Open post

USB with breach measurements found in Heathrow

Recently, a USB was found discarded on the streets of London. Well that’s fine right? Nothing is abnormal about some misplaced USB’s…until this one.

The USB that was found contained very high detailed information involving the Queen’s route when using the airport and the security measures taken, as well as timetables of patrols used to guard a site from terror attacks. There were also loads of maps and documents labelled restricted or confidential. ID access information was also included which allowed for access to restricted areas.

One of the even more concerning bits of information (yes there is more) found among the documents were maps showing the location of CCTV cameras, routes and safeguards for cabinet ministers and foreign dignitaries, as well as details of the ultrasound radar system used to scan runways and the perimeter fence.

Thus far there is no suspect to who owned this USB. However There has been statements made that security is still tight and Heathrow remains secure. 

Open post

Update on the wild Bad Rabbit

Ukraine speaks out on the Bad Rabbit running rampant in Russia, stating that the hackers behind the NotPetya virus were the probable group responsible for the release of Bad Rabbit.

A Ukrainian official stated that the attacks from Bad Rabbit could have been mitigated greatly had organisations followed the recommended methods of malware handling, as well as basics on not clicking on suspicious messages. A prominent characteristic of the Bad Rabbit virus is the coding  and method of approach, which leads to further believing that the same group who released the NotPetya, also released Bad Rabbit.

Thus far, it is believed that the hacker group known as Black Energy are responsible for the NotPetya and Bad Rabbit virus’. This hacker group is a Ukrainian hacker group know to work in favor of Russia.

As of late, Ukraine has been the victim of multiple cyber attacks, having power knocked out in thousands of homes, frozen super market tills, and government computers that were left paralyzed. Ukrainian officials have stated that they think Russia sees the Ukraine as a testing ground for cyber attacks.

The US and Ukraine have been working together to teach comprehensive hacking combat techniques and skills.

Ukrainian officials believe there are many more cyber attacks on the way.

Open post

Equifax update. They knew months ahead that a breach was possible

Unfortunately there are some in this world who choose to close their eyes to the issues. Equifax seems to be the type to commit such ignorant acts.

Reportedly, six months ago Equifax was warned about the possibility of a security breach in their network. An anonymous security researcher had informed Equifax that they were susceptible to a forced browsing technique that could potentially expose thousands of customers SSN, birthdays and full names. The anonymous researcher also said they found other bugs that would have allowed a hacker to take control of Equifax servers, including SQL injection vulnerability. SQL vulnerability would allow maliciously crafted data to be forced into a web entry field to run commands in the background without the user being wiser for it.

This is a disappointing realization of information, knowing that a company that is supposed to keep the information of customers at it’s highest priority on lock down, to be so negligent to the weaknesses in their security system. Especially when being told specifically the issues that are there and could be accessed through such an easy manner such as forced browsing. Its reported that Equifax didn’t address those issues for six months. It is uncertain if those weaknesses were the cause of the security breach, which would honestly be more unsettling if there was a different means of access, because that means they were even more lax in another area with the information of the people who trusted them.

There is speculation that more than one hacker group could have been inside of the company’s network at the breach, further enhancing the possible issues that may arise for the Equifax customers. 

Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

OnePlus is getting more than one.

The Chinese smartphone manufacturer OnePlus has been caught sneakily collecting tons and tons amount of data from its smartphones and the users.

The data that’s being collected from the smartphones have been getting transferred to a server along with the serial number of the device. According to a security researcher, OnePlus devices running the OxygenOS have been collecting data that involve when a user locks/unlocks the phone, when apps are opened, used and closed, and which Wi-Fi networks are connected to. This type of information is generally normal and accepted. However there is more at work being collected that strays from the path of normalcy.

OnePlus collects the devices IMEI, phone number, and mobile network names, so the data that is being sent to the servers can be specifically identified with ease. It is believed that the OnePlus device manager and provider has the code that initiates the data collection.

OnePlus has stated the there are two streams of data collection. One stream is for fine-tune purposes that involve the usage analytics, while the other stream is for after-sales support. OnePlus says you can opt out of the data collection in the settings/advanced/”join user experience program” section, however there is no way to opt out of the second data gathering stream that is for “after-sales support”

Open post

WPA2 protocol leaves all access points vulnerable! Including yours!

