‘Unhackable’ Crypto Wallet Reportedly Breached, Hackers Claim to Meet Bounty Conditions

By: Ana Alexandre

A group of researchers claims to have have hacked the Bitfi wallet, the Next Web reported August 12.

Bitfi’s executive chairman, cybersecurity pioneer John McAfee, has called it “the world’s first unhackable device.” To prove his claim, McAfee challenged security experts to breach the device for a $100,000 bounty starting July 24.

Bitfi is a physical device, or hardware wallet, which supports “an unlimited amount of cryptocurrencies,” and revolves around a user-generated secret phrase instead of a conventional 24-word mnemonic seed that has to be written down. Additionally, Bitfi is purported to be “completely open-source,” meaning that the user stays in control of their funds “even if the manufacturer of the wallet no longer exists.”

Though several attempts to hack the wallet have been made since then, none of them met the bounty’s terms and the wallet has ostensibly not been fully breached until today. The researchers claimed they could successfully send signed transactions with the wallet, claiming they met the conditions of the bounty program by modifying the device, connecting to the wallet’s server, and transmitting sensitive data with it. Security researcher Andrew Tierney said:

“We have sent the seed and phrase from the device to another server, it just gets sent using netcat, nothing fancy. We believe all [conditions] have been met.”

The researchers reportedly obtained complete access to the device two weeks ago, after which they have been closely tracking it, including the data being sent out of the wallet. They claim to that the device is still connected to the Bitfi server. Tierney told the Next Web:

“We intercepted the communications between the wallet and [Bitfi]. This has allowed us to display silly messages on the screen. The interception really isn’t the big part of it, it’s just to demonstrate that it is connected to the dashboard and still works despite significant modification.”

More: https://cointelegraph-com.cdn.ampproject.org/c/s/cointelegraph.com/

Bad News About AppleJeus

By: Kacy Zurkus

Unlike the apple juice enjoyed by many a youngster, the newly discovered AppleJeus looks pretty rotten, according to new research from Kaspersky Lab.

Researchers have discovered the advanced persistent threat group Lazarus using AppleJeus, a new malicious operation. While assisting with incident response efforts in previous attacks from the group, researchers unexpectedly identified an attacker penetrating the network of a cryptocurrency exchange in Asia. The attacker used Trojanized cryptocurrency trading software, with the reported goal of stealing cryptocurrency from victims.

A previously unidentified version of a Windows-based malware was targeting the macOS platform, according to today’s press release. The group was able to compromise the stock exchange’s infrastructure by bamboozling an unsuspecting employee into downloading a third-party application from a specious website.

“The application’s code is not suspicious, with the exception of one component – an updater. In legitimate software, such components are used to download new versions of programs,” Kaspersky wrote in the press release.

“In the case of AppleJeus, it acts like a reconnaissance module: first it collects basic information about the computer it has been installed on, then it sends this information back to the command and control server and, if the attackers decide that the computer is worth attacking, the malicious code comes back in the form of a software update.”

Though the operation looks similar to a supply-chain attack, it is reportedly not, because the vendor of the cryptocurrency trading software has a valid certification for signing its software and legitimate registration records for the domain.

More: https://www.infosecurity-magazine.com/news/bad-news-about-applejeus/

How To Hack An Aircraft

By: Kate O'Flaherty

Hacking an aircraft is easier than you might think. Last year, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

In 2016, there were more than 50 reports of GPS interference at Manila International Airport – which can lead to “missed approaches” forcing flight crews to re-approach the runway using backup navigation systems.

The results of an attack on a plane can be catastrophic. After the 2008 crash of Spanair flight 5022, it was discovered that a central computer system used to monitor technical problems in the aircraft was infected with malware. An internal report by the airline revealed the infected computer failed to find three technical problems with the aircraft which, if detected, might have stopped the plane from taking off in the first place.

The ability to breach an aircraft system has already been demonstrated. Security researcher Ruben Santamarta has shown how attacks such as bypassing the credit card check and SQL injection can be conducted on an in-flight entertainment system. Such assaults can even be perpetrated from the ground, he says.

