Tag Archive for: Pwned

Courts service “PWNED” in Australia, as hackers steal sensitive recordings of hearings

/in


Hackers are believed to have successfully accessed several weeks’ worth of sensitive video and audio recordings of court hearings, including one made at a children’s court where the identities of minors are supposed to be particularly critical to protect.

The ransomware attack happened on the computer systems of Victoria’s Court Service in Australia, and is believed to have extended from 1 November 2023 until the network compromise was detected nearly two months later on 21 December.

The first that staff knew about the issue was when they were locked out of the PCs in the run-up to Christmas, with messages reading “YOU HAVE BEEN PWNED” appearing on their computer screens.

Media reports describe how staff were directed to instructions that pointed them to the dark web in order to make ransom payments if they did not want stolen data to be published.

Court Services Victoria (CSV) declared to share details of who might be responsible for the cybersecurity breach, but commentators have pointed the finger of suspicion at the Qilin (also known as Agenda) ransomware-as-a-service group.

However, at the time of writing, the latest claimed victim announced on Qilin’s extortion blog is Serbian energy company EPS – reportedly hit by a ransomware attack before Christmas.

In an FAQ published on its website, CSV shared some limited details of its “cyber incident” which saw unauthorized access to its audio-visual in-court technology network, and admitted that it was possible that some hearings before 1 November are also affected – including the children’s court case which was held in October 2023.

Amongst those hit were the the Supreme Court, with recordings from the Court of Appeal, the Criminal Division, the Practice Court, and two regional hearings in November potentially accessed.

“Maintaining security for court users is our highest priority.  Our current efforts are focused on ensuring our systems are safe and making sure we notify people in hearings where recordings may have been accessed,” said CSV CEO Louise Anderson. “We understand this will be unsettling for those who have been part of a hearing.  We recognise and apologise for the distress that this may cause people.”

No other court systems…

Source…

How one of Vladimir Putin’s most prized hacking units got pwned by the FBI

/in


How one of Vladimir Putin’s most prized hacking units got pwned by the FBI

Getty Images

FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a payload that caused the malware to disable itself.

The counter-hack took aim at Snake, the name of a sprawling piece of cross-platform malware that for more than two decades has been in use for espionage and sabotage. Snake is developed and operated by Turla, one of the world’s most sophisticated APTs, short for advanced persistent threats, a term for long-running hacking outfits sponsored by nation-states.

Inside jokes, taunts, and mythical dragons

If nation-sponsored hacking was baseball, then Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008, and more recently the German Foreign Office and France’s military. The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

One of the most powerful tools in Turla’s arsenal is Snake, a digital Swiss Army knife of sorts that runs on Windows, macOS, and Linux. Written in the C programming language, Snake comes as a highly modular series of pieces that are built on top of a massive peer-to-peer network that covertly links one infected computer with another. Snake, the FBI said, has to date spread to more than 50 countries and infected computers belonging to NATO member governments, a US journalist who has covered Russia, and sectors involving critical infrastructure, communications, and education.

A short list of Snake capabilities includes a backdoor that allows Turla to install or uninstall malware on infected computers, send commands, and exfiltrate data of interest to the Kremlin. A professionally designed piece of software, Snake uses several layers of custom encryption to encrypt commands and exfiltrated data….

Source…

A Top LastPass Engineer’s Home PC Got Pwned by a Hacker’s Keylogger

/in


Photo: Maor_Winetrob (Shutterstock)

Photo: Maor_Winetrob (Shutterstock)

Beleaguered password manager LastPass has announced yet another serious security screwup and, this time, it may be the final straw for some users.

For months, the company has been periodically providing updates about a nasty data breach that occurred last August. At the time, LastPass revealed that a cybercriminal had managed to worm their way into the company’s development environment and steal some source code but claimed there was “no evidence” that any user data had been compromised as a result. Then, in December, the company made an update, revealing that, well, actually, yeah, certain user information had been compromised, but couldn’t share what, exactly, had been impacted. Several weeks later it did reveal what had been impacted: users’ vault data, which, under the right, extreme circumstances, could lead to total account compromises. And now, finally, LastPass has provided yet more details, revealing that the fallout from the breach was even worse than previously imagined. It’s probably enough to make some users run screaming for the hills.

Read more

According to a press release published Monday, the initial August data breach allowed the cybercriminal in question to hack into the home computer of one of LastPass’s most privileged employees—a senior DevOps engineer, and one of only four employees with access to decryption keys that could unlock the platform’s shared cloud environment. The hacker subsequently laced the engineer’s computer with a keylogger, which allowed them to steal their LastPass master password. Using the PW, the cybercriminal managed to break into the engineer’s password vault and, filching necessary decryption keys from the engineer’s account, proceeded to penetrate LastPass’s shared cloud environment, where they stole a whole load of important data.

The company admits that the hacker “exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”

In short:…

Source…

HP LaserJet Pwned By Hackers Gets Turned Into An AC/DC Cranking Boombox

/in


hero laserjet acdc
It’s easy to think of hackers in the colloquial sense as being the enemies of society. People who break into computer systems and sabotage electronics to gain control of them or steal data; how could someone like that be of benefit to society at large? The answer is that a great many so-called “hackers” are in fact security experts who know from experience where to look for security holes, and are also often consulted for help in closing them.

These “white hat” hackers hunt for security holes and application exploits, then report them to vendors to claim bug bounties, but some vendors are either unwilling to pay for such services or are simply difficult to contact. Back in 2005, Trend Micro set up the Zero Day Initiative for exactly that reason. It’s a group that works with security researchers to identify “zero-day” vulnerabilities in tech products and then act as an intermediary with the vendors to see them fixed.

The Zero Day Initiative sponsors multiple yearly events called Pwn2Own, where hackers gather to make time-limited attempts to exploit specific products. This year’s event in Austin was the largest-ever, with 58 total entries from 22 different security teams. Contestants have 30 minutes to deploy their exploit and gain unapproved privileges, remote code execution, or other unauthorized access to their targets.

The Initiative has a list up on its blog of all of the entries and their results, and there’s some good stuff in there, but by far the most entertaining result has to be F-Secure Labs’ 11:00 submission on Thursday where the three experts hacked an HP Color Laserjet Pro MFP M283fdw and turned it into a jukebox, playing AC/DC’s “Thunderstruck” through its tiny (and tinny) speaker. You can see/hear a brief clip of that in action, in the tweet below…
Other targeted devices at this year’s Pwn2Own event include NAS devices from WD, routers and home gateways from Netgear, Cisco, and TP-Link, printers from Canon and Lexmark, the Sonos One speaker, and notably, Samsung’s Galaxy S21 smartphone. All of these devices were running the latest firmware and security patches, yet all of them were hacked.

Not to worry, though; the ZDI doesn’t disclose or publish the exploits…

Source…