Skip to main content

Australian Broadcasting Corporation confirms S3 data leak

Australian Broadcasting Corporation confirms S3 data leak

The government-backed broadcaster has confirmed that data from an unsecured repository was exposed.

The Australian Broadcasting Corporation (ABC) has accidentally leaked sensitive data from at least two unsecured Amazon Web Services (AWS) S3 repositories, according to Kromtech Security Center.

The government-backed broadcaster has confirmed in a statement that it was notified of the data leak on November 16, and said its technology teams acted promptly to solve the issue.

Kromtech CIO Bob Diachenko wrote in a blog post that the security firm discovered a “trove of data” connected to ABC Commercial — the broadcaster’s commercial arm that looks after the marketing and retailing of ABC products and services worldwide — after conducting an online search of poorly set up cloud computing sites.

Exposed data included information regarding “production services and stock files that should not have been publicly available online,” according to Diachenko.

The exposed files contained thousands of emails, logins, and passwords for ABC Commercial users to access content; requests for licensed content from media producers worldwide; secret access key and login details for other repositories, with advanced video content; and 1,800 daily MySQL backups “from 2015 to present”.

The unsecured repositories were detected in that state just a week after AWS introduced new S3 encryption and security features for users, Diachenko noted.

“Security can not be ignored anymore and and it is not just an organization’s reputation but the real data of customers, partners, or vital business information that is at stake with each new data breach,” Diachenko wrote.

This is not the first time the ABC has accidentally exposed sensitive data. Back in 2010, it sent an email to players of its augmented reality game Bluebird, saying that their names, email addresses, and passwords were available for download via an archive for almost a month.

In 2013, ABC’s website was also hacked deliberately by an individual that went by the handle ‘Phr0zenMyst”, which lead to the details of 50,000 users being exposed online, such as usernames, email addresses, and password hashes.

ZDNet has reached out to the ABC to learn whether users whose information was exposed were notified of the leak, and the steps the broadcaster has taken since learning of the unsecured repositories.

From :http://www.zdnet.com/article/australian-broadcasting-corporation-confirms-s3-data-leak/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Department of Social Services says it has contained data breach ‘vulnerability’

Department of Social Services says it has contained data breach ‘vulnerability’

The Australian government department has confirmed the data compromise related to staff profiles from its previous credit card management system provided by Business Information Services.

The Australian Department of Social Services (DSS) has confirmed the third-party breach of its previous credit card management system, with data reportedly exposed by Business Information Services over an 11-year period containing the names, usernames, work phone numbers, work email addresses, and system passwords of department employees.

As first reported by the Guardian, DSS CFO Scott Dilley had written to 8,500 current and former employees warning them of the breach back in early November, explaining there was “a data compromise relating to staff profiles within the department’s credit card management system prior to 2016”.

It is reported that Business Information Services advised the department the data was “open” from the period spanning June 2016 through October 2017, and related back as far as 2004 through to 2015.

The letter from Dilley, according to the Guardian, blames “the actions of the department’s third-party provider” and says the compromise “is not a result of any of the department’s internal systems”.

“The data has now been secured,” Dilley is quoted as writing in the letter sent to DSS staff, adding also there was “no evidence” of improper use of the data or the department’s credit cards.

A spokesperson for DSS told ZDNet that on October 3, 2017, the department was notified by the Australian Signals Directorate of the compromise.

The Australian Cyber Security Centre (ACSC) immediately contacted Business Information Services to secure the information and remove the “vulnerability” within hours of notification, the spokesperson added.

They also said DSS has been working with the ACSC and the Office of the Australian Information Commissioner (OAIC) in response to the breach, with around 2,000 current staff and 6,500 former employees notified.

According to DSS, this vulnerability has been contained and the department is “working” with Business Information Services to “ensure effective arrangements are in place, and to support affected staff”.

Last year, a 1.74GB MySQL database backup containing 1.3 million rows and 647 different tables from the Australian Red Cross Blood Service’s DonateBlood.com.au website was found to be publicly available.

