Uber app can secretly record iPhone screens, collect private data even when it isn’t being used
However, the entitlement, uncovered by security researcher and CEO of Sudo Security Group Will Strafach, also allowed the Uber app to potentially secretly record iPhone screens, ZDNet reported. “Concerns have been raised about the entitlement having been potentially used by Uber or hacker(s) that managed to compromise Uber’s networks to monitor iPhone users’ activities. Uber was reportedly granted permissions by Apple to allow its developers to improve its app’s functionality for Apple Watch. The capability is called an entitlement, which is essentially a piece of code that allows app developers to improve interactions with Apple systems such as iCloud or Apple. However, the tool can be used to silently monitor iPhone users’ activities and more, even when the app isn’t being used. According to Strafach, Uber is the only third-party app to be provided the entitlement by Apple. “It’s not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production,” an Uber spokesperson told ZDNet “This API would allow maps to render on your phone in the background and then be sent to your Apple Watch. “Other iOS app developers have also reportedly said that the move is unprecedented, ZDNet reported. Uber has said that it will remove the code from its iPhone app. The tool could also have been potentially used to harvest users’ passwords and other private data.
GCHQ-linked cyber agency fights hundreds of hacks, warns ‘further attacks will happen
Worryingly, president of cybersecurity firm Corero, Andrew Lloyd, said that his firm had discovered “more than one third” of UK national critical infrastructure companies have not completed basic cybersecurity standards issued by the government. Ever since, computer security experts at the National Cyber Security Centre (NCSC), based in the heart of London, have been kept busy – working to help resolve more than a thousand incidents. Ciaran Martin, the chief executive of the NCSC, said: “We’re incredibly proud of what we have achieved in our first year at the National Cyber Security Centre. “The report released this week was largely self-congratulatory in tone, claiming that a scheme known as Active Cyber Defence was able to block “millions of attacks every week” and that “the average time a phishing site is online from 27 hours to just one hour. Rob Norris, cyber chief at Fujitsu, said: “In today’s world, cybercrime is inevitable. A total of 1,131 incidents to be exact, according to a new report released this week (3 October) by the agency. Jeremy Fleming, director of GCHQ, said: “In an increasingly digital world, cyber is playing an ever more important part in our daily lives and in the UK’s approach to security. ” He added: “It is worrying to see the UK suffers nearly two significant cyberattacks every day. In the wake of the chaos, the clandestine spy agency worked hard to recover from the bad press. “More needs to be done to protect the UK against cyberattacks,” Lloyd asserted.
What is FreeMilk? Hackers use new phishing campaign to hijack email conversations and deploy malware
In a number of instances, researchers said the PoohMilk loader was used to load N1stAgent, a remote administration tool that was first seen in a phishing campaign in 2016 that used phishing emails disguised as Hancom’s security patch. Security researchers have discovered a new sneaky targeted spear-phishing campaign used by hackers to intercept ongoing email conversations between individuals and hijack them to deploy malware. While the target believes that he/she is still contacting the recipient, the threat actor sends phishing emails carrying malicious documents to deliver two malware payloads called PoohMilk and Freenki to infect the targeted system. “The FreeMilk spear phishing campaign is still ongoing, and is a campaign with a limited but wide range of targets in different regions,” researchers said. Palo Alto Networks Unit 42 researchers said the sophisticated campaign, dubbed FreeMilk, uses the CVE-2017-0199 Microsoft Word Office or WordPad Remote Code Execution Vulnerability with carefully crafted decoy content customised for each target recipient. “The threat actor tried to stay under the radar by making malware that only executes when a proper argument is given, hijacked an existing email conversation and carefully crafted each decoy document based on the hijacked conversation to make it look more legitimate,” researchers said. “We were not able to identify the second stage malware delivered via Freenki downloader during the campaign,” they added. In this attack, threat actors intercept a legitimate, ongoing conversation between two recipients and pose as one of them using messages that seem as if the victim is still communicating with the original person they were emailing. The researchers also noticed some C2 infrastructure overlap with other cases mentioned by TALOS and another private researcher. Freenki is also able to take screenshots of the infected system and send them over to a command server for the threat actors to exploit and download additional malicious software.
