Tag Archive for: poses

Hacker Poses As Support Rep To Breach Cox Communications

/in


Cox Communications, the third-largest cable provider in the U.S., has sent notifications to customers who were impacted by a recent data breach. According to the company, the hacker gained access to its systems by impersonating a support rep.

A copy of the notification shared by Bleeping Computer’s Lawrence Abrams reveals that Cox became aware of the attack on October 11.

This is the second incident related to a Cox company in the past six months. In June, Cox Media Group (CMG) suffered a ransomware attack that knocked TV and radio broadcasts offline.

The breach notification does not mention when the breach actually occurred, though it’s possible that information was not yet known at the time the notifications were sent out. Cox also notes that impacted accounts were secured, an investigation was launched and law enforcement officials notified on the day the attack was discovered.

Customers were notified that the attacker “may have viewed” private details of their accounts. That data potentially includes the customer’s Cox account number, access PIN, security questions and answers, list of active Cox services, Cox.net email address, name, address and telephone number.

It does not appear as though customer financial information was compromised, though Cox is still advising that those impacted carefully review their payment card statements for fraudulent transactions.

Cox customers who received a notification are also being a year of identity monitoring from Experian to “relieve concerns and restore confidence.”

The company is also advising that users change their passwords if they have re-used their Cox password with another…

Source…

China Says U.S., U.K. Are ‘Empires’ for Hacking After U.K. Official Warns of Global Tech Risk China Poses

/in


Jeremy Fleming, the U.K.’s director of government electronic surveillance agency GCHQ, pointed to China on Friday as a major threat to internet securities with their “potential to control the global operating system” due to its “size and technological weight,” according to the Associated Press.

China’s Foreign Ministry fired back during a Friday press conference when spokesperson Zhao Lijian said that the remarks are “groundless and make no sense at all.”

“Western countries, such as the U.K. and U.S., are actually the true empires of hacking and tapping,” Zhao said.

Meanwhile, Fleming said China has a “competing vision for the future of cyberspace,” and added that there is a potential for China to use their authority to dominate technology markets, AP reported.

“I’d like to stress that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, it’s importance to have enough evidence when investigating and identifying cyber-related incidents,” Zhao added. “Groundless speculations should be avoided.”

For more reporting from the Associated Press, see below.

Chinese Foreign Ministry Spokesman Zhao Lijian
Chinese Foreign Ministry spokesman Zhao Lijian takes a question at the daily media briefing in Beijing on April 8, 2020.
Greg Baker/AFP via Getty Images

Western countries risk losing control of technologies that are key to internet security and economic prosperity to nations like China and Russia if they don’t act to deal with the threat, one of the U.K.’s top spy chiefs warned Friday.

“Significant technology leadership is moving east” and causing a conflict of interests and values, Fleming said in a speech.

China is an early adopter of emerging technologies and is playing an influential role in the debate around international rules and standards, he said.

He raised the possibility of countries with “illiberal values” like China building them into technical standards that the world ends up relying on, turning them into arenas of geopolitical competition.

Russian hacking and other nefarious online activity, meanwhile, poses the most acute threat to the U.K. but, like a smartphone app vulnerability, could be avoided.

Left unchecked, foreign adversaries could threaten the design…

Source…

APT10 targets Japanese entities. Purple Fox gets an upgrade. Android malware poses as system update.

/in


At a glance.

  • APT10 targets Japanese entities.
  • Purple Fox gets an upgrade.
  • Android malware poses as system update.
  • Vulnerable mobile apps.

APT10 targets Japanese entities.

Kaspersky describes a cyberespionage campaign that ran from March 2019 to the end of December 2020. The campaign targeted Japan and entities related to Japan, particularly the country’s manufacturing industry. The researchers “assess with high confidence” that China’s APT10 is behind the operation. The threat actor gained access by exploiting vulnerabilities in Pulse Connect Secure VPNs or by using previously stolen credentials.

Kaspersky says the actor used a unique loader dubbed “Ecipekac” to deliver fileless malware. The researchers explain, “This campaign introduced a very sophisticated multi-layer malware named Ecipekac and its payloads, which include different unique fileless malware such as P8RAT and SodaMaster. In our opinion, the most significant aspect of the Ecipekac malware is that, apart from the large number of layers, the encrypted shellcodes were being inserted into digitally signed DLLs without affecting the validity of the digital signature. When this technique is used, some security solutions cannot detect these implants. Judging from the main features of the P8RAT and SodaMaster backdoors, we believe that these modules are downloaders responsible for downloading further malware that, unfortunately, we have not been able to obtain so far in our investigation.”

Purple Fox gets an upgrade.

Guardicore is tracking a malware campaign dubbed “Purple Fox” that’s recently added a new propagation method. The malware was discovered in 2018, and would spread via exploit kits and phishing emails. In late 2020, however, the malware operators began gaining access by brute-forcing exposed SMB services:

“While it appears that the functionality of Purple Fox hasn’t changed much post exploitation, its spreading and distribution methods – and its worm-like behavior – are much different than described in previously published articles. Throughout our research, we have observed an infrastructure that appears to be made out of a hodge-podge of vulnerable and exploited servers hosting the initial payload of the malware,…

Source…

Malware campaign poses as Team Blue Take Action email

/in

Cybercriminals have sent out thousands of malware-laden emails, using lures related to the US elections, to companies across America.
Graham Cluley