Daily Archives: November 4, 2019

#hacking | Florida Officials Pledge to Combat 2020 Election Hackers

Source: National Cyber Security – Produced By Gregory Evans

(TNS) — “Foreign adversaries” and “malign foreign actors” are trying to influence and attack Florida’s election systems, FBI officials say, and they need your help to combat them.

“You are the first line of defense against foreign influence operations and cybercriminals worldwide,” Rachel Rojas, special agent in charge of the FBI’s Jacksonville Field Office, said during a news conference Friday. “All American voices are important … so we all must remain vigilant all year round.”

Rojas gathered with state and local elections officials from around Florida to highlight new initiatives and funding designed to thwart hackers and foreign attempts to influence elections in the Sunshine State.

The report from special investigator Robert Mueller detailed many of the attempts by those working for the Russian government to hack election systems around the country in 2016, including several in Florida.

The report noted that at least one Florida county had its election rolls hacked, and Gov. Ron DeSantis later said there was a second county that was hacked. Officials, though, stated there was no tampering with registration or ballots and no one had penetrated the vote-counting systems.

None of the officials who spoke Friday, however, would specifically name which foreign government or foreign actors posed a threat to Florida’s elections. And they maintained the long-held secret of which Florida counties were infiltrated.

Florida Secretary of State Laurel Lee emphasized her department’s efforts to guard against election hacking, such as doling out $15.5 million in election security grants and completing a review of election systems around the state and their weaknesses.

But Lee said she couldn’t reveal the names of the counties hacked in 2016 or specify what her review showed about Florida’s vulnerabilities to the public, lest the information also be released to unnamed “enemies.”

Lawrence Keefe, a federal prosecutor for the Northern District of Florida, said the FBI and other U.S. agencies are launching public awareness campaigns to alert voters to dangers lurking online, such as misinformation or disinformation campaigns, spearfishing attempts and ransomware attacks.

National security experts are joining with cybersecurity experts and working with state law enforcement and local election officials to combat election attacks, he said, which is an “unprecedented collaboration.”

The help from the federal government is needed, said Levy County Supervisor of Elections Tammy Jones, especially in smaller rural counties that don’t have the resources to get the training, software and other tools to ward off hackers.

“We are all so much better prepared than in 2016. However, we are now in a race with no finish line and we will need to continue to make improvements as technology improves,” said Jones, also president of the Florida State Association of Supervisors of Elections.

Lee told reporters earlier this week her office was seeing “daily” attempts to attack election systems, and that message was echoed by Rojas, who indicated permanent vigilance would be needed to guard against election hackers.

“We know our adversaries are relentless,” Rojas said. “Their attempts to interfere in our elections are not a new problem and we expect their efforts to continue in 2020.”

©2019 The Orlando Sentinel (Orlando, Fla.). Distributed by Tribune Content Agency, LLC.

Source link

The post #hacking | Florida Officials Pledge to Combat 2020 Election Hackers appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#hacking | Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet

Source: National Cyber Security – Produced By Gregory Evans

From analysing the malware’s code, we can see that it skips the routine if the created IP address is a local one (Figure 4). The malware can infect public IP addresses with port 139 open that are using any of the common administrator usernames and passwords on its list.

Usernames: Administrator, administrator, Admin, admin

Passwords: 123, 1234, 12345, 123456, 1234567, 12345678, 123456789, 1234567890, 123123, 12321, 123321, 123abc, 123qwe, 123asd, 1234abcd, 1234qwer, 1q2w3e, a1b2c3, administrator, Administrator, admin, Admin, admin123, Admin123, admin12345, Admin12345, administrator123, Ad ministrator123, nimda, qwewq, qweewq, qwerty, qweasd, asdsa, asddsa, asdzxc, asdfgh, qweasdzxc, q1w2e3, qazwsx, qazwsxedc, zxcxz, zxccxz, zxcvb, zxcvbn, passwd, password, Password, login, Login, pass, mypass, mypassword, adminadmin, root, rootroot, test, testtest, temp, temptemp, foofoo, foobar, default, password1, password12, password123, admin1, admin12, admin123, pass1, pass12, pass123, root123, abc123, abcde, abcabc, qwe123, test123, temp123, sample, example, internet, Internet

If access is granted, the malware uses the SMB protocol to copy itself to the remote machine. It then uses the Windows Service Control Manager to start the SMB component’s process on the remote machine. The sample running on the remote machine also checks for the presence of winsvcs.txt, which again determines whether or not Nemty is downloaded and executed.

Source to this story.

The post #hacking | Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#cybersecurity | hacker | Application isolation and virtualization provide a false sense of cybersecurity – It’s time for a better solution

Source: National Cyber Security – Produced By Gregory Evans

A recently discovered critical vulnerability presents yet
another case study for the shortcomings of the isolation/virtual machine model
for cybersecurity.