Disqus hacked: More than 17.5 million users’ details stolen by hackers in 2012 data breach
Disqus said the exposed user data dates back to 2007 with the most recent data exposed from July 2012. Disqus said it began notifying users of the breach on Friday and reset the passwords of all affected users. The company, which provides a web-based plugin for websites and blogs, said the compromised data includes usernames, sign-up dates and last log-in dates in plain text. No plain text passwords were exposed, but it is possible for this data to be decrypted (even if unlikely. “As a precaution, Disqus has reset the passwords of all affected users and advised them to change their passwords on other services and platforms if they happen to share the same credentials. The company also warned users against possible spam and phishing emails since email addresses were exposed in plain text in the attack. Security expert Troy Hunt, founder of the data breach notification website Have I Been Pwned, discovered the breach this week and informed the company of the intrusion on Thursday (5 October. “Since 2012, as part of normal security enhancements, we’ve made significant upgrades to our database and encryption in order to prevent breaches and increase password security. 5 million users in a major data breach in July 2012. “At this time, we do not believe that this data is widely distributed or readily available,” Yan said.
Hackers target ‘millions of PornHub users’ worldwide with booby-trapped advertising
Millions of internet users in the US, Canada, UK and Australia were recently targeted by a hacking group called KovCoreG which took advantage of PornHub, one of the world’s most visited adult websites, to spread booby-trapped downloads posing as browser updates. He continued: “We are pleased that following our notification, the site and advertising network abused in this particular attack worked swiftly to remove the infected content. The hackers’ campaign used social engineering tactics to trick users into installing malicious updates that would appear via pop-up ads when they visited some PornHub webpages. ” This is far from the first time that adult websites – or the ad networks that live there – have been targeted by cybercriminals to spread adware. The security firm said the malicious ads have now been removed and commended both the ad network and the website for working quickly to solve the problem. “Very few groups have the capability to abuse the advertising chains of some of the world’s most visited websites; however, the KovCoreG group is one of them. Back in 2015, researchers from Malwarebytes discovered a widespread operation had hit a slew of popular websites including xHamster, RedTube and PornHub. Experts from cybersecurity firm Proofpoint said on Friday (6 October) that infections first appeared on PornHub webpages via a legitimate advertising network called Traffic Junky. In most cases like this, the adult website is a victim of the wider attack – with ad networks the real target. “What we’ve noticed – and it may come as a surprise – is top adult domains [websites] are actually putting in a lot of resources towards fighting malware,” Malwarebytes chief executive officer (CEO) Marcin Kleczynski told IBTimes UK in January after a separate outbreak.
GCHQ boss says fighting cyberattacks now as important as spying efforts and combating terrorism
GCHQ’s head said that despite the NSCS now possessing a “world-leading programme to reduce the incidence and impact of cyber attacks without users even noticing,” it is still challenging for the spy agency to function as it did before. Fleming’s comments come after major cyberattacks, including the WannaCry ransomware epidemic, high-profile data breaches and the cyberattack on the Parliament, all of which Fleming mentioned in his write-up. Fighting off cyberattacks is now as important as GCHQ’s spying efforts and defending against terrorism, according to the spy agency’s head Jeremy Fleming. ” GHCQ’s head added that over the past year, the spy agency’s cyber arm — the NCSC (National Cyber Security Centre) has fended off nearly 600 “significant” cyber incidents. Fleming said that the government’s funding is now being used to make GCHQ a cyber organisation as well as an intelligence and counter-terrorism one. Writing in the Telegraph, Fleming said that although technological advances greatly benefit the public, “hostile states, terrorists and criminals use those same features — instant connectivity and encrypted communications — to undermine our national security, attack our interests and, increasingly, commit crime. As cyberthreats continue to escalate, Britain’s spy agency GCHQ is coming out of the shadows to fight hackers. Fleming also mentioned that until the NSCS was set up, the GCHQ’s in-house cyber division “too often felt like the poor relation. If GCHQ is to continue to help keep the country safe, then protecting the digital homeland – keeping our citizens safe and free online – must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism. “It remains the case that much of what we do must remain secret.