Meanwhile, US regulator the Federal Aviation Administration(FAA) has warned that some computer systems on the Boeing 747-8 and 747-8F may be vulnerable to outside attacks due to the nature of their connectivity.

In addition, weak encryption systems in aircraft communications addressing and reporting systems have raised issues around the privacy of messages sent via the data-link.

According to Nitha Suresh, a cybersecurity consultant at Synopsys, the surveillance signal used to broadcast the position of aircraft can potentially be eavesdropped or spoofed by highly skilled attackers.

The risk is particularly elevated in aviation due to the complexity of aircraft systems. Over the years, the size of the software supporting them has grown exponentially, says Suresh.

This complexity – including multiple lines of code – lowers the testability of the software, leaving behind vulnerabilities which can be exploited by a skilled attacker.

Adding to this, the software goes through many overhauls and updates during the lifecycle of the plane. “Unless this job is carried out with extreme caution, there is a great deal of potential for security bugs to creep into the software,” Suresh says.

In addition, modern avionics software development takes advantage of commercial off-the-shelf components. But this can potentially allow an attacker to tunnel through and enter the heart of the system, Suresh warns.

She says software vendors should take necessary precautions in terms of plugging the loopholes, “just like they would with any other open architecture”.

At the same time, Suresh points out that major development standards don’t currently include detailed cybersecurity policies. Although she concedes, the Aircraft Systems Information Security Protection (ASISP) 2015 initiative by the FAA “is a move in the right direction”.

So, what can be done to prevent malicious actors from attacking aircraft? The risks can, to an extent, be mitigated by the effective decision-making capability of an experienced pilot – who might spot something unusual, says Suresh.

But she emphasizes the importance of understanding the attack surface. “There should be a common repository of threats to both hardware and software detected by the developers and assessors. This needs to be maintained by regulatory agencies like the FAA and should also be available across different development platforms.”

More:  https://www-forbes-com.cdn.ampproject.org/c/s/www.forbes.com/sites/kateoflahertyuk/2018/08/22/how-to-hack-an-aircraft

Alleged SIM Swapper Arrested in California

By: Brian Krebs

Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers.

Xzavyer Clemente Narvaez was arrested Aug. 17, 2018 by investigators working with Santa Clara County’s “REACT task force,” which says it’s targeting those involved in “the takeovers of cell phone, email and financial accounts resulting in the theft of cryptocurrency.”

Prosecutors allege Narvaez used the proceeds of his crimes (estimated at > $1 million in virtual currencies) to purchase luxury items, including a McLaren — a $200,000 high-performance sports car. Investigators said they interviewed several alleged victims of Narvaez, including one man who reported being robbed of $150,000 in virtual currencies after his phone number was hijacked.

A fraudulent SIM swap occurs when a victim’s cell phone service is redirected from a SIM card under the control of the victim to one under the control of the suspect, without the knowledge or authorization of the victim account holder.

When a victim experiences a fraudulent SIM swap, their phone suddenly has no service and all incoming calls and text messages are sent to the attacker’s device. This includes any one-time codes sent via text message or automated phone call that many companies use to supplement passwords for their online accounts.

MORE: https://krebsonsecurity.com/2018/08/alleged-sim-swapper-arrested-in-california/

The Untold Story of Nopetya, the Most Devastating Cyberattack in History

By: Andy Greenberg

It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind.

The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor. A ship’s mast carrying the Danish flag is planted by the building’s northeastern corner, and six stories of blue-tinted windows look out over the water, facing a dock where the Danish royal family parks its yacht. In the building’s basement, employees can browse a corporate gift shop, stocked with Maersk-branded bags and ties, and even a rare Lego model of the company’s gargantuan Triple-E container ship, a vessel roughly as large as the Empire State Building laid on its side, capable of carrying another Empire State Building–sized load of cargo stacked on top of it.

That gift shop also houses a technology help center, a single desk manned by IT troubleshooters next to the shop’s cashier. And on the afternoon of June 27, 2017, confused Maersk staffers began to gather at that help desk in twos and threes, almost all of them carrying laptops. On the machines’ screens were messages in red and black lettering. Some read “repairing file system on C:” with a stark warning not to turn off the computer. Others, more surreally, read “oops, your important files are encrypted” and demanded a payment of $300 worth of bitcoin to decrypt them.

Across the street, an IT administrator named Henrik Jensen was working in another part of the Maersk compound, an ornate white-stone building that in previous centuries had served as the royal archive of maritime maps and charts. (Henrik Jensen is not his real name. Like almost every Maersk employee, customer, or partner I interviewed, Jensen feared the consequences of speaking publicly for this story.) Jensen was busy preparing a software update for Maersk’s nearly 80,000 employees when his computer spontaneously restarted.

MORE: https://www-wired-com.cdn.ampproject.org

Superdrug’s online customers targeted by criminals

By: BBC NEWS Technology

Superdrug has warned its online customers to change their passwords after criminals claimed to have obtained their personal details.

The chain said the group claimed they had stolen details of 20,000 customers, but it had only seen evidence so far that 386 customers had been affected.

Names, addresses and “in some cases” date of births and phone numbers “may have been accessed”, Superdrug said.

No customers’ payment card details had been accessed, it said.

Superdrug said there was “no evidence” its systems had been compromised.

It said it believed the criminals had got customers’ email addresses and passwords from other websites “and then used those credentials to access accounts on our website”.

The group had tried to extort a ransom from Superdrug, it said.

The retailer said it had “notified directly” all customers which it believed had been affected.

It also posted a tweet, telling customers the email they sent was “genuine”.

Some customers reacted with anger to the tweet, saying the chain should have apologised.

MORE: https://www.bbc.com/news/business-45265601

Cuidado con “Dark tequila”, el malware que le roba información bancaria a mexicanos

By: Elizabeth Legarreta

Uno pensaría que nada malo puede estar relacionado con la palabra “tequila”; a excepción de una monstruosa resaca… y algunas otras cosas. Pero ahora nos informan de la terrible realidad: el malware “Dark tequila” está atacando a los mexicanos.

Karspersky informó que esta forma de operar lleva alrededor de cinco años robando información.

Así es “Dark Tequila”, el malware que roba tus datos bancarios

Este tequila malvado puede moverse lateralmente a través de las computadoras… aunque no tengan conexión a Internet. Es un método complejo y poco común. Según la empresa de seguridad es “inusualmente avanzado para las operaciones de fraude de dinero”

Según los investigadores de Kaspersky Lab, el código malicioso se propaga a través de dispositivos USB infectados y de spear-phishing; e incluye funcionalidades especiales para evadir la detección. Se cree que el agente de amenaza detrás de Dark Tequila es de origen hispanohablante y latinoamericano.

Uno de los grandes problemas con este malware es que no sólo roba tu información bancaria. Como si eso no fuera lo suficientemente malo; podría llevarse también credenciales de otras páginas web, incluso redes sociales o servicios de almacenamiento de la nube; etc.

MÁS: https://www.fayerwayer.com/2018/08/dark-tequila-malware/

Brasil tem maior parcela de usuários atacados por phishing no segundo trimestre de 2018

By: TI Inside Online

No segundo trimestre de 2018, as tecnologias antiphishing da Kaspersky Lab bloquearam mais de 107 milhões de tentativas de acesso a páginas de phishing, das quais 35,7% estavam relacionadas a serviços financeiros e atingiam os clientes por meio de páginas falsas de bancos ou sistemas de pagamento.

O setor de TI foi o segundo mais atingido, com 13,83% dos ataques voltados às empresas de tecnologia, um índice 12,28 pontos percentuais mais alto do que no trimestre anterior, segundo o Relatório de Spam e Phishing do segundo trimestre de 2018 da Kaspersky Lab.

Os resultados acima mostram que, para proteger seu dinheiro, os usuários devem ser extremamente cuidadosos com sua segurança ao navegar pela Internet. Os ataques a clientes de organizações financeiras, incluindo transações de bancos, sistemas de pagamento e lojas online, são uma moda permanente no crime virtual e envolve o roubo de dinheiro, além de dados pessoais.