The vulnerability, CVE-2019-14378, has a
severity of 8.8, and was first published in the National Vulnerability Database
on July 29th, 2019. The vulnerability affects QEMU, the popular
open source machine emulator and virtualizer.

Short for “Quick Emulator”, QEMU is an embedded C/C++ code
software that acts as an interface between a guest system and the actual
hardware it uses. Known as “hypervisors,” this method allows machines to stay
separate from other machines using the same host, to protect themselves in the
event another machine is infected. Using a “virtual machine” also allows you to
test out different software and apps not used by your host system – including
suspected malware – without worrying that it’ll affect your physical system.
But what happens when a vulnerability allows a hacker to break out from one
hypervisor and execute code on the host computer itself?

This is the case with CVE-2019-14378, which can allow a
malicious actor to run malware on the host computer from a virtual machine. The
flaw could allow hackers to carry out “virtual machine escape,” letting the
guest operating system attack the host operating system that runs QEMU, execute
code at the QEMU level, or crash QEMU process
. In other words, an embedded vulnerability in one stack can
lead to compromised components elsewhere in the system.

The vulnerability also reveals how even if the coding languages
you use are safe from arbitrary code execution – as is the case with Java –
once an attacker manages to penetrate the app that uses C/C++, they can exploit
this vulnerability to break out of the hypervisor and send malware to a
completely separate virtual machine.

In sum, C/C++ code is everywhere, and security architectures can
still be vulnerable to hacks that target C/C++ hypervisors like QEMU, even if
they don’t use C/C++ code.

The QEMU vulnerability is by no means the first example of how
virtual machines can be hacked. There are many examples related to open source
components (ex. Linux KVM) and proprietary ones. For instance, at the Pwn2Own
security competition in 2017, a group of white hat hackers from the
Chinese internet security firm Quihoo 360 needed less than 90 seconds to
demonstrate a successful escape from a VMWare workstation.

They carried out the escape by first exploiting a heap overflow
bug in Microsoft Edge web browser, and then they “exploited a bug within the
VMware hypervisor to escape from the guest operating system to the host one.
All started from, and only by, controlling a website,” Qihoo 360 Executive
Director Zhen Zheng told reporters following the successful hack.

Mitigation: Using Runtime Integrity

While hypervisors and virtual machines can be an effective line of defense, they are useless if their proper functionality and integrity is not guarded during runtime. For that reason, standards such as NIST 800-53 and ANSI/ISA‑62443 specify integrity requirements. One key method to achieve that is by adding Embedded Runtime Integrity controls, which in this case will do exactly that – ensure the isolation and separation work as intended.

Original Source link

The post #cybersecurity | hacker | Application isolation and virtualization provide a false sense of cybersecurity – It’s time for a better solution appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#cybersecurity | KKNPP Attack: Tracking the DTrack!

Source: National Cyber Security – Produced By Gregory Evans

Estimated reading time: 2 minutes

The recent cyber-attack on Kudankulam Nuclear Power Plant (KKNPP) has been confirmed by the officials and yet again security of critical infrastructure has become the talk of the cyber world. The officials mentioned that there is no damage to control systems of the plant as the core processing controls are truly air gapped, which is a standard security practice used to physically isolate critical infrastructure from unsecured networks like the Internet or local area networks in order to make it a lot harder to breach the walls of any establishment.

Reports indicate the occurrence of malware with a specific pattern wherein hackers are abusing and imitating applications of well-known brands to launch malware into enterprise systems.

Backdoor.DTrack: Initial Analysis

Our team of experts at Quick Heal Security Labs are investigating on the modus operandi of this malware. The malware works by resolving code belonging to Application Programming Interfaces and starts to gather system information. Known as Backdoor.Dtrack, this malware includes hardcoded internal network credentials of enterprises. By the end, the malware collects network information, running process list and browser history, dropping itself into the local drive of the affected computer.

Typically, malware of such nature are determined to be Advanced Persistent Threats or APTs focusing on being undetected for as long as possible in order to steal maximum sensitive business information.

From the information available and the initial research carried out by Quick Heal Security Labs, the contentious malware DTrack or ATMDTrack samples have historically known to also imitate Quick Heal’s Safe Banking application icon and file information to make it appear legitimate in some of the attacks.

Does Quick Heal & Seqrite protect me from DTrack, though?

Quick Heal and Seqrite products are already protecting against the known variants of DTrack. We strongly recommend you to keep your security products updated and follow best security practices for optimum defense against the latest and evolving threats.

At Quick Heal Technologies, we are deeply committed to secure and safeguard our customers by providing the best-in-breed  protection against known and advanced cyberthreats.

As, further investigations are under way, we will keep you posted on the latest findings on Backdoor.DTrack.

Have something to add to this story? Share it in the

Source link

The post #cybersecurity | KKNPP Attack: Tracking the DTrack! appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof