Tag Archive for: hackers

Brits will be protected from hackers exploiting smart TVs and baby cameras under new law

/in


BRITS will be protected from hackers exploiting baby cameras and fridges under new laws starting today.

Regulations clamping down on cyber crooks spying on homes will make manufacturers build extra security features into internet-connected products including washing machines and game consoles.

Brits will be protected from hackers exploiting internet-linked devices such as smart TVs and baby alarms under new laws

1

Brits will be protected from hackers exploiting internet-linked devices such as smart TVs and baby alarms under new lawsCredit: Getty

It means passwords which are too easy to guess – like “password”, “admin” or “12345” – will be banned from use.

Manufacturers will also have to set up bug-reporting hotlines and email addresses to help make tech fixes quickly.

The new laws are part of the government’s £2.6billion National Cyber Strategy to protect the UK from web attacks – including hack bids by foreign nations like China and Russia.

Earlier this year Which? research revealed that a home with smart devices could be exposed to more than 12,000 hack efforts in a week, with 2,700 attempts to guess weak default passwords on just five devices.

The average home has nine devices connected to the internet and half of households own a smart TV, which can be exploited by criminals to access personal information.

Hackers have even previously accessed baby cameras and video doorbells to spy on families and collect details which can later be sold on the black market.

Technology Secretary Michelle Donelan told The Sun: “From today, UK consumers and businesses buying smart devices, from TVs and gaming consoles to speakers and doorbells will enjoy game-changing protections from hackers and cyber threats.

“The UK is the first country to set minimum cyber security requirements for these products, and we are leading the charge when it comes to keeping consumers safe online.

“These world-leading regulations will see consumers protected by the banning of easily-guessable default passwords like ‘admin’ or ‘12345’, and more transparency from manufacturers around how long products will receive security updates for.”

David Rogers, boss of cyber security firm Copper Horse, added: “Getting rid of things like default passwords that are set to ‘admin’ or ‘12345’ are fundamental basics.

Source…

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

/in


Apr 25, 2024NewsroomVulnerability / Zero-Day

Cisco Zero-Day Vulnerabilities

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.

Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

“UAT4356 deployed two backdoors as components of this campaign, ‘Line Runner’ and ‘Line Dancer,’ which were used collectively to conduct malicious actions on-target, which included configuration modification, reconnaissance, network traffic capture/exfiltration and potentially lateral movement,” Talos said.

Cybersecurity

The intrusions, which were first detected and confirmed in early January 2024, entail the exploitation of two vulnerabilities

  • CVE-2024-20353 (CVSS score: 8.6) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial-of-Service Vulnerability
  • CVE-2024-20359 (CVSS score: 6.0) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

It’s worth noting that a zero-day exploit is the technique or attack a malicious actor deploys to leverage an unknown security vulnerability to gain access into a system.

While the second flaw allows a local attacker to execute arbitrary code with root-level privileges, administrator-level privileges are required to exploit it. Addressed alongside CVE-2024-20353 and CVE-2024-20359 is a command injection flaw in the same appliance (CVE-2024-20358, CVSS score: 6.0) that was uncovered during internal security testing.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the shortcomings to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the vendor-provided fixes by May 1, 2024.

Cisco Zero-Day Vulnerabilities

The exact initial access pathway used to breach the devices is presently unknown, although UAT4356 is said to have started preparations for it as early as July 2023.

A successful foothold is followed by the deployment of two implants named Line Dancer and Line Runner, the former of which is an…

Source…

Hackers Were in Change Healthcare 9 Days Before Attack

/in


Hackers were reportedly in the networks of UnitedHealth Group’s Change Healthcare unit for days before launching their ransomware strike.

They gained entry to the networks on Feb. 12, using compromised credentials on an application that allows staff to remotely access systems, The Wall Street Journal (WSJ) reported Monday (April 22).

During the nine days they were in the system before launching the attack on Feb. 21, they may have been able to steal “significant” amounts of data, Seeking Alpha reported Monday, citing a WSJ article.

Change Healthcare posted its first update reporting connectivity issues Feb. 21, saying that “some applications are currently unavailable” and that the company was triaging the issue.

On April 16, UnitedHealth Group CEO Andrew Witty said during an earnings call that the cyberattack cost the company $872 million.

Witty said that the incident “was straight out an attack on the U.S. health system and designed to create maximum damage,” adding: “I think we’ve got through that very well in terms of the remediation and the build back to functionality.”

In the wake of that attack, the federal government announced it is offering a $10 million reward to help identify the people behind the organization that launched the attack: the ransomware-as-a-service group ALPHV BlackCat.

In addition, U.S. Sen. Mark R. Warner, D-Va., introduced a bill that would accelerate Medicare payments to healthcare providers that have suffered a cyberattack.

The bill, the “Health Care Cybersecurity Improvement Act of 2024,” is meant to incentivize cybersecurity in the healthcare industry.

“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game,” Warner said in a March 22 press release announcing the introduction of the bill. “This legislation would provide some important financial incentives for providers and vendors to do so.”

PYMNTS Intelligence has found that 82% of eCommerce merchants endured cyber or data breaches in the last year. Forty-seven percent of those merchants said the breaches resulted in both lost revenue and lost…

Source…

Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist

/in


A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.

A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives and a European spyware vendor.

The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

World-Check is currently owned by the London Stock Exchange Group following…

Source…