Tag Archive for: hacking

CSA looking into Singapore cybersecurity firm blacklisted by US for trafficking hacking tools

/in


COSEINC describes itself on its website as a “privately funded company dedicated to providing highly specialised information security services to our clients”. It was founded in 2004 and is based at the Citilink Warehouse Complex on 102F Pasir Panjang Road.

According to its website, the company’s services include research, consulting and education, in areas such as computer security, malware analysis and penetration testing. Accounting and Corporate Regulatory Authority records show that it is a live company.

COSEINC’s chief executive officer is Mr Thomas Lim, according to his LinkedIn page. His most recent post, about a month ago, said he could help anyone looking to hire “trained and certified” cybersecurity professionals.

Reuters reported on Nov 4 that Mr Lim is known for organising a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity.

An email published by WikiLeaks in 2015 suggested that Mr Lim had also previously offered to sell hacking tools to Italian spyware vendor HackingTeam, the report said.

COSEINC did not respond to CNA’s request for comments. The telephone number listed on the company’s website could not be reached.

THREE OTHER COMPANIES BLACKLISTED

COSEINC was one of four companies added to the trade blacklist by the US last week, with the other three being Russia’s Positive Technologies as well as Israel’s Candiru and NSO Group.

NSO Group and Candiru were added to the list based on evidence that they “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics and embassy workers”, said the US Department of Commerce on Nov 3.

NSO Group is the developer of Pegasus, a type of malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

Investigations have shown that some governments have used Pegasus to target rights activists, journalists and politicians around the world, with possible targets in Singapore. NSO Group has denied these reports.

Source…

9th Circ. Nixes NSO’s Immunity Bid In WhatsApp Hacking Suit

/in


By Hailey Konnath (November 8, 2021, 9:23 PM EST) — The Ninth Circuit on Monday said a California federal judge was correct to refuse to find Israeli spyware company NSO Group immune from litigation over an alleged WhatsApp hacking, ruling that the Foreign Sovereign Immunities Act doesn’t protect private companies.

The three-judge panel shot down NSO’s argument that it could claim foreign sovereign immunity under doctrines that apply to foreign officials, noting that the law governing the issue “has roots extending back to our earliest history as a nation.”

“[I]t leads to a simple answer — no,” the panel said. “Indeed, the title of the legal doctrine itself — foreign sovereign immunity — suggests…

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.

  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!

TRY LAW360 FREE FOR SEVEN DAYS

Source…

Scream’s hacking scene is possible, but you’re probably ok.

/in


Two elements combined to make this article happen. The first was that October was Cybersecurity Awareness Month. Second, smack-dab in the middle of the month, the first trailer for the new Scream movie dropped. It contained a scene that had us a little concerned. See if you can spot it.

Obviously, we’re talking about the smart locks scene. All your locks in your home unlock, so you whip out your smartphone and re-lock them, only to see them all unlock again. The implication here is that Mr. Scary Killer person has hacked into their victim’s smart home account and can control all the devices throughout the home. Yikes.

As someone who doesn’t carry keys to his house because of all the smart locks, I was getting a little nervous. So I decided to talk to someone about it. I reached out to John Shier, senior security adviser at Sophos to talk about it. He gave me some good news and some bad news. I’ll start with the bad news.

Yes, this is possible. The good news is, it’s rather hard to do and the better news is, the chances of this happening to you are infinitesimal unless of course you also have someone who really wants to do you harm. But the honest truth is, there’s a good chance that enough of your data is out there that could make something like this possible.

LOLwut?

There are two things that combine to make this possible: Social engineering and data breaches. Separately, either of these can get an attacker enough information to hack your smart home. Together, it becomes even more possible. But you have to understand, when we say this is possible, we have to quickly caveat it by saying that it’s not very likely.

If you accept the idea of the movie that there’s a lot of planning and premeditation there, then this becomes a lot easier, which is to say it’s more plausible. The fact is, data breaches happen frequently and people often re-use email addresses and passwords for multiple services. Your password exposed from XYZ company (we’re not data-breach shaming here) could well be the same username and password that you use for your smart locks. Even if the password is different, the email address is a key piece of information toward other ways to hack your way…

Source…

North Korean Lazarus Hacking Group Leverages Supply Chain Attacks To Distribute Malware for Cyber Espionage

/in


North Korean threat actor Lazarus group has resorted to supply chain attacks similar to SolarWinds and Kaseya to compromise the regime’s targets, according to cybersecurity firm Kaspersky.

Kaspersky’s Q3 2021 APT Trends report says that “Lazarus developed an infection chain that stemmed from legitimate South Korean security software deploying a malicious payload.”

The APT group compromised a South Korean think tank using two remote access trojan (RAT) variants BLINDINGCAN and COPPERHEDGE. The DHS Cybersecurity & Infrastructure Security Agency (CISA) had issued security alerts AR20-232A and AR20-133A over these trojans.

According to the researchers, Lazarus’ recent activity is part of a broader international campaign leveraging supply chain attacks.

Identified by US-CERT and the FBI as HIDDEN COBRA, the group was suspected to be responsible for the WannaCry ransomware and the Sony Picture Entertainment hacking that escalated tensions between the US and North Korea.

Lazarus’ supply chain attacks target atypical victims

Experts believe that Lazarus is expanding its victim base beyond that of Asian government agencies and policy think tanks.

Kaspersky researchers discovered that the hacking group had targeted a Latvian tech firm developing asset monitoring solutions, an atypical victim for Lazarus.

During the attack, the North Korean APT deployed a compromised downloader “Racket” signed with a stolen digital certificate. The hacking group had stolen the digital certificate from a US-based South Korean security company.

According to Kaspersky, the APT compromised multiple servers and uploaded several malicious scripts in the process. The group used the malicious scripts to control the trojans installed on downstream victims.

“North Korea once again figures prominently in an attack, although it doesn’t appear to be the government this time, at least not directly,” said Saryu Nayyar, CEO at Gurucul.

“Government-sponsored attacks continue to be a major issue for other governments and enterprises. Both types of organizations need to be cognizant of the potential for high-powered attacks and respond appropriately. Early…

Source…