Tag Archive for: millions

MOVEit hack claims Calpers and Genworth as millions more victims impacted, ET Telecom

/in


The number of victims of the MOVEit hack grew by several million on Thursday after the biggest U.S. pension fund, Calpers, and insurer Genworth Financial said personal information of their members and customers had been compromised.

Both said a third-party vendor, PBI Research Services, was affected in a data theft hack, providing a path for the hackers to then steal data from Calpers and Genworth. PBI could not be reached for comment.

Calpers said on June 6, 2023, PBI told them of a “vulnerability” in their MOVEit Transfer software that allowed hackers to download “our data” without specifying how many people were impacted. News reports said information from more than 700,000 Calpers members and retirees was taken.

The MOVEit software is widely-used by organisations around the world to share sensitive data.

Genworth Financial was harder hit, saying personal information of nearly 2.5 million to 2.7 million of its customers was breached.

“The personal information of a significant number of insurance policyholders or other customers of its life insurance businesses was unlawfully accessed,” Genworth said.

From U.S. government departments to the UK’s telecom regulator and energy giant Shell, a range of victims have emerged since Burlington, Massachusetts-based Progress Software found the security flaw in its MOVEit Transfer product last month.

The insurer said it is working to ensure “protection services” are provided to the impacted individuals, according to a regulatory filing.

Data taken from Calpers included members’ first and last name, date of birth and social security number. It serves more than 2 million members in its retirement system.

The MOVEit hack has hit several state and federal agencies. Last week, the U.S. Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and scientific education facility that were recently hit in a global hacking campaign.

Data was compromised at the two DOE entities after hackers breached their systems through a security flaw in MOVEit Transfer.

The wide-ranging impact of the hack shows how even the most security-minded federal…

Source…

Gigabyte Firmware Exposes Millions Of Motherboards To Backdoor Hacking Threat

/in


hero gigabyte backdoor logo

It’s really irritating when you set up a new system and it begins downloading and installing the motherboard vendor’s software without your permission or prompting. This can happen with a lot of different motherboard vendors, but there are secure ways and insecure ways to go about it, and Gigabyte seems to have chosen poorly.

We say that because security platform Eclypsium announced that it had detected “backdoor-like behavior” in Gigabyte systems. The specific behavior is that affected motherboards run internet-connected Windows software dropped from the system firmware to then update said firmware from the internet. The software in question is all completely legitimate in theory, but of course that’s where all kinds of trouble starts.

Because the application runs in the background, invisibly, there’s no way for the user to be aware if the tool has been hijacked by a threat actor. Don’t be confused; there’s not necessarily any problem with your system if you have a Gigabyte motherboard. It’s just that the update tool—which can be disabled from the UEFI setup but is enabled by default—performs very little in the way of security or safety checking.

That means that this innocuous update tool could be downloading a compromised firmware update from anywhere. This kind of “man in the middle” attack is particularly problematic because it’s very sneaky and not obvious to the user. It’s also a huge problem once it’s happened, because it’s very difficult to root out such an exploit as it can simply redownload itself, and prevent the user from flashing a “clean” firmware. This exploit affects nearly all Gigabyte motherboards made in the last few years. You can check this list [PDF] from Eclypsium to see if your board is affected.

For its part, Gigabyte has already released beta BIOS updates for all of its Intel LGA 1700 and AMD Socket AM4 motherboards that are vulnerable to this exploit. The company says that it has “implemented stricter security checks” on the tools, including signature verification and privilege access limitations, both of which should help keep bad guys from getting into your firmware. Updates for other systems, including Intel 400/500-series and AMD’s Socket AM5…

Source…

Millions of Android phones come with pre-installed malware, and there’s no easy fix

/in


Why it matters: The Google Play Store is notorious for harboring apps that contain malware, adware, or some flavor of spyware or fleeceware. A little-known fact is that hackers are increasingly turning to pre-installed apps to do their misdeeds, but researchers are once again trying to raise attention to this growing trend. Millions of affordable Android phones come with a large number of pre-installed apps, and hackers only need to subvert one. Solving this problem, however, is a much more difficult task compared to dealing with rogue apps that make it into the Play Store.

Last month, we learned that malware had been discovered in 60 Android apps with over 100 million downloads – another black eye for the mobile operating system that has an estimated three billion active users worldwide. Malicious developers regularly exploit various loopholes in Google’s app vetting process to create apps that steal login credentials or fleeceware that squeeze as much as $400 million per year from users by tricking them into signing up for expensive in-app subscriptions.

However, researchers at Trend Micro are sounding the alarm about the growing trend of Android devices that come with malicious software pre-installed. While you can easily remove an app you’ve downloaded from the Play Store, dealing with malware baked into system apps or device firmware is a much more difficult task.

Android’s open nature allows manufacturers to create a wide range of phone models and target price-conscious consumers with more affordable options, but it also opens the door for hackers to sneak in malicious code before those devices even leave the factory floor. And this risk also applies to other Android devices – everything from smartwatches to tablets, set-top boxes, and smart TVs.

Senior Trend Micro researcher Fyodor Yarochkin says pre-installed malware has become a lot more common in recent years partly because of a race to the bottom among mobile firmware developers. Once it became unprofitable to sell firmware, many of them started offering it for free.

As you’d expect, there’s a catch to this new business model – many of the firmware images analyzed by Trend Micro contained bits…

Source…

Millions warned over Wi-Fi hack that can leak data as FBI warns against using public networks

/in


EXPERTS have raised the alarm on a Wi-Fi hack known as ‘kr00k’ that can expose your search history.

It comes as the US’ Federal Bureau of Investigation (FBI) warns people against using public internet networks.

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flaw

1

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flawCredit: Reuters

Fraudsters tend to prey on the weaker security and bigger victim pool that comes with shared Wi-Fi.

“Preventing internet-enabled crimes and cyber intrusions requires each of us to be aware and on guard,” the FBI wrote in a recent announcement.

“Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network.”

Experts Mathy Vanhoef, Domien Schepers and Aanjhan Ranganathan have described the kr00k hack as a Wi-Fi “design flaw” in a recent paper.

People are just realising there's a hidden Wi-Fi 'killer' affecting your internet
Wi-Fi users warned over hacking signs – check router for 'criminal' alerts

Information about a network’s management, control and data is documented in what’s known to experts as Wi-Fi frames.

These frames will be queued and buffered so that they’re sent to access points at appropriate times.

Access points are devices similar to the broadband router you have at home, but is designed for local wireless networks that are often found in train stations, airports, shopping centres and hotels.

However, hackers can intercept these frames when they are buffering, according to the three researchers.

This means they can get a text-based breakdown of their victims browser history on almost all devices.

Cyber criminals can evade the security blockades on Windows and Mac computers, as well as iPhone and Android devices.

“The unprotected nature of the power-save bit in a frame’s header, which our work reveals to be a fundamental design flaw, also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack,” the researchers explained in their paper, which will be presented at the Usenix Security Symposium later this year.

The snoop would have to be in radio range of the wireless devices, be it your iPhone or Windows PC, to exploit the security flaw.

In some cases, hackers may also need to be…

Source…