Recently, some online researchers have discovered a fatal flaw in the WPA2 protocol. This flaw can affect anyone and everyone that is involved with Wi-Fi access.

This flaw allows potential attackers to manipulate vulnerable information such as passwords, e-mails, and other encrypted data, whilst intercepting that information they may also leave ransomware or other malicious content into a website a client is visiting.

The point of weakness is called KRACK, short for Key Reinstallation Attacks. Supposedly the research has been kept under wraps and was designated for disclosure on Monday at 8am.

This point of weakness affects the core WPA2 protocol itself and is highly effective against devices running Android and Linux as well as OpenBSD. To a less extreme measure. it also affects macOS, Windows, and MediaTek Linksys, along with other types of devices. It’s believed that attackers can exploit the flaw to decrypt a cache of data that is normally secured by the ubiquitous Wi-Fi encryption protocol.

The vulnerability allows potential access to credit card numbers, passwords, chat messages, emails, photos among many other possibilities. All modern Wi-Fi protected networks.

The attack functions by forcing the phone/device to reinstall an all-zero encryption key, rather than a real key.  Some may think that visiting only HTTPS-protected pages would solve the issue, however the risk remains due to many sites possibly being improperly configured allowing the forceful action of dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.

Patches have started to be developed for devices at the most risk currently. Thus far Linux patches have been developed but there is no word when they will be released. Some however not all Wi-Fi access points have patches available right now.

There will be an official address on November 1st at the ACM conference on Computer and Communications Security in Dallas. Its believed the address will also be available on krackattack.com’s site.

This could become one of the biggest threats to large corporations and government Wi-Fi networks.

Its advised to abstain from Wi-Fi use until patches are available and instead use a wired connection.

contact use with any questions/concerns about your vulnerability 

Open post

Whole Foods credit card breach

Recently discovered by the Whole Foods company was the possibility that nine of its Bay Area locations had their credit card information exposed to hackers.

Customers who bought groceries at 56 stores through the country were unaffected by the breach.  However those who frequent the in-store table-service restaurants and taprooms at those locations may have had a breach in their credit card information. The main registers of the store were unaffected.

The breach in security was made public last week, along with the nationwide locations that were affected. The link to the site that shows affected stores is here.

Two San Francisco locations, three in the South Bay, and other parts of the Bay Area. Currently it is unclear how many customers were affected by the breach.

Open post

Equifax hack leaves 143 million with roaming SSN

Mid May to July of 2017, Equifax had a security breach of their consumers private personal information, including social security numbers, birth dates, addresses and some drivers license numbers.

Adding to the issue, it has been noted that around 209,000 credit card numbers of consumers were breached as well. If you have had any interaction with Equifax it is highly suggested you keep an eye on your bank accounts and use of SSN.

The breach was discovered on the 29th of July and was immediately acted upon to prevent any more loss of sensitive information. The investigation is reported to be almost through and done, and should be expected to wrap up in the coming weeks.

The Chief Execitive Officer stated that there will be comprehensive services to support all U.S. consumers, even if this breach left them unaffected.

A website has been set up to help consumers see if their information was breached, click here to be brought to the support site.

Despite Eqiufax’s goal of being a leader in data managing and protection, they too had become a victim of a security breach. This should be taken as time to learn from this experience and ensure your network is as strong as it possibly can be.

No matter how small your network may be, without proper monitoring and maintenance, you are subject to hacking and data breaches. Entrust your network to us at Re2tech, a business that is small, but has strong flexibility, and the knowledge of a large enterprise, we are in this for the long haul! We make I.T. happen!

Contact us today and inquire how we may help you secure your network, don’t wait until you are already a victim! 

Open post

HP’s Bad Driver is Key Logging your data!

An update from a security blogger ModZero has found that a HP Driver for audio has been unintentionally logging all your pressed keys and storing them locally on your pc. The files are located on your HP computer in a easily accessible folder on your pc. If you have an HP laptop and are using it for your business you can be susceptible to having someone get all your login information and other sensitive things. CALL US or email us today to get an audit to make sure you are secured and safe.

Link to ModZero

Posts navigation

1 2 3
Scroll to top