The data originated from an online donor application form that contained details including name, gender, address, email, phone number, date of birth, country of birth, blood type, and other donation-related data, as well as appointments made.

An investigation from the OAIC found that a file containing information relating to approximately 550,000 prospective blood donors was saved to a publicly accessible portion of a webserver managed by a third party provider, Precedent Communications.

The data breach occurred without the authorisation or direct involvement of the Blood Service, and was outside the scope of Precedent’s contractual obligations to the Blood Service.

In February next year, organisations in Australia will need to disclose incidents involving personal information, credit card information, credit eligibility, and tax file number information of individuals that would put them at “real risk of serious harm” under the country’s impending data breach notification laws.

The new laws mandated under the Privacy Amendment (Notifiable Data Breaches) Act apply only to companies covered by the act, and therefore see intelligence agencies, small businesses with turnover of less than AU$3 million annually, and political parties exempt from disclosing breaches.

The following May, the General Data Protection Regulation (GDPR) will come into play, requiring organisations around the world that hold data belonging to individuals from within the European Union (EU) to provide a high level of protection and explicitly know where every ounce of data is stored.

Under Australia’s data breach notification laws, organisations have 30 days to declare the breach; under the GDPR, organisations have 72 hours to notify authorities after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If an Australian organisation has an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU, they are bound by the GDPR requirements, should the breach be related to any of the above.

From :http://www.zdnet.com/article/department-of-social-services-says-it-has-contained-data-breach-vulnerability/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Cisco, Interpol team up to share cybercriminal threat data

Cisco, Interpol team up to share cybercriminal threat data

The tech giant and law enforcement agency will share intelligence on the latest cyberthreats.

Cisco and Interpol have announced a new agreement to share threat data on cybercriminal activities.

On Tuesday, the tech giant and international law enforcement agency said that sharing threat intelligence between the parties will be the “first step” in jointly tackling today’s cybercrime.

Modern consumers and businesses are facing more and more digital threats every day.

Hardly a week goes by that we do not hear of a severe data breach resulting in the loss of consumer data, highly sophisticated phishing schemes designed to infiltrate corporate networks or ransomware campaigns that encrypt individual systems and demand blackmail payments in return for lost information.

The situation is getting no better, and there is arguably a skills gap in the cybersecurity industry. To make as much of a dent, government and law enforcement agencies should work with cybersecurity specialists to at least attempt to get on top of the problem and shut down major criminal enterprises.

Such a concept is no stranger to Europol, for example, which operates in Europe together with law enforcement to eradicate ATM fraud, black box schemes, and the takedown of Dark web websites used to buy illegal drugs, weaponry, and more.

Interpol is also on the scene, training police in different countries to identify cybercriminal schemes across the Dark web, as well as working with banks and financial institutions to detect fraud and criminal schemes worldwide.

Now, working together with Cisco under the agreement, signed in Singapore at Interpol’s headquarters, the agency’s global cybercrime center will work with Cisco to create a coordinated approach to data sharing in order to improve threat detection and lay the groundwork for future projects.

Cisco says the agreement supports the “organization’s programs targeting both ‘pure cybercrime’ and cyber-enabled crimes,” and also assists European countries with identifying cybercriminal schemes and the threat actors behind them.

“As cybercrime continues to escalate around the world, defenders from both the public and private sectors must meet the threat with equal force,” said John Stewart, SVP and Chief Security and Trust Officer at Cisco. “Visibility and comprehensive threat intelligence across the cyber domain are critical to enable detection, analysis, and protection against emerging threats.”

“We are pleased to collaborate with Interpol to exchange threat intelligence and find other knowledge-sharing opportunities to fight cybercrime globally,” the executive added.

This is not the first time Interpol has reached out to a cybersecurity firm for help in tracking down cybercriminals.

