Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Computer Hacking. Show all posts

Birmingham City Computers Breached by Hackers, Mayor Confirms

 



Birmingham Mayor Randall Woodfin’s office has officially acknowledged that the city’s computer systems fell victim to a cyberattack almost a month ago. The incident came to light in a memo sent to city employees, obtained by AL.com, confirming that hackers gained unauthorised access to the city’s networks.

Timeline of Events

The disruption was first noticed on March 6, prompting an immediate investigation into the unexpected activity that disrupted various computer systems. City officials are actively working to restore full functionality to the affected systems, although the investigation into the breach is ongoing. Rick Journey, the mayor’s communications director, emphasised the city’s commitment to ensuring the security of its network.

Impact on Operations

The cyberattack has caused significant disruptions, with employees resorting to pen and paper for tasks like timekeeping due to the network outage. Despite these challenges, critical public safety and public works services have remained unaffected. However, law enforcement agencies have faced limitations, including difficulties in accessing databases to check vehicle theft reports and outstanding warrants.

What Does It Mean for Employees?

Addressing concerns about payroll and employee compensation, city officials reassured employees that payroll processing will continue as scheduled. Payroll coordinators are available to address any individual questions or concerns regarding payment accuracy. Despite the disruption, city authorities are committed to ensuring that employees receive their salaries on time.

Response and Investigation

Following the breach, the city has enlisted the support of third-party specialists to investigate the extent of the disruption and its impact on operations. While specific details about the cyberattack remain limited due to the ongoing investigation, officials have stressed that the 911 emergency system remains fully functional.

A Potential Ransomware Attack 

Multiple government sources have indicated that the cyberattack is likely a ransomware attack, wherein hackers demand payment in exchange for restoring access to the city’s data. Despite the severity of the incident, city officials have reiterated that emergency services have not been compromised.

This incident dials on the mounting challenges municipalities face in safeguarding against cybersecurity breaches. As authorities delve deeper into the matter, concerted efforts are underway to bolster cybersecurity measures, emphasising the critical need to strengthen defences against potential future threats. 


Default Passwords Lead to Hacking Incidents Among LogicMonitor Customers

 

Some customers of LogicMonitor, a network security firm, have been compromised by hacking attacks due to their use of default passwords. A spokesperson representing LogicMonitor has officially confirmed the existence of a "security incident" that is affecting a segment of the company's customer community. 

Until recently, LogicMonitor employed default passwords for user accounts, which created a vulnerability leading to the breach. These default passwords typically followed a recognizable pattern, such as commencing with "Welcome@" followed by a concise numerical sequence. 

This security oversight made it considerably easier for malicious actors to gain unauthorized access to customer accounts, raising concerns about potential ransomware attacks on systems under LogicMonitor's monitoring. 

“We are currently addressing a security incident that has affected a small number of our customers. We are in direct communication and working closely with those customers to take appropriate measures to mitigate the impact,” LogicMonitor’s spokesperson Jesica Church said. 

 LogicMonitor took the initiative to inform one of its customers about a potential security breach through an email notification. In the message, they highlighted the exposure of usernames and passwords, underscoring the risk of a potential ransomware attack in the event of unauthorized access. This proactive approach demonstrates LogicMonitor's commitment to swiftly addressing the issue and safeguarding its customers' interests. 

Understand what is meant by default password

Equipment manufacturers commonly employ uncomplicated passwords like "admin" or "password" for all their shipped devices, with the assumption that users will modify these passwords during the initial configuration process. Typically, these default login credentials can be located in the instruction manual (which is often standardized across devices) or even directly on the device itself. 

Here are a couple of instances to illustrate the point: 

In 2014, a single website's breach of default username and password combinations resulted in the exposure of 73,011 security cameras across 256 different countries. This allowed unrestricted online access to these cameras for anyone on the internet. 

In 2015, a four-week-long spam campaign successfully infiltrated router equipment systems by exploiting default username and password settings. The attackers leveraged this access to send emails to multiple organizations, serving as a reminder of an outstanding unpaid bill. 

The prevalence of default passwords constitutes a significant element in the vulnerability of widespread home router compromises. Maintaining such default passwords accessible on publicly accessible devices poses a substantial security hazard. The initial step to enhance your online security is to prioritize password management. 

Avoid the practice of reusing the same password across multiple accounts. Instead, establish distinct and robust passwords for each of your devices and accounts. This approach acts as a crucial deterrent, making it significantly more challenging for hackers to gain unauthorized access to your devices and compromise your security.

ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks

Researchers have discovered a concerning vulnerability in ChatGPT that could potentially be exploited by attackers to propagate harmful code packages. This particular weakness stems from ChatGPT's tendency to provide inaccurate information, which could be leveraged to introduce malicious software and Trojans into trusted applications and code repositories such as npm, PyPI, GitHub, and various others. 

This represents a substantial threat to the software supply chain. In a recent blog post, researchers from Vulcan Cyber's Voyager18 research team have shed light on a concerning method employed by threat actors, known as "AI package hallucinations." This technique exploits ChatGPT's capability to generate recommendations, leading to the creation of seemingly legitimate code packages that contain malicious elements. 

Developers who interact with the chatbot may unknowingly download these packages and integrate them into their software, which can subsequently be widely distributed. This discovery highlights the potential risks associated with the misuse of ChatGPT and its impact on software security. 

What is AI- Hallucination? 

In the realm of artificial intelligence, the term "hallucination" refers to a response generated by AI that appears reasonable but falls short in terms of accuracy, bias, or outright falsehood. This phenomenon arises due to the nature of ChatGPT and similar large language models (LLMs) that form the foundation of generative AI platforms. 

When posed with questions, these models rely on information sourced from the vast expanse of the Internet, which includes various types of data such as sources, links, blogs, and statistics. However, the training data available to these models may not always be reliable or of the highest quality. Consequently, the AI's responses can be influenced by this imperfect training data, leading to hallucinations that do not align with factual information. 

In the blog post authored by Bar Lanyado, the lead researcher at Voyager18, he highlighted that LLMs such as ChatGPT possess extensive training and exposure to vast amounts of textual data. As a consequence, these models have the ability to generate responses that may appear plausible but are actually fictional. 

Furthermore, he said that LLMs have a tendency to extrapolate beyond their training, potentially leading to the production of responses that seem credible but lack accuracy. 

Researchers Conducted an Experiment Of An AI Hallucination 

In their demonstration, the researchers conducted an experiment utilizing ChatGPT 3.5 to validate their concept. They constructed a scenario where an attacker posed a coding problem to the platform, requesting a solution. As a response, ChatGPT generated a set of packages, including some that were non-existent, indicating they were not available within a reputable package repository. 

This practical demonstration served to illustrate how the platform could generate misleading and potentially malicious package recommendations. According to the researchers, the fabricated code packages produced by ChatGPT could serve as a novel avenue for attackers to distribute malicious software, bypassing conventional techniques like typosquatting or masquerading. 

By presenting these fabricated packages as genuine recommendations from ChatGPT, attackers can exploit the trust developers place in the platform's suggestions. Consequently, there is a significant risk of malicious code infiltrating legitimate applications and code repositories, thereby posing a major threat to the software supply chain. 

How To Detect Bad Code Libraries?

According to the researchers, detecting malicious packages can be challenging, especially when threat actors employ obfuscation techniques or create functional Trojan packages. However, developers can take preventive measures by thoroughly validating the libraries they download. It is crucial to ensure that these libraries not only perform their intended functions but also aren't cleverly disguised Trojans posing as legitimate packages, as highlighted by Lanyado. 

Risks Of the AI-Language Model 

Since its release in November, ChatGPT has gained popularity not only among users but also among threat actors who exploit it for cyberattacks. In the first half of 2023, security incidents have included scams targeting user credentials, theft of Chrome cookies through malicious ChatGPT extensions, and phishing campaigns utilizing ChatGPT as bait for malicious websites. 

While some experts argue the security risk may be exaggerated, the researchers emphasized that the rapid adoption of generative AI platforms like ChatGPT has indeed introduced potential security concerns due to their integration into daily professional activities and workload management.

Criminal Records Service Still Not Working Four Weeks After Cyber Attack

 

Nearly a month after a cyberattack, the organisation in the UK responsible for managing criminal records is still experiencing difficulties. 

The Acro Criminal Records Office prepares certificates for those looking to work with children or obtain emigration visas in addition to providing records to the police and exchanging them abroad. 

On March 21, after the intrusion was discovered, it took both its website and application portal down. Although more staff has been hired to handle email applications, delays still exist. 

Although there was no "conclusive evidence" that personal information had been compromised, the probe remained "ongoing". 

"Pretty annoying" 

Customers reported experiencing lengthy waits on Twitter, and many turned to the Acro Twitter account in the hopes of acquiring their certificates. 

John Gilday, who lives in Scotland, told BBC News that after three weeks of waiting, he had finally received his, allowing him to apply for a visa to work in Brazil. His friend, however, had received him considerably sooner. 

But Leicester resident Rahim Abdel-illah, who requested that his last name not be used, told BBC News that he was still awaiting his certificate so he could get married in Morocco. He had no clue how long it would take because he was no longer able to check the status of his application. 

"It's pretty frustrating and annoying that the police are taking so long to recover from a cyber-attack," he stated. 

Previous attacks

A ransomware assault in January caused Royal Mail services to be disrupted and delayed for weeks. Hackers purportedly based in Russia demanded roughly $70 million (£56 million) to restore computer services, but Royal Mail refused. 

Another large corporation, Capita, was the target of a rumoured ransomware attack on March 31 by a different group with ties to Russian cybercriminal networks. 

Numerous contracts for public services are held by Capita, including those for: 

  • the smart metre national telecommunications network 
  • the certification programme for gas 

"We continue to work closely with specialist advisers and forensic experts in investigating the incident. We are in constant contact with all relevant regulators and authorities. Our investigations have not yet been able to confirm any evidence of customer, supplier or colleague data having been compromised. Once our investigations have concluded, we will if necessary inform any impacted parties," a capita official stated. 

"We have taken all appropriate steps to ensure the robustness of our systems and are confident in our ability to meet our service-delivery commitments." 

Although Capita claims that the majority of client services are still available, the company has not posted an update to its website since 3 April. 

These legit looking iPhone cables allow hackers to take charge of your computer

When they said you should be wary of third-party accessories and unbranded cables for charging your smartphone, they were serious. And the latest example of what a cable that isn’t original can do, should be enough to scare you. There is apparently a Lightning Cable that looks just as harmless as an iPhone cable should. But it has a nasty trick up its sleeve, which allows a hacker to take control of your computer, the moment you plug this in to the USB port. This cable has been dubbed the OMGCable.

A security researcher with the Twitter handle @_MG_ took a typical USB to Lightning cable and added a Wi-Fi implant to it. The moment this gets plugged into the USB port on a PC, a hacker sitting nearby with access to the Wi-Fi module hidden inside the cable can run a malicious code and take charge of a PC or remotely access data without the user even noticing.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types. Apple just happens to be the most difficult to implant, so it was a good proof of capabilities,” said MG, as reported by the TechCrunch website.

The thing with phone charging cables is that no one really gives them a second look. You see one, you plug it in and you let it be. At the same time, a lot of users are wary about using USB drives, also known as pen drives or thumb drives, because they are popular as carriers of malware and viruses that can pretty much ruin your PC.

Dark web listings for malware aimed at companies on rise


There's been a significant rise in the number of dark web listings for malware and other hacking tools which target the enterprise, and an increasing number of underground vendors are touting tools that are designed to target particular industries.

A study by cybersecurity company Bromium and criminologists at the University of Surrey involved researchers studying underground forums and interacting with cyber-criminal vendors. The study found that the dark web is fast becoming a significant source of bespoke malware.

In many cases, the dark web sellers demonstrated intimate knowledge of email systems, networks and even cybersecurity protocols in a way that suggests they themselves have spent a lot of time inside enterprise networks, raising questions about security for some companies.

"What surprised me is the extent you could obtain malware targeting enterprise, you could obtain operational data relating to enterprise," Mike McGuire, senior lecturer in Criminology at the University of Surrey and author of the study, told ZDNet.

"There seems to be an awareness and sophistication among these cyber criminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that," he said, adding: "What surprised me is just how easy it is to get hold of it if you want to."

McGuire and his team interacted with around 30 sellers on dark web marketplaces – sometimes on forums, sometimes via encrypted channels, sometimes by email – and the findings have been detailed in the Behind the Dark Net Black Mirror report.

The study calculated that since 2016, there's been a 20 percent rise in the number of dark web listings that have the potential to harm the enterprise.

Malware and distributed denial of service (DDoS) form almost half of the attacks on offer – a quarter of the listings examined advertised malware and one in five offered DDoS and botnet services. Other common services targeting enterprises that were for sale include espionage tools, such as remote-access Trojans and keyloggers.

Dell Computers Compromised To Hackers; SupportAssist Software To Blame




Reportedly, a vulnerability in Dell’s SupportAssist application could be easily exploited by hackers via which they could access administrative privileges.


The said administrative privileges would then aid the hackers to execute malicious code and take over the users’ entire system.

The victims of this security error haven’t reached a definable number yet but as all the Dell PCs with the latest Windows have the SupportAssist software all of them are open to attacks.

Since the aforementioned application doesn’t come pre-installed the PCs bought without Windows in them are safe.

The software aids Dell automatic driver updates like debugging and diagnostics.

Furthermore, debugging tools happen to have clear access to device’s systems, so when hackers attack, they gain full control of the system itself.

The hackers first try to get the victim to access a malicious web page and later trick them into downloading SupportAssist.

Henceforth the malware starts to run on the system with all the administrative privileges gained by default.

When the victims are on public Wi-Fi or large enterprise networks that’s when they are the most vulnerable to such an attack.

Then on the attacker would launch an Address Resolution Protocol hoaxing attacks and providing hackers the access to legitimate IP addresses within the network.

DNS attacks are also a strong possibility because of the lack of security on the existing routers.

After a young security researcher alerted Dell about the security flaw, the organization has been working on a patch.

Until then it would be the best choice to simply uninstall the application from the device.

Hackers have already exploited this vulnerability and hacked into a few internal devices of Dell owing it to the SupportAssist.


Per sources, a patch has already been released for the issue which is the version 3.2.0.90 of the SupportAssist application.




Hidden for 5 years, complex ‘TajMahal’ spyware discovered

It's not every day that security researchers discover a new state-sponsored hacking group.

Spyware is inherently intriguing primarily because of the complexity that allows it to carry out its malicious plans, and breaking them down is something that security researchers have to do on a regular basis. However, a unique form of spyware with a phenomenal 80 different components and all kinds of tricks has been discovered by a group of analysts after it. Also, this spyware had been under wraps for more than five years.

A technically sophisticated cyberespionage framework that has been active since at least 2013 has been outed by security researchers.

In a recent talk at the Kaspersky Security Analyst Summit in Singapore, researcher Alexey Shumin shed light on the firm’s groundbreaking discovery of an adaptable Swiss Army spyware framework called TajMahal.

Security researchers still aren't sure who's behind the versatile TajMahal spyware—or how they went undetected for so long. ‘TajMahal’ modules and bundles functionality which have never been before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

The 80 distinct modules include not just the standard ones like keylogging and screen-grabbing but also completely new tools.

