Cyberspresso now: Weekly security incidents, threats & attacks… Grab a coffee, get updated
Cybersecurity rants and raves selected by XM Cyber analyst team. Week 18
Our purple hatters rate the news by interest and newsworthiness!
Is Reddit still an ‘agent’ of the Dark Web?
In an attempt to rebuff a reputation for being a digital ‘Wild West’, Reddit has reportedly banned Dark Net sub-Reddits where drugs, data breaches and fraud services were sold. Until recently, a great deal of data hacked from sites like Equifax was for sale on Reddit via the Dark Web. Apparently, Reddit served as a conduit for these forums through spin-offs reeling from sub-Reddits. These dark chambers also served as watering holes for law enforcement agents gathering information for future arrests. But when you plug one hole, chances are another one will soon emerge. Sure enough, an enterprising user under the name Hug Bunter created a ‘new dark Reddit’ called Dread. Overall it highlights the incredibly unstable world of the Dark Web, and player’s willingness to swoop in and take its place. More at: Techrepublic
Twitter, not just Facebook, sold data access to Cambridge Analytica-affiliated researcher. Will Jack Dorsey face the scrutiny of the Senate?
Dr Aleksandr Kogan, the creator of the personality quiz app that harvested Facebook data of 80+ million people, also had access to a random sample of public tweets posted during a five-month period. Twitter confirmed that Kogan, through his company Global Science Research (GSR), bought access to the tweets with the geo-demographic data of the users, who posted them from Twitter. According to The Sydney Morning Herald, he says that the data from Twitter was only used to create “brand reports” and “survey extender tools.” He claims he had not violated Twitter’s policies. As expected, Twitter announced they decided to off-board ads from all accounts owned and operated by Cambridge Analytica. More at: HelpnetSecurity
Threat actors target HPE iLO 4 with ransomware
Bleeping Computer researchers claim multiple victims have been infected by the HPE iLO 4 attack which blocks users, and demands two Bitcoins to access the data. A screenshot was posted displaying a security notice. It stated that the computer’s hard drives were encrypted, and that the owners would have to pay a ransom to get the data back. Oddly enough, the attackers stated that the ransom price is not negotiable unless the victims are from Russia. Hmm, not hard to figure out where the attackers reside… How patriotic of them. The trouble is, that no unique ID was given to identify the encrypted computer, and the email is publicly accessible. Some suspect the main goal could be to wipe a server or act as a decoy for another attack. Stay tuned. More at: SC Magazine
Hackers target botchy Oracle patch
Hackers, for over a week, have been scanning the Internet for machines that run Oracle WebLogic servers. The scans began after Oracle published its quarterly Critical Patch Update (CPU) security advisory. The incident copped a nasty severity score of 9.8 out of 10 because it made it possible for attackers to execute code on remote WebLogic servers without the need to authenticate. An explanation of how the vulnerability works was reported on a Chinese social network. A user by the name of Brianwrf leveraged the information to create and release proof-of-concept (PoC) code on GitHub that could exploit the flaw. Apparently Oracle didn’t fix the WebLogic issue at its core, but just blacklisted the commands used for the exploitation chain. The problem, according to Infosec sleuth Beaumont, is that Oracle engineers may have missed one or more commands. Beaumont recommends that companies block incoming connections on port 7001 until Oracle issues another, CVE-2018-2628 patch. More: The Hacker News
A hacker’s attempt to free an inmate, puts him behind bars
Oh the irony; a man who compromised jail systems, when trying to change the release dates of an inmate, will be joining his friend behind bars. Konrads Voits of Ypsilanti, Michigan, has been jailed for seven years and three months, after breaking into a county jail’s systems. Apparently he tried to tamper with the prisoner’s records to forward the release date. The 27-year-old must also pay $235,488 in costs to the county. The amount is reported to be the full cost of investigating and addressing the security breach. More: ZDNET
After all the doom and gloom is there room for optimism in cybersecurity?
Dr. Jessica Barker, the co-founder of Redacted firm, in a keynote at BSides Scotland claimed not enough time is spent on optimism in the cybersecurity industry. “We are dealing with problems all the time and look for problems and where things don’t work,” she added. Pondering why the cybersecurity community are not optimistic, she suggested to focus on achievements and solutions. “We don’t take stock and focus on the next problem; we focus on what we fixed or improved.” She encouraged the audience to rethink about smaller goals and making achievements bit by bit, to maintain optimism. She argued, we could work on a culture of pointing fingers and blaming the victim. More: Infosecurity Magazine