In 2014, the agency inked a three-year deal with Trend Micro. Under the terms of the deal, Trend Micro gave Interpol access to its Threat Intelligence Service, alongside additional resources and tactical information. Trend Micro also agreed to assist in a cybercrime investigation training program.

In June, Europol and European law enforcement swept across six countries to take down the leaders of a cybercriminal ring which specialized in selling remote access Trojans (RATs), hacking tools, and software designed to circumvent traditional antivirus solutions.

From :http://www.zdnet.com/article/cisco-europol-team-up-to-share-cybercriminal-threat-data/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Your biggest threat is inside your organisation and probably didn’t mean it

Your biggest threat is inside your organisation and probably didn’t mean it

Threat of the malicious insider is very real, but accidental data leakage is a bigger problem.

It doesn’t have a super-sexy moniker like KRACK or Heartbleed, but the spectre of the insider threat looms large for organisations, and has done so for as long as electricity, silicon, and computing have been paired up to store information.

While it’s easy to imagine a disgruntled, unhappy employee becoming a malicious actor within an organisation, and dumping the family jewels out of spite, it is much more likely that a well-intentioned employee did something they really shouldn’t have.

In recent times, it seems as though a spate of data leakage has occurred due to the discovery of data left sitting on world-viewable servers. For instance, Accenture left its keys to the kingdom exposed on four servers, Verizon had 14 million subscriber records sitting unprotected on Amazon S3, and even Australia’s national broadcaster, ABC, was found wanting last week when it revealed to have had customer details and 1,800 daily MySQL database backups exposed.

“I always start from the point of view, your biggest threat is the insider threat,” security advisor and former Telstra CISO Mike Burgess told ZDNet. “That’s not because your staff are bad, or people in the supply chain are bad — it’s simply the human can generally do the greatest damage, and we’ve seen many examples of that.”

A recent survey by Thales found that 54 percent of respondents said employee error was the most significant threat to sensitive or confidential data, with the company’s APAC CISO Ben Doyle telling ZDNet that while there are often signs of malicious insider behaviour, it’s harder to detect accidents.

“If you have a strong security culture, and not just information security culture, but an overall security culture, there are generally indications of the change of attitudes and things like that, if it’s going to be a malicious insider, that you are going to have a chance [to pick it up],” Doyle said.

“I guess the threat for the inadvertent one is a lot of cases there may not be any indicators until you find yourself in trouble.”

It’s a view shared across the industry, with Sophos CTO Joe Levy saying an accidental insider is more likely to compromise a company than an outsider.

“They are closer to the data, just in terms of the amount of difficulty and the proximity, it’s much more likely the latter is going to happen,” Levy said.

For McAfee CTO Steve Grobman — who spoke to ZDNet before the company had its own misadventures last week — the definition of vulnerabilities needs to go beyond software.

“When we think about vulnerabilities, we can’t think of vulnerabilities being just software vulnerabilities like Apache Struts — we also need to think of vulnerabilities as misused access controls, so somebody drops content in an S3 storage [bucket],” Grobman told ZDNet.

“Part of the problem with data leakage or data loss is once the data is out there, there’s really no remediation to get it back. When the toothpaste is out of the tube, you can’t put it back in.”

However, while the number of companies caught out by unintentional data leakage continues to rise, for Levy, it’s a by-product of companies having to play in the software space due to an increasingly connected world.

“It is something that is very very new,” he said. “People who have been in business for the past 30 years that have not been in the software business are probably not very familiar with these kinds of concepts and principles.

“There is going to be this window of exposure as people are learning and developing the muscle memory basically of how to do things correctly in software-land that is just going to create a lot of problems — like people putting their AWS keys up on GitHub.

“Hopefully they are happening enough that people are learning about them, and there’s levels of leadership in organisations and even boards of companies now that are beginning to learn themselves these sorts of things.”

According to Burgess, the insider threat is nothing new; it’s just able to occur faster than in the past.

