Tag Archive for: hack

A near-miss hack of Linux shows the vulnerability of the internet

/in


One of the most fascinating and frightening incidents in computer security history started in 2022 with a few pushy emails to the mailing list for a small, one-person open source project.

A user had submitted a complex bit of code that was now waiting for the maintainer to review. But a different user with the name Jigar Kumar felt that this wasn’t happening fast enough. “Patches spend years on this mailing list,” he complained. “5.2.0 release was 7 years ago. There is no reason to think anything is coming soon.”.

A month later, he followed up: “Over 1 month and no closer to being merged. Not a suprise.” [sic]

And a month after that: “Is there any progress on this?” Kumar stuck around for about four months complaining about the pace of updates and then was never heard from again.

A few weeks ago, the world learned a shocking twist. “Jigar Kumar” does not seem to exist at all. There are no records of any person by that name outside the pushy emails. He — along with a number of other accounts — was apparently part of a campaign to compromise nearly every Linux-running computer in the world. (Linux is an open source operating system — as opposed to closed systems from companies like Apple — that runs on tens of millions of devices.)

That campaign, experts believe, was likely the work of a well-resourced state actor, one who almost pulled off an attack that could have made it possible for the attackers to remotely access millions of computers, effectively logging in as anyone they wanted. The security ramifications would have been huge.

How to (almost) hack everything

Here’s how events played out: In 2005, software engineer Lasse Collin wrote a series of tools for better-compressing files (it’s similar to the process behind a .zip file). He made those tools available for free online, and lots of larger projects incorporated Collin’s work, which was eventually called XZ Utils.

Collin’s tool became one part of the vast open source ecosystem that powers much of the modern internet. We might think that something as central to modern life as the internet has a professionally maintained structure, but as an XKCD comic published well before the…

Source…

US government urges Sisense customers to reset credentials after hack

/in


U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.

In a brief statement on Thursday, CISA said it was responding to a “recent compromise” at Sisense, which provides business intelligence and data analytics to companies around the world.

CISA urged Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services,” and report to the agency any suspicious activity involving the use of compromised credentials.

The exact nature of the cybersecurity incident is not clear yet.

Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants. Sisense’s technology allows organizations to collect, analyze and visualize large amounts of their corporate data by tapping directly into their existing technologies and cloud systems.

Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis. With access to these credentials, an attacker could potentially also access a customer’s data.

CISA said it is “taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations.”

Sisense counts Air Canada, PagerDuty, Philips Healthcare, Skullcandy and Verizon as its customers, as well as thousands of other organizations globally.

News of the incident first emerged on Wednesday after cybersecurity journalist Brian Krebs published a note sent by Sisense Chief Information Security Officer Sangram Dash urging customers to “rotate any credentials that you use within your Sisense application.”

Neither Dash nor a spokesperson for Sisense responded to an email seeking comment.

Israeli media reported in January that Sisense had laid off about half of its employees since 2022. It is unclear if the layoffs impacted the company’s security posture. Sisense has taken in close to $300 million in funding from investors, which include Insight Partners, Bessemer Ventures Partners and Battery Ventures.

Do…

Source…

DOST hack consistent with ransomware attack, but no ransom demanded so far – DICT

/in


This is AI generated summarization, which may have errors. For context, always refer to the full article.

Renato Paraiso, DICT Assistant Secretary for Legal Affairs, says at least 20 of the DOST’s systems were compromised in the April 3 attack, and at least two terabytes of data were compromised

MANILA, Philippines – The nature of the cyberattack that caused the defacement of at least three websites of the Department of Science and Technology (DOST) was consistent with a ransomware attack, though no ransom has been demanded so far, according to Renato Paraiso, Department Of Information and Communications Technology Assistant Secretary for Legal Affairs.

Speaking with reporters on Thursday, April 4, Paraiso said an investigation was ongoing regarding the extent of the cyberattack’s damage. He mentioned, however, that DOST personnel were apparently locked out of their systems, much like in a standard ransomware hack.

Paraiso added at least 20 of the DOST’s systems were compromised in the April 3 attack, and at least two terabytes of data, such as schematics and designs – including old or already-created designs of inventions held by the DOST – were compromised. Backups and redundancies were also compromised, though he did not elaborate on what was taken versus what was deleted.

The effects of the hack – both in the short- and long-term – have yet to be determined while they investigate, however, and Paraiso didn’t discount the possibility that the amount of data accessed could have been larger.

As of April 4, he said they’ve partially regained access to their systems.

Paraiso added that while the site defacements were a means of communication by the hackers, and that digital footprints were consistent with local threat actors, they have not made any demands other than posting political statements on some affected DOST sites.

Earlier on April 3, according to a Manila Bulletin report, sources at the Department of Information and Communications Technology had said the hackers also deleted 25 terabytes of data. – Rappler.com

Source…

Scathing federal report rips Microsoft for response to Chinese hack

/in


BOSTON — 

In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.

It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”

The panel said the intrusion, discovered in June by the State Department and dating to May, “was preventable and should never have occurred,” and it blamed its success on “a cascade of avoidable errors.” What’s more, the board said, Microsoft still doesn’t know how the hackers got in.

The panel made sweeping recommendations, including urging Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”

It said Microsoft’s CEO and board should institute “rapid cultural change,” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

In a statement, Microsoft said it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”

In all, the state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organizations and more than 500 individuals around the world — including the U.S. ambassador to China, Nicholas Burns — accessing some cloud-based email boxes for at least six weeks and downloading some 60,000 emails from the State…

Source…