Great Western Railway accounts breached Asylum rwxr-xr-x 0 5:39 AM

Filename	Great Western Railway accounts breached
Permission	rw-r--r--
Author	Asylum
Date and Time	5:39 AM
Label
Action

A British rail operator has reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them.

Great Western Railway (GWR) is urging their customers to reset their passwords immediately after confirming that it was a target of a cyber-attack. The train operator confirmed this by saying that they have identified a series of automated attempts to access 1,000 customer accounts on their website, out of which more than one million people who have GWR accounts have already been notified before broader email was distributed.

GWR operates from London to areas around Bristol, Plymouth, Exeter, Penzance and Worcester. The business is part of the transport operator FirstGroup.

GWR assured customers that password changes were a "precaution”.

They said that its customers’ payment card details were protected by encryption and thus no financial information has been compromised in this cyber-attack.

A Great Western Spokesman said that “We have identified unauthorized automated attempts to access a small number of GWR.com accounts over the past week.” He further added saying, “While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed.”

The security staff believes that the attacker “harvested” the private details “elsewhere” instead of hacking into the systems to collect customer data. The company says that the cyber-criminals got ahold of the account details from other parts of the web and tried to catch and attack customers who have poor password habits.

"This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits. Sadly, it is the kind of attack that is experienced on a daily basis by businesses across the globe, and is a reminder of the importance of good password practice," the company said.

via E Hacking News - Latest Hacker News and IT Security News Great Western Railway accounts breached https://ift.tt/2HkBnvG

Mozilla doing Google to block FTP sub resources Asylum rwxr-xr-x 0 3:49 AM

Filename	Mozilla doing Google to block FTP sub resources
Permission	rw-r--r--
Author	Asylum
Date and Time	3:49 AM
Label
Action

Mozilla will do a Goggle Chrome to block the loading of FTP sub-resources in HTTP-HTTPS pages introducing a new flag in Firefox 60 to disable the current FTP support in the browser as scheduled on June 26. But the move, even if executed, never would block direct FTP links on webpages. The Firefox also won't block FTP address for the users to type in the browser's address bar. The Mozilla experts say this is the best possible way to tighten the browser security and privacy features which include HSTS, CSP, XSA since FTP has been proved to an unsafe protocol without any system to support the encryption techniques. Moreover, the new system will firmly counter the malware distributions which normally rely on compromising FTP servers. Google stopped loading the FTP subresources last year in the Chrome browser and with an FTP links in the browser address bar with ‘Not Secured mark’. The move by both the browsing team, beyond doubt, suggests that FTP support might be deprecated in Google and Mozilla even as both the browsers have not finalized a date over it. The 2015 Chromium bug findings have revealed that Google is in the process of deprecate FTP support in the browser. With this, FTP links will open in FTP or file transfer software programs available on the computers.

via E Hacking News - Latest Hacker News and IT Security News Mozilla doing Google to block FTP sub resources https://ift.tt/2JD1zzU

Subordinate staff in Home Ministry would watch porn, download malware: Ex home secretary Asylum rwxr-xr-x 0 3:49 AM

Filename	Subordinate staff in Home Ministry would watch porn, download malware: Ex home secretary
Permission	rw-r--r--
Author	Asylum
Date and Time	3:49 AM
Label
Action

Some staff in the Home Ministry would watch online pornographic content on the internet at work, leading to malware download and compromise of computers, a former Home Secretary recalled on Wednesday.

At the Financial Security Conclave, GK Pillai said when senior ministry officials used to be busy with meetings till late in the evening, the subordinate staff downloaded all kinds of stuff as they would have to stay back in the offices or post-meeting work.

“So what will they (subordinates) do? They go and open the Internet and they are on porn sites and download all sorts of things that come up with all the malware,” said Pillai, who chairs the non-profit Data Security Council of India (DSCI) promoted by Nasscom.

“When I was the Union Home Secretary almost 8-9 years ago, every 60 days we would find the entire computers compromised,” added Pillai, addressing the maiden Finsec Conclave in Mumbai.

He said the ministry issued a lot of directives and it was a detailed review which led to the discovery of porn surfing by the staff.

The comments came days after a suspected compromise of some government websites. The government had later said that the websites had not been hacked, but attributed the problems to a hardware glitch.

Pillai said the DSCI had made a recommendation to make it mandatory for companies’ boards to review cybersecurity and disclose preparedness in the annual report but that the Ministry of Corporate Affairs, the SEBI and the RBI were sitting on the proposal.

Referring to the Cambridge Analytica revelations that have put social media giant Facebook in a spot, Pillai reminisced that the British company had given a presentation about the same service offerings at a conference in New Delhi two years ago.

Nobody questioned the company then and it is only due to the arrogance of the management which spoke about bribing people that they have come under a spot today, said Pillai.

via E Hacking News - Latest Hacker News and IT Security News Subordinate staff in Home Ministry would watch porn, download malware: Ex home secretary https://ift.tt/2IQb1in

Facebook Chief Mark Zuckerberg Set to Issue an Apology before the US Congress Asylum rwxr-xr-x 0 6:13 AM

Filename	Facebook Chief Mark Zuckerberg Set to Issue an Apology before the US Congress
Permission	rw-r--r--
Author	Asylum
Date and Time	6:13 AM
Label
Action

Finland probing 130,000 login credentials breach Asylum rwxr-xr-x 0 3:38 AM

Filename	Finland probing 130,000 login credentials breach
Permission	rw-r--r--
Author	Asylum
Date and Time	3:38 AM
Label
Action

A Finland based online service has alleged a large scale strike by the hackers compromising 130,000 login credentials forcing the police to institute an investigation to ascertain the truth even as the company authority partially blames improper data security.