“It’s the downside of the upside of this technology-connected-enabled world,” he said. “Nothing new here, people just need to grapple with the fact technology and connectivity means bad things can happen quickly.

“I am a little surprised, given everything that has happened in the world, that more people are not paying attention to this. But on the upside, more people are paying attention to this, and now they’ve just got to figure out the right way of identifying and managing the risk effectively.”

For Grobman, the challenge in addressing insider threats is that it is more than a technology problem and requires policy as well.

“If you think about what an insider threat is, it’s an insider that is abusing permissions, privileges that they’ve explicitly been given access to, so it is much harder to actually distinguish if this is actually a malicious set of activity, as opposed to something that is legitimate for somebody doing their job,” he said.

“First and foremost, companies have to live by the principle of least privilege. The biggest set of abuses that I’ve seen are typically where there’s lax policies in granting access to capabilities or functions that somebody doesn’t truly need to do their job and it’s just easier to give people carte blanche for all sorts of things.”

As with many other aspects of security, the McAfee CTO said no company will ever be rid of the insider threat, but it is possible to reduce it through behavioural analysis or being able to detect massive data exfiltration.

“Thinking about making things harder is one of the key things that we can do, even if it doesn’t solve the problem completely,” he said.

Grobman said it was important not to go over the top and impose restrictions on users and administrators alike if they are unnecessary.

“The most important thing for people to think is understanding what the different risks in an organisation are, and right-sizing the controls so that you are not over-burdening the things you don’t really care about, but at the same time you are able to put your most critical resources and policies on the things that matter,” he said. “The other element that I think is important is not only the things that matter but things that are more difficult to remediate or repair.

“If you are protecting a piece of network infrastructure, if that is breached from a denial of service perspective, to recover from that, there is basically no long-lasting harm done, which is different from a data breach where if the data is either personal information or intellectual property or something that is going to be interesting for a long period of time, even if you fix the vulnerability, fix the permissions, if the data has already been stolen, the damage is much harder, if not impossible to remediate.”

Since there is always going to be someone in an organisation that knows how the mousetrap is made, and the tolerances that trigger it, Levy said it is important for organisations to be able to investigate an incident after the fact, and to have an inventory of all compute instances and assets.

Burgess echoed a similar sentiment, and in addressing the issue of contractors and third-party providers leaking data, said businesses need to own their risk and not pass it up or down the supply chain.

“It should never be defence [to say] ‘Well I trusted ACME sprocket engineering to do that and it is their problem and their fault’. If you haven’t given to them or stated to them your expectations to them around that information, then you’ve failed, it’s your risk,” the former Telstra CISO said. “You can’t outsource risk, you can’t blame it on your outsourced provider, you own it.”

Like so much to do with insider threats, Burgess said owning risk was a leadership issue, as was the example of pressure being put on an IT department to “just get a project over the line” and do whatever was needed.

“You’ll still have someone do the wrong thing, but that example is just one of bad leadership,” he said. “Good organisations have checks and balances in place — not overly bureaucratic, but you will pay attention to your most valuable data, and you’ll know what is happening to it.

“When instances like that do occur, you detect them to either prevent them, or actually once they do occur, you make it right quickly because that is a fact of you cannot eliminate this problem, but you can manage the risk. And to manage the risk, you’ve got to pay attention to the data and what is happening to it.”

On the recent number of data leaks, Doyle said it would be incorrect to point the finger at the uptake of cloud computing.

“I think this behaviour was protected previously by a perimeter, therefore bad behaviour was less likely to become public. You don’t have external people [looking] unless you have a really bad perimeter with your internal systems,” he said.

“Whereas with Amazon S3 buckets, or any other cloud storage solution, if it isn’t protected then obviously it is public.”

According to the Thales APAC CISO, with the mobility of data in the modern world, it’s important for enterprises to know where their information is and to understand the value of it.

“We’ve moved to a world where you’ve got to protect that valuable data at rest, in use, and in motion,” Burgess concurred. “That’s a very different mindset.”

