Tag: websites | Page 2

China denies hacking Philippines websites

February 6, 2024/in Computer Security

MANILA, Philippines — The Chinese embassy has denied Beijing’s involvement in hacking attempts on the websites of Philippine government agencies including the Philippine Coast Guard (PCG).

“Some Filipino officials and media maliciously speculated about and groundlessly accused China of engaging in cyberattacks against the Philippines, even went as far as connecting these cyberattacks with the South China Sea disputes. Such remarks are highly irresponsible,” the embassy said in a statement on Monday.

The Chinese government, it said, firmly opposes and cracks down on cyberattacks and does not allow illegal activities on Chinese soil or using Chinese infrastructure.

The statement was issued days after the Department of Information and Communications Technology (DICT) revealed that cybersecurity experts successfully blocked hacking attempts from China that targeted government websites and emails.

PCG spokesman Rear Admiral Armand Balilo said he is not discounting the possibility that the cyberattack attempt on its website could be connected to the ongoing conflict in the West Philippine Sea.

Based on the DICT investigation, the hackers were reportedly from China Unicom, a state-owned telecommunications firm.

Cybersecurity center

A cybersecurity center would prevent the occurrence of cybercrimes as the country’s cybercrime laws only focus on investigations, according to the Philippine National Police Anti-Cybercrime Group (PNP-ACG).

“It means it already happened and there is a probe to charge the persons responsible,” ACG director Maj. Gen. Sidney Hernia said at a news briefing.

Police officers in cybercrime investigations, he noted, need to improve their skills to remain at par with foreign counterparts.

Over the weekend, the DICT revealed that China-based hackers committed cyberattacks against government websites and emails.

Hernia said law enforcement agencies should beef up security to protect the country’s cyberspace.

The ACG is collaborating with financial institutions and e-wallet services to strengthen their security against online scams.

Online abuse of children

Stronger community-based measures for digital protection and internet safety are being pushed as…

Source…

Hackers hijack government websites to mine crypto-cash

December 16, 2023/in Computer Security

The Information Commissioner’s Office (ICO) took down its website after a warning that hackers were taking control of visitors’ computers to mine cryptocurrency.
Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected.
He said the affected code had now been disabled and visitors were no longer at risk.
The ICO said: “We are aware of the issue and are working to resolve it.”
Mr Helme said he was alerted by a friend who had received a malware warning when he visited the ICO website.
He traced the problem to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web.
Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code designed to generate cryptocurrency.
The cryptocurrency involved was Monero – a rival to Bitcoin that is designed to make transactions in it “untraceable” back to the senders and recipients involved.
The plug-in had been tampered with to add a program, Coinhive, which “mines” for Monero by running processor-intensive calculations on visitors’ computers.
Once the plug-in was infected, it affected thousands of other websites in addition to the ICO’s, which used it.
By Rory Cellan-Jones, BBC technology correspondent
The surge in value of Bitcoin and other cryptocurrencies hasn’t escaped the attention of hackers looking to make a quick buck.
Mining, the process where new digital coins are created by solving complex mathematical problems, uses increasing amounts of computer processing power and that means big electricity bills.
All the better then if you can get other people’s computers to do the job. The hackers do this by inserting software into websites which then means that, unbeknown to them, visitors’ computers are put to work mining cryptocurrencies.
It seems that the Information Commissioner’s site along with others run by the government were infected by crypto-mining code injected into some accessibility software they all use.
This kind of attack is becoming increasingly common and while it appears not to cause data loss or damage to systems, it does…

Source…

Failure to verify OAuth tokens enables account takeover on websites

October 27, 2023/in Internet Security

If that site is an e-commerce platform like Bukalapak, the user might have billing and payment information stored in their profile. If it’s a service like Grammarly, the user might have sensitive documents and so on.

Other variations and implementation oversights

OAuth is a complex standard and allows for various implementation variants. For example, instead of using redirect URLs between the site and the identity provider, the site might choose to use the PostMessage feature, but the attack is still possible in such an implementation if the token is not validated.

Passing tokens via URLs is potentially vulnerable to man-in-the-middle attacks if an attacker has the ability to passively monitor traffic and just extract the OAuth token from the URL they observe. Because of this, OAuth also provides a more secure approach where the identity provider issues a one-time code instead of an access token, then the website takes that code together with an application secret only itself and Facebook knows and exchanges the code into a token using the Facebook API.

Grammarly actually used this more secure code-based approach when the Salt Security team tested its OAuth implementation. However, the researchers saw the Grammarly OAuth script took requests with the entry code in the request and wondered if it may include a function that takes tokens as well. Therefore, they tried making requests by replacing code with different words like token, facebookToken, FBtoken and different variations, until they found that access_token worked and was accepted.

In other words, they managed to downgrade Grammarly’s implementation to the more secure variant because the code to handle tokens directly instead of code was still left in the script as an option. And it turned out, there was no token validation step to check for the app ID.

The Salt Security researchers found other OAuth implementation flaws in major websites in the past, including some that could have given attackers access to Booking.com accounts. “It’s extremely important to make sure your OAuth implementation is secure,” the researchers said. “The fix is just one line of code away…. When OAuth is used to…

Source…

Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says

October 25, 2023/in Computer Security

Hackers believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign, according to new research.

Cisco’s Talos group has spent months tracking YoroTrooper — a hacking group focused on espionage that first emerged in June 2022. Researchers said the group’s targets, use of Kazakh currency, and fluency in Kazakh and Russian is part of what led them to believe the hackers are based in Kazakhstan.

YoroTrooper appears to have performed defensive actions in protecting the Kazakhstani state-owned email service and have only ever attacked the Kazakh government’s Anti-Corruption Agency.

Asheer Malhotra, a Cisco Talos threat researcher, told Recorded Future News that the group has actively tried to disguise its operations to make it seem like the attacks are coming from Azerbaijan in an attempt to “generate false flags and mislead attribution.”

“In terms of their modus operandi, their tactics and tools aren’t very sophisticated, however YoroTrooper has still enjoyed a substantial amount of success compromising targets in CIS [Commonwealth of Independent States] countries over the past two years, owing to their aggressive attempts to target their victims. Further, the threat actor shows no signs of slowing down in spite of Cisco Talos’ initial disclosure detailing YoroTrooper’s activities earlier this year,” Malhotra said.

Cisco Talos tracked attacks involving institutions and officials in Azerbaijan, Tajikistan, Kyrgyzstan, Uzbekistan, using VPN services to make it look like their hacks come from Azerbaijan.

The hackers compromised multiple state-owned websites and accounts belonging to government officials between May 2023 and August 2023.

Most of the attacks start with phishing emails and deploy custom-made malware that allows the group to steal data and credentials.

Countries attacked by YoroTrooper. Image: Cisco Talos

Researchers found the hackers using Russian in their attempts to debug their tools while also visiting numerous websites written in Kazakh. In June the hackers began using Uzbek in their code, another language spoken widely in Kazakhstan.

The hackers use cryptocurrency…

Source…

Tag Archive for: websites

Cybersecurity center

Online abuse of children

Other variations and implementation oversights