 The Helsinki Police probing the complaint have yet to spot anything that suggests the alleged data breach in the online service deployed to create and develop business plans in the country.

 The Finnish Enterprise Agency for Helsinki which lodged the complaint with the police investigators have also failed to provide plenty of evidence or inputs to substantiate the allegation of the biggest possible incident of data breach in Finland.

 The enterprise agency has only disclosed that liiketoimintasuunnitelma.com, one of the country’s online service meant to create and develop business plans has possibly been hacked where around 130,000 users are made to bear the brunt.

 The online service establishment, in a communique, fears that with the strike, the hackers might get the access into the details of the business plans--the crucial asset belonging to it. But the initial enquiry has not been able to reveal the extent of data breach and the crucial inputs of the possible incident.

The investigators, therefore, are widening the area of the probe acting on more inputs from the enterprise agency. The agency authorities claimed to have detected the possible strike by the hackers during a routine monitoring operation.

The National Cyber Security Centre (NCSC-FI), the centre that functions under the Finnish Communications Regulatory Authority has maintained that the crucial credentials could be pilfered within a few minutes since these were not encrypted.

 According to FICORA, the passwords should be stored as cryptographic digests and once this is done without fail, the hackers could finds it more difficult to extract the advantage thereof.. Jarmo Hyökyvaara, who happens to be the chairman at the board of the Enterprise Agency for Helsinki, however, is helpless to disclose the exact figure of the affected users as he moved the police with the formal complaint.

He said the customers who are hit hard need not file any complaint afresh. He further observed that data security of the service was not upto the mark and that had it been good enough the incident of data breach could have been avoided.

via E Hacking News - Latest Hacker News and IT Security News Finland probing 130,000 login credentials breach https://ift.tt/2EAkZBI

Iran hit by cyber attack, hackers leave US flag on screens Asylum rwxr-xr-x 0 2:18 AM

Filename	Iran hit by cyber attack, hackers leave US flag on screens
Permission	rw-r--r--
Author	Asylum
Date and Time	2:18 AM
Label
Action

Did nation-state hackers target computer networks of Iran by exploiting a flaw with Cisco routers?

Hackers have attacked networks in a number of countries including data centres in Iran where they left the image of a US flag on screens along with a warning: "Don't mess with our elections", the Iranian IT ministry said on Saturday.

“The attack apparently affected 200,000 Cisco router switches across the world in a widespread attack, including 3,500 switches in our country,” the Communication and Information Technology Ministry said in a statement carried by Iran’s official news agency IRNA.

The statement said the attack, which hit internet service providers and cut off web access for subscribers, was made possible by a vulnerability in routers from Cisco which had earlier issued a warning and provided a patch that some firms had failed to install over the Iranian new year holiday.

A blog published on Thursday by Nick Biasini, a threat researcher at Cisco's Talos Security Intelligence and Research Group, said: “Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client.”

And there is a suspicion that these “advanced actors” could have been working for a nation-state.

“Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in US CERT’s recent alert. As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths,” read the blog further.

On Saturday evening, Cisco said those postings were a tool to help clients identify weaknesses and repel a cyber attack.

The Cisco Smart Install Client is a legacy utility designed to allow no-touch installation of new Cisco equipment, specifically Cisco switches. But it seems that hackers have found how to exploit this, as the Cisco Smart Install protocol can be abused to modify the TFTP server setting, exfiltrate configuration files via TFTP, modify the configuration file, replace the IOS image, and set up accounts, allowing for the execution of IOS commands.

via E Hacking News - Latest Hacker News and IT Security News Iran hit by cyber attack, hackers leave US flag on screens https://ift.tt/2GQ1qvm

Rarog Cryptomining Trojan compromises 166,000 victims worldwide Asylum rwxr-xr-x 0 2:18 AM

Filename	Rarog Cryptomining Trojan compromises 166,000 victims worldwide
Permission	rw-r--r--
Author	Asylum
Date and Time	2:18 AM
Label
Action

A malware family called Rarog (a fire demon that originates in Slavic mythology) is becoming an appealing and affordable tool for hackers to launch cryptocurrency mining attacks, researchers say. They say the cryptocurrency miner Trojan is low priced, easily configurable and supports multiple cryptocurrencies, making it an appealing option for hackers.

Rarog Trojan sold on the various underground forum since June 2017 and countless cybercriminals were used to compromise many victims.

Palo Alto Networks’ Unit 42 research team, which posted a blog on Wednesday after tracking Rarog for months, said the malware comes equipped with a number of features that give attackers the ability to download mining software and configure it with any parameters they wish. The Trojan has been primarily used to mine the Monero cryptocurrency, but it has the capability to mine other cryptocurrencies as well, according to the report.

This Cryptomining Trojan distributes with various interesting futures such as features, including providing mining statistics to users, configuring various processor loads for the running miner, the ability to infect USB devices and the ability to load additional dynamic-link libraries (DLLs) on the victim.

Researchers added that to date, there are roughly 2,500 unique samples in the wild, connecting to 161 different command-and-control (C&C) servers. The firm has confirmed more than 166,000 Raróg-related infections worldwide, mostly in the Philippines, Russia and Indonesia.

“The Rarog malware family represents a continued trend toward the use of cryptocurrency miners and their demand on the criminal underground,” said Unit 42’s post. “While not incredibly sophisticated, Rarog provides an easy entry for many criminals into running a cryptocurrency mining (operation). The malware has remained relatively unknown for the past nine months barring a few exceptions.”

In addition to coin mining, Raróg also employs a number of botnet techniques, including the ability to download and execute other malware, levying distributed denial-of-service (DDoS) attacks against others and updating the Trojan, to name a few.

via E Hacking News - Latest Hacker News and IT Security News Rarog Cryptomining Trojan compromises 166,000 victims worldwide https://ift.tt/2H4GkZv