Across the board, the CXOs interviewed said handling and putting plans in place to deal with insider threats is a task that will involve all parts of a business — whether that is identifying where sensitive data lives, to what data is sensitive in the first place — and cannot be left to the IT department alone.

If your organisation has not looked into its data buckets in recent times to see what data might be mistakenly world-viewable, then it would be best to get on it before someone else does.

From :http://www.zdnet.com/article/your-biggest-threat-is-inside-your-organisation-and-probably-didnt-mean-it/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

One in five Singapore firms use paper to manage privileged passwords

One in five Singapore firms use paper to manage privileged passwords

Some 22 percent of businesses in Singapore use paper-based logbooks to manage privileged account passwords, while 55 percent monitor only some privileged accounts or not at all.

One in five businesses or 22 percent in Singapore still depend on paper-based logbooks to manage privileged account passwords, while 90 percent say they face challenges managing such passwords.

In comparison, 19 percent in Asia-Pacific and 18 percent globally still used paper logbooks for privileged password managements, revealed a survey by Dimensional Research, which polled 913 respondents from eight markets including Singapore, Hong Kong, Australia, Germany, and the UK. The study was commissioned by data access management vendor, One Identity.

Privileged accounts traditionally encompassed employees with admin access or control to root accounts.

Some 87 percent across the Asia-Pacific region acknowledged facing challenges in managing privileged passwords, slightly lower than 88 percent globally.

In Singapore, 55 percent confessed they were monitoring only some privileged accounts, or not monitoring at all, compared to 57 percent globally who said likewise.

Another 34 percent used spreadsheets to track privileged accounts and 21 percent expressed their inability to monitor or record activities performed with admin credentials. In addition, 28 percent said they could not consistently identify users who performed admin activities.

Furthermore, 38 percent of IT security administrators did not change a default admin password.

“Privileged accounts present an easy target for hackers or even malicious employees when poor security and management processes exist within an organisation,” said One Identity’s Asia-Pacific and Japan vice president and general manager, Lennie Tan, who warned that the study findings exposed the risk to data theft that the companies faced.

John Milburn, One Identity’s president and general manager, added that security breaches involving compromised privileged accounts had resulted in “astronomical mitigation costs” and data theft.

The report pointed to a Forrester Research study that found 80 percent of breaches had involved privileged credentials.

From :http://www.zdnet.com/article/one-in-five-singapore-firms-use-paper-to-manage-privileged-passwords/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

A flaw in Google’s bug database exposed private security vulnerability reports

A flaw in Google’s bug database exposed private security vulnerability reports

The bug allowed the researcher to see the most sensitive vulnerabilities in Google’s services.

A series of flaws in Google’s internal bug tracker let a security researcher gain access to some of the company’s most critical and dangerous vulnerabilities.

The company’s internal bug reporting system, known as the Issue Tracker (or the “Buganizer”), is used by security researchers and bug finders to submit issues, problems, and security vulnerabilities with Google’s software, services and products.

Most ordinary users have very little access to the bug tracker. But a security researcher found that by spoofing a Google corporate email address, he was able to gain access to the back-end of the system, and to thousands of bug reports — some of them marked as “priority zero,” the most severe and dangerous vulnerabilities, with which a hacker could do untold damage.

Alex Birsan, who discovered the flaws, told ZDNet that an attacker could have discovered and exploited submitted vulnerabilities to target and potentially compromise Google accounts.

Worse, an attacker could’ve used a vulnerability to infiltrate Google’s internal network.

Birsan explained in a write-up of his findings that he created a Gmail account which, prior to verifying the new account by email, would let a user change their email address to any email address, including Google corporate accounts.

Although Birsan’s newly-created fake Google account wouldn’t give him direct access to the company’s network, it was enough to trick the Issue Tracker into thinking he was an employee, giving him elevated privileges to view and interact with bug reports, such as receive notifications and updates on issues.

