AI to increase phishing and hacking efficiency: Two data scientists from security firm ZeroFOX conducted an experiment to see who was better at getting Twitter users to click on malicious links, humans or artificial intelligence system. The researchers taught an AI system to study the behaviour of social network users, and design its own phishing bait. In tests, the artificial hacker was substantially better than its human competitors, composing and distributing more phishing tweets than humans, and with a substantially better conversion rate.
Access control bypass in Hikvision IP Cameras: Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since at least 2014. In addition to Hikvision-branded devices, it affects many white-labelled camera products sold under a variety of brand names. Hundreds of thousands of vulnerable devices are still exposed at the time of publishing. In addition to gaining full administrative access, the vulnerability can be used to retrieve plain-text passwords for all configured users. http://seclists.org/fulldisclosure/2017/Sep/23
Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers: Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. “The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.”
US Officially Bans Kaspersky Products From Government Systems: In a Binding Operational Directive published today by the Department of Homeland Security (DHS), the US government has banned the use of Kaspersky Lab security software on government computers. The decision comes after a Senate Intelligence Committee accused the Russian antivirus vendor of having secret ties to the Russian government.
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks: A Russian-speaking hacker has been infecting Netgear routers with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks. According to Forkbombus Labs, the US cyber-security firm that uncovered this new threat, the hacker is using CVE-2016-10176, a vulnerability disclosed last December to take over Netgear WNR2000 routers.
Spanish Data Protection Agency (AEPD) issues €1.2 Million fine against Facebook for violating data protection regulations: According to the AEPD, the social network giant collects users’ personal data without informed and ‘unequivocal consent’ for commercial purposes. It is sharing the data with advertisers and marketers without informing users, collecting sensitive data on a user’s ideology, religious beliefs, sex and personal tastes and navigation.
US-CERT warns of hackers remotely accessing Smiths Medical Syringe Infusion Pumps to kill patients. Smiths Medical’s Medfusion 4000 Wireless Syringe Infusion Pumps, used in acute critical care settings, could be remotely controlled by attackers. The medical devices are used worldwide for intensive care such as neonatal and paediatric intensive care and in the surgery room. The remotely exploitable vulnerability was discovered by the independent researcher Scott Gayou, the expert has found eight vulnerabilities in the Smiths Medical’s Medfusion 4000 Wireless Syringe Infusion Pumps.
China to Create Data Repository to Log Cyberattacks: China's Ministry of Industry and Information Technology (MIIT) on Wednesday unveiled a directive that calls on organizations and government agencies to report cyber-attack information into a nationwide data repository, according to a Reuters report.
Mexican tax refund MoneyBack site exposed 400GB of sensitive customer data: Kromtech discovered the unsecured CouchDB during a routine security audit. The Mexican VAT refund site MoneyBack is used by tourists that applied for a tax refund on the money they have spent in the country while shopping there. The data leak was the result of a misconfigured Apache CouchDB database containing roughly 500,000 customers’ passport details, credit card numbers, travel tickets. https://mackeepersecurity.com/post/mexican-tourist-tax-refund-company-leaks-customer-records
15 September 2017