Forrester data breach: Hackers stole sensitive reports from leading Market Research Company
Forrester’s chief business technology officer Steven Peltzman said, “The hacker used that access to steal research reports made available to our clients. We also understand there is a trade-off between making it easy for our clients to access our research and security measures, George F Colony, Forrester CEO and chairman, said in a statement. Forrester said that there is no evidence to suggest that confidential client and employee data, as well as financial information, were accessed by the hackers. The firm said that it is still investigating the breach and is yet to identify the hackers who gained access to the company’s infrastructure hosting its website Forrester. Forrester’s clients use its website to log in and download specific research, which hackers accessed. According to the company, hackers stole sensitive research reports from the company. According to Peltzman, the hackers stole valid user credentials of Forrester’s website, which in turn gave them access to the firm’s accounts, Bleeping Computer reported. Equifax, Deloitte and the US SEC (Securities and Exchange Commission) were the three others that were also recently hit by hackers. We recognise that hackers will attack attractive targets – in this case, our research IP. One of the world’s leading market research and investment advisory firms, Forrester, announced that it was hit by a cyberattack last week.
The Pirate Bay is running a cryptocurrency miner that hijacks users’ computers with no opt-out option
Accenture data leak: ‘Keys to the kingdom’ left exposed via multiple unsecured cloud servers
The exposed servers, which were hosted on Amazon S3 storage services, contained hundreds of GB of sensitive data, including secret API data, authentication credentials, certificates, decryption keys, customer information, and more. One of the largest exposed servers contained over 137 GB of data, some of which included massive databases of credentials directly related to Accenture’s clients. “It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The tech giant left at least four cloud storage servers, which contained highly sensitive decryption keys and passwords, exposed to the public, without any password protections. The data leak was uncovered by Chris Vickery, director of cyber risk research at UpGuard, who privately notified Accenture about its cloud servers having been exposed in mid-September. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage,” O’Sullivan said. “Varun Badhwar, CEO and co-founder of RedLock told IBTimes UK, that the firm’s security team uncovered that 53% of organisations using cloud storage services have “inadvertently exposed one or more such service to the public” and “administrative user accounts at 38% of organisations have been compromised. The data could have potentially been accessed by hackers, who then could have used the information to mount attacks on both Accenture and its clients. The data left exposed included Accenture’s Google and Azure accounts, VPN keys, nearly 40,000 plaintext passwords and more. Vickery told ZDNet that the four servers contained data that could be considered the “keys to the kingdom.
Hackers using new ‘ingenious’ KnockKnock method to attack firms in over a dozen countries
The attacks also allow hackers to target system accounts, including service accounts, automation accounts, machine accounts and marketing accounts. KnockKnock then attempts to launch a phishing attack and use the infected inbox to spread across the targeted organisation’s networks. KnockKnock also targets only around 2% of the Office 365 account base, indicating that the hackers are focused on a limited number of targets. Low-and-slow brute-force attacks such as KnockKnock are known to allow hackers to infiltrate networks without raising alarms, as they can bypass security measures. According to SkyHigh Networks security researchers, KnockKnock is designed so hackers can steal any data in account inboxes. The attack technique allows hackers to infiltrate organisations’ Office 365 accounts by attempting to “knock” on backdoor system accounts. Since May, hackers have been attacking international businesses in over a dozen nations using a new and “ingenious” attack method dubbed KnockKnock. In order to maintain a low profile, KnockKnock hackers have been using a small botnet, made of a network of 83 IP addresses, distributed across 63 networks. The attack also allows hackers to create a new inbox rule that hides and diverts all incoming messages. KnockKnock further obfuscates the attack by targeting businesses in a “staggered” way.