From there, he was able to send altered requests to the Issue Tracker server, letting him read any bug he wanted — including the most sensitive vulnerabilities — because of a failure to properly validate the logged-in user’s permissions against each report.

Or, as Birsan described it, the “holy grail of Google bugs.”

“Even worse, I could exfiltrate data about multiple tickets in a single request, so monitoring all the internal activity in real time probably wouldn’t have triggered any rate limiters,” he explained.

After he reported the bugs, his access was revoked and the vulnerability fixed within the hour.

Birsan didn’t underestimate the severity of the vulnerabilities, but hedged his findings with a key caveat. The bigger the vulnerability, the quicker it gets fixed by Google, he explained. “So even if you get lucky and catch a good one as soon as it’s reported, you still have to have a plan for what you do with it.”

“That being said, I believe you’d have a pretty good chance of compromising Google accounts if you had a few specific targets and threw every attack at them,” he said.

But a large-scale attack that puts hundreds of thousands of accounts at risk was less likely, he said. “All in all, it depends entirely on what other people report while you’re eavesdropping,” he added.

Given that thousands of internal issues were added each hour, he said, “Who knows what kind of juicy information could be found in there?”

These bug databases are ripe targets for nation-state attackers, who want to target major technology companies. Earlier this month, Reuters reported that Microsoft’s secret bug database, which included flaws for Windows, was breached in 2013.

In all, Birsan was awarded a little over $15,600 in bug bounties from Google for the three bugs.

He was also given $3,133 as an additional grant to continue research on vulnerabilities with the Issue Tracker.

When reached, a Google spokesperson said: “We appreciate Alex’s report. We’ve patched the vulnerabilities that he reported, as well as their variants.”

From :http://www.zdnet.com/article/google-bug-tracker-flaw-exposed-sensitive-security-vulnerability-reports/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Hacking group targets banks with stealthy trojan malware campaign

Hacking group targets banks with stealthy trojan malware campaign

Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.

A previously unknown but highly organised hacking group is carrying out a series of cyber attacks against banks and financial institutions around the world, deploying trojan malware to gain entry into networks.

The attackers are capable of monitoring everything a victim does in order to provide them with all the information they need to sneak around bank networks and make off with stolen funds.

Uncovered by Kaspersky Lab, the ‘Silence’ hacking group is suspected to be a Russian-speaking operation which has hit at least 10 financial organisations including those in Armenia and Malaysia, but mostly within Russia.

The initial attack techniques of Silence campaigns are similar threat actors including the infamous Carbanak group – initial victims are tricked by phishing emails which give the attackers a foothold into the network. They’ll remain there for a long time, only striking when they have enough information to steal large amounts.

Those behind Silence are appear to be actively targeting banks which have previously been attacked. They use emails from the addresses of real employees who have had accounts compromised – potentially bought from the dark web – to send a phishing email about what looks to be a routine request about opening a customer account.

The message comes with a malicious attachment in the form of a ‘Windows help . CHM’ file which runs once the document has been opened. An embedded JavaScript within this automatically downloads and executes a Visual Basic script which then in turn downloads the a malware dropper from a command and control server.

See also: Cyberwar: A guide to the frightening future of online conflict

It’s the Russian language in the code which has led researchers to the conclusion that the attack group is Russian-speaking.

Once downloaded and installed on the system, the malware allows the attackers to take multiple screenshots of the victim’s active screen, providing a real-time stream.

A similar technique was used by Carbanak to gain an understanding of the victim’s day-to-day activity and points to the ultimate end goal of Silence – obtaining all the information required to eventually steal money.

The malware also includes a Winexecsvc tool which allows the execution of remote commands – useful when it comes to the attackers making their way around the infected network.

Researchers note that this particular campaign has been successful in attacking financial institutions, no matter where in the world they’re based or what the network infrastructure looks like.

“We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank’s security architecture,” said Sergey Lozhkin, security expert at Kaspersky Lab.

