Tag: major | Page 5

Microsoft Reveals How a Crash Dump Led to a Major Security Breach

September 7, 2023/in Internet Security

Sep 07, 2023THNCyber Attack / Email Hacking

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account.

This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place in April 2021.

“A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (‘crash dump’),” the Microsoft Security Response Center (MSRC) said in a post-mortem report.

“The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material’s presence in the crash dump was not detected by our systems.”

The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer’s corporate account.

It’s not currently not known if this is the exact mechanism that was adopted by the threat actor since Microsoft noted it does not have logs that offer concrete proof of the exfiltration due to its log retention policies.

Microsoft’s report further alludes to spear-phishing and the deployment of token-stealing malware, but it did not elaborate on the modus operandi of how the engineer’s account was breached in the first place, if other corporate accounts were hacked, and when it became aware of the compromise.

That said, the latest development offers insight into a series of cascading security mishaps that culminated in the signing key ending up in the hands of a skilled actor with a “high degree of technical tradecraft and operational security.”

Storm-0558 is the moniker assigned by Microsoft to a hacking group that has been linked to the breach of approximately 25 organizations using the consumer signing key and obtaining unauthorized access to Outlook Web Access (OWA) and Outlook.com.

The zero-day issue was blamed on a validation error that allowed the key to be…

Source…

FBI, European agencies announce major takedown of hacker network that used Qakbot software

August 29, 2023/in Internet Security

LOS ANGELES — The FBI and its European partners infiltrated and seized control of a major global malware network used for more than 15 years to commit a gamut of online crimes including crippling ransomware attacks, U.S. officials said Tuesday.

They then remotely removed the malicious software agent – known as Qakbot – from thousands of infected computers.

Cybersecurity experts said they were impressed by the deft dismantling of the network but cautioned that any setback to cybercrime would likely be temporary.

“Nearly ever sector of the economy has been victimized by Qakbot,” Martin Estrada, the U.S. attorney in Los Angeles, said Tuesday in announcing the takedown.

He said the criminal network had facilitated about 40 ransomware attacks alone over 18 months that investigators said netted Qakbot administrators about $58 million.

Qakbot’s ransomware victims included an Illinois-based engineering firm, financial services organizations in Alabama and Kansas, along with a Maryland defense manufacturer and a Southern California food distribution company, Estrada said.

Officials said $8.6 million in cybercurrency was seized or frozen but no arrests were announced.

Estrada said the investigation is ongoing. He would not say where administrators of the malware, which marshaled infected machines into a botnet of zombie computers, were located. Cybersecurity researchers say they are believed to be in Russia and/or other former Soviet states.

Officials estimated the so-called malware loader, a digital Swiss knife for cybercrooks also known as Pinkslipbot and Qbot, was leveraged to cause hundreds of millions of dollars in damage since first appearing in 2008 as an information-stealing bank trojan. They said millions of people in nearly every country in the world have been affected.

Typically delivered via phishing email infections, Qakbot gave criminal hackers initial access to violated computers. They could then deploy additional payloads including ransomware, steal sensitive information or gather intelligence on victims to facilitate financial fraud and crimes such as tech support and romance scams.

The Qakbot network was “literally feeding the global cybercrime supply chain,” said Donald Alway,…

Source…

Android phones could steal a major feature from iPhone 14

August 29, 2023/in Mobile Security

We’ve already heard rumors that Android phones could get a version of iPhone 14’s Emergency SOS via satellite feature. Back during CES, Qualcomm announced plans to add satellite support to future phones, but now it sounds like Google could be working on its own version of the feature.

Developer Neil Rahmouini (via The Verge) uncovered code in the Google Messages app that suggests some kind of integration with the Garmin Response emergency services. This isn’t the first discovery over the past couple of weeks, either. Rahmouni also tweeted out what appears to be an early version of the UI for sending messages via satellite.

Looks like Google Messages may use Garmin Response for the Satellite Emergency SOSIf true it could mean that Emergency Satellite messages would be available in 150+ countries👀https://t.co/egVqM6JaJV(1st screen is a mockup, 2nd are the translations found in Google Messages) pic.twitter.com/Rza9BUxJwJAugust 28, 2023

Mishaal Rahman has also spotted a new satellite connectivity API — though it may not be available to third-party apps. That means emergency satellite connectivity may well be exclusive to Google Messages when it launches — and perhaps even for the foreseeable future.

Qualcomm’s upcoming satellite SOS system is also set to use Garmin Response, which should ensure some level of familiarity across all Android phones — no matter which satellite SOS system they end up using. Rahmouni also speculates that this could mean the service will be available in over 150 countries. Garmin itself claims that Response is available in 200 countries and territories.

The main benefit here is that the service is already up and running, and doesn’t require all the same regulatory hurdles that a new service would have to go through. That may help to explain why the iPhone Emergency SOS via satellite feature is currently only available in 14 countries so far.

Garmin’s support for “more than 210 languages and dialects” also means a much larger group of people will be able to use the feature without any sort of language barrier.

The only question is how much this service is going to cost. Garmin’s pricing currently starts at $15 a month, but…

Source…

Charities hit by major hack, internet security a bad joke as usual – Digital Journal

August 23, 2023/in Computer Security

Those fun folks on the dark web are making themselves useful again with a serious hack of Australian charities. This is the usual story of getting information for fake IDs, phishing, etc. The information includes names and addresses.

One of the problems was that the hacked company, an intermediary called Pareto Phone, had a lot of old information dating back 9 years. In Australia, records are required to be kept for the statutory limit of 6 years. The charities seem to have been completely unaware that the information was still held by the company.

A few obvious technical matters also arise – Older storage systems would naturally be more vulnerable to hacking. The data was also apparently still accessible to hackers online. It’s a bit of a 101 for data archiving, but it’s pretty common.

Less impressive is the allegation that the data was stored in contravention of Australian Privacy Principles, These are basic rules which govern the management of personal data by third parties. Pareto Phone is now working with investigators to analyze the issues.

This is a standard hack, perpetrated by the usual suspects with the usual outcomes so far. The distinguishing feature is the targeting of charitable donors. Maybe the little dears had nothing else to do that day.

This hack is representative of the hideously dysfunctional state of internet security. If you’ve ever been hacked or had your money laundered it’s nice to know so little is being done to shut it down.

I’ve had both of those experiences, years ago, and I can’t pretend to be impressed. Hacking of everything, including AI, simply isn’t getting proper attention and oversight. Hacking AI could well be catastrophic given the mindless acceptance of it in the corporate world. Hacking human neural links could be fatal.

…Or maybe the incredibly lax state of global internet security is the problem? This has been going on for decades. It’s made money laundering a breeze. There’s not that much chance of getting caught.

In the Age of Deregulation, which has been a daily lottery win for every criminal on the planet, it’s to be expected….

Source…

Tag Archive for: major