CyberMechs
01/07/2021
Exclusive: 700 Million LinkedIn Records For Sale on Hacker Forum, June 22nd 2021
Things are not looking good for LinkedIn right now. Just two months after a jaw-dropping 500 million profiles from the networking site were put up for sale on a popular hacker forum, a new posting with 700 million LinkedIn records has appeared.
What this leak means for LinkedIn users?
The leaked information poses a threat to affected LinkedIn users. With details such as email addresses and phone numbers made available to buyers online, individuals could become the target of spam campaigns, or worse still, victims of identity theft.
Even though the records don’t appear to contain any information such as credit card details or private messages, expert hackers may still be able to track down sensitive data through just an email address. LinkedIn users could also be on the receiving end of email or telephone scams that trick them into sharing sensitive credentials or transferring large amounts of money.
Brute force attacks are also something that LinkedIn users affected by the leak will need to be aware of. Using email addresses provided in the records, hackers may attempt to access users’ accounts using various combinations of common password characters.
Finally, targeted advertising towards specific users becomes much more probable thanks to this list. With information about users’ jobs and gender, companies can more easily market their products to individuals.
06/01/2021
Microsoft's underwater data centre resurfaces after two years.
Two years ago, Microsoft sank a data centre off the coast of Orkney in a wild experiment.
That data centre has now been retrieved from the ocean floor, and Microsoft researchers are assessing how it has performed, and what they can learn from it about energy efficiency.
No humans, few failures
Their first conclusion is that the cylinder packed with servers had a lower failure rate than a conventional data centre.
When the container was hauled off the seabed around half a mile offshore after being placed there in May 2018 , just eight out of the 855 servers on board had failed.
That compares very well with a conventional data centre.
"Our failure rate in the water is one-eighth of what we see on land," says Ben Cutler, who has led what Microsoft calls Project Natick.
The team is speculating that the greater reliability may be connected to the fact that there were no humans on board, and that nitrogen rather than oxygen was pumped into the capsule.
Orkney was chosen for the trial by Microsoft, partly because it was a centre for renewable energy research in a place where the climate was temperate - perhaps even chilly. The idea was that the cost of cooling computers would be lower if they were under water.
Reliably green
Project Natick was partly about working out whether clusters of small underwater data centres for short-term use might be a commercial proposition, but also an attempt to learn broader lessons about energy efficiency in cloud computing.
All of Orkney's electricity comes from wind and solar power, but there were no issues in keeping the underwater data centre supplied with power.
"We have been able to run really well on what most land-based data centres consider an unreliable grid," says Spencer Fowers, one of the technical team on Project Natick.
"We are hopeful that we can look at our findings and say maybe we don't need to have quite as much infrastructure focused on power and reliability."
21/11/2020
Two Romanians arrested for running three malware services
The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan.
Romanian police forces have arrested on Thursday two individuals suspected of running three online services meant to aid malware development and distribution.
The arrests are part of a joint operation that included the FBI, Europol, Australian, and Norwegian police.
Investigators said the two Romanian suspects are believed to be the creators of three services named CyberSeal, DataProtector, and CyberScan.
The first two are so-called "crypter" services. These types of tools allow malware developers to scramble their malware's code to bypass and evade antivirus software.
The third service, called CyberScan, worked as a clone of Google's VirusTotal service. It allowed malware authors to upload and scan their new malware releases and see if it would be detected by antivirus software.
The difference between CyberScan and VirusTotal was that CyberScan didn't share scan results with antivirus vendors, allowing malware authors to test the detectability of their payloads without having to fear that a "detection alert" would be sent back to the antivirus company and trigger an investigation.
09/11/2020
FBI: Hackers stole source code from US government agencies and private companies
FBI blames intrusions on improperly configured SonarQube source code management tools.
FBI
The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.
Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public this week on its website.
The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments.
SonarQube apps are installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems.
But the FBI says that some companies have left these systems unprotected, running on their default configuration (on port 9000) with default admin credentials (admin/admin).
FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.
Officials provided two examples of past incidents:
"In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations' networks.
"This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository."
The FBI alert touches on a little known issue among software developers and security researchers.
While the cyber-security industry has often warned about the dangers of leaving MongoDB or Elasticsearch databases exposed online without passwords, SonarQube has slipped through the cracks.
However, some security researchers have been warning about the dangers of leaving SonarQube applications exposed online with default credentials since as far back as May 2018.