While Silence uses very similar techniques to the Carbanak group – which has stolen more than $1 billion from banks worldwide – it’s still uncertain if the two groups are at all related.

Researchers have warned the the attacks are still ongoing.

From :http://www.zdnet.com/article/hacking-group-targets-banks-with-stealthy-trojan-malware-campaign/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Hackers can gain access to maritime ship data through a built-in backdoor

Hackers can gain access to maritime ship data through a built-in backdoor

Updated: Researchers have found vulnerabilities in the AmosConnect communication shipboard platform.

Researchers have uncovered severe vulnerabilities in software used by thousands of maritime ships worldwide.

On Thursday, IOActive researchers unveiled a new analysis of AmosConnect 8.0, which uncovered two critical security issues that could give attackers unfettered access to systems and information.

Stratos Global, an Inmarsat company, offers the AmosConnect communication shipboard platform to provide narrowband satellite communications, email, fax, interoffice communication, and more for those at sea.

International shipping firms and services often deal with confidential customer data and they may also hold valuable deliveries and so can be a target for threat actors.

As we’ve previously seen in a case where hackers spied on a shipping service to work out where the valuable packages were in order to steal them, the criminal gains can be lucrative, and so security is critical.

However, in the matter of AmosConnect, there was much left to be desired.

IOActive was able to find a critical vulnerability in login forms. The blind SQL injection bug allowed attackers to gain access to credentials stored in internal databases.

“The server stores usernames and passwords in plaintext, making this vulnerability trivial to exploit,” IOActive says.
To make matters worse, the team also discovered a backdoor. The AmosConnect server features a built-in backdoor equipped with system privileges, which would give attackers full system and administration privileges and the ability to remotely execute code on the AmosConnect server.

“If compromised, this flaw can be leveraged to gain unauthorized network access to sensitive information stored in the AmosConnect server and potentially open access to other connected systems or networks,” the researchers say.

The findings build on previous research conducted by IOActive’s Ruben Santamarta, who discovered in September 2016 that he was able to gain full system privileges in AmosConnect 8.4.0, as well as access any other software or data stored therein.

“Essentially anyone interested in sensitive company information or looking to attack a vessel’s IT infrastructure could take advantage of these flaws,” said Mario Ballano, IOActive principal security consultant. “This leaves crew member and company data extremely vulnerable and could present risks to the safety of the entire vessel. Maritime cybersecurity must be taken seriously as our global logistics supply chain relies on it and as cybercriminals increasingly find new methods of attack.”

IOActive informed Inmarsat of the vulnerabilities in October 2016. The Inmarsat AmosConnect 8.0 version has now been discontinued, and so the company recommends that customers revert back to AmosConnect 7.0 or switch to an email solution.

This is not the first instance of such a vulnerability. As previously reported by ZDNetresearchers from Pen Test Partners recently found similar issues in industrial control systems from other major brands including Telenor and Cobham.

In a number of cases, default credentials were ridiculously simple to crack, and in others, Transport Layer Security [TLS] cryptographic protocols were absent.

Ken Munro, one of the firm’s security researchers, said these lapses in security are “simply not acceptable” — and he is right. When these kinds of business are so integral to the economy at large, security cannot be an afterthought.

An Immersat spokesperson told ZDNet:

“Inmarsat had begun a process to retire AmosConnect 8 from our portfolio prior to IOActive’s report and, in 2016, we communicated to our customers that the service would be terminated in July 2017.

When IOActive brought the potential vulnerability to our attention, early in 2017, and despite the product reaching end of life, Inmarsat issued a security patch that was applied to AC8 to greatly reduce the risk potentially posed. We also removed the ability for users to download and activate AC8 from our public website.

Inmarsat’s central server no longer accepts connections from AmosConnect 8 email clients, so customers cannot use this software even if they wished to. ”

From :http://www.zdnet.com/article/hackers-gain-full-access-to-maritime-ships/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial