Tag Archive for: warnings

The mystery of China’s sudden warnings about US hackers

/in


Chinese flag with digital matrix -Innovation Concept - Digital Tech Wallpaper - 3D illustration
Enlarge / Chinese flag with digital matrix -Innovation Concept – Digital Tech Wallpaper – 3D illustration

peterschreiber.media | Getty Images

For the best part of a decade, US officials and cybersecurity companies have been naming and shaming hackers they believe work for the Chinese government. These hackers have stolen terabytes of data from companies like pharmaceutical and video game firms, compromised servers, stripped security protections, and highjacked hacking tools, according to security experts. And as China’s alleged hacking has grown more brazen, individual Chinese hackers face indictments. However, things may be changing.

Since the start of 2022, China’s Foreign Ministry and the country’s cybersecurity firms have increasingly been calling out alleged US cyberespionage. Until now, these allegations have been a rarity. But the disclosures come with a catch: They appear to rely on years-old technical details, which are already publicly known and don’t contain fresh information. The move may be a strategic change for China as the nation tussles to cement its position as a tech superpower.

“These are useful materials for China’s tit-for-tat propaganda campaigns when they faced US accusation and indictment of China’s cyberespionage activities,” says Che Chang, a cyber threat analyst at the Taiwan-based cybersecurity firm TeamT5.

China’s accusations, which were noted by security journalist Catalin Cimpanu, all follow a very similar pattern. On February 23, Chinese security company Pangu Lab published allegations that the US National Security Agency’s elite Equation Group hackers used a backdoor, dubbed Bvp47, to monitor 45 countries. The Global Times, a tabloid newspaper that’s part of China’s state-controlled media, ran an exclusive report on the research. Weeks later, on March 14, the newspaper had a second exclusive story about another NSA tool, NOPEN, based on details from China’s National Computer Virus Emergency Response Center. A week later, Chinese cybersecurity firm Qihoo 360 alleged that US hackers had been attacking Chinese companies and organizations. And on April 19, the Global Times

Source…

New Warnings Show How Hackers in Nigeria Can Remotely Steal Cars – IT News Africa

/in


Image sourced from Car Throttle.com.

Nigeria’s Communications Commission (NCC) published a warning yesterday advising drivers in the West African country to beware of a new cybercrime method being used by hackers where car doors can be opened and vehicles can be started without keys, all done remotely while the criminals hide nearby.

According to the NCC, owners of Honda and Acura-model vehicles are the most susceptible to these kinds of new attacks.

The NCC discovered these new grand theft auto methods via investigations made by the Computer Security Incident Response Team (CSIRT), a cybersecurity body established to protect the country’s telecom sector by the NCC.

According to CSIRT’s report, released to the media by Dr Ikechukwu Adinde, Director Public Affairs at the NCC, there is an existing cyber-vulnerability with certain makes of vehicles that allows hackers to remotely unlock vehicles, start their engines wirelessly and then steal the cars. The only requirement is that the hackers be nearby the vehicles to allow the process to take place.

“CSIRT discovered that because car remotes are categorised as short-range devices that make use of radiofrequency to lock and unlock cars, there are immediate dangers in a new hacking method which sees hackers take advantage to unlock and start a compromised car,” said Adinde, quoted by Vanguard Nigeria.

According to CSIRT’s report, the cybercrime attack is what is known as a “Man-in-the-Middle” attack, or a reply attack, in which a threat actor intercepts the radio signal used by car remotes and manipulates the signal in order for the criminal to remotely unlock the car at a later time – like when the owner has lost sight of the vehicle – and gain access.

Some vehicles are more susceptible to these attacks than others, such as certain Honda or Acura models which can be started without ignition keys. These model vehicles can have their engines started wirelessly using the same reply attack method. By the time the owner returns, their car has vanished with no broken glass or alarm bells to tell the owner of what occurred.

“The attack consists of a threat actor capturing the radiofrequency…

Source…

‘Spring4Shell’ bug in framework for Java programming draws widespread warnings

/in


Written by Joe Warminsky
Apr 1, 2022 | CYBERSCOOP

Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java programming language — to update their software due to a critical vulnerability discovered this week.

An alert Friday from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warns Spring users that a remote attacker “could exploit this vulnerability to take control of an affected system,” otherwise known as remote code execution (RCE).

Researchers are already calling the bug Spring4Shell, a name reminiscent of the major Log4Shell bug discovered in December in the open source Log4j logging software for websites. Spring4Shell is also open source software, which can complicate the response to a major bug.

The CISA alert does not specify how widely Log4Shell might be exploited so far. Researchers at Rapid7 said in an updated blog post Friday that it is still “a quickly evolving incident.”

Engineers at Spring, part of IT giant VMware, announced the vulnerability Thursday, roughly two days after reports noted that its existence had been leaked outside of usual vulnerability disclosure processes. Spring posted a guide to mitigation on Thursday.

The potential for exploitation of Spring4Shell can vary from project to project, researchers say, given that not all programmers might be using the same version of the Spring platform.

“In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system,” researchers at Praetorian said. “However, exploitation of different configurations will require the attacker to do additional research to find payloads that will be effective.”

There are signs that Spring4Shell had drawn potentially malicious activity before this week. Researchers at 360 Netlab say they have evidence of activity as early as 10 days before Spring officially announced the bug. A familiar piece of malware subsequently has reared its head, 360 Netlab said. A variant of the Mirai malware

Source…

Hackers compromise FBI's email system, send out fake cybersecurity warnings to thousands

/in



According to a new report, the FBI’s email system became abducted to a “sophisticated chain attack” and was used for sending thousands of phishing emails from legitimate addresses …

Source…