At the time, data breach hunter Bob Diachenko warned that about 30% to 40% of all the ~3,000 SonarQube instances available online at the time had no password or authentication mechanism enabled.
This year, a Swiss security researcher named Till Kottmann has also raised the same issue of misconfigured SonarQube instances. Throughout the year, Kottmann has gathered source code from tens of tech companies in a public portal, and many of these came from SonarQube applications.
"Most people seem to change absolutely none of the settings, which are actually properly explained in the setup guide from SonarQube," Kottmann told ZDNet.
"I don't know the current number of exposed SonarQube instances, but I doubt it changed much. I would guess it's still far over 1,000 servers (that are indexed by Shodan) which are 'vulnerable' by either requiring no auth or leaving default creds," he said.
To prevent leaks like these, the FBI alert lists a series of steps that companies can take to protect their SonarQube servers, starting with altering the app's default configuration and credentials and then using firewalls to prevent unauthorized access to the app from unauthorized users.
The US government said today that a Russian state-sponsored hacking group has targeted and successfully breached US government networks.
Government officials disclosed the hacks in a joint security advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
US officials identified the Russian hacker group as Energetic Bear, a codename used by the cybersecurity industry. Other names for the same group also include TEMP.Isotope, Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala.
Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020.
Companies in the aviation industry were also targeted, CISA and FBI said.
The two agencies said Energetic Bear "successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers."
The intrusions detailed in today's CISA and FBI advisory are a continuation of attacks detailed in a previous CISA and FBI joint alert, dated October 9. The previous advisory described how hackers had breached US government networks by combining VPN appliances and Windows bugs.
Today's advisory attributes those intrusions to the Russian hacker group but also provides additional details about Energetic Bear's tactics.
Hackers targeted internet-connected networking gear
According to the technical advisory, Russian hackers used publicly known vulnerabilities to breach networking gear, pivot to internal networks, elevate privileges, and steal sensitive data.
Targeted devices included Citrix access gateways (CVE-2019-19781), Microsoft Exchange email servers (CVE-2020-0688), Exim mail agents (CVE 2019-10149), and Fortinet SSL VPNs (CVE-2018-13379).
To move laterally across compromised networks, CISA and the FBI said the Russian hackers used the Zerologon vulnerability in Windows Servers (CVE-2020-1472) to access and steal Windows Active Directory (AD) credentials. The group then used these credentials to roam through a target's internal network.
In situations where the attacks succeeded, CISA and the FBI said the hackers moved to steal files from government networks. Based on the information they received, the two agencies said Energetic Bear exfiltrated:
Sensitive network configurations and passwords.
Standard operating procedures (SOP), such as enrolling in multi-factor authentication (MFA).
IT instructions, such as requesting password resets.
Vendors and purchasing information.
Printing access badges.
"To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence US policies and actions, or to delegitimize SLTT government entities," the two agencies said.
"As this recent malicious activity has been directed at SLTT government networks, there may be some risk to elections information housed on SLTT government networks. However, the FBI and CISA have no evidence to date that integrity of elections data has been compromised," the two added.
News publication Cyberscoop first reported on Monday that Energetic Bear (TEMP.Isotope) was the hacker group behind the breaches reported in the first CISA and FBI alert.
Energetic Bear is also the same hacker group which targeted the San Francisco airport earlier this spring.
21/09/2020
Car maintenance company leaks 12.7k US phone numbers, emails and MD5 unsalted passwords
The Ukrainian car maintenance company, XADO, has suffered a data breach of its American website, Xado.us, with 12,724 US phone numbers, emails and passwords leaked. The passwords were hashed with MD5, which is considered a weak hash, and unsalted. The database was offered for free on a Russian hacker forum on September 15, 2020.
Xado US is the online shop for the American market, and the database likely contains mostly American customers.
The data was freely available on a popular Russian hacking forum.
Xado leak doesn’t contain very sensitive data such as credit card or social security numbers.
Click here to claim your Sponsored Listing.
Category
Contact the business
Telephone
Website
Address
1st Floor, 560C, Poovakunnel Buildings, Kalathipady Jn
Kottayam
686018
Opening Hours
| Monday | 9am - 7:30pm |
| Tuesday | 9am - 7:30pm |
| Wednesday | 9am - 7:30pm |
| Thursday | 9am - 7:30pm |
| Friday | 9am - 7:30pm |
| Saturday | 9am - 7:30pm |