Search This Blog

Showing posts with label Networks Breached. Show all posts

Pensacola City Hit by a Cyberattack After Deadly Shooting at Naval Air Station


The city of Pensacola, Florida was hit by a cyberattack that came in the wake of a deadly shooting at the naval air station wherein a Saudi flight student killed three sailors and wounded eight others.

As the trainee who pulled the shooting had ties to a foreign nation, the incident was labeled as a potential terrorist attack and has consequently incited international controversy. Officials suspect a link between both the incidents, however, no confirmatory lead has been gained onto the subject of the connection between the two events.

The city has been struggling with the cyberattack that began around 1:45 a.m on Saturday and took down the city's computer systems while keeping various city services at halt. Reportedly, the incident has incapacitated the city's online payment services, email services, phone lines, and 311 customer service. However, emergency support services such as fire and police remain unaffected during the incident, as per the officials.

Commenting on the matter, the city's spokeswoman, Kaycee Lagarde said, "I can confirm the city of Pensacola has experienced a cyberattack and we've disconnected much of our city's network until the issue can be resolved."

"As a precaution, we have reported the incident to the federal government," Lagarde added.

Officials have been investigating to determine the nature of the attack, whether it was a ransomware attack or not along with the details of any valuable information lost during the incident.

"The city of Pensacola is experiencing a cyber attack that began this weekend that is impacting our city network, including phones and email at City Hall and some of our other buildings," said Mayor Grover, C. Robinson.

"We're still trying to figure out what's happened, what's there and what there may be potential for."

"We don't know if they're connected or not,"

"We have discussed and we have talked with the FBI. It's my understanding that we sent stuff to them, and we're continuing to work. Our computer people worked through the weekend to see what was happening." He further told at his weekly press briefing.

This year witnessed an unusual rise in the number of cyberattacks on governments– local and state; US cities and towns have been particular targets for ransomware attacks in recent times. Reports state that most of these were co-ordinated chains of attacks aimed at breaching computer networks.

The latest statements on the issue suggest that the city is actively involved with the FBI in order to resolve the matter.

BMW and Hyundai Networks Compromised by Vietnamese Hackers


Hackers allegedly having links to the Vietnamese government have hacked the networks of two leading automobile manufacturers, BMW and Hyundai, according to the recent reports from the German media.

At the same time, eliminating the novelty from the incident, the reports by Bayerische Rundfunk (BR) and Taggesschau (TS) are making claims that around spring this year, the networks of a BMW branch were breached by attackers.

Reports suggest, hackers installed 'Cobalt Strike', a penetration testing toolkit onto the targeted networks; it was employed as a backdoor through which the compromised networks were intruded by attackers.

Supposedly, BMW was acquainted with the attacker's operations and let them continue to penetrate further into their networks. However, the company brought it to an end by putting a restriction onto the illegal access in the last week of November.

According to the findings, the attackers who compromised BMW's networks also no infected South Korean multinational automotive manufacturer, Hyundai. However, no additional information has been provided regarding the Hyundai breach.

The group behind these attacks, Ocean Lotus (APT32) has been in the cybercrime ecosystem since 2014 and is popular for targeting the automobile sector.

Referencing from the reports, "The attack of the alleged Vietnamese hacker group began in the spring of 2019. Last weekend, the automobile company from Munich finally took the computers concerned off the grid. Previously, the group's IT security experts had been monitoring the hackers for months. This is the result of research by the Bayerischer Rundfunk. Also on the South Korean car manufacturer Hyundai, the hackers had it apart."

"The Federal Office for the Protection of the Constitution also follows the hackers of OceanLotus. "The grouping of OceanLotus has already become important, and one should keep an eye on the development, especially because of the target range automotive industry," said a spokeswoman. In the summer, the German Association of the Automotive Industry (VDA) sent an e-mail to its members. The subject was: "Warning message from the Federal Office for the Protection of the Constitution about poscyberattacksttacks (OceanLotus) on German automobile companies." In the e-mail, the BR research, the hacker's procedure is described in detail." The report reads.

Vulnerability in DHCP client let hackers take control of network

A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets.

A Dynamic Host Configuration Protocol (DHCP) Client allows a device to act as a host requesting-configuration parameter, such as an IP address from a DHCP server and the DHCP client can be configured on Ethernet interfaces.

In order to join a client to the network, the packer required to have all the TCP/IP configuration information during DHCP Offer and DHCP Ack.

DHCP protocol works as a client-server model, and it is responsible to dynamically allocate the IP address if the user connects with internet also the DHCP server will be responsible for distributing the IP address to the DHCP client.

This vulnerability will execution the remote code on the system that connected with vulnerable DHCP client that tries to connect with a rogue DHCP server.

Vulnerability Details The remote code execution vulnerability exactly resides in the function of dhcpcore.dll called “DecodeDomainSearchListData” which is responsible for decodes the encoded search list option field value.

During the decoding process, the length of the decoded domain name list will be calculated by the function and allocate the memory and copy the decoded list.

According to McAfee research, A malicious user can create an encoded search list, such that when DecodeDomainSearchListData function decodes, the resulting length is zero. This will lead to heapalloc with zero memory, resulting in an out-of-bound write.

The vulnerability has been patched, and it can be tracked as CVE-2019-0547, The patch includes a check which ensures the size argument to HeapAlloc is not zero. If zero, the function exits.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.

Hewlett Packard Enterprise and IBM Networks Breached by China; Clients Targeted




In order to gain access to the clients' computer, hackers of the China's Ministry of State Security breached the networks of Hewlett Packard Enterprise and IBM.

Being a part of the Chinese campaign Cloudhopper, the attacks tainted technology service providers in order to steal secrets from their clients. While the International Business Machines Corp said it had no proof regarding the sensitive corporate data being co promised, Hewlett Packard Enterprises (HPE) simply chose not to comment on the campaign.

Albeit multiple warnings were issued by numerous administration organizations in addition to many cybersecurity firms about the Cloudhopper danger since 2017, the identity of  the technology companies whose networks were imperilled has still not being revealed yet.

As indicated by a U.S. federal indictment of two Chinese nationals unsealed on the 20th of December, Cloudhopper was for the most part centered on targeting the MSPs in order to easily access the client networks and stealing corporate secrets from organizations around the world.

While both IBM and HPE refused to comment on the explicit claims made by the sources, however they did give a statement each,

"IBM has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats. We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat."

HPE said,"The security of HPE customer data is our top priority. We are unable to comment on the specific details described in the indictment, but HPE's managed services provider business moved to DXC Technology in connection with HPE's divestiture of its Enterprise Services business in 2017." 

Reuters was neither able affirm the names of other breached technology firms nor recognize any affected users.

Cloudhopper, which has been focusing on technology services providers for quite a long while, is known to have been penetrated the systems of HPE and IBM on numerous occasions in breaches that have gone on for a considerable length of time.

While IBM examined an attack as of late as this mid-year, HPE was not far behind as it directed a huge breach investigation in mid-2017.