Tag Archive for: Flagged

‘Infamous Chisel’ malware threat flagged by global security agencies

/in


A coalition of security agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom has raised alarm over a new malware targeting digital currency exchanges and their wallets.

Per a joint security report, the malware targets only Android devices, stealing a trove of personal information from victims. Dubbed the “Infamous Chisel,” the malware has links with Sandworm, a state-backed entity under Russia’s military, according to the report.

The malware was originally designed to extract information from the Ukrainian military as part of a cyberwarfare strategy. However, an analysis of the inner workings of the malware indicates that its application is not limited to military use cases but extends to digital assets as well.

Infamous Chisel has been shown to extract data within the directories of digital currency exchanges, including Binance and Coinbase (NASDAQ: COIN). Per the report, the malware also extracts information from Trust Wallet, but the extent of the financial damage remains unclear.

“The malware periodically scans the device for information and files of interest, matching a predefined set of file extensions,” read the joint report. “It also contains functionality to periodically scan the local network collating information about active hosts, open ports, and banners.”

According to the report, bad actors behind the malware rely on the Tor network to cover their tracks while siphoning data from affected devices.

Despite anonymous communication tools, the joint report surmised that Infamous Chisel makes only an insignificant attempt towards the “concealment of malicious activity.” Experts say the absence of stealth techniques is linked to the lack of “host-based detection systems” for Android devices.

However, the malware makes up for its lack of stealth techniques and extensive functionalities. Aside from data extraction, Infamous Chisel is capable of traffic collection, network scanning, SSH access, remote access, SCP file transfer, and network monitoring.

Agencies contributing to the report include:

  • The U.K. National Cyber Security Centre (NSCS).
  • The U.S. Federal Bureau of Investigation (FBI).
  • The U.S. Cybersecurity and…

Source…

Missouri Threatens to Sue a Reporter Who Flagged a Security Flaw

/in


Missouri Governor Mike Parson Thursday threatened to prosecute and seek civil damages from a St. Louis Post-Dispatch journalist who identified a security flaw that exposed the Social Security numbers of teachers and other school employees, claiming that the journalist is a “hacker” and that the newspaper’s reporting was nothing more than a “political vendetta” and “an attempt to embarrass the state and sell headlines for their news outlet.” The Republican governor also vowed to hold the Post-Dispatch “accountable” for the supposed crime of helping the state find and fix a security vulnerability that could have harmed teachers.

Despite Parson’s surprising description of a security report that normally wouldn’t be particularly controversial, it appears that the Post-Dispatch handled the problem in a way that prevented harm to school employees while encouraging the state to close what one security professor called a “mind-boggling” vulnerability. Josh Renaud, a Post-Dispatch web developer who also writes articles, wrote in a report published Wednesday that more than 100,000 Social Security numbers were vulnerable “in a web application that allowed the public to search teacher certifications and credentials.” The Social Security numbers of school administrators and counselors were also vulnerable.

“Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers’ Social Security numbers were contained in the HTML source code of the pages involved,” the report said.

The Post-Dispatch seems to have done exactly what ethical security researchers generally do in these situations: give the organization with the vulnerability time to close the hole before making it public.

“The newspaper delayed publishing this report to give the department time to take steps to protect teachers’ private information and to allow the state to ensure no other agencies’ web applications contained similar vulnerabilities,” the article said. The news report was published one day after the “department removed the affected pages from its website.”

As of this writing, the DESE’s educator-credentials checker was “down for maintenance.”

Governor: Journalist Tried…

Source…