Tag Archive for: Weakness

Hacker exposed weakness in German electronic ID, magazine reports

/in


A hacker has reportedly uncovered security gaps in the online functions of Germany’s new national ID cards, according to the news magazine Der Spiegel.

Using his own software instead of the official government AusweisApp, the hacker managed to access login data for the so-called eID function of Germany’s identity card, which is intended to allow German citizens to securely identify themselves online.

According to the report, this is activated for more than 50 million ID card holders and serves as the basis for digital administrative procedures. It is also used for identification at banks, among other things.

The hacker, who goes by the pseudonym “CtrlAlt,” used the trick to open an account at a major German bank under someone else’s name.

A spokesman for the Chaos Computer Club (CCC), a well-known German hacker and computer security group, confirmed to Der Spiegel that the hacker had exposed a critical point in the eID procedure on mobile devices.

“This is a realistic attack scenario,” the spokesman told the news magazine. “It must be prevented that an ID app other than the officially approved one can register and log into the cell phone for eID authentication.”

The hacker had already informed Germany’s Federal Office for Information Security (BSI) of his findings on December 31.

The agency told Der Spiegel that it saw no reason to “change the risk assessment for the use of the eID,” since the vulnerability appeared to be not in the eID system itself but in devices used by consumers.

However, the agency said it would still examine a possible adjustment to the system.

Source…

2 Security Stocks to Watch Amid the Industry Weakness

/in


Organizations are pushing back their investments in big and expensive technology products on growing global slowdown concerns amid the current macroeconomic challenges and geopolitical tensions, thereby making the outlook for the Zacks Security industry gloomy. Of late, supply-chain disruptions, component shortages and product cost inflation are some headwinds players in the space have been encountering. These, along with elevated operating expenses related to hiring new employees, and sales and marketing strategies to capture more market share, are likely to strain margins in the near term.

Despite such concerns, industry participants like Qualys, Inc. QLYS and Absolute Software Corporation ABST are likely to benefit from the rising need for IT security solutions due to a surge in the number of data breaches. Increasing requirements for privileged access security due to digital transformation and cloud migration strategies are also fueling the demand for cybersecurity solutions.

Industry Description

The Zacks Security industry comprises companies offering on-premise and cloud-based security solutions. The solutions can be used for identity access management, infrastructure protection, integrated risk management, malware analysis and Internet traffic management, to name a few. Industry participants offer different types of security solutions, most of which can be used interchangeably. These solutions can be roughly categorized into three types — Computer Security, Cybersecurity and Information Security. Computer Security solutions provide protection from vulnerabilities in both the software and hardware of a computer system. Cybersecurity includes sections like web security, network security, application security, container security and information security. Information Security is concerned with any form of data-security issue, be it physical or digital data.

Major Trends Shaping the Future of the Security Industry

Rising Cyber Threats Boost Demand for IT Security: Frequent cyberattacks are spurring the demand for security solutions. This trend has not only affected certain companies but also threatened the national security of some countries. The prevailing global health crisis…

Source…

Hidden Weakness: Cyberwarfare Can Bring Down Xi Jinping

/in


Domestic resistance to Chinese president Xi Jinping is currently manifesting in a wave of sensitive data leaks from within China. This is decisive for two reasons. First, it reveals a sharp value divergence between the policies and practices of the Communist Chinese regime and the rapidly changing political culture of the Chinese people. If this critical vulnerability is escalated by agents within or outside of China, it could lead to a crisis of legitimacy in Beijing. Second, these data leaks reveal China’s asymmetric susceptibility to cyber warfare. Beijing’s hyper-sensitivity to attacks on its legitimacy, both historically and with the current government, provide a powerful retaliatory instrument against hybrid Chinese aggression, as well as China’s cyber espionage and public diplomacy campaigns.

A recent spate of classified file leaks from China is a strong indicator that there is a factional struggle in the lead-up to the crucial 20th National Congress of the Chinese Communist Party (CCP) that will determine whether President Xi Jinping will secure an indefinite appointment as General Secretary. Xi Jinping, whose support base is narrow within the party but benefits from strong popular support, faces those targeted by his successive anti-corruption campaigns, including the business-oriented Shanghai Gang of Jiang Zemin. For example, Jiang Zemin’s grandson, Jiang Zhicheng (Alvin Jiang), and Jack Ma’s relationship can be traced back to 2012 given Alibaba’s close affiliation with the Jiang faction. In April 2022, a book entitled China Duel, authored by a princeling with the pseudonym Yang Xiang, revealed extensive details on the Jiang faction’s attempt to have Xi demoted and dismissed at the end of Hu Jintao’s tenure in 2012.

In early 2022, well-connected British journalist John Sudworth, who has nearly ten years of experience reporting from mainland China, obtained highly classified documents known as the Xinjiang Police Files from a database containing more than five thousand photographs of Uighur detainees from between January and July 2018. Although some allege the files were hacked by an external actor, the prevailing evidence suggests that it was released…

Source…

BitMart Hack Puts Crypto’s Weakness on Display

/in


Well, crypto got hacked again. This time it was the exchange BitMart, which announced a hack of at least $150 million on the evening of Saturday, Dec. 4.

Blockchain security firm Peckshield — which spotted and tweeted out a warning of the leak about an hour and a half before BitMart CEO Sheldon Xia announced it — put the losses at closer to $200 million.

Read more: Crypto Exchange Bitmart Confirms $196M Lost in Security Breach

Saying that the stolen funds were “a small percentage of assets on BitMart,” Xia added that customers will not suffer any losses, promising “BitMart will use our own funding to cover the incident and compensate affected users.”

The theft comes less than a week after decentralized finance (DeFi) project BadgerDAO was hit for $120 million by a hacker who drained funds directly from users’ wallets. Which comes just four months after the mid-August attack in which a hacker drained a staggering $612 million from another DeFi project, Poly Network (and, strangely enough, promptly gave it all back).

DeFi is an especially inviting target, and the lack of central control means there’s less pushback against crooks. DeFi projects have been hit to the tune of $10 billion so far, according to a recnet report from crypto intelligence firm Elliptic.

Also read: DeFi Losses Top $10B From Exploits, Fraud, Theft

Then there were the 6,000 Coinbase users whose wallets were drained in a phishing attack in October.

So, what’s going on? Well, business as usual.

A Juicy Target

There’s a couple of reasons for all these hacks, starting with how large they are. When you’ve got the largest vault around, you’ll attract all the top criminals. Especially when, like crypto, your vault isn’t too secure.

Remember, one of the early ways bitcoin broke into mainstream consciousness was when a hacker drained $350 million in bitcoin from the Mt. Gox exchange in a February 2014 hack.

Part of the problem is that exchanges need “hot” wallets that are connected online for their ongoing transactions, which can run to billions of…

Source…