Categories
APT Breach Brute-force Cyber Security Data leak Hacking Ransomware Spying Spyware Vulnerability

Chinese hackers penetrates Taiwan semiconductor industry, Intel investigates major data leak, and more

Major cybersecurity events on 10th August 2020 (Morning Post): DoppelPaymer ransomware gang targets Coronavirus ventilator manufacturer Boyce Technologies, obstructs production of 300 ventilators per day. 400 Snapdragon vulnerabilities turns 3 billion Android phones into spying tools.

Round Up of Major Breaches and Scams

Chinese hackers have pillaged Taiwan’s semiconductor industry

Taiwan has faced existential conflict with China for its entire existence and has been targeted by China’s state-sponsored hackers for years. But an investigation by one Taiwanese security firm has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry. At the Black Hat security conference, Taiwanese cybersecurity firm CyCraft plan to present new details of a hacking campaign that compromised at least seven Taiwanese chip firms over the past two years.

Intel Is Investigating How Confidential Data Ended Up Online

Intel is investigating the purported leak of more than 20 gigabytes of its proprietary data and source code that a security researcher said came from a data breach earlier this year. The data—which at the time this post went live was publicly available on BitTorrent feeds—contains data that Intel makes available to partners and customers under NDA, a company spokeswoman said. Speaking on background, she said Intel officials don’t believe the data came from a network breach. She also said the company is still trying to determine how current the material is.

Attackers Horn in on MFA Bypass Options for Account Takeovers

An uptick in business email compromise attacks is being attributed to successful compromises of multi-factor authentication (MFA) and conditional access controls, according to researchers. While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place.

Round Up of Major Malware and Ransomware Incidents

Ransomware Threatens Production of 300 Ventilators Per Day

The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm.

Round Up of Major Vulnerabilities and Patches

FBI says an Iranian hacking group is attacking F5 networking devices

A group of elite hackers associated with the Iranian government has been detected attacking the US private and government sector, according to a security alert sent by the FBI last week. While the alert, called a Private Industry Notification, didn’t identify the hackers by name, sources have told ZDNet that the group is tracked by the larger cyber-security community under codenames such as Fox Kitten or Parasite.

400 chip flaws can turn 3 billion Android phones into perfect spying tool

There are over 400 vulnerabilities on Qualcomm’s Snapdragon chip that can be exploited without owners’ intervention, explains Check Point’s Slava Makkaveev. The relentless drive to innovation and technological advancement has opened avenues for threat actors to exploit. Usually, tech giants ensue third party solutions for their products and devices which primarily include Digital Signal Processor unit commonly termed as DSP chips.

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. A team of Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered 19 vulnerabilities in a Mercedes-Benz E-Class, including some issues that can be exploited by attackers to remotely hack a vehicle. The experts analyzed a Mercedes E-Class model because it is a connected car with a powerful infotainment system with a rich set of functionalities.

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI

The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies. The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report.

Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler

Every Microsoft Windows operating system has a file that manages commands to print documents. It is ubiquitous to the point of going unnoticed. But when researchers from security firm SafeBreach took a closer look at the file, which is called a Print Spooler Service, they noticed that some of the code is two decades old. A denial of service vulnerability the researchers reported earlier this year, which crashes the spooler service, worked not on only Windows 10, the latest operating system, but also on Windows 2000.

Major Retailer at Risk of Attack Due to VPN Vulnerabilities

Clothing retailer Monsoon Accessorize has been using VPN servers that have critical vulnerabilities, putting it at risk of hacking or ransomware attack, according to an analysis by VPNpro. The researchers discovered that Monsoon has been utilizing unpatched Pulse Connect Secure VPN servers, known to contain vulnerabilities that enable cyber-criminals to see active users on the company’s VPN as well as their plaintext passwords.

Researchers Revive ‘Foreshadow’ Attack by Extending It Beyond L1 Cache

Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks. Foreshadow, also known as L1 Terminal Fault (L1TF), is the name assigned to three speculative execution flaws reported to Intel shortly after the disclosure in January 2018 of the notorious Meltdown and Spectre vulnerabilities.