Tag: plant | SpinSafe

Microsoft Teams bug allow hackers to sidestep security, plant malware

June 26, 2023/in Computer Security

A Microsoft Teams vulnerability allows adversaries to sidestep security controls to plant malware on targeted systems. The Teams attack vector was found by researchers who warn as traditional routes of infection, such as inboxes and websites, become more heavily scrutinized communications platforms such as Teams, Slack and Zoom are becoming a more attractive target.

In a research note posted last week, Jumsec researchers said the issue impacts organizations that use Microsoft Teams in its default configuration. “This is done by bypassing client-side security controls which prevent external tenants from sending files (malware in this case) to staff in your organization,” wrote Max Corbridge researcher with Jumpsec’s Red Team research group.

IDOR Bug

The bug is based on the Teams feature that allows for two businesses running the Teams platform to interact with one another. The collaboration feature does have security measures in place to prevent one business to send the other business a malicious file via Teams. However, Jumpsec found a way to bypass those protections and successfully plant a malicious file on recipients system.

“Microsoft Teams allows any user with a Microsoft account to reach out to ‘external tenancies’… These organizations each have their own Microsoft tenancy, and users from one tenancy are able to send messages to users in another tenancy,” he wrote.

The loophole relies on a common hack called insecure direct object references (IDOR), where the file sender switches the internal and external recipient ID on a POST request, researchers said. A POST is used to send data to a server to create/update a resource.

When a file is hosted on a SharePoint domain an adversary can simply craft a malicious URL and send it to a target via Teams and plant malware on the target’s computer. The “payload is delivered directly to into the target’s inbox” as a file, not a link, researchers said.

The next step in the attack, researchers said, would be to use a social engineering tactic to con the recipient into clicking on the malicious payload.

“[This technique] avoids the now-rightfully-dangerous act of clicking on a link in an email, something that staff have been trained to…

Source…

Chinese buyout of Newport microchip plant a 'security risk' – BBC

November 16, 2022/in Computer Security

Chinese buyout of Newport microchip plant a ‘security risk’ BBC

Source…

Russian military spies hacked Kansas nuclear power plant

April 15, 2022/in Computer Security

Russian military officers are charged with combined 20 counts alleging conspiracy, computer fraud, wire fraud and identity theft. Among the list of victims was Wolf Creek Nuclear Operating Corporation in Burlington.

Hackers in a military unit of a Russian spy agency are accused of cybercrimes targeting a nuclear power plant in Kansas five years ago.

Russian military officers Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov are charged with a combined 20 counts alleging conspiracy, computer fraud, wire fraud and identity theft.

All three work for the Federal Security Service, also known as the FSB, which is a domestic intelligence agency with close ties to President Vladimir Putin. The FSB officers worked for a discrete operational unit within Center 16, which is also known as Military Unit 71330.

The 36-page grand jury indictment, filed Aug. 26, 2021 in U.S. District Court in Kansas City, Kan., was unsealed Thursday. The Federal Bureau of Investigation and federal prosecutors summarized the allegations in a news release.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” Deputy Attorney General Lisa Monaco said. “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”

More:Nuclear war, gas prices and Kansas soldiers among Jerry Moran’s thoughts on Russia’s invasion of Ukraine

Hackers wanted access to U.S. energy sector network

The goal of the hackers was to establish and maintain unauthorized access to computers and networks in the U.S. energy sector, enabling the Russian government to disrupt and damage the systems. They targeted hundreds of companies between 2012 and 2017.

The indictment alleges the three military officers were part of a team that specifically targeted the software and hardware that controls equipment in power generation facilities.

Source…

Exposing the Russian spies who attempted to hack a Kansas nuclear plant | KCUR 89.3

April 9, 2022/in Computer Security

Three young Russian spies, Pavel, Mikhail and Marat, working from computers in a 27-story skyscraper at 12 Prospekt Vernadskogo in Moscow, over five years targeted the Wolf Creek nuclear power plant in Burlington, Kansas.

They were on a sophisticated cyber reconnaissance mission to learn about the inner workings of the plant to prepare for a possible precision electronic assault by the Russians.

That is the story that broke March 24, when the U.S. Department of Justice suddenly and somewhat mysteriously unsealed an indictment against the hapless trio. The indictment was filed under seal on Aug. 26, 2021, in the U.S. District Court in Kansas City, Kansas, and lay gathering dust for seven months.

Context matters, and in this case it explains why the Sunflower State and its lone nuclear plant have been woven into a saga laced with John le Carré spy novel overtones.

The bloody context is the devastating war Russia launched weeks ago against Ukraine. It also includes the remarkably successful psychological warfare ops that the Biden administration and its Western European allies have thrown at Russian President Vladimir Putin and his war machine.

James Lewis, a nuclear cybersecurity expert, said that the DOJ indictment probably was unsealed in Kansas now because the Biden administration has fresh intelligence about the Russians and it wants those overseeing America’s critical infrastructure to be on heightened alert.

“Maybe the Russians are giving more consideration to a cyberattack than in the past. It is driven by what the Russians are up to,” said Lewis, director of the Strategic Technology Program of the Center for Strategic & International Studies in Washington.

Wolf Creek, completed in 1985, is located about 100 miles southwest of Kansas City. Evergy, formerly Kansas City Power & Light, owns 94% of Wolf Creek and the balance is owned by the Kansas Electric Power Cooperative.

A nuclear plant by a cooling pond — The Wolf Creek nuclear power plant near Burlington, Kansas.

Evergy declined to discuss the Russian cybersecurity attack on Wolf Creek. Their statement…

Source…

Tag Archive for: plant

IDOR Bug