposes the personal information of users, as well as transactional and order details, to potential attackers,” said Vishal Singh, senior security engineer at CloudSEK.
Shopify is an e-commerce platform that allows individuals and businesses to create an online store to sell their products.
Over 4.4 million websites from more than 175 countries globally use Shopify.
With the ease of creating an online store, it also allows the integration of third-party apps and plugins to add additional functionality to the store. Shopify can be used to sell physical and digital products, and it also offers a point-of-sale system for brick-and-mortar stores.
“While this situation is not a limitation of the Shopify platform, it highlights the issue of API keys/tokens being leaked by app developers. As part of responsible disclosure, CloudSEK has notified Shopify and the affected apps about the hardcoded API keys,” said the company.
The researchers found that of the total hardcoded keys, at least 18 keys allow viewing customer-sensitive data, 7 API keys allow viewing/modifying gift cards and 6 API keys allow obtaining payment…