Ao criar páginas falsas de bancos, sistemas de pagamento ou compras, os invasores coletam informações sigilosas de vítimas desavisadas, como seus nomes, senhas, endereços de e-mail, números de telefone, números de cartões de crédito e códigos PIN.

No segundo trimestre de 2018, os usuários de serviços financeiros foram muito perturbados, com 21,1% dos ataques relacionados a bancos, 8,17% a lojas virtuais e 6,43% a sistemas de pagamento, compreendendo mais de um terço dos ataques totais. O Brasil continuou sendo o país com a maior parcela dos usuários atacados por golpes de phishing no segundo trimestre de 2018 (15,51%). Em seguida, vieram China (14,44%), Geórgia (14,44%), Quirguistão (13,6%) e Rússia (13,27%).

Curiosamente, houve quase 60.000 tentativas de visitar páginas da Web fraudulentas que apresentavam carteiras e câmbios de criptomoedas populares entre abril e junho. Além do phishing tradicional, que possibilita o acesso às contas da vítima e informações privadas importantes, os criminosos virtuais tentam forçar suas vítimas a transferir criptomoedas para eles de maneira independente. Um dos truques usados é a distribuição gratuita de criptomoeda.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files

By: Mohit Kumar

Well, there’s something quite embarrassing for Apple fans.

Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible.

The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts.

The teen told the authorities that he hacked Apple because he was a huge fan of the company and “dreamed of” working for the technology giant.

What’s more embarrassing? The teen, whose name is being withheld as he’s still a minor, hacked the company’s servers not once, but numerous times over the course of more than a year, and Apple’s system administrators failed to stop their users’ data from being stolen.

When Apple finally noticed the intrusion, the company contacted the FBI, which took the help of the Australian Federal Police (AFP) after detecting his presence on their servers and blocking him.

Apple Hack: The “Hacky Hack Hack” Folder

The AFP caught the teenager last year after a raid on his residence and seized two Apple laptops, a mobile phone, and a hard drive.

“Two Apple laptops were seized, and the serial numbers matched the serial numbers of the devices which accessed the internal systems,” a prosecutor was quoted as saying by Australian media The Age. “A mobile phone and hard drive were also seized, and the IP address matched the intrusions into the organization.”

After analyzing the seized equipment, authorities found the stolen data in a folder called “hacky hack hack.”

Besides this, authorities also discovered a series of hacking tools and files that allowed the 16-year-old boy to break into Apple’s mainframe repeatedly.

More: https://thehackernews.com/2018/08/apple-hack-servers.html?m=1

BC determina que instituições de pagamento tenham Política de Segurança Cibernética

By: TI Inside Online

O Banco Central definiu que as instituições de pagamento deverão estabelecer Política de Segurança Cibernética, além de plano de ação e resposta a incidentes. A ação compõe a Agenda BC+, no Pilar SFN Mais Eficiente.

A medida já havia sido adotada para as demais instituições financeiras por meio da Resolução 4.654 do Conselho Monetário Nacional (CMN), publicada em abril.

Circular 3.909 estabelece que deverão estar previstas na política iniciativas para compartilhamento, com outras instituições do sistema financeiro, de informações sobre os incidentes relevantes. Além disso, será necessário elaborar relatório anual tratando da implementação do plano de ação e de resposta a incidentes. Esse relatório deverá ser encaminhado ao conselho de administração, ou, na sua inexistência, à diretoria da instituição.

A política de segurança cibernética a ser implementada pelas instituições de pagamento deverá ser compatível com o porte, o perfil de risco e o modelo de negócio, considerando a natureza das suas atividades e a complexidade dos produtos e serviços oferecidos, bem como a sensibilidade dos dados e das informações.

O BC também definiu regras a serem observadas pelas instituições de pagamento na contratação de serviços de processamento e de armazenamento de dados, incluindo a computação em nuvem.

Mais: http://tiinside.com.br/tiinside/seguranca