Tag Archive for: emergency

Hackers Can Hack US Emergency Alert System, DHS Warns

/in


emergency alert hacked

The U.S. Department of Homeland Security (DHS) warned that hackers could exploit critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices that are not updated to issue fake warnings over TV, radio, and cable networks.

For the unversed, EAS is a national warning system in the United States designed to allow authorized officials to broadcast emergency alerts and warning messages to the public via cable, satellite, or broadcast television, and both AM/FM and satellite radio.

“We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network),” the DHS’s Federal Emergency Management Agency (FEMA) said in an advisory delivered through the Integrated Public Alert and Warning System (IPAWS).

“This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.

“In short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks.”

To safeguard against such exploits, FEMA has strongly encouraged its EAS participants to ensure that:

  • EAS devices and supporting systems are up to date with the most recent software versions and security patches;
  • EAS devices are protected by a firewall;
  • EAS devices and supporting systems are monitored and audit logs are regularly reviewed looking for unauthorized access.

Ken Pyle, the cybersecurity researcher who discovered the issue told Bleeping Computer that the vulnerabilities lie in the Monroe Electronics R189 One-Net DASDEC EAS, which is an EAS encoder and decoder device used by TV and radio stations to broadcast emergency alerts.

According to the researcher, the issue has now ballooned into a huge flaw because multiple vulnerabilities and issues (confirmed by other researchers) have not been patched for several years.

“When asked what can be done after successful exploitation, Pyle said: ‘I can easily obtain access to the credentials, certs, devices,…

Source…

Indian Computer Emergency Response Team warns of ‘critical’ security vulnerabilities in Apple devices

/in


If you are an Apple Watch, TV or Mac user, there is some bad news for you. Security researchers have found two serious vulnerabilities in these three products that could enable hackers to take control of your devices and use them for nefarious purposes.

The three products are wildly popular across the world, not just because of their features but also because Apple gadgets are regarded as status symbols. In particular, there is a sharp uptick in the smartwatch business in India, as the number of increasingly fitness-conscious Indians goes up by the second, and crores of Indians use Apple watches. The tech giant’s Mac systems and TVs, too, are massively sought after.

In two advisories issued on Thursday and Friday, the Indian Computer Emergency Response Team (CERT-In), which is the Central cyber security agency for India, has warned about serious vulnerabilities in all these three products.

In Thursday’s advisory, CERT-In warned of multiple vulnerabilities in the Mac operating system and the vulnerabilities were classified as ‘critical’, which is the most serious rating in cyber security parlance.

“Multiple vulnerabilities have been reported in the Apple Mac OS which could be exploited by a remote attacker to execute arbitrary code, bypass security restrictions and cause denial of service conditions on the targetted system,” the advisory stated.

‘Execution of arbitrary code’ means that a hacker could run any commands or code of their choice on a target device after gaining control of the device using the vulnerability. In simpler words, a hacker would take over the vulnerable device and make it do anything they want.

In the second advisory issued on Thursday, the CERT-In warned of a vulnerability that affects all the three products. This vulnerability, like the first one, also lets a hacker execute arbitrary code on the hacked devices. Given the sheer number of Apple watches, TVs and Macs in use currently, a hacker could have millions of devices at their disposal.

Apple has released patches for both the vulnerabilities, which can be installed by downloading the latest updates to the products. However, what makes the matter even more serious is that, by Apple’s own…

Source…

Costa Rican president begins tenure with ransomware national emergency declaration

/in


Written by AJ Vicens
May 9, 2022 | CYBERSCOOP

The new president of Costa Rica declared a national emergency over the weekend as fallout continues from a late-April ransomware attack.

President Rodrigo Chaves Robles, who began a four-year term as president Sunday after winning the country’s April 4 election, signed the declaration on May 8 as one of his first official acts, according to local news outlet Amelia Rueda. The executive decree reads, in part, that Costa Rica is “suffering from cybercriminals, cyberterrorists” and that the decree allows “our society to respond to these attacks as criminal acts.”

Somebody calling themselves “unc1756” using the Russian-based Conti ransomware platform claimed responsibility for the April 17 attacks in a post on the Conti dark web data portal. The post indicates that 97% of the stolen data has been published so far, totaling more than 672 gigabytes of information.

The post also blames the government of Costa Rica for not paying the original $10 million ransomware demand, which outgoing President Carlos Alvarado said was an attempt to “threaten the country’s stability in a transitional situation.”

The hacker message reads: “It is impossible to look at the decisions of the administration of the President of Costa Rica without irony … All this could have been avoided by paying you would have made your country really safe, but you will turn to Bid0n (sic) and his henchmen, this old fool will soon die.” The poster went on to say the purpose of the attack was “to earn money” and “in the future I will definitely carry out attacks of a more serious format with a larger team, Costa Rica is a demo version.”

Screenshot of the message posted along with the Costa Rican files as of May 9, 2022.

Shortly after the Costa Rica attacks, nearly 9.5 gigabytes of data taken from Peru’s intelligence agency were posted to the Conti leak site. One of the file names in that dump referenced “unc1756,” but it’s not clear if the same people were behind both attacks.

Screenshot of the purported Peruvian intelligence agency files on Conti’s data portal.

The term…

Source…

Fraudsters use ‘fake emergency data requests’ to steal info • The Register

/in


In Brief Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook’s parent company Meta, were victims of this fraud.

Both Apple and Meta handed over users’ addresses, phone numbers, and IP addresses in mid-2021 after being duped by these emergency requests, according to Bloomberg.

EDRs, as the name suggests, are used by law enforcement agencies to obtain information from phone companies and technology service providers about particular customers, without needing a warrant or subpoena. But they are only to be used in very serious, life-or-death situations. 

As infosec journalist Brian Krebs first reported, some miscreants are using stolen police email accounts to send fake EDR requests to companies to obtain netizens’ info. There’s really no quick way for the service provider to know if the EDR request is legitimate, and once they receive an EDR they are under the gun to turn over the requested customer info. 

“In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person,” Krebs wrote.

Large internet and other service providers have entire departments that review these requests and do what they can to get the police emergency data requested as quickly as possible, Mark Rasch, a former prosecutor with the US Department of Justice, told Krebs. 

“But there’s no real mechanism defined by most internet service providers or tech companies to test the validity of a search warrant or subpoena” Rasch said. “And so as long as it looks right, they’ll comply.”

Days after Krebs and Bloomberg published the articles, Sen Ron…

Source…