TajMahal include two main packages: ‘Tokyo’ and ‘Yokohama’. Tokyo contains the main backdoor functionality, and periodically connects with the command and control servers.

TajMahal is a wonder to behold.

"Such a large set of modules tells us that this APT is extremely complex," Shulmin wrote in an email interview ahead of his talk, using the industry jargon—short for advanced persistent threat—to refer to a sophisticated hackers who maintain long-term and stealthy access to victim networks. "TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing."

Google’s Nest Secure had a built-in microphone no one knew about


After the hacking fiasco a few weeks ago, Nest users have been more on edge about their security devices than ever before. The recent discovery of a built-in, hidden microphone on the Nest Guard, part of the Nest Secure security system, has only served to further exacerbate those concerns.

Alphabet Inc's Google said on February 20 it had made an "error" in not disclosing that its Nest Secure home security system had a built-in microphone in its devices.

Consumers might never have known the microphone existed had Google not announced support for Google Assistant on the Nest Secure. This sounds like a great addition, except for one little problem: users didn’t know their Nest Secure had a microphone. None of the product documentation disclosed the existence of the microphone, nor did any of the packaging.

Earlier this month, Google said Nest Secure would be getting an update and users could now enable its virtual assistant technology Google Assistant on Nest Guard.

A microphone built into its Nest Guard alarm/motion sensor/keypad wasn't supposed to be a secret, Google said after announcing Google Assistant support for the Nest Secure system but the revelation that Google Assistant could be used with its Nest home security and alarm system security was a surprise.

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option,” Google said.

Google’s updated product page now mentions the existence of the microphone.

If your first thought on hearing this news is that Google was spying on you or doing something equally sinister, you aren’t alone. Ray Walsh, a digital privacy expert at BestVPN.com, said “Nest’s failure to disclose the on-board microphone included in its secure home security system is a massive oversight. Nest’s parent company Google claims that the feature was only made available to consumers who activated the feature manually. Presumably, nobody did this; because the feature wasn’t advertised.

Russian Hacking Group Targets The German Government’s Internal Communications Network


An infamous Russian hacking group known as Fancy Bear, or APT28, is by and large broadly considered responsible on account of a security breach in Germany's defence and interior ministries' private networks as affirmed by a government spokesman.

It is said to be behind the reprehensible breaches in the 2016 US election likewise including various cyber-attacks on the West. The group is accounted for to have targeted on the government's internal communications network with malware.

As per the reports by the DPA news agency the hack was first acknowledged in December and there may have been a probability of it lasting up to a year.

"We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cyber-security incident concerning the federal government's information technology and networks," a German interior ministry spokesman said on Wednesday.




The group apparently hacked into a government computer system particularly intended to operate separately from other open systems i.e. public networks to guarantee additional security known as the "Informationsverbund Berlin-Bonn" (IVBB) network. The framework is utilized by the German Chancellery, parliament, federal ministries and a few security institutions.

Fancy Bear, also called Pawn Storm, is believed to run a global hacking campaign that is ", as far-reaching as it is ambitious" as indicated by a report by computer security firm Trend Micro.
Palo Alto Systems, a cyber-security firm, on Wednesday released a report saying that Fancy Bear now gives off an impression of being utilizing malevolent emails to target North American and European foreign affairs officials, incorporating a European embassy in Moscow.

"Pawn Storm” was even reprimanded for a similar attack on the lower house of the German parliament in 2015 and is likewise thought to have targeted on the Christian Democratic Union party of Chancellor Angela Merkel.

Authorities in the nation issued rehashed notices about the capability of "outside manipulation" in a last year's German election.

The hacking bunch has been linked to the Russian state by various security experts investigating its international hacks and is additionally known by certain different names including CozyDuke, Sofacy, Sednit and Tsar Group.